Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for program recognition based on machine learning

A program identification and machine learning technology, applied in the computer field, can solve the problems of low efficiency and lag in identifying malicious programs, and achieve the effect of saving manpower and improving identification efficiency

Active Publication Date: 2017-07-28
BEIJING QIHOO TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present application provides a program identification method and device based on machine learning to solve the problem of low efficiency and lag in identifying malicious programs in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for program recognition based on machine learning
  • Method and device for program recognition based on machine learning
  • Method and device for program recognition based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0056] see figure 1 , a flow chart of the first embodiment of generating a model for identifying program types for this application:

[0057] Step 101: Input the extracted mass programs, the mass programs include malicious programs and non-malicious programs.

[0058] Step 102: Extract features from each input program, and classify the extracted features.

[0059]Specifically, analyze each program file, extract predefined features from the program file, generate feature vectors according to the extracted features, and the black and white attributes of each feature vector, and compile and generate corresponding The program's compiler type.

[0060] Step 103: According to the result of the classification, different types of features are trained using different decision machines to generate a training model or a training model set for identifying malicious programs.

[0061] Wherein, different decision machines use the same or different methods to train the features, including...

no. 2 example

[0062] see Figure 2A , the flow chart of the second embodiment of generating a model for identifying program types for this application:

[0063] Step 201: Input the extracted mass programs, the mass programs include malicious programs and non-malicious programs.

[0064] Step 202: Analyze each program file, and extract predefined features from the program file.

[0065] Step 203: Generate feature vectors according to the extracted features, and the black and white attributes of each feature vector.

[0066] Different feature categories contain different numbers of specific features. Taking the feature category of compilers as an example, the specific features of compilers that can be included are: VC4, VC5, VC6, VC7, VC8, Delphi, and BC. In the embodiment of the present application, a classification identifier can be assigned to each feature classification, for example, the classification identifier of the compiler is "1", and for each specific compiler feature, a feature ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a program identification method and device based on machine learning. The program identification method based on machine learning comprises the steps that an input unknown program is analyzed, and the characteristics of the unknown program are extracted; the unknown program is classified according to the extracted characteristics; the unknown program is input into a generated training model and a corresponding decision-making machine to be judged according to a classification result; an identification result of the unknown program is output, and the identification result is that the unknown program is a malicious program or a non-malicious program. According to the program identification method and device based on machine learning, due to the fact that the machining learning technology is adopted, the model used for identifying malicious programs is obtained by analyzing a large number of program samples, a large amount of labor can be saved by using the model, and malicious program identification efficiency is improved; in addition, based on data mining of a huge number of programs, the inherent law of programs can be found out, malicious programs which do not appear can be prevented, and omission of malicious program elimination is avoided.

Description

[0001] The patent application of the present invention is a divisional application of the Chinese invention patent application with the filing date of November 29, 2010, the application number of 201010565513.9, and the title of "Machine Learning-Based Program Recognition Method and Device". technical field [0002] The present application relates to the field of computer technology, in particular to a method and device for program recognition based on machine learning. Background technique [0003] Malicious programs are a special class of programs, they usually sneak into the user's computer system without the user's knowledge and authorization, and attack the user's system in an improved manner. Malicious programs may include viruses, backdoor programs, Trojan horse programs, macro viruses, boot sector viruses, script viruses, and the like. Before checking and killing malicious viruses, the malicious program must first be identified. Taking checking and killing viruses as...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06N5/02
CPCG06F21/561
Inventor 周鸿祎董毅周辉
Owner BEIJING QIHOO TECH CO LTD