Network behavior characteristic clustering analysis-based malicious code detection method

A malicious code detection and cluster analysis technology, applied in the field of malicious code detection, can solve problems such as dependence and unsatisfactory accuracy of detection efficiency, and achieve the effect of solving too time-consuming

Inactive Publication Date: 2018-11-06
HARBIN ENG UNIV
View PDF1 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are still many disadvantages and defects in the traditional detection methods, for example, for malicious code variants, packing and other deformation methods, its detection efficiency and accuracy are not ideal
[0004] Although the traditional malicious code detection technology can detect malicious code to a certain extent, it still relies on manual feature analysis.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network behavior characteristic clustering analysis-based malicious code detection method
  • Network behavior characteristic clustering analysis-based malicious code detection method
  • Network behavior characteristic clustering analysis-based malicious code detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The malicious code detection method based on network behavior feature cluster analysis of the present invention specifically comprises the following steps:

[0046] Step 1. Feature analysis

[0047] Step 2. Feature extraction

[0048] Step 3, cluster analysis

[0049] 1. The present invention is mainly aimed at analyzing the network behavior characteristics of botnets and Trojan horses.

[0050] (1) Active Behavior

[0051] Behavior of active connections and long-term communication with all suspicious servers (eg: unknown hosts). For suspiciously active connections from external network IP addresses to local area network IP addresses, it can be described by three characteristic values, including active time, active ratio and active weight. This network behavior reflects the behavior of long-term communication behavior with all suspicious external hosts. Therefore, these three characteristic values ​​belong to the active behavior characteristics.

[0052] (2) Failu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a network behavior characteristic clustering analysis-based malicious code detection method, which comprises the following steps: Step 1, mainly performing characteristic analysis on a zombie network and a Trojan network; Step 2, performing network characteristic extraction by use of an MFAM-NB (Magnetic Random Access Memory-Narrow Band) framework; and Step 3, detecting a malicious code by use of an adaptive weight-based k-Means clustering algorithm. The method can solve the problem that a malicious network can easily change package contents and stream characteristics toavoid detection of the malicious code and can solve the problem of dependency of a traditional malicious code detection method on manual characteristic extraction. The adaptive weight-based k-Means malicious code detection algorithm adopted in the method can solve the problem of inaccurate detection of the malicious code due to inappropriate selection of the traditional k-Means algorithm for an initializing center and can solve the problem of long time of the k-Means algorithm for processing a characteristic set with a large data volume.

Description

technical field [0001] The invention relates to a malicious code detection method. Background technique [0002] With the rapid advancement of network information technology, people are particularly dependent on computers in terms of life, education and medical care. The open computer platform enables everyone to obtain the information they need from the Internet. People can use the Internet at will and publish information through the platform. It is this absolute freedom that leads to increasingly serious information security problems. Driven by profit, more and more developers are constantly investing in the research and development of malicious code. These malicious codes have seriously affected the development of the entire country, and even the entire world, both in terms of economy and life. [0003] Malicious codes have caused huge economic losses to entire countries in cybersecurity incidents. Malicious code mainly includes botnets, worms, Trojan horses, logic bo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1416H04L63/145G06F18/23213
Inventor 玄世昌苘大鹏王巍杨武张莹
Owner HARBIN ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap