A visual malware detection device and method based on deep neural network

Abstract

A visual malware detection device and method based on a deep neural network, which uses disassembly technology to convert executable file samples into bytes files and asm files, and compares the collected and marked normal software data sets with the famous BIG 2015 malware The data sets were merged to obtain a balanced experimental data set; in order to effectively extract the high-dimensional features in the data samples, the visualization technology combined with data enhancement was used to further convert the samples into RGB three-channel images. A unique deep neural network classification architecture is also proposed to improve the performance of the detection method; the method of the present invention stands out among many other neural network model methods; the performance of RGB three-channel images in malware detection is verified by experiments Compared with the superiority of grayscale images, it shows that data enhancement technology is helpful for visual malware detection; it provides new ideas and methods for other researchers to conduct malware detection experiments.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a deep neural network-based visual malware detection device and method. Background technique [0002] The rapid development of Internet technology has led to the rapid progress of the computer software industry. Various types of application software have been produced one after another and have gradually affected people's lives. Unfortunately, it contains a lot of harmful malware, which seriously compromises the privacy and security of users, and can also cause damage to computers, servers and cloud computing environments. Malicious software generally has the following characteristics: automatic operation, forced installation, difficult uninstallation, malicious collection of user information, and other malicious behaviors that infringe on the legitimate rights and interests of users. [0003] Today, illegal attacks through malicious software have posed a serious threat...

AI Technical Summary

Problems solved by technology

(1) The first is the acquisition of data sets. Since malware itself is extremely easy to spread on the Internet and cause unexpected consequences, many data set providers will perform so-called "antivirus" processing on samples to make them lose their ability to operate , such as the Microsoft Malware Classification Challenge (BIG 2015) malware dataset, the Kaggle platform converts the original executable file into the corresponding bytes file (pure bytecode file) and asm file (assembler source file), but this makes it impossible for others to easily augment the dataset

(2) Secondly, most of the current detection methods only focus on the characteristics of a certain aspect of the data sample, such as only focusing on the binary files of the software samples or the source files of the assembler program, which will greatly reduce the generalization ability of the detection method. Difficult to successfully apply to unknown samples

Images