Research On Malicious Code Classification Based On Convolutional Neural Network

With the development of computer technology and Internet,the number of malware is increasing,which is threatening the security of computers.Among many classification methods of malware based on deep learning,the visual methods of malware is an effective method of feature representation.At present,the visual method has a problem that there is similarity of image texture among different families.The multi-feature method has a problem that there is insignificant effect against anti-static analysis.In view of the above problems,this thesis studies how to improve the effect of visual method,and how to improve the ability of againsting anti-static analysis technology in multi-feature classification method.The research work of this thesis is as follows:(1)The visual method of malware is studied.In order to solve the problem of texture similarity of images among different malware families,a malware visual method based on the fusion of self-coding image and gray frequency image is proposed,which makes the difference of image texture among different families increase and keeps the image texture in the same family similar.The Malimg dataset is used to verify the method's effectiveness.(2)The multi-feature malware classification method is studied.Aiming at the problem of interference by anti-static analysis techniques of feature extraction,such as shell and obfuscation,a malware classification method based on convolutional neural network and multi-feature fusion was proposed.A multi-feature fusion classifier was designed.Making the gray images,mixed sequence of API function calls and opcodes as features.The method is validated by using a malware classification challenge dataset.(3)Combining above two methods,a prototype of malware classification system is designed and tested.The innovations of this thesis include:(1)This thesis proposes a malware visual method based on the fusion of self-coding image and gray frequency image.By using the fusion image by self-encoding image which is reconstructed by the autoencoder and the gray frequency image,this method can identify the family of samples.And it can solve the problem of the similarity of image texture from different malware families.(2)A malware classification method based on convolutional neural network and multi-feature fusion is proposed.Using mixed sequence of API function calls and opcodes and gray image,then input these features into the multi-feature fusion classifier,to improve the ability of againsting anti-static analysis technology.The experimental results show that the classification accuracy of this method reaches 99.92%.