Malicious code obfuscation feature cleaning method

A technology of malicious code and feature selection method, applied in the field of machine learning information security, can solve problems such as poor timeliness, difficult system security, large computing resources, etc., to achieve the effect of improving effectiveness, prolonging effective time limit, and improving anti-interference.

Inactive Publication Date: 2018-07-17
BEIJING UNIV OF TECH
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method is based on the detection method of the program behavior itself, and does not take into account the problem of the program's calling of resources, so it cannot be well identified for some special variants of malicious code
Moreover, this method has poor timeliness, requires larg

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code obfuscation feature cleaning method
  • Malicious code obfuscation feature cleaning method
  • Malicious code obfuscation feature cleaning method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention is explained and elaborated below in conjunction with relevant accompanying drawings:

[0030] In order to make the object, technical solution and features of the present invention more clear, the present invention will be further described in detail below in conjunction with specific implementation examples and with reference to the accompanying drawings. The overall frame diagram of the method of the present invention is as figure 1 shown. The flow of each step is described as follows:

[0031] (1) Extract the original malicious code features based on the n-gram algorithm, and build an initial feature library.

[0032] (2) Randomly extract samples to study the confusion threshold. A linear fitting equation is trained to predict the confusion threshold for unknown samples.

[0033] (3) Clean the confusing features in the feature library based on the confusing feature cleaning method.

[0034] (4) Standardize the feature database.

[0035] (5...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious code obfuscation feature cleaning method, and belongs to the field of machine learning information safety. The method involves a feature selection method and an obfuscation feature cleaning method, and the effectiveness of a traditional malicious code feature extracting method is improved. Compared with the traditional malicious code feature extracting method, the malicious code obfuscation feature cleaning method can effectively prolong the effective time limit of a malicious code feature extracting algorithm, and improve the interference resistance of thefeature extracting algorithm. Firstly, a feature library is built through an n-gram feature extracting method. Since the feature extracting algorithm cannot solve the obfuscation operation problem ofmalicious codes, the feature library contains a large number of obfuscation feature values of the malicious codes. Through an obfuscation feature cleaning algorithm, the interference of abnormal datain a model identification rule can be removed. On this basis, from the aspect of the scale of a training dataset, a feature selection method is put forward. By means of the malicious code obfuscationfeature cleaning method, on the basis of guaranteeing that the model identification precision is not lowered, the number of features which are finally used in the model is effectively lowered.

Description

technical field [0001] The invention relates to a malicious code obfuscation feature removal method, which can improve the effective time limit of the traditional malicious code feature extraction method. It belongs to the field of machine learning information security, and involves the combination and use of machine learning classification algorithms and confusing feature removal and feature selection algorithms. Background technique [0002] According to Symantec statistics, most of the new malicious codes are generated after some transformation operations on the basis of the original malicious codes. Therefore, malicious code detection is usually based on feature vectors, which identify the essential characteristics of malicious codes. A good feature extraction algorithm is the core technology of malicious code variant detection. Common antivirus software usually uses a signature-based approach to identify malicious code. For a given set of malicious code samples, the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/562G06F18/214
Inventor 王栎汉宁振虎薛菲蔡永泉梁鹏
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap