Research On Malicious Code Detection Model And Algorithm With Many-objective Optimization

The continued rapid growth of the Internet and Big Data has led to an explosion in the amount of malicious code.In recent years,a large number of researchers have conducted extensive research on malicious code detection techniques from different perspectives,including: static detection,dynamic detection and other techniques.However,there are still some problems.Most of the existing malicious code detection datasets are imbalanced datasets,which hinders the performance of malicious code detection.To this end,this paper focuses on building an efficient malicious code detection model from the perspective of data imbalance,neural network structure,and with the help of transfer learning and many-objective optimization techniques.The main work of this paper is as follows:(1)For the imbalance problem of malicious code dataset,this paper proposes a many-objective hybrid sampling model.First,the problems such as sample loss and noisy samples brought by a single sampling method are reduced by under-sampling and over-sampling the imbalanced dataset at the same time.Secondly,the classification model is comprehensively evaluated in terms of geometric mean,false positive rate,AUC,and model loss.Finally,a manyobjective optimization algorithm is used to reasonably optimize the number of under-sampling and over-sampling samples to alleviate the impact of data imbalance on malicious code detection.(2)To further improve the performance of malicious code detection,the pretrained neural network model is transferred to the malicious code detection task.Considering the impact of neural network structure on malicious code detection,a many-objective transfer model is constructed with model accuracy and model size as the main objectives.Meanwhile,the pre-trained neural network parameters can be selectively fine-tuned according to the current detection task,alleviating the problem of unreasonable parameter fine-tuning.In addition,a partitioned crossover-mutation operator is proposed based on the candidate solution characteristics.This operator mainly performs crossover-mutation in different ways by different positions of belonging to crossover-mutation bits to improve the search efficiency.Finally,the network structure suitable for the malicious code detection task is selected by many-objective optimization algorithm.(3)To address the convergence and diversity conflict problems in solving the many-objective transfer model,a many-objective optimization algorithm with dynamic balance function selection strategy is proposed.This paper introduces a dynamic balance factor in the process of matching selection and environmental selection.This factor adjusts the convergence and diversity of populations according to different evolutionary processes.The experimental results show that the proposed algorithm achieves good performance in both the standard test set and in solving the many-objective transfer model.