Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious code homology analysis method based on graph convolution network and topic model

A homology analysis, malicious code technology, applied in the field of deep learning and information security, to achieve the effect of improving accuracy

Active Publication Date: 2020-08-14
SICHUAN UNIV
View PDF14 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The main difference between static analysis and dynamic analysis is that the feature extraction methods are different, but they have great similarities in similarity and homology judgment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code homology analysis method based on graph convolution network and topic model
  • Malicious code homology analysis method based on graph convolution network and topic model
  • Malicious code homology analysis method based on graph convolution network and topic model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] The invention is based on the homology analysis of the malicious code of the graph convolutional network and the theme model, and is mainly aimed at the binary PE malicious code under Windows. First extract the function call graph and function instruction distribution features of the malware, and then input the features processed by the topic model and attention mechanism into the Neural Tensor Network (NTN) to obtain the combined mixed features, and finally use the graph convolutional network to perform family Classification. In order to further illustrate the specific implementation of the present invention, it will be described in detail in conjunction with the accompanying drawings. The present invention proposes a malicious code homology analysis method based on a graph convolutional network and a topic model, which can effectively classify existing malicious codes into families and determine the family category of newly added malicious codes.

[0016] Extract the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious code homology analysis method based on a graph convolution network and a topic model. According to the method, two static features are extracted from malicious codesto form mixed features, an attention mechanism and a topic model are used for carrying out weighting processing on key features, and then a normalized classification model is used for classifying thekey features. The method mainly comprises the following steps: (1) extracting a function call graph and function instruction distribution characteristics of malicious codes by utilizing IDA; (2) performing node embedding on the function call graph by using an improved graph convolution network; (3) performing graph embedding operation on node embedding by using an attention mechanism; (4) performing dimensionality reduction and transformation on function instruction distribution by using a semi-supervised topic model; (4) combining the mixed features by using a neural tensor network; and (5)carrying out family classification on the malicious software by utilizing the normalized classification model.

Description

technical field [0001] The technical field of the present invention is the field of deep learning and information security, and specifically relates to a malicious code homology analysis method based on a graph convolutional network and a topic model. This method is used to trace the source of attackers or organizations, and use accurate traceability methods to deter attackers and reduce the damage caused by malicious codes. Background technique [0002] In recent years, the situation of the global network security offensive and defensive game has become increasingly severe, and various attacks that use malicious code to seek political and economic interests emerge in an endless stream. The production and utilization of malicious code by attackers has gradually shown a tendency to be teamed and organized, resulting in a rapid growth trend in the number of malicious codes. At present, malicious codes of different families have technical common problems, and there are certain...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N3/04G06N3/08
CPCG06F21/563G06N3/08G06N3/045
Inventor 张磊刘亮谭杨刘嘉勇
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com