Research On Malicious Code Family Classification Based On Deep Learning

At present,with the rapid development of network technology,the number of malicious software is increasing exponentially,among which the malicious code and its derivative code have become the main threat to network security.According to the malicious code is organized by the same set of the original code or malicious code iterated,different malicious code in the code logic,the function and coding habits,etc,to be able to have one kind of common features of malicious code into a malicious code family unity,and features of the malicious code are performed,In order to counter the rapid development of malicious code,so as to be able to find the unknown malicious code belongs to the organization,can be more quickly to respond to measures.At the same time,with the rapid development of artificial intelligence,deep learning network plays an important role in the classification of malicious code.The advantages of deep learning in feature extraction make the classification and traceability of unknown malicious code no longer need the support of expert knowledge.The researchers completed the detection and classification of malicious code from the aspects of image classification of malicious code and natural language processing.By means of deep learning,the researchers aimed to process a large number of unknown malicious codes quickly and accurately.However,most of the studies at this stage are relatively random in the processing of malicious code images,such as random expansion and contraction of malicious code,which will lead to the loss of image features.In addition,the deep learning network used for malicious code classification at the present stage,on the one hand,cannot learn the high-latitude features of malicious code images;on the other hand,malicious code itself also contains some redundant information to interfere with network learning.For the above points,the main research work of this paper is as follows:(1)A malicious code classification network based on spatial pyramid pooling and deep residual network is proposed,which can accept malicious code images of any size as input.Firstly,before the classification experiment,the width selection of the malicious code data set when it is converted into image is discussed.Secondly,in view of the large number of network operation parameters,the deep separable convolution is introduced to replace the convolution layer for calculation.Then,the classification task of the malicious code on the malicious code data set is completed.The final experimental results show that compared with other malicious code classification networks,the classification accuracy of malicious code family in this paper is 99.06%,and the recall rate is 96.69%,which is 2%higher than other methods on the same data set.(2)according to the problem of redundant information is contained in the malicious code,this paper continue to modify the network structure and the structure of the network by introducing the depth of the residual contraction,use of attention mechanism in different channels for malicious code on the image of redundant information filtering,increase characteristic figure of the malicious code in the convolution network characteristics influence in this picture.The experimental results show that the attention mechanism introduced in this paper successfully filters the partial redundant information in malicious codes,and improves the overall accuracy of the classification network by 0.5%,the classification recall rate of each malicious code family by 1%,and the accuracy rate by 2%.