Go to DBLP homepageA Malware Classification Method Based on the Capsule Network
Abstract: Malware has become a serious threat to network security. Traditional static analysis methods usually cannot effectively detect packers, obfuscations, and variants. Dynamic analysis is not efficient when dealing with large amounts of malware. Aiming at the shortcomings of the existing methods, this paper proposes a method for analyzing malware based on the capsule network. It uses a supervised learning method to train the capsule network with a large number of malware samples with existing category labels. In the process of constructing features, this paper adopts a method of combining static features and dynamic features to extract the operation code information based on static analysis, and extract the API call sequence information based on general analysis. Both characteristics can well represent the structure and behavior of malware. Then use N-Gram to construct sequence features, visualize the N-Gram sequence, generate malware images, and finally use the capsule network for classification detection. In addition, this paper improves the original capsule network and verifies the effect of the improved model.
Loading