A malicious code automatic detection platform and method

Abstract

The invention relates to a malicious code automated detection platform and method. The method comprises the steps that executable samples are automatically collected, pre-processing procedures of screening, detecting and the like are conducted on the executable samples, disassembly is conducted on the executable samples to extract operating code features of the executable samples, vectoring expression is conducted on the samples according to the extracted operating codes, a malicious code sorting detecting model is trained by using the vectoring samples, and the malicious code detecting modelobtained by training is used for detecting unknown executable samples to judge whether or not the unknown executable samples are malicious codes. According to the platform and method, disassembly operating code feature extraction is conducted on the samples by creatively using a linear scanning disassembly algorithm, detection can be conducted on the samples more rapidly, efficiently and accurately, in addition, automated collecting and preprocessing of the samples can be conducted, data set dividing, sample disassembling and operating code feature extracting can be conducted in an automated manner according to configurations.

Description

technical field [0001] The invention relates to a malicious code automatic detection platform and method, in particular to a malicious code automatic detection platform and method based on linear scan disassembly and extraction of operation code features, belonging to the field of information security technology. Background technique [0002] Malicious code, also known as malicious software, can be defined as a code sequence that threatens the confidentiality, integrity, and availability of a computer system or network system when executed in a certain environment, and has malicious intentions. Malicious codes can be divided into three categories according to their own operation, propagation and attack methods: worms, viruses, and Trojan horses. Although the types of malicious codes are distinguished in the present invention, usually in daily life, people generally refer to all types of malicious codes as viruses. In the present invention, the specific types of malicious co...

AI Technical Summary

Problems solved by technology

[0003] Although existing work (such as Shabtai et al [Shabtai A, Moskovitch R, Feher C, et al. Detecting unknown malicious code by applying classification techniques onopcode patterns [J]. Security Informatics, 2012, 1(1): 1.]) Malicious code detection using opcode features can detect malicious code more accurately and effectively, but there are still problems such as high failure rate of sample feature extraction, low extraction efficiency, and low utilization rate of training samples, which affect the efficiency and accuracy of malicious code detection.

[0004] Considering that this kind of malicious code detection based on text classification technology draws on the machine learning text classification technology, and the machine learning algorithm is a data-driven algorithm, there are at least two factors that will affect the performance of the malicious code detection model

Images