Methods that use a single static feature for detection cannot cope with malicious code that has been processed by anti-detection means.To address this problem,an approach for malicious code detection using feature fusion was proposed,in which both static and dynamic features were used.The global structural information of the malicious code executable was converted into a bytecode image using a visualization method.The application programming interface(API)call sequences were dynamically obtained and a grayscale map was generated based on the API call frequency.The spatial pyramid pooling(SPP)was introduced to construct a two-branch densely connected network model,and the two feature images were used as inputs to extract features and fuse them.Experimental results show that the proposed method can improve the accuracy of malicious code detection.
维普
万方数据
