Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Spectral method for identifying computer software action

A computer and spectral method technology, applied in the field of identifying computer software behavior, can solve the problems of high false positive rate and high false negative rate

Inactive Publication Date: 2014-05-07
FUJIAN NORMAL UNIV
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Current methods use the underlying features representing software behavior (including signatures, API sequences, etc.) to predict software behavior through feature matching or sequential pattern matching based on machine learning. The former can only target known malware. Once the malware produces a variant , it is necessary to update the feature code library in time; the latter has the disadvantages of high false positive rate and high false negative rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Spectral method for identifying computer software action
  • Spectral method for identifying computer software action

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will be further described below in conjunction with accompanying drawing and specific embodiment:

[0032] The invention relates to a method for computer software behavior recognition, which uses a discrete hidden Markov model (Discrete Hidden Markov Model, referred to as DHMM) state transition probability (State transition probabilities) matrix and its emission probability (Emission probabilities) matrix Describe the behavior of the software, express the behavioral characteristics of the software based on the spectral decomposition (Spectral decomposition) result of the state transition probability matrix, and finally identify the similarity of the software behavior according to the behavioral characteristics and the emission probability matrix, the method flow is as follows figure 1 shown, including the following steps:

[0033] (1) Constructing a software behavior representation model: using DHMM model parameter dyads (A*, B*) to represent the s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a spectral method for identifying computer software action. The method comprises the steps that (1) a software action representation model is established; (2) software action features are extracted; and (3) software action similarity is measured. The spectral method has the advantages that high-layer soft action features are abstracted from low-layer features which represent software action, software action is described from the semantic layer, a discrete hidden Markov model (DHMM) modeling and spectral factorization method of a computer program is used for representing the software action features of the program quantificationally, and according to the similarity of a representation model and the action features, malicious software is identified.

Description

Technical field: [0001] The invention relates to a spectral method for identifying computer software behavior. Background technique: [0002] Computer software behavior recognition technology is used to assist in judging whether a computer program is malicious software (Malware). Current methods use the underlying features representing software behavior (including signatures, API sequences, etc.) to predict software behavior through feature matching or sequential pattern matching based on machine learning. The former can only target known malware. Once the malware produces a variant , it is necessary to update the feature code library in time; the latter has the disadvantages of high false positive rate and high false negative rate. Invention content: [0003] The purpose of the present invention is to overcome the deficiencies of the prior art and provide a spectrum method for identifying computer software behavior. [0004] In order to solve the above technical problem...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 陈黎飞陈可意
Owner FUJIAN NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products