Research On Malware Detection Technology Based On Multi-feature Fusion And Deep Learning

With the advent of the era of big data and the rapid development of Internet technology,new types of malicious attacks and malicious software have exploded exponentially,posing an increasing threat to national and corporate security,the field of cyberspace security is facing unprecedented challenges.So fast and efficient classification of malware families is an urgent problem to be solved.Traditional detection methods require a large number of rules and matching patterns,and require a lot of reverse engineering expertise for sample analysis and manual labeling.It is difficult to deal with code obfuscation and fast-mutating malware.In order to solve the existing difficulties,researchers have introduced artificial intelligence technology into the field of malware in recent years.This technology saves labor costs and improves the accuracy and generalization ability of classification models,providing new ideas for solving increasingly complex malware problems.Therefore,this thesis focuses on the problem of low classification effect of extracting a single feature in malware detection and extracting text features requires a lot of reverse engineering expertise and poor classification.The specific research work is as follows.(1)Aiming at the problem that the traditional malware classification feature extraction often uses a single feature as the detection and classification standard,resulting in low detection accuracy and poor effect,a method of extracting multiple static features for fusion and using integrated learning algorithm for malware family classification is proposed.First,extract four static features from decompiled malicious samples on the Kaggle dataset,including bytecode,opcode,API sequence and grayscale image vector value;Then,we use the chi-square test and Pearson correlation coefficient to select important features;Finally,the important features are input into the integrated learning algorithm model for malware family classification.This scheme effectively improves the accuracy of detection and classification of unknown or variant malware.(2)Aiming at the problem that malware visualization technology can better describe the global characteristics of malicious samples,a malicious sample visualization scheme is proposed.Firstly,the B2 M algorithm is proposed to convert the characteristics of malicious code families into image form using visualization technology;then preprocessing operations such as image normalization,mean value filtering and data enhancement are used;finally,the preprocessed image is decomposed and reorganized using wavelet transform technology to complete the image noise reduction.(3)Aiming at the problem that traditional malware feature extraction data is huge and features are diverse,which requires a lot of reverse engineering expertise and the detection effect is poor,proposed a visual malware classification scheme called WTSEMal,which classifies and detects malicious samples based on Wavenet and SE-Resnet networks.Build a network model of SE-Resnet malware family classification,and input the processed image in(2)into the constructed network model.The proposed residual network model can deepen the number of convolutional layers and learn deeper features.The SE module rescales the extracted features and assigns different weights to the features,so as to rely on features with larger weights for family classification,and improve the accuracy of model classification detection.This scheme can have good detection effect in detecting malicious samples with confusion or variation,and has strong generalization ability.