Malicious software family classification avoidance method based on deep reinforcement learning

A reinforcement learning and malware technology, applied in neural learning methods, computer parts, instruments, etc., can solve problems such as large amount of calculation and complex model training process, and achieve the effect of low training cost, easy implementation, and easy implementation.

Active Publication Date: 2020-08-18
SICHUAN UNIV
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The model training process involved in the above two methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software family classification avoidance method based on deep reinforcement learning
  • Malicious software family classification avoidance method based on deep reinforcement learning
  • Malicious software family classification avoidance method based on deep reinforcement learning

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0048] The present invention will be described in further detail below with reference to the drawings and specific embodiments. Such as figure 1 As shown, a method for evading malware family classification based on deep reinforcement learning of the present invention includes the following steps:

[0049] Step 1: Collect virus samples. The samples are based on Win32 platform from Backdoor, Dos, Email, Exploit, Net-worm, Rootkit, Trojan, Virus, Worm and other malware families in different PE format samples. Use the Python-based lief analysis library to analyze the selected samples, delete the samples with errors in the lief analysis, and complete the data cleaning work. In order to reduce disk IO operations and improve training speed, all samples are cached before training, and all the binary data of the samples are read into the memory. When the status of the file is obtained during the training process, it is directly read from the memory.

[0050] Step 2: Construct an agent (age...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious software family classification avoidance method based on deep reinforcement learning, which adopts a reinforcement learning algorithm to create an environment and construct an intelligent agent, and modifies malicious software to be tested by continuously interacting with a target malicious software classifier to finally achieve the purpose of classification avoidance. Compared with other malicious software detection/classification confrontation methods, the method provided by the invention is easier to implement and lower in overhead; according to the malicious software family classification avoidance method based on deep reinforcement learning, malicious software can be effectively modified for various malicious software classification models constructed by using different features, meanwhile, the maliciousness function of the malicious software cannot be damaged, and finally, malicious software family classification is avoided; and finally, the robustness of the malicious software detection and classification model based on the machine learning algorithm is improved, and the defense capability of the antivirus engine is improved.

Description

technical field [0001] The invention relates to the technical fields of software security and information system security, in particular to a method for classifying and evading malicious software families based on deep reinforcement learning. Background technique [0002] Malicious software refers to software that realizes the attacker's malicious purpose. Whether the malicious purpose exists is the basis for judging whether the software is malicious software. Malicious software can deliberately delete some files or directory information to destroy computer hard disk devices, steal computer user information and privacy without the user's knowledge, and illegally obtain control of computer system and network resources, destroying the reliability of computers and networks. reliability, integrity and availability. With the continuous development of the new generation of network information technology, more and more people start to use the Internet, and the Internet begins to a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06K9/62G06N3/04G06N3/08
CPCG06F21/561G06N3/08G06N3/045G06F18/241
Inventor 王俊峰方智阳耿嘉炫李凡
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap