Research On Deep Learning Malicious Code Detection Based On Swarm Intelligence Algorithm Optimization

With the development of communication technology and Internet technology,the threat of potential malicious code software attacks is increasing,which has a great impact on network security and network service quality.Attacks against national government departments,important military and scientific research facilities deserve special attention.With the development of anti tracking technology,shelling or obfuscation technology of malicious code,its vitality has been greatly improved and it is more difficult to be detected and found.This has led to frequent network security incidents in recent years,and personal information security and property security are facing severe challenges.How to quickly and accurately detect malicious code software is an important link.Malicious code evades detection through various variants,but malicious code must call the API interface service of the Windows system to achieve malicious behavior.In view of this feature of malicious code,it is of great value to analyze the sequence of system API functions called by applications.Through in-depth learning model,we can further explore the potential features among them and increase the accuracy of detection.In this thesis,the focus of malicious code detection is on the Windows system API function sequences called by the sample programs.Through the API function sequences called by the sample programs of five malicious code families,including Ramnit,Ethic,Sality,Emotet,and Ursnif in the Ember dataset,we can find their potential malicious behaviors;A deep learning model based on convolutional neural network and short and long term memory network under the framework of Word2vec is established to detect and classify malicious codes;To solve the problem of model super parameter optimization and lack of prior knowledge in malicious code detection,an automatic model optimization method based on swarm intelligence algorithm is proposed.Aiming at the disadvantage that traditional Word2vec only maps text simply and lacks deeper semantic mapping,a method of vectorization of API using FastText is proposed.Further,the accuracy and loss functions of GA+CNN+LSTM,IWOA+CNN+LSTM and IGWA+CNN+LSTM models under Word2vec framework and FastText framework are compared respectively.The test results show that the IGWA optimized CNN+LSTM model under FastText framework can effectively detect and classify malicious code software,with an accuracy rate of more than 99%.