Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious code detection method based on API fragments

A malicious code detection and malicious code technology, applied in biological neural network models, instruments, platform integrity maintenance, etc., can solve problems such as difficult to deal with malicious code variants, limited malicious code detection capabilities, etc., to achieve anti-malicious code camouflage technology, Improved detection capability and high adaptability

Pending Publication Date: 2020-02-21
ARMY ENG UNIV OF PLA
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, there are a large number of unknown malicious codes
The feature-based detection technology of the traditional method is difficult to deal with malicious code variants, etc. The machine learning method is affected by the training set and has limited ability to detect unknown malicious code.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method based on API fragments
  • Malicious code detection method based on API fragments
  • Malicious code detection method based on API fragments

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] Firstly, the partial maliciousness of the malicious code is analyzed, taking the Trojan horse as an example, using the IDA Pro tool for reverse analysis, as shown in figure 1 As shown, it has been verified that the maliciousness is mainly reflected in a group of malicious API continuous calls, that is, an API fragment constitutes the privilege escalation operation of the Trojan horse. Further analysis found that the maliciousness of the malicious code is mainly reflected in the call of the malicious API, and usually the call of the malicious API can only form a malicious operation if it is executed sequentially by a group of APIs. At the same time, this kind of maliciousness is also based on locality, that is, local maliciousness, such as figure 2 as shown,

[0032] In the API execution sequence of a malicious code sample, most of the API sequences are normal, and only a few API fragments are malicious. Therefore, whether the code is malicious can be determined by ju...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious code detection method based on API fragments, Intrinsic attributes of malicious codes are local maliciousness; on the basis, local features capable of keeping malicious code attributes are extracted, an LSTM model is constructed through deep learning, a set of classifiers are trained, and then decision judgment is made on the whole code sequence through an ensemble learning method. On the basis of API fragment detection, an integrated framework is realized and is used for malicious code detection, a malicious code camouflage technology can be effectively resisted, and a remarkable effect is achieved for improving the application of a machine learning method.

Description

technical field [0001] The invention is mainly used in the field of malicious code detection, and specifically relates to API execution sequences, and trains a classifier through API fragments, and comprehensively judges malicious attributes of codes on the basis of identifying API fragments. Background technique [0002] In the field of malicious code detection, it is mainly divided into traditional feature analysis and current machine learning methods. Traditional feature analysis is highly accurate, but it consumes a lot of human resources and relies on a lot of professional knowledge. Machine learning methods can learn some difficult-to-extract features with high efficiency, but they are extremely susceptible to interference, such as software countermeasures such as confusion, polymorphism, and encryption, which greatly restricts online application of machine learning methods and greatly reduces performance. quick. [0003] At present, a large number of malicious codes...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06N3/04
CPCG06F21/563G06N3/044G06N3/045
Inventor 马鑫潘志松郭世泽张艳艳白玮陈军蒋考林
Owner ARMY ENG UNIV OF PLA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com