关键词: 恶意代码, 可视化分析, 深度融合网络

Abstract:

A new visualization method for malware analysis based on opcode frequency is proposed. In order to extract the opcodes of instruction sequences, this method requires static analysis to disassemble malware files. This method differentiates the most common and rare opcodes with different colors, then rearranges the opcodes in ascending order of the corresponding color value in the RGB space to accomplish the opcode frequency mapping. The method solves the problem that the existing visualization method has poor visual effect and low classification performance. This method is verified with an open malware set （BIG 2015|Kaggle） provided by Microsoft, and obtains 98.50% classification accuracy.

Key words: malware, visualization analysis, deep fusion networks