Malware Detection Method Based On Code Image And Capsule Network

With the rapid development and widespread use of the Internet and computer technology,the data on the network has become increasingly large,and maintaining the security of cyberspace has become an indispensable part of the development of network and computer security.In recent years,network security incidents have occurred frequently.The security threats posed by malicious software to computers cannot be underestimated,and seriously endanger the privacy and economic interests of the country,society,and individuals.At the same time,the ability to extract features of malicious software,detect malicious codes,classify malicious codes,and detect unknown new malicious codes plays a vital role in computer and network security.In order to avoid detection and killing,malware creators often generate a large number of variants of malware through disguising techniques such as packing,obfuscation,and encryption,making detection and classification extremely complicated.It is not realistic to detect all variants only by human analysis.Aiming at the problem that the current feature set methods used for the classification and detection of malicious code rely too much on the professional analysis of experts,the extraction of feature sets is too time-consuming and can not predict the new unknown malicious code in a timely and effective manner.At present,a large number of researchers have passed Various new approaches and methods are used to detect and classify malicious code.Although some studies have achieved good accuracy and have a certain ability to predict new types of malicious code,their performance,accuracy,prediction effects,model architecture,and research There is still room for improvement in methods and other aspects.Based on the investigation and research of file structure and machine learning models under Windows platform,combined with the advantages of capsule network in the direction of image recognition,this paper designs a combination of malicious code image and capsule network.The malicious code detection solution of the image recognition model,the following are the main research work,contributions and innovations in the research and implementation process:(1)Design a new RGB color imaging method for malicious code In the method of converting binary files into grayscale images used in the past,the feature information contained in grayscale images is limited.After down sampling,the loss of feature data is more serious.Some color image methods only replace the conversion image.The method does not add more dimensions of feature information and other issues.This paper designs a new malicious code RGB color image visualization method,inserting different types of information into the three channels in the image,and the feature expression is more comprehensive.(2)Select the capsule network model for detection and classification In the problem of image recognition and classification,because the code image is often a messy image,and the pixels with irregular surfaces often have a certain relationship with each other,the capsule network is compared with the convolutional neural network,and the number of samples is limited.,Convolutional neural networks often have over-fitting.In addition,the convolutional neural network uses the maximum pooling method at the beginning of its design,which is easy to cause the lack of feature information.This article uses the capsule network method to use " Capsules store feature information and use dynamic routing algorithms for training,avoiding the problem of missing features.At the same time,a certain degree of image enhancement operations was done before input,such as adjusting the image contrast,brightness and chroma.The experimental results proved that these operations improved the effect of the experiment to a certain extent.(3)Designed a new malicious code detection model RGB-Caps Net based on the code image capsule networkThe detection model is used as the overall structure from the input of the PE file to the output of the detection result,and it shows in detail the relationship between the various modules of the detection classification model and the design logic.The detection model is divided into three parts,which are data preprocessing,model training,and result detection.The entire model structure is concisely designed with reasonable logic,and the final detection effect has reached the expected effect.The research in this paper provides new ideas and methods for the research of malicious code detection,and has achieved good results in the experimental process.