Chinese Journal of Network and Information Security ›› 2017, Vol. 3 ›› Issue (11): 68-76.doi: 10.11959/j.issn.2096-109x.2017.00217

• Academic paper • Previous Articles    

Malware classification method based on static multiple-feature fusion

Bo-wen SUN1(),Yan-yi HUANG1,Qiao-kun WEN2,Bin TIAN3,Peng WU4,Qi LI1   

  1. 1 Beijing Key Laboratory of Interconnection and Integration,School of Cyberspace Security,Beijing University of Post and Telecommunications,Beijing 100876,China
    2 International School,Beijing University of Post and Telecommunications,Beijing 100876,China
    3 China Information Technology Security Evaluation Center,Beijing 100085,China
    4 College of Computer Science Sichuan University,Chengdu 610015,China
  • Revised:2017-10-29 Online:2017-11-01 Published:2017-11-30
  • Supported by:
    The National Natural Science Foundation of China(U1536119);The National Natural Science Foundation of China(61401038)


In recent years,the amount of the malwares has tended to rise explosively.New malicious samples emerge as variability and polymorphism.By means of polymorphism,shelling and confusion,traditional ways of detecting can be avoided.On the basis of massive malicious samples,a safe and efficient method was designed to classify the mal-wares.Extracting three static features including file byte features,assembly features and PE features,as well as im-proving generalization of the model through feature fusion and ensemble learning,which realized the complementarity between the features and the classifier.The experiments show that the sample achieve a stable F1-socre (93.56%).

Key words: malware, family classification, static analysis, machine learning, model fusion

CLC Number: