Research On Malicious Code Detection Technology Based On Generative Adversarial Networks

Recent years,malicious code has become one of the main threats to network security.Effective detection and prevention of malicious code has always been an important research project in the security field.As the number of malicious codes continues to grow and attack forms continue to change,the anti-detection capabilities of malicious codes continue to increase,making the detection and defense of malicious codes face severe technical challenges.How to efficiently identify malicious codes and adversarial attacks has become an important issue that needs to be solved urgently in the current network security field.This paper introduces Generative Adversarial Networks(GAN)technology into the malicious code detection method,focusing on the anti-obfuscate detection method of malicious code in static state and the method of enhancing the detection model of malicious code driven by adversarial training.The main research and contributions of the paper are as follows:(1)In order to avoid detection,malicious code writers often use obfuscation and evasion techniques to increase the failure rate of static decomplication and the evasion ability during dynamic analysis.To this end,this paper studies a malicious code detection method based on image analysis,converts binary file into grayscale images,and directly inputs them as characterization data to the detection model,skipping the steps of static decompilation and dynamic running operation,which helps to eliminate the above problems.Furthermore,based on the game idea of Generative Adversarial Network,a method of multi-category data enhancement and homologous classification of malicious code based on ACGAN is proposed.The discriminator is constructed using capsule network,and the generator accurately learns the distribution of the grayscale image of the malicious code to provide more diverse data for the training of discriminator.Experiments show that the proposed method effectively improves the learning ability for small samples and the detection ability for new variants.(2)Currently,adversarial sample generation technology and adversarial training technology are the main research project to defend against adversarial attacks against malicious code detectors.However,if the adversarial sample is generated by directly adding perturbation to the binary file,it may cause logic errors in its actual execution,or even fail to execute,which obviously cannot meet the actual application requirements.To this end,this paper uses redundant API calls as a perturbation method,and proposes an enhancement method of the malicious code detection model oriented to the characteristics of API calls.The virtual benign samples generated by WGAN are used to add redundant disturbances to the malicious samples,and the log backtracking method is used to delete the added perturbations to minimize the attack costs.After that,the adversarial samples of malicious code are mixed with the original training samples to train the target detector.Experiments show that this method can improve the detection ability and robustness of the malicious code detector against adversarial inputs under the condition that the generated adversarial samples remain executable and malicious.(3)Based on the above key technologies,this article uses the Django framework and the Echarts development library to develop a prototype system for malicious code intelligent detection,which implements the functions of batch uploading,preprocessing,adversarial sample generation,and detection result display of executable files.The successful application of the prototype system verifies the effectiveness of the method proposed in this paper,and also provides a meaningful reference for the detection and defense of adversarial attacks of malicious code.