Unlock instant, AI-driven research and patent intelligence for your innovation.

A Bayesian network-based malicious document detection method and device

A Bayesian network and Bayesian technology, applied in computer security devices, instruments, computing, etc., can solve the problem of unrecognizable unknown malicious documents, and achieve the effect of improving detection accuracy and improving detection accuracy

Active Publication Date: 2021-11-02
PEKING UNIV
View PDF6 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method can quickly and accurately detect known malicious documents, but cannot identify unknown malicious documents

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Bayesian network-based malicious document detection method and device
  • A Bayesian network-based malicious document detection method and device
  • A Bayesian network-based malicious document detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] Below in conjunction with accompanying drawing, further describe the present invention through embodiment, but do not limit the scope of the present invention in any way.

[0028] The present invention provides a malicious document detection method and device based on the Bayesian network. By abstracting the document into a feature matrix representation, the relevant information of the document that can be used for malicious detection can be retained to the greatest extent, and useless redundant information can be eliminated. The Bayesian network structure represents the causal probability relationship between various features and whether it is a malicious document, and further uses the Bayesian network structure to calculate the posterior probability of the feature matrix of the document, so as to effectively judge whether the document is malicious.

[0029] figure 1 It is a flow chart of the detection method of the present invention. The concrete implementation of th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious document detection method and system based on a Bayesian network, by abstracting the document into a feature matrix representation; using a Bayesian network structure to represent the causal probability relationship between various features and whether it is a malicious document; using The Bayesian network structure calculates the posterior probability of the feature matrix of the document; thus effectively judging whether the document is a malicious document. Including: determining the basic feature indicators of the model, constructing a Bayesian network structure, and calculating the posterior probability of a document being a malicious document or a normal document according to the Bayesian network structure. By adopting the technical solution of the present invention, documents in various formats are detected by means of combined analysis of static features and dynamic features based on the Bayesian network, and the detection accuracy is effectively improved.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a Bayesian network-based malicious document detection method and device. Background technique [0002] With the further improvement of network informatization, advanced persistent attack APT (Advanced Persistent Threat) incidents have increased in recent years, which poses a serious threat to the security and development of the country and enterprises, and also causes immeasurable economic losses. In APT attacks, malicious documents are often used for single-point breakthroughs. Malicious documents specifically refer to document-type vulnerability exploit tools used in network attacks, especially APT attacks, to implant malicious programs. Malicious documents According to different document formats, there are many different variants of parsing program vulnerabilities, most of which use shellcode as a carrier to attack. [0003] At present, the detection method for know...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/53
CPCG06F21/53G06F21/562G06F21/566
Inventor 文伟平李经纬
Owner PEKING UNIV