Research On CNN Based Malicious Code Classification And Detection Technology

At present,malicious code shows a trend of familial development,so classification and detection of malicious code is beneficial for batch detection and killing to maintain the network ecology.At present,malicious code classification detection methods based on transfer learning have the problems of slow convergence and convergence oscillation,and too long deployment time in the fine-tuning phase.This paper proposes the following corresponding solutions to the above two problems and propose a comprehensive solution for malicious code classification and detection:(1)In order to solve the problem of slow convergence and even convergence oscillation of network finetune after using Transfer Learning pretrain,this paper proposes a malicious code classification detection method based on Implicit random gradient descent.This method uses the idea of Meta Learning to construct an internal and external dual loop architecture.First,the method optimizes the inner loop first,and introduces a preference regularization term to constrain the weight of the inner loop network.Then,this method uses the weight difference between the inner and outer circulation network to approximate the gradient of the outer circulation network.Finally,the method uses Implicit random gradient descent to update the outer loop network.On the BIG-2015 dataset,this method,along with the benchmark method,uses Res Net50 as the feature extractor,surpassing the benchmark method’s classification accuracy of only 7 epochs of training,and ultimately achieving a classification accuracy of99.02%.The experimental results show that this method can not only improve the convergence efficiency and stability accelerate the network convergence and alleviate the problem of convergence oscillation,but also improve the accuracy of malicious code classification and detection and network robustness.(2)Addressing the issue of long deployment time for existing malicious code classification and detection methods,this paper proposes a Pre-training method for malicious code classification and detection based on Triplet Network.This method uses the idea of comparative learning to pre train malicious code RGB images without labels.First,the method selects the Data Enhancement Strategy suitable for malicious code images to construct positive and negative samples.Then,this method uses Res Net and MLP with bottleneck structure for feature extraction.Finally,this method proposes a composite loss composed of contrast loss and mean square error loss to optimize the characteristic distance between positive and negative samples.On the Malimg dataset,this method and the benchmark method used Res Net18 as the feature extractor for 50 epochs of training.The classification accuracy of this method reached 99.09%,3.96% higher than the benchmark method,and the deployment time was saved by 17 minutes.The experimental results on three malicious code datasets show that this method not only guarantees the accuracy of malicious code classification,but also greatly improves the deployment speed and detection efficiency of the network in malicious code classification and detection tasks.(3)This paper proposes a proposes a malicious code classification and detection method based on fine-tuning Pre-trained networks.Firstly,this method uses a Pre-training method for malicious code classification and detection based on Triplet Network to pretrain the malicious code joint dataset to obtain a universal pre training network.Then,the method uses a malicious code classification detection method based on Implicit random gradient descent to fine tune the pretrained network on specific tasks,achieving the final malicious code classification detection.The experimental results show that this method has better comprehensive performance and can effectively detect malicious code classification.