Unlock instant, AI-driven research and patent intelligence for your innovation.

Malicious program dynamic identification method based on decision-making tree model

A malicious program and dynamic identification technology, applied in the field of information security, can solve the problems of complex identification process, low efficiency of manual analysis, and new malicious programs cannot be identified in time and effectively, so as to save manpower, improve accuracy and identification efficiency.

Inactive Publication Date: 2017-07-18
XINGHUA YONGHENG BEIJING TECH CO LTD
View PDF5 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] The purpose of the present invention is to provide a dynamic identification method for malicious programs based on a decision tree model, so as to realize intelligent and efficient analysis and identification of malicious programs, and solve the problem of complex identification process of existing malicious programs, low efficiency of manual analysis, and certain detection blank period in the identification method As a result, new types of malicious programs cannot be identified in a timely and effective manner, and developers of malicious programs hide malicious features by modifying them to cheat and bypass detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious program dynamic identification method based on decision-making tree model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention provides a dynamic identification method for malicious programs based on a decision tree model. Through the analysis of a large number of malicious program and non-malicious program samples, the feature identification nodes are dynamically extracted and combined into behavior vectors for decision tree learning, and finally through the decision tree Identify and judge malicious programs to improve detection efficiency and accuracy.

[0047] see figure 1 It is a schematic flow chart of the method of the present invention, and the specific process includes:

[0048] Step S101: Initialize the sandbox environment to ensure that the current environment is initial and not polluted by other samples;

[0049] Step S102: Collect a large number of malicious program samples and non-malicious program samples, and combine them into a training sample set for decision tree generation;

[0050]Step S103: The sandbox starts the collected malicious program (black s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious program dynamic identification method based on a decision-making tree model. The method comprise the steps of 1, establishing a behavior collection sandbox module; 2, collecting black and white samples to form a training sample set; 3, capturing all behaviors generated when samples are operated; 4, calculating and combining feature identification nodes and behavior vectors of various behaviors of white samples to obtain a white vector set; 5, calculating and combining the feature identification nodes and the behavior vectors of the various behaviors of black samples to form a black vector set; 6, training the white vector set, the black vector set and a machine learning model to generate a decision-making tree; 7, capturing complete behaviors based on unknown sample programs according to a sandbox; 8, calculating behavior feature identification of the unknown samples; 9, calculating the behavior vectors of the samples and inputting the behavior vectors into the decision-making tree for identification; and 10, outputting sample identification results by the decision-making tree. Through adoption of the steps, a malicious program dynamic identification purpose is achieved through utilization of the decision-making tree model, and the problem that the efficiency is low and a process is complex in a malicious sample analysis process is solved.

Description

[0001] 1. Technical field [0002] The invention provides a malicious program dynamic identification method based on a decision tree model, which relates to a dynamic malicious program detection and identification method and belongs to the field of information security. [0003] 2. Background technology [0004] With the popularization and development of the Internet, the dissemination and utilization of malware such as Trojan horse programs, downloaders, ransomware, and malicious macro files are also intensifying. A piece of malware may cause great harm to enterprises or users. Therefore, how to use Efficient and accurate identification has become a key point of computer security defense. [0005] The current detection methods mainly adopt signature-based detection and killing and heuristic artificial characteristic behavior detection and killing, that is, through manual analysis to identify the security of signature files, and extract representative malicious signatures or ma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/53G06K9/62
CPCG06F21/53G06F21/566G06F18/214G06F18/24323
Inventor 何永强袁伟华吕承琨刘静
Owner XINGHUA YONGHENG BEIJING TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com