Research On Grayscale Malware Image Classification Based On Convolutional Neural Network

The Internet has quickly become an indispensable part of daily life,and our dependence on the Internet is continuing to grow.In this case,cyber attacks are increasing rapidly,and attack methods have been changing day by day.Current malware detection technologies usually use traditional machine learning algorithms,which require the extraction and selection of malicious code features.Most dynamic analysis is constrained by the execution environment,and some malware evade tracking through hidden files,which is time-consuming and error-prone.The popular static analysis relies on manual extraction of features,which has poor security and low efficiency.Faced with the above challenges,this thesis combines malware detection with deep neural networks.The main tasks are as follows:(1)The current classification research on malicious code images is generally less in the field of malicious code.Existing work is only carried out on the malimg malicious code image data set,while image-based malicious code detection requires other data sets to support and verify,this thesis processes the binary PE malicious code collected on the Virus Share website into a gray-scale image data set,and proposes a model based on convolutional neural network that combines dropblock regularization and spatial pyramid pooling.With the help of convolution operation to extract gray-scale image features,the idea of dropblock algorithm is used to prevent over-fitting,the input of different sizes is processed through spatial pyramid pooling and the number of pyramid layers is expanded,which improves the feature extraction ability of the model.In the image-based malicious code detection scenario,this model solves the problem that the convolutional neural network can only process fixed-size images,and the important information will be lost when the input image is cropped or warped.A series of experiments are designed to transfer the trained convolutional neural network on the gray-scale image data set processed in this thesis to the malimg data set,which improves the accuracy of the original data set.(2)Propose a method for optimization of convolutional neural network structure and parameters based on improved dual-population genetic algorithm.This method models the training process of the malicious code detection model as a target optimization problem.Using dual-population genetic algorithm,combined with the elite retention mechanism,a selection strategy based on individual exchange is proposed.This strategy can increase the gene abundance of the population and improve the fitness of the population.Use genetic algorithm to survive the fittest to retain superior individuals,and the convolutional neural network model with the best parameters is quickly searched.It solves the problem that the deep neural network model is easily affected by factors such as the number of training times,learning rate and weight threshold in the actual training process,which reduces the detection efficiency.Experimental results prove that the accuracy and overall performance of the optimized malicious code detection model are further improved.