Check patentability & draft patents in minutes with Patsnap Eureka AI!

Malware detection method based on http behavior graph

A malware and detection method technology, applied in the field of network security, can solve the problems of increasing difficulty in distinguishing normal software and malware, poor classification effect, etc.

Active Publication Date: 2021-08-20
SICHUAN UNIV
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The object of the present invention is to: provide the malicious software detection method based on HTTP behavior figure, solve current many malicious softwares and can produce legal HTTP flow, and regularly generate request, cause the difficulty of distinguishing normal software and malicious software to increase, classification effect is relatively poor bad question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware detection method based on http behavior graph
  • Malware detection method based on http behavior graph
  • Malware detection method based on http behavior graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] A kind of malicious software detection method based on HTTP behavior graph that the preferred embodiment of the present invention provides, comprises the following steps:

[0057] Step 1: Collect HTTP traffic generated by malware and benign software;

[0058] Step 1.1: Use cuckoo to build a sandbox to simulate the real use environment of the software;

[0059] Step 1.2: put the collected malware and benign software into the sandbox in turn, and collect the traffic generated by the malware and benign software;

[0060] Step 1.3: Input the collected website of Alexatop10000 into the sandbox, and collect the website traffic of Alexatop10000 in turn as a supplement of benign data;

[0061] Step 2: Use the collected traffic to build a behavior dendrogram corresponding to HTTP, such as figure 2 As shown, each tree of the behavior dendrogram represents the HTTP behavior activities of the client in the sandbox, and the behavior dendrogram includes a root node, a child node a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious software detection method based on an HTTP behavior diagram, which belongs to the technical field of network security. First, according to the collected HTTP traffic of known malicious or benign software, the collected traffic is built into an HTTP behavior tree diagram, and then the behavior tree diagram is extracted. The characteristics of each node in the graph are used to generate a feature dendrogram, and then the Graph Embedding algorithm is used to convert the feature dendrogram into a feature vector, and then the feature vector is input into the model for training and testing, and finally the detection model is used to detect and output the detection results. It solves the problem that many malicious software can generate legitimate HTTP traffic and generate requests regularly, which makes it more difficult to distinguish normal software from malicious software, and the classification effect is poor.

Description

technical field [0001] The invention belongs to the technical field of network security and relates to a malicious software detection method based on an HTTP behavior graph. Background technique [0002] Web-based services are increasingly used in Internet applications such as social networking or cloud computing. Additionally, due to the increase in network security threats, system administrators protect their networks by closing inward ports and allowing outgoing communication through selected protocols such as HTTP. Therefore, HTTP is a potential communication medium for insider security threats. [0003] When complex or new model malware generate legitimate HTTP traffic and have similar behaviors to normal software, it becomes more difficult to distinguish between normal and malicious activity by monitoring HTTP traffic, however analyzing HTTP activity is still valuable for malicious detection process. Cybercriminals or Internet spiders use web technologies as a commu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08G06N3/08
CPCG06N3/084H04L63/1416H04L63/145H04L67/02
Inventor 牛伟纳张小松卓中流
Owner SICHUAN UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com