Malicious Code Detection Technology Based on Metadata Machine Learning

摘要

The static analysis method plays a very vital role in malicious code detection. In this paper, based on the analysis results of the malicious code PE file, the concept of metadata is proposed, and the prototype of the rapid detection of malicious code, PE-Classifier, is realized. In a spark distributed environment, malicious code can be quickly and accurately classified and detected based on malicious code metadata by using a random forest classification algorithm. The experimental results show that the prototype PE-Classirier can judge the semantic similarity of samples based on the similarity of metadata, and then make the anti-virus software more effective.