Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious code homologous judgment method based on deep learning

A malicious code, deep learning technology, applied in the field of Internet information security, can solve problems such as no description or report found, and data not yet collected, to achieve the effect of system automation and improved accuracy

Inactive Publication Date: 2018-11-13
SHANGHAI JIAO TONG UNIV
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] At present, there is no description or report of the similar technology of the present invention, and no similar data at home and abroad have been collected yet.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code homologous judgment method based on deep learning
  • Malicious code homologous judgment method based on deep learning
  • Malicious code homologous judgment method based on deep learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0035] This embodiment provides a method for judging the same source of malicious code based on deep learning, including the following steps:

[0036] Step 1: Malicious code preprocessing. Use the IDA tool to disassemble the malicious code to be determined, and get the core binary content through regular expression matching, and remove useless information at the same time.

[0037] The core binary content is specifically, after the malicious code is disassembled, the assembly code is obtained, and the IDA tool marks the code segment (".text"), data segment (".data", ".rdata", ". .idata") and the resource segment (".rsrc"). In this embodiment, the code segment and the data segment are regarded as the core content of the malicious code, and the resource segment is ignored.

[0038] The removal of useless information specifically means that there is a data alignment pseudo-instruction (align) in the code to improve access efficiency, which has no practical significance for judgm...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious code homologous judgment method based on deep learning. The method comprises the following steps: disassembling the to-be-judged malicious code by using an IDA tool,obtaining the core binary content therein through regular expression matching, and removing useless information at the same time; receiving the binary content as the input, mapping the binary contentas the malicious code image by using the malicious code visualization algorithm; training a deep learning model convolutional neural network by adopting a sample set composed of the malicious code image and a label value, thereby obtaining a mature judgment model; and receiving the to-be-judged malicious code as the input to accomplish the homologous judgment. The homogeneous judgment task is converted into an image classification task through the malicious code visualization algorithm, and the available malicious code homogeneous judgment method is realized by combining the deep learning judgment model. And the homogeneous judgment technology with higher judgment accuracy rate in comparison with the existing system is realized.

Description

technical field [0001] The present invention relates to the technical field of Internet information security. Specifically, it relates to a method for judging the same origin of malicious codes based on deep learning. Through a malicious code visualization algorithm, the same-origin judging task is converted into an image classification task, combined with a deep learning judging model , which implements a usable malicious code homology determination method. Background technique [0002] With the advent of the Internet age and the rapid development of information technology, while providing people with various conveniences, it also brings potential information security issues, especially network security issues, which threaten the security of user information and property, and the proliferation of malicious codes is one of them. Malicious code refers to the implementation code of all software carrying malicious attacks. It is a program code that violates the security policy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06N3/04
CPCG06F21/563G06N3/045
Inventor 褚乾峰朱信宇许镇泉刘功申
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com