Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Program recognition method and device based on machine learning

A program identification and machine learning technology, applied in the computer field, can solve the problems of low efficiency and lag in identifying malicious programs, and achieve the effect of saving manpower and improving identification efficiency

Active Publication Date: 2012-07-11
三六零数字安全科技集团有限公司
View PDF2 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present application provides a program identification method and device based on machine learning to solve the problem of low efficiency and lag in identifying malicious programs in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program recognition method and device based on machine learning
  • Program recognition method and device based on machine learning
  • Program recognition method and device based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0053] see figure 1 , a flow chart of the first embodiment of generating a model for identifying program types for this application:

[0054] Step 101: Input the extracted mass programs, the mass programs include malicious programs and non-malicious programs.

[0055] Step 102: extract class behavior features from each input program, and classify the extracted class behavior features.

[0056] Specifically, analyze each program file, extract predefined class behavior features from the program file, generate feature vectors according to the extracted class behavior features, and the black and white attributes of each feature vector, according to the known compiler entry instruction sequence Determine the type of compiler that compiles and generates the corresponding program.

[0057] The class behavior features in the embodiment of the present application are introduced in detail below. The class behavior features can be generally divided into import table library features an...

no. 1 example

[0150] see Figure 5 , which is the block diagram of the first embodiment of the program recognition device based on machine learning in this application:

[0151] The device includes: an extraction unit 510 , a classification unit 520 , a judgment unit 530 and an output unit 540 .

[0152] Wherein, the extracting unit 510 is configured to analyze an input unknown program, and extract class behavior features in the unknown program, where the class behavior features include import table library features and import table application programming interface API features;

[0153] A classification unit 520, configured to roughly classify the unknown program according to the extracted class behavior characteristics;

[0154] Judgment unit 530, configured to input the unknown program into the generated training model and the corresponding decision machine for judgment according to the result of the rough classification;

[0155] The output unit 540 is configured to output an identif...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a program recognition method and device based on machine learning. The method comprises analyzing an inputted unknown program and extracting class behavior features of the unknown program, the class behavior features including library feature and application programming interface API (Application Program Interface) feature of an import table; coarsely classifying the unknown program according to the extracted class behavior features; inputting the unknown program to a generated training model and a corresponding decision machine to judge the unknown program according to the coarse classification result; and outputting the recognition result which shows that the unknown program is a malicious program or a non-malicious program. Based on machine learning technology, the method provided by the invention can obtain a model for recognizing malicious programs based on class behaviors by extracting and analyzing class behavior features of a large amount of program samples, and the model can save a large amount of man power and can improve malicious program recognition efficiency.

Description

technical field [0001] The present application relates to the field of computer technology, in particular to a method and device for program recognition based on machine learning. Background technique [0002] Malicious programs are a special class of programs, they usually sneak into the user's computer system without the user's knowledge and authorization, and attack the user's system in an improved manner. Malicious programs may include viruses, backdoor programs, Trojan horse programs, macro viruses, boot sector viruses, script viruses, and the like. Before checking and killing malicious viruses, the malicious program must first be identified. Taking checking and killing viruses as an example, in the prior art, the checking and killing is mainly carried out through character string signatures and simple manual summaries, and the viruses that are checked and killed are all already It is difficult to detect and kill new viruses. [0003] In the process of researching the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06N5/02G06F21/56
Inventor 董毅周辉
Owner 三六零数字安全科技集团有限公司
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com