A malicious code classification method based on deep forest

A malicious code and classification method technology, applied in the field of malicious code classification, can solve the problem of redistribution of malicious code binary files, etc., to achieve the effect of redistribution and high precision

Active Publication Date: 2019-02-15
中国人民解放军陆军炮兵防空兵学院郑州校区
View PDF9 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The technical problem mainly solved by the present invention is to provide a malicious code classification method based on deep forest with high classification accuracy, and solve the problem of redistribution of malicious code binary files

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A malicious code classification method based on deep forest
  • A malicious code classification method based on deep forest
  • A malicious code classification method based on deep forest

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0069] Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.

[0070] Those skilled in the art can understand that the relevant modules involved in the present invention and the functions realized are carried out on the improved hardware and the device, device or system formed by it, by carrying conventional computer software programs in the prior art or The relevant agreement can be realized, and it is not an improvement on the computer software program or the relevant agreement in the prior art. For example, an improved computer hardware system can still realize specific functions of the hardware sys...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious code classification method based on depth forest, belonging to the technical field of network security. The method comprises the following steps: performing data preprocessing, mapping malicious code binary file to image, zooming and standardizing the image; Extracting HOG eigenvector set of the image; The HOG eigenvector set is transformed into matrix, which isdivided into training set and test set. Constructing random forest; Constructing completely random forest; constructing Deep forest.wherein Deep forest is composed of multi-granularity scanning and cascade forests. Each layer is composed of equal number of random forests and completely random forests. Classifying The images with depth forests. The present application makes full use of the spatialsimilarity of malicious code images. The accuracy of classification and the accuracy of macro F1 measurement of the malicious code classification method based on the depth forest of the present application are high, and the problem of binary file reallocation is solved by scanning HOG feature matrices with windows of different sizes of the depth forest of the present application.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to a method for classifying malicious codes. Background technique [0002] With the vigorous development of the Internet, malicious code has become one of the main factors threatening Internet security. Malicious code images belonging to the same family have visual similarity after mapping malicious codes to images, and there are certain differences between malicious code images of different families. According to this characteristic of malicious code images, the features of malicious code images can be extracted and Malicious code is classified using a classification algorithm. For example, Nataraj L et al. mapped malicious code binary files to images, extracted the global features of the image by using the multi-scale and multi-directional characteristics of Gabor filter, and then used the nearest neighbor algorithm to classify malicious codes. Kancherla K et al. combin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/563G06V10/44G06F18/2411G06F18/24323G06F18/214
Inventor 钱叶魁卢喜东杜江杨瑞朋黄浩雒朝峰宋彬杰李宇翀
Owner 中国人民解放军陆军炮兵防空兵学院郑州校区
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap