Research On Malicious Code Detection Based On Neural Network

With the development of the digital age,the number of network devices connected to the Internet is increasing rapidly,and various applications are facing the threat of malicious code while providing convenience for people’s daily life.A series of malicious events,such as leakage of user sensitive information caused by malicious codes and equipment paralysis caused by viruses,have caused huge economic losses.Therefore,how to effectively detect malicious code is one of the main directions in the field of information security.With the great success of neural network technology in the image field,this technology has also been used by network security researchers to detect malicious code.It has the characteristics of automatic feature extraction and high accuracy,and has become a research direction different from traditional detection methods.However,there are still some deficiencies in the malicious code detection technology of the neural network,such as the continuous deepening of the network depth,the high cost caused by the sharp increase in the number of model parameters,and the unstable detection results of a single detection model.In response to these problems,us studies the malicious code and its variant detection on Windows and Android,and proposes two detection models.The main work of the paper is as follows:1.Aiming at the problems of increasing the number of layers of the neural network model,which leads to the waste of computing costs and the instability of the detection results of traditional detection models for different data sets,a malicious code detection model for Windows is proposed.The model uses depth-separable convolution,SENet channel attention mechanism and gray-scale image texture feature core mechanism to detect malicious code families and their variants through three light neural networks and gray-scale image texture feature classification,and then classify the three strong The detection results of the device are fused through the naive Bayesian algorithm,which improves the detection accuracy and reduces the network computing overhead.The experimental results on the mixed data set of Malev Vis data and benign data show that the model has a better detection effect on malicious code family detection.2.Aiming at the problems that the accuracy of conventional detection methods will decrease after APK packing and the cost of obtaining features after shelling is too high,a detection model MA-Droid for Android malicious APK is proposed.Based on the characteristics of packing technology,the model designs two static features that can extract effective classification information from packed APKs: component information features and grayscale texture features;an improved decision tree classifier and Xception-SE two improved classifiers,and use the Dempster-Shafer evidence theory to fuse the results of the classifiers to detect packed malicious APKs.Experimental results verify that the model has excellent detection performance while avoiding packing interference.