Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious sample homology detection method based on image feature descriptor

A feature descriptor and image feature technology, applied in the field of network security, can solve problems such as weak scalability, weak expansion ability, and insufficient texture features, so as to improve computing efficiency and accuracy, reduce the number of groups and layers, The effect of improving anti-aliasing ability

Inactive Publication Date: 2018-02-02
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF14 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The existing homology analysis method of malicious samples based on dynamic behavior capture can comprehensively analyze the file operation and network behavior of malicious code, but its main disadvantages are large system overhead, weak scalability, and relatively short analysis cycle. The API call sequence diagram of the malicious code can be obtained through static disassembly, and the instruction information similarity and function call similarity between different samples can be compared, which can avoid the large system overhead of the dynamic behavior analysis method to a certain extent. The problem of long analysis period has also achieved some results, but this method has the problem that the analysis results are not accurate enough: through static decompilation and analysis of malicious samples, the API call graph obtained has an average of thousands of nodes, and some studies have used pruning methods Some useless nodes are removed to improve operating efficiency, but there are still a lot of noise points in the API call graph
[0008] In the above implementation scheme, the texture features extracted by the information entropy summary algorithm proposed by Qu Wu et al. are not obvious enough. The focus of this invention is to divide malicious code families through clustering algorithms, which requires a certain amount of manual intervention, and for emerging Malicious samples need to be clustered with all samples in the original library, which is inefficient and is only suitable for labeling, not for rapid analysis of sample homology; the scheme proposed by Kang Fei et al. and the scheme proposed by Jia Xiaoqi et al. The above belongs to the analysis method based on dynamic behavior capture, and it is still difficult to break through the problems of long analysis period and weak expansion ability of dynamic analysis method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious sample homology detection method based on image feature descriptor
  • Malicious sample homology detection method based on image feature descriptor
  • Malicious sample homology detection method based on image feature descriptor

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0050] The present invention provides a malicious sample homologous detection method based on image feature descriptors, which can visualize binary malicious programs without source code, and use image feature extraction methods to locate all feature points of each picture and extract feature descriptors to generate Image texture fingerprint information, so as to accurately and efficiently analyze the type and family of malicious programs. The invention relates to network security, and has an important application in the homology analysis of malicious software.

[0051] Many existing malicious sample variant implementation technologies need complex technical means to avoid in the background of the existing same-source detection technology, and each interference factor requires specific means to eliminate. This invention studies the malicious sample and vari...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious sample homology detection method based on an image feature descriptor. When the malicious sample homology detection method is used, malicious samples can be protected from confusion jamming, the homology of a malicious file can be quickly analyzed, and the method is high in efficiency, accuracy, robustness and expansibility. By use of the method, through a filevisualization algorithm, data preprocessing is carried out, the interference factors of a semantic level due to file decompiling or sand box operation are avoided, then, an image feature extraction technology is used in a homology analysis field to extract the feature descriptor of the malicious sample image, and a family feature description library is constructed by the image feature descriptor and is used for analyzing and comparing the homology of an unknown malicious program. The image feature descriptor obtained through the image feature extraction algorithm is high in robustness, and analysis efficiency and expansibility are high after the sample library is established.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for homologous detection of malicious samples based on image feature descriptors. Background technique [0002] In recent years, the number of malicious software has been increasing, the number of malicious code variants has also increased sharply, and the cost of variants has been continuously reduced. Malicious code production organizations are doing more and more work on evading detection or making minor changes. How to quickly and effectively analyze the types of malicious samples And homology has always been the focus and difficulty of network security research. [0003] At present, static analysis or dynamic analysis methods are mostly used for homology analysis, but the efficiency is low. The existing homology analysis method of malicious samples based on dynamic behavior capture can comprehensively analyze the file operation and network behavior of mali...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06K9/46G06K9/62
CPCG06F21/562G06V10/462G06F18/22
Inventor 赵小林薛静锋李旭辉王勇张漪墁
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com