Research On Static Detection Of Malware For Packing Technology

The development of the Internet industry in recent years has driven the growth of all aspects of the information technology industry.At the same time,this environment also breeds information security threats.One of the representatives of these threats is malware,and the related detection technology is the focus of research in the field of information security.Packing technology is a technology widely used in malware to counter static detection,and research on packing malware is not uncommon.In fact,the original purpose of packing technology is to protect the original program from decompiling and other cracking behaviors,but few benign software uses this technology.With the gradual improvement of developers’ awareness of their own intellectual property protection in recent years,the phenomenon that packing technology is applied to benign software is becoming more and more common.At the same time,studies on static detection of malware have paid little attention to the use of packer techniques for benign software,which may have an impact on the corresponding research results.Under the background that the packing technology is generally used in benign software and malware,this thesis designs experiments around the static detection technology of malware based on machine learning,and mainly makes the following research work:(1)The method of making and using the malware static detection dataset has been improved to make it more suitable for the popular background of packing technology.The data set should be marked with whether the samples are packed or not,and the proportion of various samples in the training set and the test set should be kept close.For example,when the proportion of unpacked benign samples in the test set is 50%,the proportion of unpacked benign samples in the training set should also be around 50%.This method can effectively improve the performance of the classifier.(2)A static malware detection classifier based on extreme random tree is designed,which has good performance in the scene where packing technology is popular.First an ensemble learning algorithm is introduced to train the classifier,and the corresponding performance indicators are obtained.Subsequently,comparisons were made with three different machine learningbased classifiers.The results show that the classifier trained by the extreme random tree algorithm has a high accuracy rate and the lowest false positive rate,which are 95.70%and 4.36%respectively,and the training time is short,which is a relatively optimal solution.(3)An automatic feature extraction scheme based on random forest is proposed,which improves the performance of the classifier,and the accuracy rate and false positive rate can reach 96.04%and 3.99%respectively.In addition,the common features of malware static detection are studied,and some features are screened out.Based on this,the feature selection scheme is improved,and the performance of the classifier is improved,and the accuracy and false positive rate are improved by 0.1%and 0.23%respectively.