Malicious software classification method based on PE head visualization

A malware and classification method technology, applied in computer parts, instruments, biological neural network models, etc., can solve problems such as time-consuming, poor practicability, and proliferation of malware attacks, and achieve fast classification speed and high classification accuracy. Effect

Pending Publication Date: 2020-08-18
HARBIN ENG UNIV
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are some problems in the detection methods based on feature engineering. For example, static detection is easily affected by obfuscation technology, and dynamic detection may not be able to cover all execution paths.
The malware visualization method using grayscale images instead of feature engineering can alleviate the shortcomings of static analysis to a certain extent, but it also brings the problem of long time-consuming extraction of image texture features.
[0004] In summary, malware attacks are still rampant despite a lot of research efforts to identify malware variants
Aiming at the time-consuming and poor practicability of the current grayscale image texture feature extraction, it is of great scientific and theoretical value and importance to study malware variant recognition technology with wide application and strong practicability to improve the security of computer systems. Practical significance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software classification method based on PE head visualization
  • Malicious software classification method based on PE head visualization
  • Malicious software classification method based on PE head visualization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention will be further described below in conjunction with the accompanying drawings.

[0024] The invention provides a malicious software classification method based on PE header visualization. Extract features of recognizable DOS headers, DOS stubs, pNT headers, optional headers, and section tables from PE headers of malware, convert optional header features into binary files, and visualize them to generate malware images And train the convolutional neural network model to obtain an effective convolutional neural network classifier based on PE header visualization to identify malware families. The purpose of the present invention is to provide a method based on identifying and classifying malicious software, which has higher classification accuracy and faster classification speed.

[0025] A malware classification method based on PE header visualization, including four aspects.

[0026] (1) From the PE header of the malware, the features of the identi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of computer security, and particularly relates to a malicious software classification method based on PE head visualization. According to the malicious software classification method, the PE head of the malicious software can be visualized, and the PE head is converted into the grayscale image, so that the malicious software classification problem is converted into the image classification problem. According to the malicious software classification method, the malicious software is classified by using the grayscale image of the malicious software and the fields in the PE head, and a new method for representing the malicious software by using the selectable head fields in the PE head is provided, so that the malicious software classification method has relatively high classification precision and relatively high classification speed.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to a malicious software classification method based on PE header visualization. Background technique [0002] With the rapid development of Internet technology, people use more and more Internet applications and their dependence on various software has increased significantly, which brings great convenience to the invasion and spread of malicious software. Various automated tools emerge in an endless stream, and the derivation speed of malware on the Internet far exceeds the speed of being discovered by people. For example, in the third quarter of 2018, McAfee Labs detected 850 million malicious files every day. Although the derivation speed of malware is getting faster and faster, the vast majority of malware evolves through polymorphism and deformation of known malware. For example, a report from Symantec shows that among the 410 million malicious codes dis...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62G06N3/04
CPCG06F21/562G06N3/045G06F18/214G06F18/24
Inventor 薛迪李静梅白丹彭弘
Owner HARBIN ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap