Research On Situation Assessment And Prediction Method For Malware

With the development of the Internet,the network has increasingly penetrated into all aspects of human society and greatly promotes the process of social development.At the same time,the traditional illegal crime has been constantly transferred,infiltrated and spread to the Internet.The network crime has become the largest crime type in many countries,and is on the rise.We need to adopt more effective network security technology to expand network crime from "Defense after the event" and "Interception in the event" to "Early warning".From the perspective of network security,malware plays a crucial role in it,which is mainly manifested in that it will not only affect the infected computer or equipment,but also may affect other equipment communicating with the infected equipment,bringing great harm to the society and national security.In order to effectively deal with the new challenges brought by network security,malware is used as the medium,and from the detection and identification of malware,the main factors affecting the propagation of malware in complex networks are fully considered,the propagation situation are explored,and the prediction of malware propagation under the influence of interaction strength between network nodes is emphatically studied.Therefore,this research mainly focuses on the following three aspects to carry out research work.(1)Malware detection mechanism based on high-order attribute enhancement heterogeneous graph network.Considering that there are many different entity nodes and complex semantic relations in the network composed of software nodes,this research studies how to preserve rich semantic characteristics of nodes and mine hidden relations through heterogeneous information networks,and uses embedded representation methods of meta paths and meta graphs to model.Aiming at the problem that the representation ability of the direct neighbors of malware nodes is insufficient,the embedding of nodes is enhanced layer by layer at the node level to capture the correlation between nodes based on high-order content,explore the high-order features of malware,and further improve the learning ability of the model.In addition,by properly absorbing the local semantics of nodes to improve the node level aggregation process,a new method to alleviate the semantic confusion is proposed,so that the network can more accurately capture the characteristics of each malware node.(2)Malware propagation situation assessment based on tripartite graph and propagation influence.Aiming at the uncertainty of the influencing factors in the process of malware propagation,the network tree structure of malware propagation is introduced,and the network structure formed by the forwarding of user nodes is used to form the propagation network.Based on this,a tripartite graph of malware,propagation path and users are constructed.Considering the complexity of the driving factors and the diversity of influence quantification in the process of malware propagation,and referring to the cross-scoring strategy,this research focuses on the three-dimensional correlation graph and the cross iterative scoring mechanism to assess the influence of malware propagation.Furthermore,we use multiple linear regression to quantify the influence and analyze the influence of various factors on the network security situation.(3)Malware propagation prediction model based on representation learning and graph neural network.Considering the influence of the interaction strength of nodes in the network on the prediction accuracy of malicious software propagation,starting from the sparsity of the interaction behavior data between nodes,using the advantages of tensor decomposition in data sparsity and dimension reduction,the influence of the relationship between nodes on the infection strength is analyzed,and a mechanism based on tensor mining of the infection strength between nodes in the network is established.In addition,the method of representation learning is adopted to extract hidden structural features from the infection intensity among the nodes.A new method Tensor2 vec is proposed to learn the potential structural features of malware propagation,and a dynamic malware propagation prediction model based on representation learning and graph neural network is proposed by integrating the full information feature representation of infected and uninfected nodes.