Program recognition method and device based on machine learning

A program identification and machine learning technology, applied in the computer field, can solve the problems of low efficiency and lag in identifying malicious programs, and achieve the effect of saving manpower and improving identification efficiency

Active Publication Date: 2012-07-11
三六零数字安全科技集团有限公司
View PDF2 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present application provides a program identification method and device based on ma

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program recognition method and device based on machine learning
  • Program recognition method and device based on machine learning
  • Program recognition method and device based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

Example

[0053] see figure 1 , the flow chart of the first embodiment of generating a model for identifying program types for this application:

[0054] Step 101: Input the extracted massive programs, where the massive programs include malicious programs and non-malicious programs.

[0055] Step 102: Extract class behavior features from each input program, and classify the extracted class behavior features.

[0056] Specifically, analyze each program file, extract predefined class behavior features from the program file, generate feature vectors according to the extracted class behavior features, and the black and white attributes of each feature vector, according to the known compiler entry instruction sequence Determines the type of compiler that compiles the corresponding program.

[0057] The class behavior features in the embodiments of the present application are described in detail below. The class behavior features can be divided into import table library features and import ...

Example

[0150] see Figure 5 , which is a block diagram of the first embodiment of the program identification device based on machine learning:

[0151] The apparatus includes: an extraction unit 510 , a classification unit 520 , a judgment unit 530 and an output unit 540 .

[0152] Wherein, the extraction unit 510 is used to analyze the input unknown program, and extract the class behavior feature in the unknown program, and the class behavior feature includes the import table library feature and the import table application programming interface API feature;

[0153] A classification unit 520, configured to roughly classify the unknown program according to the extracted class behavior feature;

[0154] Judging unit 530, for inputting the unknown program into the generated training model and the corresponding decision-making machine for judgment according to the result of the rough classification;

[0155] The output unit 540 is configured to output an identification result of the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a program recognition method and device based on machine learning. The method comprises analyzing an inputted unknown program and extracting class behavior features of the unknown program, the class behavior features including library feature and application programming interface API (Application Program Interface) feature of an import table; coarsely classifying the unknown program according to the extracted class behavior features; inputting the unknown program to a generated training model and a corresponding decision machine to judge the unknown program according to the coarse classification result; and outputting the recognition result which shows that the unknown program is a malicious program or a non-malicious program. Based on machine learning technology, the method provided by the invention can obtain a model for recognizing malicious programs based on class behaviors by extracting and analyzing class behavior features of a large amount of program samples, and the model can save a large amount of man power and can improve malicious program recognition efficiency.

Description

technical field [0001] The present application relates to the field of computer technology, in particular to a method and device for program recognition based on machine learning. Background technique [0002] Malicious programs are a special class of programs, they usually sneak into the user's computer system without the user's knowledge and authorization, and attack the user's system in an improved manner. Malicious programs may include viruses, backdoor programs, Trojan horse programs, macro viruses, boot sector viruses, script viruses, and the like. Before checking and killing malicious viruses, the malicious program must first be identified. Taking checking and killing viruses as an example, in the prior art, the checking and killing is mainly carried out through character string signatures and simple manual summaries, and the viruses that are checked and killed are all already It is difficult to detect and kill new viruses. [0003] In the process of researching the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06N5/02G06F21/56
Inventor 董毅周辉
Owner 三六零数字安全科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap