| With the increasing informatization and intelligence of people’s lives,network security issues have gradually entered the public’s field of vision.Among the common security attacks,the means of exploiting malware emerge in an endless stream.In this case,security researchers have to start with the malware itself and analyze and study it,so as to improve the system’s ability to resist malware attacks and ensure the security of the system.Since malware has obvious family characteristics,the difficulty of software analysis can be greatly eased by intelligently classifying malware.Based on the above phenomenon,this paper designs and implements an intelligent malicious code visualization classification system based on graph sieve.Its main work and contributions are as follows:1.This paper investigates the existing malicious code classification algorithms,and finds that there are common problems in the field of intelligent malware classification,such as complex parameter adjustment,incomplete feature extraction,and high computational cost.Aiming at these problems,this paper designs a malicious code classification algorithm based on graph sieve.It is innovatively derived from the knowledge graph and defines the behavior graph to describe the behavior characteristics of malicious code.At the same time,for the first time,a graph filter is designed and defined to perform moderate denoising on the behavior graph to reduce the feature dimension.After testing on a large number of data sets,a better sample set after denoising is obtained,and the average effective instruction set is reduced to 13.0%of the original sample set.The denoised sample set is extracted by opcode feature and combined with the color image visualized by the sample bytecode to form the sample fingerprint of malicious code,and the feature extraction and combination of multiple dimensions are realized.Finally,the random forest algorithm is used to train the model of the sample fingerprint set.The trained model can achieve a classification accuracy of 99.4%.Compared with the algorithm with the same function,the calculation cost is lower,and the parameter adjustment replication is low.The experiments show that the malicious code classification algorithm based on graph sieve has higher accuracy and feasibility in the malicious code classification work than the classification algorithm with the same function.Therefore,the algorithm has a certain reference basis for the subsequent research work on malicious code classification.2.Based on this algorithm,this paper develops a corresponding intelligent malicious code visualization classification system using the development mode of front-end and back-end separation.The system is divided into four modules:system infrastructure,user management,malicious code sample data collection,and malicious code classification.Through these four modules,the system can provide users with functions such as authority management,user management,malicious code sample data management,and malicious code classification.The test shows that the system runs well,with friendly interface and complete functions.The system improves the convenience for users to classify unknown malicious codes. |
PDF Full Text Request