Malware visualization and automatic classification with enhanced information density

The development of computers and networking has been accompanied by exponential increases in the amount of malware which greatly threaten cyber space applications. This study combines the reverse analysis of malicious codes with a visualization method in a method that visualizes operating code sequences extracted from the .text section of portable and excutable (PE) files. This method not only improves the efficiency of malware, but also solves the difficulty of simHash similarity measurements. Tests show that this method identifies more effective features with higher information densities. This method is more efficient and has better classification accuracy than traditional malware visualization methods. 摘要 计算机及网络技术的发展致使恶意代码数量每年以指数级数增长, 对网络安全构成了严重的威胁。该文将恶意代码逆向分析与可视化相结合, 提出了将可移植可执行 (PE) 文件的“.text”段函数块的操作码序列simHash值可视化的方法, 不仅提高了恶意代码可视化的效率, 而且解决了操作码序列simHash值相似性判断困难的问题。实验结果表明：该可视化方法能够获得有效信息密度增强的分类特征; 与传统恶意代码可视化方法相比, 该方法更高效, 分类结果更准确。