| With the rapid development of technologies such as the Internet and IoT,the types of malware and concealment technologies are also developing rapidly.The existing malware detection technologies have been unable to deal with the exponentially increasing number of malicious programs.Malware are spread through e-mails and resource links,which have a huge impact on the use of computers by netizens,and even cause property losses.Therefore,this article studies the existing malware detection technology,and designs a malware detection system under Windows system by analyzing the behavior characteristics of malware running.The system is designed based on the convolutional neural network model,and the recognition accuracy of malware reaches 98.89%.The main research contents of this paper are as follows:(1)The advantages and limitations of the existing malware detection technology are analyzed in detail.The malware detection system based on convolutional neural network built in this paper is proposed.The system has the characteristics of autonomous learning ability and fast and accurate detection of malware.(2)The dynamic behavior characteristics of the malware during the Windows system running are discussed in detail.And the behavior characteristics that can well represent the behavior of the malware when the malware is running are found.The dynamic behavior characteristics are the sequence of the malicious program’s call to the Windows API.In addition,this paper also proposes two behavioral feature representation methods,namely feature vectorization and feature graphing.(3)This article focuses on the key technologies which are used to build a malware detection system.Among them,the LightGBM algorithm and convolutional neural network algorithm are studied in detail,and the parameters of the LightGBM model is tuned using cross-validation and grid search algorithms when building the model.The parameters of the convolutional neural network model are tuned by using different optimizers and different image sizes.Finally,it is obtained that the malware detection model trained by the Adam optimizer and gray-scale feature maps has the highest accuracy in identifying malicious programs,reaching 98.89%.In addition,a horizontal comparison experiment is set up,and the same test data set is used to test the two malware detection models built in this article.The experimental results show that the performance of the malware detection model based on convolutional neural network is better than that of the malware detection model based on LightGBM. |
PDF Full Text Request