Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software detection method, device, equipment and storage medium

A software detection and software technology, which is applied in the detection field, can solve problems such as difficulty in coping with the massive confusion of virus generators, difficulties in word segmentation and segmentation of character strings, and inconsistencies in the number of features, so as to improve the accuracy of discrimination, reduce the difficulty of training, and increase the speed of training Effect

Active Publication Date: 2019-12-13
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. One-hot encoding is more effective when the number of strings in the string collection and the name of the string are determined. However, the string features extracted from malware are infinite because the total amount of malware is unlimited, and new malware emerges one after another. , so relying on the string set of training samples to estimate the string set of the overall sample will bring a large bias;
[0007] 2. Converting strings to AscII codes can indeed convert string-type features into numeric-type features, but since the lengths of string features extracted from different samples may be inconsistent, and thus the number of converted features is also inconsistent, how to convert strings in the form of AscII codes It is more difficult to perform word segmentation and segmenting, and it is still necessary to design an algorithm to convert the dimension of the feature matrix input into the machine learning model to be consistent, so the complexity is still high;
[0008] 3. It is difficult to cope with the massive confusion generated by the virus generator, string variants, artificial interference, sand mixing and other ways to resist the detection of the virus detection engine
[0009] It can be seen that the existing malware feature extraction methods based on machine learning detection methods cannot meet the requirements, so how to convert the complex character string features extracted from malware samples into features that are easy to be processed by machine learning algorithms, so as to reduce the Difficulty of model training, improve training speed, become the technical problem to be solved by the present invention

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software detection method, device, equipment and storage medium
  • Software detection method, device, equipment and storage medium
  • Software detection method, device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0049]In the first embodiment of the present invention, a software detection method is provided, aiming at proposing a software detection method based on hybrid non-encrypted hash features for the defects of existing malicious software detection methods. Specifically, such as figure 1 As shown, the method described in this embodiment includes the following steps:

[0050] Step S101, extracting numerical features and non-numerical ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a software detection method, device and appartus and a storage medium. The method comprises the following steps of: extracting numerical type features and non-numerical type features contained in each sample in a software sample library; processing the non-numeric features by using the selected N non-encrypted hashing algorithms, and converting the processing results into numeric features; The N is an integer greater than 1; constructing a feature matrix according to the numeric feature contained in each sample and the numeric feature converted; training a machine learning classifier using the feature matrix; using the machine learning classifier, the target software is detected. The invention can convert the complex character string feature extracted from the malicious software sample into the hash feature which is easy to be processed by the machine learning algorithm, thereby reducing the difficulty of the model training, remarkably improving the training speed, reducing the space overhead and improving the malicious software discrimination accuracy.

Description

technical field [0001] The invention relates to the technical field of detection, in particular to a software detection method, device, equipment and storage medium. Background technique [0002] Malicious software mainly includes destructive computer viruses, worms, Trojan horse backdoors, exploit programs, advertising phishing codes, etc. These malicious software can be combined with various evasion techniques and security holes to break through the monitoring of existing traditional defense systems and threaten users. interests are greatly destructed. The purpose of a malware detection system is to discover malware mixed with normal files in a timely manner, take measures autonomously as much as possible before it produces destructive effects, and notify users in a timely manner. [0003] Currently, malware detection methods include static file analysis detection and dynamic behavior analysis detection. Existing malware static detection technologies mainly rely on artif...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/12
CPCG06F21/12
Inventor 庞瑞张宏君
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products