Research And Implementation Of Deep-Learning Based PC Malware Detection Technology

In recent years,malware and cyber-attacks have become more frequent,causing more and more harm,and new threats are emerging.Increasingly serious information security issues not only cause huge economic losses to enterprises,but also pose a serious threat to the national security.Traditional detection appears to be weaker in the face of the ever-changing evolution of malware.Faced with the explosive growth of malware,how to identify malware from multiple aspects accurately and efficiently,has become the research focus of current malware detection technology.Referring to the rich achievements of deep learning in image and natural language processing,this thesis will study the application of deep learning in PC malware detection.Firstly,this paper summarizes and classifies the current methods of malware detection in academia.The author improved the detection approach using binary conversion grayscale images,and based on this,proposed a compressed grayscale image detection model.Because the experimental result is not very satisfactory,a static machine code detection model based on convolutional neural network is proposed.The model uses disassembled instructions of executable files as training data.In order to improve the detection ability and efficiency of the model,the author proposes a method of instruction fusion.Also,due to the limitation of disassembled instruction extraction for packed samples,a dynamic API sequence detection model based on Bidirectional Recurrent Neural Network is proposed.The model will execute samples in the improved Cuckoo sandbox environment,and splice the monitored API sequence according to the process and timestamp.The API sequence is the training metadata of the follow-up Bidirectional Recurrent Neural Network.Due to the independence of the static model and the dynamic model,malware detection cannot benefit from both static and dynamic features,which means the limitations of static and dynamic analysis(such as incomplete coverage of dynamic analysis,various countermeasures of static analysis)still exist on such kind of models.Thus,the author uses the improved stacking algorithm to fuse the static model with the dynamic model,to give a more comprehensive and accurate malware detection result.Last but not least,the author verifies the improved compressed grayscale model.and the proposed static model,dynamic model,fusion model.The malware detection ability of each model is evaluated by the accuracy,precision.recall rate and training loss.The experimental results show that the proposed models have more accurate and efficient malware detection capabilities than other methods of the same type.