Recently, with the rapid increase in the number of malware, the traditional machine learning-based malware classification methods are faced with the severe challenge of efficiently and accurately detecting a large number of malicious programs. To meet this challenge, malware classification based on malware image and deep learning has become an effective solution. However, it is difficult to identify the section distribution information such as the number, order, and size of sections from the current gray images converted by the binary sequences of PE files. Therefore, this article proposes a novel visualization method that introduces the Colored Label boxes (CoLab) to mark the sections of a PE file to further emphasize the section distribution information in the converted malware image. Moreover, a malware classification method called MalCVS (Malware classification using CoLab image, VGG16, and Support vector machine) is constructed. The experimental results of the malware collected from VX-Heaven and Virusshare as well as the Microsoft Malware Classification Challenge dataset showed that MalCVS can effectively classify malware into families with high accuracy. The average accuracies of MalCVS are respectively 96.59% and 98.94% on the two datasets.

近年来，随着恶意软件数量的快速增长，传统的基于机器学习的恶意软件分类方法面临着高效准确检测大量恶意程序的严峻挑战。为了应对这一挑战，基于恶意软件图像和深度学习的恶意软件分类已成为一种有效的解决方案。但是，从PE文件的二进制序列转换后的当前灰度图像中，很难识别出节的数量、顺序、大小等节分布信息。因此，本文提出了一种新颖的可视化方法，引入彩色标签框（CoLab）来标记PE文件的部分，以进一步强调转换后的恶意软件图像中的部分分布信息。而且，构建了一种称为 MalCVS（使用 CoLab 图像、VGG16 和支持向量机的恶意软件分类）的恶意软件分类方法。从 VX-Heaven 和 Virusshare 以及 Microsoft Malware Classification Challenge 数据集收集的恶意软件的实验结果表明，MalCVS 可以有效地将恶意软件分类为家族，并且准确率很高。MalCVS 在两个数据集上的平均准确率分别为 96.59% 和 98.94%。