Research On Malicious Code Detection Method Based On Deep Learning

With the rapid development of the Internet and mobile networks,malicious code has also been rapidly generated.Malicious code has some main features—large quantity,contagiousness,and wide impact.Most of the existing research is done by way of signature.These methods accumulate and detect malicious code behaviors by establishing a specific signature database and comparing the malicious code to be detected with the signature database.If new malicious code appears,the signature database needs to be maintained and updated for matching detection.The fixed signature database cannot detect unknown malicious code,and the later update and maintenance consumes a lot of resources.In addition,it is possible to bypass this detection mechanism by simple means such as encryption,such as encryption,obfuscated signatures,or features.For malicious code binary classification and family multi-classification detection methods based deep learning,researchers need to address the problem of feature extraction and low accuracy.This paper proposes ARMD model,a malicious code detection method based on residual networks and attention mechanisms.This method analyses each malicious code's hash value and extracts the API functions by Virus Total,and mark the malicious code.It integrates all 1000 APIs called by malicious and benign codes as features,disregards API sequences,and correlations between APIs.In addition,it uses 0 and 1 to represent as uncalled and called respectively to comprise a high-quality dataset.To improve efficiency,global average pooling is used after each convolutional layer in the residual network;and the Tanh activation function is added to the middle of the two fully connected layers of the attention mechanism to speed up convergence;the residual network with the attention mechanism is introduced to implement malicious code detection.In the malicious code binary classification method,the SMOTE enhancement algorithm is used to solve the sample imbalance problem,and the ARMD model detects malicious code with an accuracy of 97.76%;the SVMSMOTE algorithm is used to solve the sample imbalance problem in malicious code family multi-classification,and the ARMD model detects with an accuracy of 87.8%,and compare with the currently available malicious code detection methods to verify the effectiveness of ARMD.