Malicious Code Detection Based On Squeezed-and-Excitation Networks

With the rapid development of the Internet,malicious codes are emerging and have become an important factor threatening network security.By quickly and effectively detecting and classifying malicious codes,we can further target related viruses for effective detection and killing.Currently,malicious code detection models proposed by domestic and foreign researchers have achieved good detection results,but their detection results are often poor when facing some similar malicious code family samples.To address the above problems,two malicious code detection methods are proposed in this thesis,and their main research contents are as follows:1.A squeeze-and-excitation network-based malicious code detection method is proposed.The method consists of a convolutional neural network(CNN)module and a squeeze-and-excitation(SE)module.The CNN module first quickly extracts the feature information of the grayscale image of the malicious code,the SE module globally averages the pooling of the multi-channel feature maps,compresses the global information,and then adaptively learns the channel importance information through a fully connected layer the SE module globally pools the multi-channel feature maps,compresses the global information,and then adaptively learns the channel importance information through the fully connected layer,assigning each channel feature map to a different weight,which means the weight indicates the feature information importance and is also used to guide the incentive and suppression feature information.The experimental results show that the article method has better detection effect compared with the traditional machine learning methods,and the detection effect is also improved and the number of parameters is greatly reduced compared with the latest deep learning algorithms.2.A malicious code detection method based on dual-attention mechanism and Bi-directional Long Short-Term Memory(Bi LSTM)feature fusion is proposed.The single feature-based malicious code detection method will,to a certain extent,ignore the global texture structure features or local texture features of grayscale images during feature extraction,resulting in poor detection of single features when facing partially similar malicious code families.Therefore,this thesis proposes a malicious code detection method based on dual-attention mechanism and Bi LSTM feature fusion.The dual-attention mechanism module gives different attention to the channel and space of the feature map respectively to extract the local texture features of the grayscale image of malicious codes.It also combines Bi LSTM to extract the global texture structure features of the grayscale image of the malicious code and fuses the local texture features with the global texture structure features,which can reflect the detailed features of the malicious code while retaining the overall structural characteristics.Finally,this thesis uses a focused loss function to reduce the impact of data imbalance.The experimental results show that the feature fusion approach has better detection effect compared with the single-feature approach,especially on the detection of similar malicious code families.