Unlock instant, AI-driven research and patent intelligence for your innovation.

Malicious software identification method and system based on multi-model features and related device

A malicious software and identification method technology, applied in computer security devices, instruments, electronic digital data processing and other directions, can solve problems such as poor use effect and inability to identify new malicious content, and achieve the effect of increasing identification accuracy

Inactive Publication Date: 2019-12-27
SANGFOR TECH INC
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When the actual situation is not the case, due to the increasingly diverse manifestations of malicious content and malware, it is increasingly unfeasible to use only a fixed feature extraction algorithm or model, because it is impossible to analyze new types of Malicious content is better identified, resulting in worse and worse actual use effects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software identification method and system based on multi-model features and related device
  • Malicious software identification method and system based on multi-model features and related device
  • Malicious software identification method and system based on multi-model features and related device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] The following combination figure 1 , figure 1 It is a flow chart of a method for identifying malware based on multi-model features provided by the embodiment of the present application.

[0053] It specifically includes the following steps:

[0054] S101: performing feature extraction on each PE file in the software to be tested using each feature extraction model in a preset feature extraction model set to obtain each original feature;

[0055] This step aims to use each feature extraction model in the preset feature extraction model set to the same PE file (Portable Executable, portable executable file, common EXE, DLL, OCX, SYS, COM are all PE files, PE The file is a program file on the Microsoft Windows operating system) to perform feature extraction respectively, and obtain the original features corresponding to each feature extraction model.

[0056] Combined with the classification of PE files, PE files can be divided into multiple categories according to diff...

Embodiment 2

[0071] The following combination figure 2 , figure 2 It is a flow chart of another malware identification method based on multi-model features provided by the embodiment of the present application.

[0072] S201: Determine whether the PE file is allowed to be executed in the current test environment;

[0073] S202: Simultaneously use the binary feature extraction model, character string feature extraction model, assembly code feature extraction model and dynamic feature extraction model to perform feature extraction on the PE file respectively;

[0074] This step is based on the judgment result of S201 on the current test environment that the PE file can be executed, so the requirements for using the dynamic feature extraction model are met, and the above four different feature extraction models can be used for feature extraction.

[0075] S203: Simultaneously use the binary feature extraction model, character string feature extraction model and assembly code feature extra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious software identification method based on multi-model features, and the method comprises the steps: carrying out the feature extraction of each feature extraction model in a preset feature extraction model set for each PE file in to-be-detected software, and obtaining each original feature; performing fusion processing on each original feature to obtain a fusion feature vector; and classifying the fused feature vectors by using a linear classifier to obtain a malicious software identification result. Meanwhile, multiple feature extraction models in the featureextraction model set are used for realizing feature extraction of the same to-be-detected file. Original features extracted by all the models are fused to obtain a fused feature vector, finally, a linear classifier is used for completing malicious software recognition on the fused feature vector, the advantages of multiple feature extraction models can be achieved at the same time, and the malicious software recognition accuracy is improved. The invention further discloses a malicious software identification system and device based on the multi-model features and a computer readable storage medium, and the system and device have the above beneficial effects.

Description

technical field [0001] The present application relates to the field of malware identification, in particular to a method, system, device and computer-readable storage medium for malware identification based on multi-model features. Background technique [0002] With the continuous development of computer programming technology, software based on various computer language programming also enables people to complete various tasks and work on the computer more conveniently, but malicious software with malicious content also appears, and malicious attacks Normal data files or theft of other people's labor results. Therefore, it is very important to identify whether the software under test is malicious software. [0003] Regardless of how to identify malicious content, it is always necessary to extract the corresponding identification feature information from the software under test, while traditional malware identification methods often rely on a specific feature extraction alg...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/562G06F21/56
Inventor 章明星位凯志
Owner SANGFOR TECH INC