Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malware classification method for optimizing feature extraction

A malicious software and classification method technology, applied in the field of information security, to achieve the effect of improving accuracy, reducing false alarm rate, and good classification effect

Active Publication Date: 2019-05-31
HARBIN ENG UNIV
View PDF6 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, traditional malware detection methods usually use digital signature technology, which has certain limitations in dealing with the surge in the number of malware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware classification method for optimizing feature extraction
  • Malware classification method for optimizing feature extraction
  • Malware classification method for optimizing feature extraction

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The present invention will be described in further detail below in conjunction with the accompanying drawings.

[0022] combine figure 1 , the implementation process of this method is divided into the following steps:

[0023] 1. Raw data feature processing: use IDA pro to disassemble all malware samples, the binary files of malicious code are disassembled to obtain their corresponding assembly codes, divide the assembly codes into basic blocks, scan each basic block separately, and select the The statement of the call instruction and the statement containing the jump instruction, such as jz, jmp, jnz, etc. The functions invoked by the call instruction are divided into two categories, user-defined functions and APIs. If the calling target is a self-defined function, enter the interior of the self-defined function, continue to scan its internal assembly statement, and filter its internal API. After the screening, according to the order of API execution and the jump st...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the field of information security, and particularly relates to a malicious software classification method for optimizing feature extraction. According to the method, the extraction mode of malicious software is optimized, and the convolutional neural network in deep learning is used as a main classifier. The single static feature cannot reflect the feature of the malware comprehensively, for example, the grayscale image can only represent the overall contour of the malware, and the API call image can only represent the control structure of the malware. Aiming at the problems, the method extracts the two features, and combines the two features into a dual-channel picture feature matrix to serve as the input of the convolutional neural network, so that the overall contour of the malicious software can be expressed, and the process which can be executed by the malicious software can be completely expressed. According to the method, the problem that malicious software cannot be completely embodied during sample feature extraction is effectively solved, and a good classification effect is achieved.

Description

technical field [0001] The invention belongs to the field of information security, and in particular relates to a malicious software classification method for optimizing feature extraction. Background technique [0002] Malware refers to various forms of malicious or intrusive software, such as computer viruses, worms, spyware, Trojan horses, adware, etc. These malware usually exist in the form of executable programs, scripts, etc. In the field of computer system security, an important issue is to detect and identify malicious software, so as to remove the malicious software before it runs, so as to avoid damage to the computer system or losses to users. Not only black hat hackers or other malicious software authors, but even software from reputable vendors can contain malicious code. For example, Sony once implanted Rootkits in the records it sold. This is a Trojan horse that is silently installed and hidden on the buyer's computer in order to prevent the illegal copying...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 李静梅吕图吴辉
Owner HARBIN ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products