Research On Malicious Code Family Detection Method In Edge Network Environment

As the growing demand for the real-time applications,compared with cloud computing,in recent years,the edge of computing has become a research hotspot,such as self-driving cars,medical devices and equipment,including virtual reality are calculated edge can be used to satisfy the delay constraint,but the edge equipment due to limited resources such as computing,storage,energy consumption and safety protection is weak,easy to become a target for hackers.In addition,due to modification techniques such as shell and obfuscation,the variants of malicious code emerge in an endless stream,which puts forward higher requirements on the discrimination ability of malicious code family detection model.This paper investigates the problems existing in the existing machine learning technology and malicious code family detection technology,and proposes two malicious code family detection methods aiming at the different degree of insufficient computing resources on edge devices.The main contents of this paper are as follows:In the first place,aiming at the problem that the current malicious code family detection method based on deep learning consumes large computing resources and is difficult to deploy to resource-constrained edge devices,a method to compress the malicious code visual detection model is proposed.Firstly,the malicious code was transformed into grayscale images,which were preprocessed and input into the convolutional neural network.Then,the input value and weight of the convolutional neural network were quantized by the improved half-wave Gaussian method and BWN network method respectively,and the classification model of malicious code MVHBF-VGG14-net was constructed.Finally,the VGG14 model was used for training and testing,and then the detection results were analyzed.Experimental results show that compared with full-precision VGG14 model,MVHBF-VGG14-net can achieve model compression 28 times under the condition of less precision loss.Therefore,MVHBF-VGG14-net can be used to detect malicious code family on edge devices.The second point,in view of the insufficient resources of some edge devices to run the deep learning model,the CF-BP model is constructed by using the method of artificial feature extraction,feature fusion and BP network for malicious code family detection.In this paper,n-gram opcodes and texture features of grayscale images are extracted from disassembly files to forma feature fusion table,and the traditional methods based on Information Gain(IG)and Chi-Squared Test(CHI)have certain defects in feature selection.A weighted combination method is proposed.Experimental results show that this method achieves better classification performance after feature fusion,and the training model time is short and the memory required is small.To sum up,the two malicious code family detection methods proposed in this paper for edge devices can reduce the memory requirements of the model to varying degrees and improve the availability of the model.