Research On Malware Detection Based On Machine-learning

At present,through the rapid development of the Internet,the spread of malicious software is even more rampant,so traditional methods of malware detection cannot meet current needs.Instead,the main reason for the surge in the number of malware is that most malware is some source.Traditional malware correlation analysis is based on the analysis of single or multiple characteristics of the malware,making it impossible to simultaneously display variants generated by the malware.Categorizing malware and finding the source can solve the problem at its root.For the entire content of malware,multi-feature analysis just analyzes each feature individually and classifies the software by combining voting.Therefore,how to represent malware in a more complete way deserves further study.In terms of feature extraction,the paper improves the initialization of feature extraction methods by studying the characteristics of malware and combining image processing methods.Here,the API call graph sequence is converted into a serial matrix,and the weight value of each API is calculated.The APIs below the set threshold are deleted from the initial matrix,and the API key pointer conversion matrix is obtained,and then converted into a single-channel image..The two-dimensional matrix replaced by the opcode feature is converted into a single-channel picture.Compress and combine the single-channel grayscale image,opcode characteristic image,and API characteristic image into a three-channel RGB color image.Classification using RGB maps as features of malware.In terms of classifiers,this paper proposes an improved RES-SVM network structure model based on the RGB feature maps extracted by analyzing the existing RES-NET structure model.The RES-SVM network structure is to connect the fully connected layer of the RES-NET network to the SVM classifier,so that the output results of RES-NET through the network structure can be input to the SVM classifier,and the longer final classification result.In order to verify the effect of the three-channel RGB image features in actual detection,three single-channel features are used as one for comparison experiments,and the RES-SVM classifier is also used for comparison experiments.The test results show that the method proposed in this paper combines the three features of malware into RGB three-channel features,so that the conventional classifier has better accuracy when classifying malware,and the accuracy rate of using RES-SVM as a classifier will be Improved.