A fast classification method of malicious code based on family gene code
A malicious code, family technology, applied in special data processing applications, instruments, electronic digital data processing, etc., can solve the problems of lack of accuracy and universality, small number of samples, and single form of malicious code behavior characteristic analysis. The effect of increasing stability and accuracy, increasing the speed of comparison and classification
Active Publication Date: 2017-06-06
XI AN JIAOTONG UNIV
View PDF3 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] The existing malicious code classification methods mainly start from the static or dynamic characteristics of malicious code, and most of them focus on the clustering and classification of known malicious code, and the classification effect on newly added malicious code is poor. The form of feature analysis is single and the number of samples is small, which lacks accuracy and universality
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0036] see figure 1 , the present invention relates to a method for quickly classifying malicious codes based on family gene codes, which can be used to quickly identify family information of newly added malicious codes, and realize rapid and accurate classification of massive malicious codes. The present invention includes two parts: the generation of family gene codes and the fast classification of malicious codes, and the specific implementation steps are as follows:
[0037] 1) The generation part of family gene code comprises the following steps:
[0038] (1) Obtain a malicious code sample set (including M malicious code samples).
[0039] (2) Disassemble each malicious code sample, analyze the disassembly results and obtain the static behavior information of the malicious code, including the API import table call behavior, then place the malicious code sample in a sandbox to run, and monitor its impact on The dynamic operation behavior of the host computer obtains the ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a rapid classification method of malicious codes based on family genetic codes. The method comprises performing character representation on the malicious codes by using behavior appearance frequencies on multiple behavioral aspects, generating the family genetic codes based on aggregation and difference among massive malicious code samples, and exactly and rapidly classifying the malicious codes by using the direct match between the family genetic codes and the added malicious code feature vectors. The method has the advantages that the action information of the malicious codes is described from multiple behavioral aspects, the family genetic codes are generated by using the aggregation and difference among similar malicious code samples, the exactness and universality for representing the malicious code family can be obviously improved; simultaneously, through the method of directly matching the malicious code feature vectors and the family genetic codes, the comparison and classification speed of the malicious codes can be effectively improved; furthermore, the algorithm of the whole process is highly automatic without human intervention; the stability and accuracy of the method are increased.
Description
technical field [0001] The invention relates to computer safety protection technology, in particular to a computer malicious code classification method. Background technique [0002] With the progress of society and the development of technology, computers have penetrated into all aspects of people's lives, and more and more personal information (such as pictures, videos, chat records, etc.) and sensitive information (such as bank account numbers, business information, etc.) are stored in the computer. At the same time, in recent years, the number of malicious codes whose main purpose is to embezzle and destroy these information has increased sharply, and it has many varieties and intelligent characteristics, which makes the identification and classification of computer malicious codes arouse the great attention of governments and people in various countries. . [0003] The existing malicious code classification methods mainly start from the static or dynamic characteristi...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F17/30G06F21/56
CPCG06F16/95G06F21/562
Inventor 沈超程颢张泽华管晓宏
Owner XI AN JIAOTONG UNIV