### Malicious Code Family Detection Technology Based on CNN-BiLSTM

WANG Guodong, LU Tianliang, YIN Haoran, ZHANG Jianlin

1. School of Information Engineering and Cyber Security, People’s Public Security University of China, Beijing 100035, China
• Online:2020-12-15 Published:2020-12-15

### 基于CNN-BiLSTM的恶意代码家族检测技术

1. 中国人民公安大学 信息技术与网络安全学院，北京 100035

Abstract:

Most of the rapidly increasing number of malicious code in recent years has been generated by mutations in the original family, so it is particularly important to detect and classify malicious code families. This paper proposes a malicious code family detection method based on CNN-BiLSTM network, which converts the malicious code family executable file into grayscale image directly, and uses CNN-BiLSTM network model to detect and classify the image dataset. This method comprehensively and efficiently extracts features while avoiding computer damage caused by malicious code. Combining the advantages of CNN and BiLSTM, it learns the characteristics of the malicious code family and classifies it from both local and global aspects. The experiment identifies 4, 418 samples of 4 malicious code families, and the results show that the model has higher accuracy than traditional machine learning.