| Malware and its variants the number of rapid growth to people’s property and pose a serious threat to national s ecurity,making malware detection has become an important area of research,and put forward higher requirements for malware detection technology.Given the large number of malic ious software,traditional artific ial analys is based malware detection technology has been diffic ult to meet their needs.In this paper,we use malware vis ualization as the bas is of researc h,and combine deep learning algorithms to achieve automatic extraction of visual features and malware c lassification,in order to get rid of the dependenc e on the number of samples and manual feature extraction,while s hortening testing time and rais ing the accurate rate of testing.The main work of this paper is as follows.(1)Assuming the problem that the conventional malware classification method requires a lot of calculation and too many parameters,we propose a malware c lass ific atio n method based on a global grayscale image.So the method uses malware global grayscale graph to characterize malware.The malware disassembly file is converted into a grayscale image.Then,the grayscale image is deflated to the same s ize us ing the binary interpolation algorithm.Finally,a lightweight convolutional neural network is constructed to train the grayscale map to learn deeper grayscale map texture features to improve malware c lassification performance.The experimental results show that the method has a muc h lower number of parameters than other methods with s imilar c lass ific ation accuracy and greatly reduces computer overhead.(2)To address the problems of poor anti-interference ability and few effective family features of traditional malic ious code c lass ification methods,a malware family c lass ific ation method based on opcode visualization is proposed.The method uses the opcode dot plot to characterize malware.The extraction of opcode sequences is first performed for malware dis assembly files.Then,the rec urrent neural network is used to train the opcode sequence to generate the predic tion code sequence;subsequently,the Sim Hash vis ualization of the opcode and prediction code is performed to generate the dot pattern;Finally,the point map is used as input for both feature extraction and categorization us ing a convolutional neural network.The experimental results show that the way can augment the effective information dens ity of sample features and thus raise the classification of the model with accuracy.(3)Questions of malware c lassification based on the fus ion of global gray map features and operation code dot pattern features to solve a single feature can not fully express the type of malic ious software to reduce the classification accuracy.The method uses fused features to characterize malware.First,GIST and LBP features are extracted from malware grayscale and dot-map maps respectively;Then,the fused features are trained to learn us ing a long and short-term memory artific ial neural network to acquire deeper features,thus enhanc ing the adaptation capability of the model.By comparing multiple sets of experiments,it can be concluded that fused features can improve the model c lass ification performance more than single features... |
PDF Full Text Request