Method for detecting unknown malicious code

A malicious code and detection method technology, which is applied in the direction of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve the problems of undetectable, continuous update, malicious code damage, etc., and achieve the effect of improving the detection speed

Inactive Publication Date: 2011-08-03
NORTH CHINA ELECTRIC POWER UNIV (BAODING)
View PDF3 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of the above two detection methods is that the malicious code database must be constantly updated, otherwise new types of malicious code can bypass detection
In addition, these two technologies are post-event detection technologies, which cannot detect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting unknown malicious code
  • Method for detecting unknown malicious code
  • Method for detecting unknown malicious code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The preferred embodiments will be described in detail below in conjunction with the accompanying drawings. It should be emphasized that the following description is only exemplary and not intended to limit the scope of the invention and its application.

[0027] The idea of ​​solving the problem of the present invention is: take files containing malicious codes and file sets not containing malicious codes as training samples, and use manifold learning algorithm to perform feature selection on the training set files, so that each file corresponds to a feature vector, and the features The vector is used as input to the kernel coverage classification algorithm to train the kernel coverage classifier. Finally, feature selection is performed on the unknown file to generate the corresponding feature vector, which is used as the input of the classifier to classify it, so as to distinguish whether it is a malicious file or a non-malicious file.

[0028] The specific implementa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting an unknown malicious code in the technical field of information safety, which can detect the malicious code in a file in advance under the situation that a malicious code library is not updated. The method comprises the following steps: extracting the feature vector of a file in a training set by utilizing a Byte n-grams method; carrying out the dimension reduction to the extracted feature vector of the file in the training set by adopting a local linear embedding algorithm; taking the feature vector after being subjected to dimension reduction as input, training a kernel cover classifier by utilizing a kernel cover learning algorithm; extracting the feature vector of the file in a test set by utilizing the Byte n-grams method again; carrying out the dimension reduction to the extracted feature vector of the file in the test set by adopting the local linear embedding algorithm; inputting a result after being subjected to dimension reduction into the kernel cover classifier for classification; and calculating the classification result and determining whether the file in the test set contains the malicious code. With the adoption of the method, the detection speed of the file is improved, and the advanced accuracy detection of the malicious code is realized.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a method for detecting unknown malicious codes. Background technique [0002] At present, malicious codes are ubiquitous on the Internet, and their dissemination, harm, and concealment are constantly improving, so that the detection of computer malicious codes is facing a huge challenge. There are two main types of existing computer malicious code detection technologies, one is the pattern matching technology based on signatures, and the other is the detection technology based on malicious code behavior rules. [0003] The signature-based pattern matching technology is to manually analyze the malicious code file after it appears, extract the signature that can uniquely identify the malicious code file, and upgrade the signature to the malicious code signature database, and then The feature code library is provided to the user to detect and kill malicious...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/56
Inventor 李元诚李盼
Owner NORTH CHINA ELECTRIC POWER UNIV (BAODING)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap