Malicious software detection method based on feature sequence mining and simplification

A feature sequence, malware technology, applied in special data processing applications, complex mathematical operations, instruments, etc., can solve problems such as reducing the accuracy of malware detection and classification, deformation or junk code insertion, and inability to effectively identify malware.

Pending Publication Date: 2020-11-27
莫毓昌
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, malware used in practical applications often has confusion such as deformation or garbage code insertion, which makes static detection methods unable to effectively identify confused malware and reduces the detection and classification accuracy of malware.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software detection method based on feature sequence mining and simplification
  • Malicious software detection method based on feature sequence mining and simplification
  • Malicious software detection method based on feature sequence mining and simplification

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0277] The experimental samples come from the data set used in a security algorithm competition, including 7 typical types of malware samples and normal software samples. Among them, the 7 types of malware samples are: ransomware software (98 samples), mining software (107 samples), DDOS Trojan software (185 samples), worm software (95 samples), infectious virus software (221 samples) , backdoor and Trojan software (164). The normal software samples used in the experiment are software files (2000) extracted from software packages such as operating system Linux, windows and virtual machine software VMware.

[0278] (1) Step 1 is implemented, and the API call sequence of each software sample is obtained by using sandbox technology. Table 1 shows the statistical data of the API call sequence obtained for each software sample.

[0279] Table 1

[0280] Average length of API call sequence Ransomware 136765 mining software 2785781 DDOS Trojan software...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious software detection method based on feature sequence mining and simplification. The malicious software detection method comprises the steps of obtaining API calling sequences of multiple software samples; constructing a key API dictionary and a non-key API dictionary, and simplifying the API calling sequence; extracting an API feature sequence by utilizing a determinacy and randomization forward and backward scanning mode; screening an API feature sequence by adopting statistical frequency; obtaining a final key API feature sequence set and a linear model about the weights of the key API feature sequences; and detecting whether the tested software is malicious software or not. According to the malicious software detection method based on feature sequence mining and simplification, the API feature sequence simplification technology and the key API extension scanning technology are adopted at the same time, the malicious software detection and recognition precision is improved, the time consumed by malicious software detection and recognition is shortened, and the malicious software detection and recognition efficiency is improved.

Description

technical field [0001] The invention belongs to the technical field of malicious software detection, and in particular relates to a method for detecting malicious software based on feature sequence mining and simplification. Background technique [0002] Malware refers to various forms of malicious or intrusive software, such as computer viruses, worms, spyware, Trojan horses, adware, etc. Malware usually exists in the form of executable programs, scripts, etc. In the field of computer system security, an important issue is to detect and identify malicious software, so as to remove the malicious software before it runs, so as to avoid damage to the computer system or losses to users. [0003] Malware detection and identification, the common method is malware static detection method, that is: to identify the static features of malware, where the static features mainly include executable files and their disassembled file bytecode, assembly instructions, import Features such ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F30/20G06F17/18
CPCG06F17/18G06F21/566G06F30/20
Inventor 莫毓昌
Owner 莫毓昌
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap