Deep Learning and Regularization Algorithms for Malicious Code Classification

Abstract

Network security has become a growing concern within the popularity and development of the Internet. Malicious code is one of the main threats to network security. Different types of malicious code have different functions and cause different harms. Therefore, improving the detection efficiency and recognition accuracy of malicious code is becoming an urgent problem to be solved. While traditional machine learning methods for malicious code detection largely depend on hand-designed features with experts' knowledge of the domain or focus on the images which come from malicious code binary files. These methods spend too much time on feature extraction. With the emergence of a large amount of malicious code data, the efficiency of traditional machine learning algorithms is getting worse and worse. In this paper, a workflow based on deep learning is proposed to detect and classify malicious codes. This workflow adopts a convolutional neural network (CNN) and the regularization algorithms to classify malicious code with N_gram semantic feature as input of the model. The convolutional neural network can automatically extract the features of malicious code while avoiding the need for manual feature selection. Regularization algorithms not only speed up the training process of the deep model but also improve the generalization ability in the case of effective prevention of over-fitting of the model. The proposed method is compared with the state-of-the-art methods and other deep learning models. Experimental results show that our workflow can improve the accuracy and efficiency of malicious code classification.