Method for automatically detecting core characteristics of malicious code

An automatic detection and malicious code technology, which is applied in the field of automatic detection of core features of malicious code and overall design of computer system security, can solve problems such as difficulty in extracting malicious code family features, and achieve the effect of not being easily confused and good detection effect

Active Publication Date: 2018-04-13
BEIJING UNIV OF TECH
View PDF5 Cites 48 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention solves the problem of difficult feature extraction of malicious code families in the malicious code classification and detection process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for automatically detecting core characteristics of malicious code
  • Method for automatically detecting core characteristics of malicious code
  • Method for automatically detecting core characteristics of malicious code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The technical solution adopted in the present invention is a method for automatically detecting core features of malicious codes, which is a method for core features of malicious codes based on machine learning algorithms. Through static analysis, this method extracts features such as image textures, key API calls, and key strings of malicious codes from the perspective of the actual security significance of malicious codes. The extracted features are learned through the random forest tree algorithm based on the normalized double feature library, and the core feature library of the malicious code family is obtained.

[0047] First, the overall structure of the core feature extraction method

[0048] Nowadays, malicious code samples often use multiple obfuscation methods, and a single feature extraction method is very easy to break. In order to improve the anti-interference performance of the finally extracted core features, the present invention uses three feature extr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for automatically detecting core characteristics of a malicious code, and belongs to overall design of computer system security. The method is a method for detecting the core characteristics of the malicious code based on a machine learning algorithm. Due to static analysis, from the perspective of the actual security significance of the malicious code, image texture, key API calling and key character string characteristics of the malicious code are extracted; the extracted characteristics are learned through a random forest tree algorithm based on a normalizedbicharacteristic library; therefore, a family core characteristic library of the malicious code is obtained; for the malicious code, image characteristics of the malicious code have better expressiveforce; therefore, a bicharacteristic sub-library is constructed; the image characteristics of the malicious code are warehoused independently; the fact that certain characteristic values in image characteristic vectors can be selected for training in characteristic fusion every time can be ensured; and thus, a classifier obtained by training has a certain accuracy rate.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method for automatically detecting core features of malicious codes, which belongs to the overall design of computer system security. Background technique [0002] Malicious programs are a major threat in today's Internet. From classic computer viruses to network worms to botnets, all computer systems connected to the network are targeted for attack. This type of threat is mainly driven by the black industry, which systematically uses the compromised host to achieve illegal purposes, such as spreading spam and obtaining confidential data. Unfortunately, traditional security technologies, such as anti-virus scanning, have become less reliable in the context of the growing number and diversity of malicious programs, resulting in thousands of hosts on the Internet facing the threat of malware. How to automatically process and analyze malicious programs has become the focus of cur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N99/00
CPCG06F21/562G06N20/00
Inventor 王栎汉宁振虎薛菲蔡永泉梁鹏
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap