Research On Malware Classification Technology Based On Deep Learning Learning

With the continuous development and popularization of the Internet,the rapid increase in the number of malware software and the emergence of variants have become the primary problems facing network security.Therefore,detecting and classifying malware quickly and accurately is particularly important.Although traditional machine learning methods have the advantages of fast speed,high accuracy,and the ability to automatically learn new patterns,they have gradually exposed some weaknesses with the increasing types and numbers of malicious software.For example,they are easily affected by feature engineering and difficult to handle a large number of malware.In contrast,deep learning has shown good performance in handling complex data types such as images and speech,and has become an effective solution.For example,they are easily affected by feature engineering and difficult to handle a large number of malware.The main work of this thesis is as follows:(1)A deep learning-based byte visualization method is proposed to address the problems of high computational resource and storage space requirements,incomplete sample information extraction,and unbalanced malicious sample categories in traditional image-based malicious code visualization methods.The method extracts all byte features in malicious code binaries,visualizes the extracted features as images using Markov models and z-score normalization methods,and generates color images using color map techniques to construct three-dimensional images of sample features.Finally,the malicious code color images are learned and classified using an improved convolutional neural network model.In this thesis,the performance of the proposed method is compared on two benchmark datasets to verify the effectiveness of the classification performance of the method.(2)To address the problems of excessive noise in grayscale images of malicious codes,insufficient generalization ability of classifiers,neglect of detailed features of images,and long training time,a malware classification method based on multi-channel image vision features of migration learning and improved convolutional neural networks is proposed.First,the features are extracted from the original malware samples and transformed into three different types of grayscale images.Then,the grayscale image size is unified using a bilinear interpolation algorithm.In the end,we combined the three grayscale images to create a three-dimensional RGB image,which was then trained using data augmentation techniques.For the classification model,the previously trained weights of the Image Net dataset(>10 million images)are loaded,and all parameters of the Res Net network are trained.Evaluations of the existing Res Net series networks and generated grayscale images demonstrate the effectiveness of the proposed method.In this thesis,we conduct an in-depth study on malicious code detection,propose two new methods,and conduct detailed experiments and analysis on them.The accuracy of malicious code detection is successfully improved by continuous adjustment of parameters.The experimental results show that these two new methods are very effective in detecting malicious samples and are compared with the traditional methods with significant advantages.This provides new ideas and methods for malicious code detection,and also provides valuable references for research in related fields.