在現今環境中，資訊科技的快速發展使得網際網路的普及率逐年上升。在網際網路普及率十分高的情況下，有許多機關開始透過網際網路提供使用者服務，但使用者想要使用這些服務時所提供的機敏資料則成為了惡意攻擊者的目標。如何有效的保護使用者不受惡意攻擊者的侵害是現在網際網路世代所需要高度關注的議題。傳統面對惡意程式辨識的方法是使用特徵資料庫來進行比對來判斷出惡意程式的身分，但如今許多惡意攻擊者開始使用自動化的惡意程式生產工具，透過編碼、加殼壓縮等等的方式大量的生產惡意程式，面對因自動化生產而快速上升的特徵數量，傳統特徵資料庫比對的方式面臨了嚴峻的挑戰，因此開始有研究嘗試導入人工神經網路的方式來解決問題。在本研究中，藉由國家實驗研究院國家高速網路與計算中心所提供的大量惡意程式分析報告來實現人工神經網路在惡意程式上的分類。我們透過惡意程式在沙箱中的運行日誌來進行動態分析並萃取特徵，將不同的特徵配合各自適合的編碼作為輸入，交由融合的人工神經網路進行訓練。最後證明將不同特徵透過各自適合的編碼輸入至融合的神經網路，能夠得到相較於單一特徵作為輸入或是不同特徵放入同一個向量作為輸入至神經網路更好的分類準確率。

In today's environment, the rapid development of information technology has made the popularity of the Internet increase year by year. In the case of very high Internet penetration, many organizations have begun to provide user services over the Internet, but the secret information provided by users when they want to use these services has become the target of malicious attackers. How to effectively protect users from malicious attackers is a big issue. The traditional way to identify malware is to use a signature database to compare and determine the identity of a malware, but today many malicious attackers start using automated malware production tools, through encoding, shell compression, and so on. A large number of malicious programs are being produced. In the face of the rapid increase in the number of features due to automated production, the traditional feature database comparison method faces severe challenges. Therefore, researcher has begun to try to introduce artificial neural networks to solve the problem. In our study, the artificial neural network was classified on malware by a large number of malware analysis reports provided by the National Center for High-Performance Computing. We use the log of malware run in the Cuckoo sandbox to perform dynamic analysis and extract features, and input different features with different encoding as input, and then perform training through the fusion artificial neural network. Finally, it is proved that different features can be input to the merged neural network through their respective features, and it is possible to obtain a better classification accuracy than inputting a single feature as an input or placing different features into the same vector as input to the neural network.

[1] International Telecommunication Union, The State of Broadband 2017, Retrieved 2017/07/03 from https://www.itu.int/dms_pub/itu-s/opb/pol/S-POL-BROADBAND.18-2017-PDF-E.pdf
[2] Boser, B. E., Guyon, I. M., & Vapnik, V. N. (1992, July). A training algorithm for optimal margin classifiers. In Proceedings of the fifth annual workshop on Computational learning theory (pp. 144-152). ACM.
[3] Hinton, G. E., & Salakhutdinov, R. R. (2006). Reducing the dimensionality of data with neural networks. science, 313(5786), 504-507.
[4] Ye, Y., Li, T., Adjeroh, D., & Iyengar, S. S. (2017). A survey on malware detection using data mining techniques. ACM Computing Surveys (CSUR), 50(3), 41.
[5] Ye, Y., Wang, D., Li, T., & Ye, D. (2007, August). IMDS: Intelligent malware detection system. In Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining (pp. 1043-1047). ACM.
[6] Ye, Y., Li, T., Chen, Y., & Jiang, Q. (2010, July). Automatic malware categorization using cluster ensemble. In Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining (pp. 95-104). ACM.
[7] Ye, Y., Chen, L., Wang, D., Li, T., Jiang, Q., & Zhao, M. (2009). SBMDS: an interpretable string based malware detection system using SVM ensemble with bagging. Journal in computer virology, 5(4), 283.
[8] Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM computing surveys (CSUR), 44(2), 6.
[9] Gandotra, E., Bansal, D., & Sofat, S. (2014). Malware analysis and classification: A survey. Journal of Information Security, 5(02), 56.
[10] Saxe, J., & Berlin, K. (2015, October). Deep neural network based malware detection using two dimensional binary program features. In Malicious and Unwanted Software (MALWARE), 2015 10th International Conference on (pp. 11-20). IEEE.
[11] Seok, S., & Kim, H. (2016). Visualized malware classification based-on convolutional neural network. Journal of the Korea Institute of Information Security and Cryptology, 26(1), 197-208.
[12] Dahl, G. E., Stokes, J. W., Deng, L., & Yu, D. (2013, May). Large-scale malware classification using random projections and neural networks. In Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on (pp. 3422-3426). IEEE.
[13] Huang, W., & Stokes, J. W. (2016, July). MtNet: a multi-task neural network for dynamic malware classification. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 399-418). Springer, Cham.
[14] Kolosnjaji, B., Eraisha, G., Webster, G., Zarras, A., & Eckert, C. (2017, May). Empowering convolutional networks for malware classification and analysis. In Neural Networks (IJCNN), 2017 International Joint Conference on (pp. 3838-3845). IEEE.
[15] Lin, C. T., Wang, N. J., Xiao, H., & Eckert, C. (2015). Feature Selection and Extraction for Malware Classification. J. Inf. Sci. Eng., 31(3), 965-992.
[16] Rieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008, July). Learning and classification of malware behavior. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108-125). Springer, Berlin, Heidelberg.
[17] Kruczkowski, M., & Szynkiewicz, E. N. (2014, August). Support vector machine for malware analysis and classification. In Proceedings of the 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT)-Volume 02 (pp. 415-420). IEEE Computer Society.
[18] Yue, S. (2017). Imbalanced malware images classification: a CNN based approach. arXiv preprint arXiv:1708.08042.
[19] Kalash, M., Rochan, M., Mohammed, N., Bruce, N. D., Wang, Y., & Iqbal, F. (2018, February). Malware Classification with Deep Convolutional Neural Networks. In New Technologies, Mobility and Security (NTMS), 2018 9th IFIP International Conference on (pp. 1-5). IEEE.
[20] Athiwaratkun, B., & Stokes, J. W. (2017, March). Malware classification with LSTM and GRU language models and a character-level CNN. In Acoustics, Speech and Signal Processing (ICASSP), 2017 IEEE International Conference on (pp. 2482-2486). IEEE.
[21] Kolosnjaji, B., Zarras, A., Webster, G., & Eckert, C. (2016, December). Deep learning for classification of malware system call sequences. In Australasian Joint Conference on Artificial Intelligence (pp. 137-149). Springer, Cham.
[22] Virustotal, Retrieved 2018/07/03 from https://www.virustotal.com/en/
[23] Tran, T. K., & Sato, H. (2017, November). NLP-based approaches for malware classification from API sequences. In Intelligent and Evolutionary Systems (IES), 2017 21st Asia Pacific Symposium on (pp. 101-105). IEEE.