Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Multi-model malicious code detection method based on reliability probability interval

A classification method and algorithm technology, applied in character and pattern recognition, instrument, platform integrity maintenance, etc., can solve problems such as concept drift, and achieve the effect of coping with variation and improving variation

Active Publication Date: 2018-10-09
NANKAI UNIV
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to solve the problem of concept drift faced by the existing botnet detection model based on static thresholds, and to provide a multi-model malicious code detection method based on the statistical learning confidence probability interval

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-model malicious code detection method based on reliability probability interval
  • Multi-model malicious code detection method based on reliability probability interval
  • Multi-model malicious code detection method based on reliability probability interval

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention takes the detection of botnets as an example for specific description, and the underlying scoring functions take KNN and KDE algorithms as examples, and any machine learning algorithm that uses threshold comparison can be applied to the method as a scoring function.

[0047] 1. Malicious behavior on the Internet

[0048] In this embodiment, a data set containing real network communication traffic is used, and the data set includes three types of botnets: IRC, HTTP, and P2P.

[0049] IRC botnet dataset (sample):

[0050]

[0051] HTTP botnet dataset (sample):

[0052]

[0053] P2P botnet dataset (sample):

[0054]

[0055] 2. Extract network behavior features

[0056] In this embodiment, 10 features related to each network trace are extracted. These characteristics include communication frequency, communication duration, number of bytes sent and received, number of packets sent and received, protocol type and proportion of using 3 ports...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a multi-model malicious code detection system based on reliability probability interval. Each machine learning detection model corresponds to a distribution of the underlying data, and various threshold-based detection models can be integrated into the statistical platform, so that the distribution of the semantic code data is detected from the multi-angle view, and the model degradation problem caused by the concept drift is relieved. The detection system changes the prediction mode of 0 or 1 of the existing machine learning detection model, calculates the score based on the existing detection model, carries out statistical analysis, and establishes a isotonic regression function for the score distribution of the sample and the label of the sample. For an unknown sample, according to the score given by the existing detection model, the calculated isotonic regression function is input, the reliability probability interval of a certain label can be given, and theprobability interval can relieve the problem of over-fitting of the fixed threshold to the training data set, the adaptive ability of the detection model to the current dynamic data is improved, and the concept drift phenomenon is found in advance.

Description

technical field [0001] The invention belongs to the technical field of computer antivirus. Background technique [0002] It is difficult for manual analysis to analyze such a large amount of newly added malicious codes in a timely manner, so machine learning technology has been widely applied to malicious code analysis and detection systems. However, driven by economic interests, the mutation and evolution of network security threats are getting faster and faster. While the number is increasing, more than 70% of new malicious code samples adopt self-protection techniques to evade machine learning, and some samples even Various evasion techniques are used. Therefore, the data distribution and saliency level of malicious codes are constantly changing over time, resulting in the detection model based on machine learning, compared with speech recognition models, face recognition models, text recognition models, etc., there is a serious problem of rapid aging. Contents of the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/563G06F2221/033G06F18/24147G06F18/2415
Inventor 王志邱克帆胡誉川高欢芝张倚铭程校
Owner NANKAI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products