Multi-track malicious program feature detecting method based on data mining

A malicious program and feature detection technology, applied in electrical digital data processing, instrument, platform integrity maintenance, etc., can solve problems such as defects that cannot be overcome in static detection, achieve optimization of mining efficiency, ensure system and data security, and improve accuracy degree of effect

Active Publication Date: 2015-12-09
THE PLA INFORMATION ENG UNIV
View PDF4 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the above methods all statically extract behavioral fea

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-track malicious program feature detecting method based on data mining
  • Multi-track malicious program feature detecting method based on data mining
  • Multi-track malicious program feature detecting method based on data mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] Multi-track malicious program feature detection method based on data mining (such as figure 1 Shown) contains the steps of acquiring behavior track, fragmentation step, feature extraction and feature library construction step, and measurement detection step;

[0032] The behavior trajectory acquisition step acquires the system call sequence of the program's dynamic operation, which is the basis of the model;

[0033] The fragmentation step fragments the obtained software behavior track to meet the needs of the mining process;

[0034] The feature extraction and feature library construction steps use the improved sequential pattern mining algorithm (prefixspan-x algorithm) in data mining to obtain frequent subsequence sets of file streams, network streams, and resource streams, and remove normal program behavior track segments to construct malicious behaviors. Feature Library;

[0035] The metric detection step performs metric detection on the real-time running program...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a multi-track malicious program feature detecting method based on data mining. The multi-track malicious program feature detecting method comprises the step of behavior track acquiring, the step of zone partitioning, the step of feature extracting and feature library establishing and the step of magnanimity detecting. In the step of behavior track acquiring, a dynamically-operating system calling sequence of a program is obtained; in the step of zone partitioning, zone portioning is carried out on obtained software behavior tracks so as to adapt to the needs of the mining process; in the step of feature extracting and feature library establishing, a sequence mode mining algorithm improved in data mining is adopted for acquiring a data flow, network flow and resource flow behavior frequent subsequence set, removing normal program behavior track fragments and structure a malicious behavior feature library; in the step of magnanimity detecting, magnanimity detecting is carried out on a program operating in real time according to the structured three-dimensional feature library. The multi-track malicious program feature detecting method based on data mining is high in detection accuracy.

Description

(1) Technical field: [0001] The invention relates to a malicious program feature detection method, in particular to a data mining-based multi-track malicious program feature detection method. (two), background technology: [0002] At present, the detection method based on static reverse engineering is difficult to break through the anti-disassembly technology of malicious code, and cannot extract the characteristics of malicious code and implement detection; there is a serious lag in the update of the virus database of commercial anti-virus software based on the signature matching mechanism. However, the malicious behavior of malicious code and its variants is constant, so the feature extraction of malicious code should be dynamically analyzed from its runtime behavior. [0003] 1. Malicious code detection: [0004] Malicious code detection methods can be divided into two categories: heuristic-based detection methods and signature-based detection methods. The heuristic-bas...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 单征赵荣彩庞建明李男范超蔡洪波赵炳麟王银浩龚雪容蔡国明薛飞闫丽景贾珣徐晓燕王洋陈鹏魏亮
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap