Malware detection method based on dynamic multi-features
A technology of malware and detection methods, applied in the fields of instruments, electronic digital data processing, platform integrity maintenance, etc., can solve the problems that characteristic information is easily tampered and deceived, is not suitable for malware detection scenarios, and is difficult to detect malware, etc. , to achieve the effect of improving the generalization ability and classification accuracy, improving the variety and reliability, and improving the detection ability
Inactive Publication Date: 2018-12-18
TIANJIN UNIVERSITY OF TECHNOLOGY
View PDF5 Cites 10 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] In general, first, the current static detection and dynamic detection methods of malware mainly extract features from the host, and the security mechanism is often at the same privilege level as the malware, and the acquired feature information is easy to be tampered with and deceived; Second, in the existing feature extraction methods, only a single type of feature is often extracted, which makes it difficult to detect complex malware; third, the existing machine learning methods are often only based on a single classifier model, and the generalization ability of the overall classifier Poor, not suitable for malware detection scenarios based on multi-class features
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0036] The malware detection method based on dynamic multi-features provided by the present invention will be described in detail below in conjunction with the accompanying drawings and specific examples.
[0037] Such as figure 1 As shown, the malicious software detection method based on dynamic multi-feature provided by the present invention comprises the following steps carried out in order:
[0038] Step 1) After building the Xen virtualization platform on the physical machine, create a customer virtual machine and install the Windows operating system. After the Windows operating system is installed, save the memory snapshot of the operating system immediately to prevent the system from being polluted. The consistency of the system during the first detection, and then continuously deliver malware and normal software as samples to the client virtual machine running on the Xen virtualization platform;
[0039] Specific steps are as follows:
[0040] 1.1) Install the Xen vi...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
A malware detection method based on dynamic multi-features. The method comprises the following steps of continuously delivering malware and normal software as samples to a client virtual machine running on a Xen virtualization platform: obtaining memory dump files of the client virtual machine by using LibVMI; using Volatility Memory Forensics Analysis Framework, several kinds of dynamic featuresbeing extracted from memory dump files, and the feature set is composed of these dynamic features; selecting the best base classifier, construct the final ensemble classifier, inputting the feature set into the ensemble classifier, finding out the best feature combination and ensemble learning model as the classification results and other steps. The invention has the advantages that the variety and reliability of acquiring characteristic data can be effectively improved, and the overhead of data acquisition can be reduced; by using the ensemble learning model, the generalization ability and classification accuracy of the whole classifier are effectively improved, and the generality of the classification model for different kinds of malware detection is enhanced.
Description
technical field [0001] The invention belongs to the technical field of computer information security, in particular to a malware detection method based on dynamic multi-features. Background technique [0002] In recent years, with the increasing number and types of malware, in order to reduce the pressure of manual analysis, malware detection methods based on machine learning are widely used. Generally, malware detection methods based on machine learning mainly include two processes of feature extraction and modeling of classification / clustering algorithms. Among them, according to whether malicious software is running during feature extraction, it can be divided into two methods: dynamic detection and static detection. [0003] (1) Static detection [0004] Static detection means that malware features and possible malicious behaviors can be analyzed without running malware, so the analysis process is relatively simple, safe and reliable. The basic idea of static analys...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 张健高铖宫良一郑禄鑫周超群蔡长亮栗文真
Owner TIANJIN UNIVERSITY OF TECHNOLOGY