Research On Malicious Code Detection Method Based On Deep Learning

The rapid development of the Internet brings convenience to people's lives,but also brings unprecedented challenges to cyberspace security.The number of malwares is increasing by hundreds of millions every year.In order to combat malwares,the detection technologies are constantly updated.Among the existing malware detection methods,the detection method based on dynamic analysis can obtain a higher accuracy,but detection time is long and resource consumption is serious.The methods based on static analysis can achieve rapid detection,but it does not handle long sequences well,and the interpretability of the visualization method needs to be improved.Now deep learning technology has made outstanding research results in the field of natural language processing and image processing.Therefore,under the framework of malicious code detection based on deep learning,Therefore,under the framework of malicious code detection based on deep learning,this thesis realizes the detection of malicious code from the opcode sequence level and grayscale level of the malicious code respectively.First,the opcode is a sequence of instructions during the execution of the program,which can well reflect the behavioral characteristics of the program.However,current opcode-based malware detection methods are difficult to process long sequences,resulting in low detection accuracy and difficulty in detecting unknown malware.Therefore,this thesis proposes a detection method based on Channel multi-headed attention.This method first obtains multiple opcode sequences of a single malware through a certain strategy to form a multi-dimensional feature vector.Secondly,a Convolution Auto-Encoder is used to reduce the dimension of the multi-dimensional feature vector to form a compressed expression.Finally,the CMANet is used to extract features and detect the compressed expression effectively.Compared with traditional detection methods,the method proposed in this thesis can obtain rich opcode sequences in malware,extract more effective features,improve accuracy,and effectively detect unknown samples.Second,in view of the fact that most of the current classification methods based on the gray map of malicious code can only classify malicious code,but have not explain the function of malicious code.Therefore,this thesis proposes a malware classification method based on Attention-CNN.This method first visualizes the binary file of the malware as a grayscale image,and then constructs the Attention-CNN classification model,and performs selective feature extraction on the grayscale image through the convolutional neural network and attention mechanism,that is,in the feature extraction process emphasizes important features and weakens unimportant features.Finally,the features extracted by the attention layer are classified by the softmax classifier to classify the malware,and the attention layer is visualized to obtain the attention map,and the positions of the top-three weight values in the attention map are labeled,and according to the labeled position Interpretability analysis of malicious code by IDApro.Compared with the traditional method,the method in this thesis improves the accuracy and realizes the interpretability of the gray image.