Malware detection method based on HTTP behavior graph

A malware and detection method technology, applied in the field of network security, can solve the problems of poor classification effect and difficulty in distinguishing normal software and malware, and achieve the effect of good classification effect and high classification accuracy

Active Publication Date: 2019-03-26
SICHUAN UNIV
View PDF7 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The object of the present invention is to: provide the malicious software detection method based on HTTP behavior figure, solve current many malicious softwares and can produce legal

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware detection method based on HTTP behavior graph
  • Malware detection method based on HTTP behavior graph
  • Malware detection method based on HTTP behavior graph

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0055] Example 1

[0056] A method for detecting malware based on an HTTP behavior graph provided by a preferred embodiment of the present invention includes the following steps:

[0057] Step 1: Collect HTTP traffic generated by malware and benign software;

[0058] Step 1.1: Use cuckoo to build a sandbox to simulate the real use environment of the software;

[0059] Step 1.2: Put the collected malware and benign software into the sandbox in turn, and collect the traffic generated by the malware and benign software;

[0060] Step 1.3: Enter the collected website of Alexatop10000 into the sandbox, and sequentially collect the website traffic of Alexatop10000 as a supplement to benign data;

[0061] Step 2: Use the collected traffic to build a behavior tree diagram corresponding to HTTP, such as figure 2 As shown, each tree of the behavior tree represents the HTTP behavior activity of the client in the sandbox, and the behavior tree includes a root node, child nodes and edg...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malware detection method based on an HTTP behavior graph, belonging to the technical field of network security. The malware detection method based on the HTTP behavior graphcomprises the following steps: building collected traffic into an HTTP behavior tree graph according to the collected HTTP traffic of known malicious or benign soft-wares; then extracting features ofeach node in the behavior tree graph to generate a feature tree graph; then converting the feature tree graph to a feature vector by using the Graph Embedding algorithm; then inputting the feature vector into a model for training and testing; and finally, detecting by a detection model and outputting a test result. The malware detection method based on the HTTP behavior graph solves the problem that many malware can generate legal HTTP traffic and generate a request periodically, which causes that the difficulty of distinguishing the normal software and the malware is increased and the classification effect is poor.

Description

technical field [0001] The invention belongs to the technical field of network security and relates to a malicious software detection method based on an HTTP behavior graph. Background technique [0002] Web-based services are increasingly used in Internet applications such as social networking or cloud computing. Additionally, due to the increase in network security threats, system administrators protect their networks by closing inward ports and allowing outgoing communication through selected protocols such as HTTP. Therefore, HTTP is a potential communication medium for insider security threats. [0003] When complex or new model malware generate legitimate HTTP traffic and have similar behaviors to normal software, it becomes more difficult to distinguish between normal and malicious activity by monitoring HTTP traffic, however analyzing HTTP activity is still valuable for malicious detection process. Cybercriminals or Internet spiders use web technologies as a commu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08G06N3/08
CPCG06N3/084H04L63/1416H04L63/145H04L67/02
Inventor 牛伟纳张小松卓中流
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap