Malicious software operation code analysis method based on convolutional neural network

A convolutional neural network and malware technology, applied in the field of malware detection, can solve the problems of low classification success rate, insufficient accuracy, low efficiency, etc., and achieve the effect of reducing overfitting problems and good evaluation.

Active Publication Date: 2019-11-19
东北大学秦皇岛分校
View PDF3 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

These methods have shortcomings such as insufficient accuracy, low classificati

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software operation code analysis method based on convolutional neural network
  • Malicious software operation code analysis method based on convolutional neural network
  • Malicious software operation code analysis method based on convolutional neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0029] Such as figure 1 As shown, the present invention discloses a method for analyzing malware opcodes based on convolutional neural networks, comprising the following steps:

[0030] S1. Obtain a training sample; the training sample is an execution program of a known type of software, and the type includes benign and malicious;

[0031] S2. Use apktool to decompile the training sample, obtain the smali file of the training sample, and obtain the Dalvik bytecode from the smali file, and discard the operand; the apk preprocessing process is as follows figure 2 shown.

[0032] S3. Obtain the opcode sequence file according to the Android opcode constant list, the opcode sequence vector is represented by X={X1, X2, ..., Xn}, where n is the opcode length of the apk, and n * o (o= 256) One-hot vector representation;

[0033] S4. In t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious software operation code analysis method based on a convolutional neural network. The method comprises the steps of: obtaining a Dalvik byte code; obtaining an operation code sequence, and representing the operation code sequence by a one-hot vector; converting the one-hot vector into a vector with a fixed size, multiplying the vector by a random weight matrix, and inputting the vector into a convolutional neural network; outputting a feature mapping set matrix C in the convolution layer; in k-max pooling, performing maximum merging operation on the matrix C,and extracting the most important k characteristic values to output a characteristic vector Z; forming a full connection layer by the vector Z, and operating the vector Z in the full connection layerto obtain an output feature y; processing the output feature y by using a softmax function to obtain relative probability distribution p; calculating a cross entropy loss function Lk; gradually adjusting the minimum loss function and the parameter values of the corresponding model by using a gradient descent method; iteratively updating model parameters based on the output calculations and optimizing the detection model. The method has the characteristic of high detection accuracy.

Description

technical field [0001] The invention relates to the field of malware detection, in particular to a method for analyzing malware operation codes based on a convolutional neural network. Background technique [0002] The current analysis of Android malware mainly includes static analysis of Hindroid, which is a method of linking applications based on meta-paths, and dynamically identifies Android systems. In terms of deep learning, there is a detection method based on convolutional neural networks. , and the detection method of McLaughlin N. These methods have shortcomings such as insufficient accuracy, low classification success rate, low efficiency, and incomplete extraction of opcode sequences. Contents of the invention [0003] In order to solve the problems in the prior art, the present invention provides a malware operation code analysis method based on a convolutional neural network, which has the characteristics of high detection accuracy. [0004] In order to solv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/563G06F2221/033G06F18/24147G06F18/241
Inventor 陈璨赵立超李丹史闻博庄宇鹏
Owner 东北大学秦皇岛分校
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap