Sample classification determination method for malware detection

A judgment method and sample technology, applied in the field of information security, can solve problems such as low detection efficiency and difficulty in finding similar samples, and achieve the effects of improving efficiency and accuracy, avoiding operations, and improving accuracy

Active Publication Date: 2017-03-22
东巽科技(北京)有限公司
View PDF5 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a sample category determination method for malware detection, to solv...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sample classification determination method for malware detection
  • Sample classification determination method for malware detection
  • Sample classification determination method for malware detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] A sample category judgment method for malware detection, through training and learning of the labeled sample set, an optimal model is obtained to judge whether the program to be tested is a malicious program, the specific process is as follows figure 1 shown, including the following steps:

[0044] Step 1 collects sample programs, manually classifies, judges and marks the programs, divides them into malicious programs and normal programs, and forms sample libraries respectively.

[0045] Combining the scanning results of various existing program detection tools and the judgment of manual analysis results for programs, as the classification standard for malicious program sets and normal program sets, manually mark the program sets.

[0046] Step 2 Submit the malicious program set and normal program set in the sample library to the virtual sandbox environment for operation, and generate a corresponding sample analysis report after each sample program in the sample program...

Embodiment 2

[0068] A sample category judgment method for malware detection, the number of collected marked malicious programs is far greater than the number of normal programs, the specific steps are as follows:

[0069] Step 1 collects marked malicious program sets and normal program sets as sample sets to form sample libraries respectively.

[0070] Step 2 Submit the malicious program set and the normal program set in the sample library to the virtual sandbox environment for operation, and generate a corresponding sample analysis report after each program in the program set runs.

[0071] Step 3 Analyze the sample analysis report, extract the unique feature combination information, and generate a feature vector set; split the malicious program feature vector set so that the number of malicious programs in each pile after splitting is approximately 1:1 with the number of normal programs, forming multiple training samples set.

[0072] like Figure 4 As shown, the training sample set is...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses a sample classification determination method, including the following steps: collecting a sample assembly to form sample databases separately; submitting assemblies in the sample databases to the virtual sandbox environment for operation and then generating corresponding sample analysis reports; analyzing the sample analysis reports, and extracting the unique feature combination information to generate a feature vector set; inputting the feature vector set into classifiers for training to obtain an optimum model; and inputting a program to be tested to the optimum model to obtain a determination result that the program to be tested is a malicious program or a normal program. The present invention improves the efficiency and accuracy of malware detection, avoids the complicated operation and high energy consumption in the dynamic detection technique, and greatly improves the detection speed on the basis of ensuring the accuracy.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a method for judging the category of samples used for malicious software detection. Background technique [0002] With the rapid development of today's Internet, personal computers, and mobile computing platforms, various malicious software emerges one after another and spreads at an extremely fast speed, seriously threatening the information security of end users. At the same time, the increasing amount and variety of malicious code, coupled with the rise of code obfuscation techniques, make it increasingly difficult to detect malware. Comprehensive research on malware is difficult. Before reverse engineering and building a timeline, researchers need to obtain a large number of samples from multiple development stages of malware, and use static and dynamic detection methods to study and analyze the malicious behavior of sample programs and the degree of cor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/562G06F18/285
Inventor 李薛吴来云张妍江志华
Owner 东巽科技(北京)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap