Multi-model Malicious Code Detection Method Based on Confidence Probability Interval

A technology of malicious code detection and probability interval, which is applied in the field of computer anti-virus, can solve problems such as concept drift, and achieve the effect of coping with mutation and good mutation

Active Publication Date: 2021-07-20
NANKAI UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to solve the problem of concept drift faced by the existing botnet detection model based on static thresholds, and to provide a multi-model malicious code detection method based on the statistical learning confidence probability interval

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-model Malicious Code Detection Method Based on Confidence Probability Interval
  • Multi-model Malicious Code Detection Method Based on Confidence Probability Interval
  • Multi-model Malicious Code Detection Method Based on Confidence Probability Interval

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention takes the detection of botnets as an example for specific description, and the underlying scoring functions take KNN and KDE algorithms as examples, and any machine learning algorithm that uses threshold comparison can be applied to the method as a scoring function.

[0047] 1. Malicious behavior on the Internet

[0048] In this embodiment, a data set containing real network communication traffic is used, and the data set includes three types of botnets: IRC, HTTP, and P2P.

[0049] IRC botnet dataset (sample):

[0050]

[0051] HTTP botnet dataset (sample):

[0052]

[0053] P2P botnet dataset (sample):

[0054]

[0055] 2. Extract network behavior features

[0056] In this embodiment, 10 features related to each network trace are extracted. These characteristics include communication frequency, communication duration, number of bytes sent and received, number of packets sent and received, protocol type and proportion of using 3 ports...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a multi-model malicious code detection system based on reliability interval. Each machine learning detection model corresponds to a distribution of the underlying data, and various threshold-based detection models can be integrated into the statistical platform of the present invention to realize the distribution of detection code data from multiple perspectives and alleviate the concept drift zone. model degradation problem. The detection system changes the prediction mode of 0 or 1 of the existing machine learning detection model, performs statistical analysis based on the scores calculated by the existing detection model, and establishes an order-preserving regression function for the score distribution of the samples and the labels of the samples. For unknown samples, according to the score given by the existing detection model and input the calculated protection regression function, the reliability probability interval predicted to be a certain label can be given. This probability interval can alleviate the fixed threshold on the training data set. Over-fitting problem, improve the adaptability of the detection model to the current dynamic data, and discover the concept drift phenomenon in advance.

Description

technical field [0001] The invention belongs to the technical field of computer antivirus. Background technique [0002] It is difficult for manual analysis to analyze such a large amount of newly added malicious codes in a timely manner, so machine learning technology has been widely applied to malicious code analysis and detection systems. However, driven by economic interests, the mutation and evolution of network security threats are getting faster and faster. While the number is increasing, more than 70% of new malicious code samples adopt self-protection techniques to evade machine learning, and some samples even Various evasion techniques are used. Therefore, the data distribution and saliency level of malicious codes are constantly changing over time, resulting in the detection model based on machine learning, compared with speech recognition models, face recognition models, text recognition models, etc., there is a serious problem of rapid aging. Contents of the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/563G06F2221/033G06F18/24147G06F18/2415
Inventor 王志邱克帆胡誉川高欢芝张倚铭程校
Owner NANKAI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap