Malware identification device and method
A malicious software and identification method technology, applied in the direction of computer security devices, electrical components, computer parts, etc., can solve the problems of unidentifiable, difficult, increased types and numbers of malicious software, etc., to achieve the effect of improving the identification rate
Active Publication Date: 2022-05-27
INSTITUTE FOR INFORMATION INDUSTRY
View PDF6 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] This type of information security equipment cannot obtain the system behavior of the software (for example: input / output behavior, write / read action, application program interface (Application Program Interface; API) call), so it can only use the network communication behavior of the software as the The basis for identifying software as benign or malicious
However, the characteristics of network communication behavior are similar, and the types and numbers of malicious software will continue to increase due to variants, segmentation, or repackaging. It is very important to correctly identify software as normal or malicious, and even identify the type of malicious software. difficulty
In addition, if a piece of software conducts network communication in an encrypted manner, this type of information security and network communication equipment will be unrecognizable because it cannot obtain its advanced packet characteristics
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0027] The device and method for identifying malware provided by the present invention will be explained below through embodiments. However, the various embodiments are not intended to limit the present invention to be implemented in any environment, application or manner as described in the various embodiments. Therefore, the description about the following embodiments is only for the purpose of explaining the present invention, and not for limiting the scope of the present invention. It should be understood that, in the following embodiments and the accompanying drawings, elements not directly related to the present invention have been omitted and not shown, and the size of each element and the size ratio between the elements in the accompanying drawings are only for convenience of illustration and description, and It is not intended to limit the scope of the present invention.
[0028] The first embodiment of the present invention is a malware identification device 1, the ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
A malware identification device and method. The malicious software identification device stores a training data set, which includes a plurality of network flow data sets. Each of the network traffic data sets corresponds to one of a plurality of software categories, and the plurality of software categories includes a plurality of malicious software categories. The malware identification device tests that a malware identification model has a low identification rate for a subset of the malware categories, and determines that the overlapping degree of the plurality of network traffic data sets corresponding to the subset is high , merging the malware category corresponding to the subset to update the software category, integrating the network traffic data set corresponding to the subset to update the training data set, and using the updated training data set to train the malware identification model. The trained malware recognition model is deployed in the real world.
Description
【Technical field】 [0001] The present invention relates to a malware identification device and method; in particular, the present invention relates to a malware identification device and method capable of identifying malware types based on network communication behaviors and updating malware types gradually. 【Background technique】 [0002] An information security network communication device (eg, a firewall) that identifies malware based on network communication behavior (eg, network traffic) is a first-line device for constructing an information security defense line. Such information security Netcom devices need to analyze various malicious software's external network communication behaviors (for example: communication behaviors with remote servers, network traffic) and record them. After that, if the information security Netcom device detects that a software has abnormal network communication behavior (for example: connecting to an Internet address recorded in a blacklist,...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/562G06F21/566G06F21/552H04L63/1425G06N20/00G06F18/217G06F21/56G06F18/2148
Inventor 徐暐钊柯盈圳陈俊良陈昱宏陈彦儒
Owner INSTITUTE FOR INFORMATION INDUSTRY