一种基于特征编码技术的恶意代码检测方法

在对恶意代码进行检测和分类时,由于传统的灰度编码方法将特征转换为图像的过程中,会产生特征分裂和精度损失等问题,严重影响了恶意代码的检测性能.同时,传统的恶意代码检测和分类的数据集中只使用了单一的恶意样本,并没有考虑到良性样本.因此,文中采用了一个包含良性样本和恶意样本的数据集,同时提出了一种双字节特征编码方法.首先将待...

A Method for Detecting Malicious Code Based on Feature Encoding Technology

In the detection and classification of malicious codes,the traditional gray-scale coding method will produce feature splitting and accuracy loss in the process of converting features into images,which will seriously affect the detection performance of malicious codes.At the same time,the traditional malicious code detection and classification dataset only uses a single malicious sample and does not take into account benign samples.Therefore,we adopt a dataset including benign samples and malicious samples and propose a double byte feature encoding method.Firstly,the features of PE file to be detected are encoded as binary numbers,the first two bytes are taken from a single feature,then all bytes are transformed into images,and finally the features are extracted by convolutional neural network and verified on the test set.Experiments show that the PE file to be detected is double byte encoded,the accuracy rate is improved from 81.4%to 92.82%compared to the gray encoding method under the same conditions.The experimental results prove that the double-byte feature encoding method can be effectively applied to malicious code detection.