Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious feature extraction method and device and storage media

A feature extraction and malicious technology, applied in the Internet and security fields, can solve the problems of low reporting rate, low family virus identification rate, and low efficiency, so as to improve the response speed, reduce the influence of human subjective factors, and save analysts Effect

Active Publication Date: 2014-03-12
TENCENT TECH (SHENZHEN) CO LTD
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. The professional skills of analysts are highly required, and the quality of extracted virus features determines the false alarm rate and reporting rate. On the one hand, the more common features extracted for a family of viruses (that is, viruses with basically the same behavior), The lower the possibility of false positives, but the lower the recognition rate for the variants of the family virus, that is, the lower the reporting rate; The higher the probability, that is, the higher the false positive rate; finding a balance point depends greatly on the experience of the analyst;
[0007] 2. The system responds slowly, and it takes time to analyze virus files and extract virus characteristics, resulting in some new viruses not being processed in time;
[0008] 3. Low efficiency. With the increase of virus database records, the time required to collide with each record will increase geometrically;
[0009] 4. The discovery of viruses is not timely. Compared with the massive new virus types, due to the limited processing ability of analysts, the processing of some viruses will only be discovered or taken seriously when the virus breaks out, and then processed. The virus has caused considerable damage

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious feature extraction method and device and storage media
  • Malicious feature extraction method and device and storage media
  • Malicious feature extraction method and device and storage media

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The solution of the embodiment of the present invention is mainly to: automatically perform vector conversion on known black file sets and white file sets, and perform dimension merging and screening on the converted vectors, so as to improve the extraction efficiency of malicious features.

[0029] The malicious file in the present invention may be a virus file or other malicious files, and the following embodiment uses a virus file as an example for illustration. Among them, the technical terms involved include:

[0030] Black Files: Virus Files

[0031] Black vectors: vectors converted from virus files

[0032] White files: normal non-virus files

[0033] White vector: the vector converted from a normal non-virus file

[0034] PE file: an executable file format under the windows system

[0035] Such as figure 1 As shown, a preferred embodiment of the present invention proposes a malicious feature extraction method, including:

[0036] Step S101, selecting a bla...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious feature extraction method and device and storage media. The method comprises the steps that black file sets used for extracting features and white file sets corresponding to the black file sets in number are selected; black files in the black file sets and white files in the white file sets are converted into multi-dimensional vectors; dimension combing and screening are conducted on the vectors of the black files in the black file sets and the white files in the white file sets, and the malicious features are extracted. Vector conversion is conducted on the known black file sets and the known white file sets, dimension combing and screening are conducted on the converted vectors, viruses and other malicious features can be automatically, timely, accurately and effectively extracted, a large number of analysis workers can be omitted, influence from human subjective factors is greatly reduced, and meanwhile reaction speed is greatly increased.

Description

technical field [0001] The present invention relates to the field of Internet technology, in particular to the field of security, in particular to a malicious feature extraction method, device and storage medium. Background technique [0002] With the development of Internet technology, the spread of viruses is also increasing. Viruses have caused great harm to the security of user information and user property. Therefore, the development of an antivirus engine that responds quickly, efficiently, and has a high rate of virus detection and accuracy has become the focus of today's Internet information security circles. [0003] The virus identification technology usually adopted by traditional antivirus engines is as follows: analysts analyze virus files, extract virus signatures, store virus signatures into the database, antivirus engines scan existing files according to the virus database, and report viruses if they encounter matching signatures. [0004] Existing technique...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 崔精兵杨宜于涛吴家旭白子潘
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com