Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for program recognition based on machine learning

A program identification and machine learning technology, applied in the computer field, can solve the problems of low efficiency and lag in identifying malicious programs, and achieve the effect of saving manpower and improving identification efficiency

Active Publication Date: 2018-01-16
BEIJING QIHOO TECH CO LTD
View PDF6 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present application provides a program identification method and device based on machine learning to solve the problem of low efficiency and lag in identifying malicious programs in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for program recognition based on machine learning
  • Method and device for program recognition based on machine learning
  • Method and device for program recognition based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0054] see figure 1 , a flow chart of the first embodiment of generating a model for identifying program types for this application:

[0055] Step 101: Input the extracted mass programs, the mass programs include malicious programs and non-malicious programs.

[0056] Step 102: extract class behavior features from each input program, and classify the extracted class behavior features.

[0057] Specifically, analyze each program file, extract predefined class behavior features from the program file, generate feature vectors according to the extracted class behavior features, and the black and white attributes of each feature vector, according to the known compiler entry instruction sequence Determine the type of compiler that compiles and generates the corresponding program.

[0058] The class behavior features in the embodiment of the present application are introduced in detail below. The class behavior features can be generally divided into import table library features an...

no. 1 example

[0151] see Figure 5 , which is the block diagram of the first embodiment of the program recognition device based on machine learning in this application:

[0152] The device includes: an extraction unit 510 , a classification unit 520 , a judgment unit 530 and an output unit 540 .

[0153] Wherein, the extracting unit 510 is configured to analyze an input unknown program, and extract class behavior features in the unknown program, where the class behavior features include import table library features and import table application programming interface API features;

[0154] A classification unit 520, configured to roughly classify the unknown program according to the extracted class behavior characteristics;

[0155] Judgment unit 530, configured to input the unknown program into the generated training model and the corresponding decision machine for judgment according to the result of the rough classification;

[0156] The output unit 540 is configured to output an identif...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a program identification method and device based on machine learning. The method comprises the following steps of analyzing input unknown programs and extracting the class behavior characteristics of the unknown programs, wherein the class behavior characteristics comprise imported table library characteristics and imported table application programming interface API characteristics; coarsely classifying the unknown programs according to the extracted class behavior characteristics; inputting the unknown programs into a generated training model and a corresponding decision-making machine for judging according to the result of coarse classification; outputting the identification result of the unknown programs, wherein the identification result is a malicious program or a non-malicious program. According to the program identification method and device disclosed by the invention, a machine learning technology is adopted; a model of identifying the malicious program based on the class behavior is obtained by carrying out extraction and analysis of class behavior characteristic on a large amount of program samples; due to the adoption of the model, great labor force can be saved, and the identification efficiency of the malicious program is increased.

Description

[0001] The patent application of the present invention is a divisional application of the Chinese invention patent application with the filing date of December 31, 2010, the application number of 201010620202.8, and the title of "Machine Learning-Based Program Recognition Method and Device". technical field [0002] The present application relates to the field of computer technology, in particular to a method and device for program recognition based on machine learning. Background technique [0003] Malicious programs are a special class of programs, they usually sneak into the user's computer system without the user's knowledge and authorization, and attack the user's system in an improved manner. Malicious programs may include viruses, backdoor programs, Trojan horse programs, macro viruses, boot sector viruses, script viruses, and the like. Before checking and killing malicious viruses, the malicious program must first be identified. Taking checking and killing viruses as...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06N5/02G06F17/30
CPCG06F21/561
Inventor 董毅周辉
Owner BEIJING QIHOO TECH CO LTD