Research And Implementation Of Anti-Obfusaction Detection And Classification Method Of Malware Based On Deep Learning

Nowadays,more and more people and devices have been connected to all fields of human life.With it,there are network attacks brought by all kinds of malicious code.In order to protect the computer from malware attacks,security developers have developed a variety of malware detection technologies.At the same time,in order to avoid detection,malicious code developers often use a variety of confusion ways to avoid the detection of malicious code detection system.Therefore,the research on malicious code detection technology is of great significance.An equally important research is the classification of malicious code family.Determining the family of malicious code will help to further determine its attack intention and enable analysts to better analyze and understand the malicious code.At present,the research of malicious code detection can be divided into dynamic analysis and static analysis.Dynamic analysis is inefficient,while static analysis is vulnerable to confusion attacks.How to improve the detection performance of confusing malicious code is the research focus in the field of malicious code detection.In addition,in the research of malicious code family classification,the most common method is to apply deep learning technology to malicious code family classification.A mainstream method is to use the image classification method to classify the malicious code after visualization.However,this method will lose the local information of the malicious code itself as one-dimensional data to a certain extent.In view of the above points,the main research work of this paper is as follows:(1)An anti-obfuscation training method of malicious code detection model based on GAN is proposed.Aiming at the problem that the confused malicious code is easy to avoid the malicious code detector,based on the idea of confrontation training,this method proposes to use Gan to enhance the data of small samples of malicious code confusion samples,and use the data enhanced samples to carry out anti confusion training on malicious code,so as to improve the detection performance of malicious code detector against confused malicious code.Finally,experiments are carried out on three different malicious code detectors.The experiments show that the anti-obfuscation training method proposed in this paper helps to improve the anti-obfuscation ability of malicious code detector and improve its detection performance against confused malicious code.(2)A malicious code family classification method based on model feature fusion is proposed.In view of the problem that some local information of malicious code itself as one-dimensional data will be lost when the malicious code is imaged,this thesis converts the malicious code into one-dimensional vector and image respectively,and inputs them into two neural networks.The network with two-dimensional convolution architecture is used to extract the texture features of malicious code,and the one-dimensional convolution is used to extract the features of local adjacent information,The deep characteristics of different networks are fused,and the two networks are modified at the same time during back propagation.This method not only extracts the texture features of malicious code,but also saves the features of malicious code itself as onedimensional data,which shows better performance on multiple data sets.Compared with the research of other scholars,it has a certain performance improvement.