Research On Malicious Code Population Recognition Based On Computational Vision

The malicious codes flooding the Internet not only cause intrusion to personal computers,but also pose a serious threat to enterprises and even important units of the country.In the network era,protecting computer security and ensuring the smooth progress of daily work is an indispensable work.Traditional malicious code static analysis technology is difficult to deal with malicious code variants processed by obfuscation and shelling and other disassembly countermeasures.The malicious code dynamic analysis technology can solve the problem of obfuscation and shelling to a certain extent,but in the face of the anti-vmware and other countermeasures such as anti-debugging technologies,the required time is so long.It is impossible to analyze a large number of malicious code variants that use advanced countermeasures in a short period of time.In the face of the diverse and large number of malicious code variants in the network,how to identify and classify malicious code families accurately and efficiently has become an important line of defense to protect computers from being invaded by malicious codes.This paper takes computational vision as the starting point to realize the identification and classification of malicious code familys.The main research works are as follow:(1)Studied and realized the visualization technology of executable binary files.Aiming at the problem that the traditional malicious code analysis technology cannot quickly and effectively identify the malicious code families,combined with the image processing technology to realize the visualization of the malicious code executable file,and converted the malicious code into grayscale and RGB images.(2)Present a BP neural network model for malicious code families identification.Aiming at the problems of BP neural network with many weight parameters,the values of parameters are difficult to determine,and the convergence is greatly affected by the weight values,a parameter combination search strategy based on Teaching-Learning based optimization(TLBO)is proposed.In order to overcome the weaknesses of slow convergence speed and reduced accuracy in the later stage of the standard TLBO in solving this problem,a new “learning” operator based on the brainstorming mechanism was designed.Randomly selected two individuals,and choosed more outstanding one to “learn”brainstormly with the current individual,and update the current one's state.Experiments on the Malimg data set prove that the proposed model has a high accuracy of 98.54% in the identification of malicious code families,and has good robustness.Compared with the standard BP network model,Support Vector Machine and K-Nearest Neighbors,the performance has been greatly improved.(3)A light weight convolutional neural network model for malicious code families identification is proposed.For Mobile Net standard model at the expense of model accuracy displacement the number of model parameters,lead to mode have low accuracy,two attention mechanisms are introduced,by concentrating the channel domain attention and spatial domain attention of the model,give greater weights to important characteristics,prompting model can study characteristics of the information is rich,and achieve the goal of increasing a small number of parameters to achieve a higher accuracy rate.Relevant experiments have proved that the malicious code families recognition rate of the proposed lightweight convolutional neural network model with attention is 99.57%,and the number of model parameters increase less,which has better recognition accuracy and quicker speed than other deep learning models..