Malware opcode analysis method based on convolutional neural network

A convolutional neural network and malware technology, applied in the field of malware detection, can solve problems such as low classification success rate, insufficient accuracy, and incomplete extraction of opcode sequences, so as to reduce overfitting problems and achieve good evaluation Effect

Active Publication Date: 2021-03-30
东北大学秦皇岛分校
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

These methods have shortcomings such as insufficient accuracy, low classification success rate, low efficiency, and incomplete extraction of opcode sequences.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware opcode analysis method based on convolutional neural network
  • Malware opcode analysis method based on convolutional neural network
  • Malware opcode analysis method based on convolutional neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0029] Such as figure 1 As shown, the present invention discloses a method for analyzing malware opcodes based on convolutional neural networks, comprising the following steps:

[0030] S1. Obtain a training sample; the training sample is an execution program of a known type of software, and the type includes benign and malicious;

[0031] S2. Use apktool to decompile the training sample, obtain the smali file of the training sample, and obtain the Dalvik bytecode from the smali file, and discard the operand; the apk preprocessing process is as follows figure 2 shown.

[0032] S3. Obtain the opcode sequence file according to the Android opcode constant list, the opcode sequence vector is represented by X={X1, X2, ..., Xn}, where n is the opcode length of the apk, and n * o (o= 256) One-hot vector representation;

[0033] S4. In t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malware operation code analysis method based on a convolutional neural network, comprising: obtaining a Dalvik bytecode; obtaining an operation code sequence and representing it with a one-hot vector; converting the one-hot vector into a vector with a fixed size, Then multiply the random weight matrix and input it to the convolutional neural network; output the feature map set matrix C in the convolutional layer; in k-max pooling, perform the maximum merging operation on the matrix C to extract the most important k eigenvalues The output feature vector Z; the vector Z forms a fully connected layer, and the vector Z is operated in the fully connected layer to obtain the output feature y; the softmax function is used to process the output feature y, and the relative probability distribution p is obtained; the cross entropy loss function Lk is calculated; the gradient is used The descent method gradually adjusts the parameter values ​​of the minimized loss function and the corresponding model; iteratively updates the model parameters and optimizes the detection model based on the output calculation. The invention has the characteristics of high detection accuracy.

Description

technical field [0001] The invention relates to the field of malware detection, in particular to a method for analyzing malware operation codes based on a convolutional neural network. Background technique [0002] The current analysis of Android malware mainly includes static analysis of Hindroid, which is a method of linking applications based on meta-paths, and dynamically identifies Android systems. In terms of deep learning, there is a detection method based on convolutional neural networks. , and the detection method of McLaughlin N. These methods have shortcomings such as insufficient accuracy, low classification success rate, low efficiency, and incomplete extraction of opcode sequences. Contents of the invention [0003] In order to solve the problems in the prior art, the present invention provides a malware operation code analysis method based on a convolutional neural network, which has the characteristics of high detection accuracy. [0004] In order to solv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/563G06F2221/033G06F18/24147G06F18/241
Inventor 陈璨赵立超李丹史闻博庄宇鹏
Owner 东北大学秦皇岛分校
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap