Supercharge Your Innovation With Domain-Expert AI Agents!

Malicious file detection technology based on random forest algorithm

A random forest algorithm and malicious file technology, applied in the field of malicious file detection based on random forest algorithm, can solve the problems of inability to identify malicious file types, high false negative and false positive rates, and inability to effectively identify unknown malicious programs, etc. The effect of low false negatives and false positives, low consumption, and enhanced identification capabilities

Pending Publication Date: 2019-10-15
蓝盾信息安全技术有限公司
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, the detection and killing based on the signature code is based on the detection of antivirus software technology. This method cannot effectively identify unknown malicious programs. Only when the signature code of the malicious program is added to the virus database can it be detected.
The heuristic artificial characteristic behavior detection and killing is to describe and analyze the behavior characteristics of a large number of viruses, and use the classic virus behavior characteristic string as the detection standard.
[0004] The above rule-based detection scheme can only detect known malicious file types, but cannot better identify increasingly newer malicious file types

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious file detection technology based on random forest algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0012] A kind of malicious file detection technical scheme based on random forest algorithm provided by the present invention is as follows:

[0013] Step 1: Collect malicious samples and normal samples. Collect public malicious, virus files and normal non-malicious files from open source virus websites as training samples.

[0014] Step 2: Build and install the sandbox module and collect all behavior information generated by malicious samples and normal samples in the sandbox.

[0015] Step 3: Construct 9 types of behavioral characteristics according to the function of the underlying API of the window.

[0016] Step 4: Process the sample data collected by the sandbox into 9 behavioral feature vectors as the training sample feature vectors.

[0017] Step 5: Use the processed training sample feature vector and input it to the random forest algorithm to learn a supervised classifier.

[0018] Step 6: Collect sandbox behavior data of unknown sample program files to be detected...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious file detection technology based on a random forest algorithm. In order to overcome the defect or deficiency of detecting malicious files by using a feature matchingmethod in the prior art, a scheme of extracting effective features and detecting the malicious files by using a machine learning algorithm is adopted, so that the purpose of accurately and effectively identifying known and unknown malicious files is achieved.

Description

technical field [0001] The invention relates to the technical field of data processing, in particular to a malicious file detection technology based on a random forest algorithm. Background technique [0002] Since the popularization and development of the Internet, computer malicious programs that destroy the system, tamper with files, affect system stability and execution efficiency, and steal information have always been important problems in computer use. These malicious programs include Trojan horse programs, ransomware, spy programs, etc., which may cause great harm or great property loss to enterprises or users. Therefore, using effective means to accurately identify malicious files has become a key point of computer security defense. [0003] The current detection methods mainly adopt signature-based detection and killing and heuristic artificial characteristic behavior detection and killing. Among them, the detection and killing based on the signature code is base...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/53G06N20/00
CPCG06F21/562G06F21/53G06N20/00
Inventor 杨育斌吴智东柯宗贵
Owner 蓝盾信息安全技术有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com