Effective analysis of malware is of great significance in guaranteeing the reliability of the system operation. Malware can easily escape from existing dynamic analysis methods. Aiming at the deficiencies of current methods for detecting malware dynamically, a method of using hardware features is proposed, namely, a memory dump file is extracted and converted into a grayscale image, the image is converted into a fixed size, and the image feature is extracted using histogram of gradient, and the currently popular classifier algorithm is used to classify malware. Experiments are conducted using actual malware samples and the effectiveness of using memory dump file image is verified. This method is superior to the recently proposed hardware performance counter detection method.

对恶意软件的有效分析对于保证系统运行的可靠性具有重要意义。恶意软件很容易摆脱现有的动态分析方法。针对目前动态检测恶意软件的方法的不足，提出了一种利用硬件特征的方法，即提取内存转储文件并转换为灰度图像，将图像转换为固定大小，图像特征为使用梯度直方图提取，然后使用当前流行的分类器算法对恶意软件进行分类。使用实际的恶意软件样本进行了实验，并验证了使用内存转储文件映像的有效性。该方法优于最近提出的硬件性能计数器检测方法。