Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious software open set family classification method and device based on adversarial training

A technology of malware and classification methods, applied in computer security devices, computer parts, character and pattern recognition, etc., to achieve high accuracy and stability

Pending Publication Date: 2020-11-27
JINAN UNIVERSITY
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Traditional methods sometimes ignore the classification of old families, and there is room for improvement in the overall classification effect and model training time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software open set family classification method and device based on adversarial training
  • Malicious software open set family classification method and device based on adversarial training
  • Malicious software open set family classification method and device based on adversarial training

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] This embodiment discloses a malware open set family classification method based on adversarial training, by which a malware open set classifier can be trained, and the classifier can perform family classification on malware samples in an open environment, that is, not only Correctly classify the samples belonging to the old family of the training set, and can distinguish the old and new family samples; figure 1 Shown, the step of the inventive method comprises:

[0062] Step S101 , acquiring malware of known old families as training samples. In this embodiment, training samples can be obtained from the Big2015 dataset.

[0063] Step S102, extract the family feature of the training sample, and convert it into a feature image to obtain the feature image of the training sample; in this embodiment, when extracting the family feature for the training sample, use a feature extraction tool to extract the 623-dimensional feature of the sample , and expanded to 1024 bits by co...

Embodiment 2

[0089] This embodiment discloses a malware open set family classification device based on confrontation training, including a first acquisition module, a first feature extraction module, a joint training network construction module, a training module, a second acquisition module, and a second feature extraction module and classification modules, the specific functions of each module are as follows:

[0090] The first obtaining module is used to obtain the malicious software of known old families as a training sample;

[0091] The first feature extraction module is used to extract the family feature of the training sample and convert it into a feature image to obtain the feature image of the training sample;

[0092] The joint training network building block is used to form the joint training network by generating the confrontation network, the first classifier network and the second classifier network, wherein the output of the generation confrontation network generator networ...

Embodiment 3

[0100] This embodiment discloses a computing device, which includes a processor and a memory for storing executable programs of the processor. When the processor executes the program stored in the memory, it realizes the malicious software opening for confrontation training described in Embodiment 1. The set family classification method is as follows:

[0101] Obtain malware from known old families as training samples;

[0102] Extract the family feature of the training sample and convert it into a feature image to obtain the feature image of the training sample;

[0103] A joint training network is formed by generating an adversarial network, a first classifier network and a second classifier network, where the outputs of the generator adversarial network generator network are respectively used as the generation adversarial network discriminator network, the first classifier network and the second classifier network input of;

[0104] Jointly training the generation confron...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious software open set family classification method and apparatus based on adversarial training. The method comprises the steps of firstly obtaining a feature image of atraining sample; a generative adversarial network, a first classifier network and a second classifier network form a joint training network, the generative adversarial network, the first classifier network and the second classifier network are subjected to joint training by training samples, and a finally trained second classifier is used as a malicious software open set classifier; for a to-be-classified test sample, obtaining a feature image of the test sample; and inputting the feature image of the test sample into a malicious software open set classifier, and obtaining a family classification result of the test sample by the malicious software open set classifier. According to the method, the malicious software open set classifier with high accuracy and stability can be trained, and the classifier can perform family classification on malicious software samples in an open environment, that is, samples belonging to the old family of a training set can be correctly classified, and new and old family samples can be distinguished.

Description

technical field [0001] The invention relates to the technical field of cyberspace security, in particular to a method and device for classifying malware open set families based on adversarial training. Background technique [0002] In recent years, smart devices such as smartphones and computers have become part of people's daily life. The development of computer information technology has liberated people's brains and facilitated people's lives. Various software has been developed. However, while people are enjoying the convenience brought by software, malware developers also see the benefits behind it, and begin to use malware to steal personal information and damage computers. Malware is a code or program used to implement malicious functions, in order to obtain data, damage the system, etc. In a broad sense, it can be divided into computer viruses, worms, backdoors, and adware. Although malware detection technology has developed rapidly in the fight against malicious c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62G06N3/04G06F21/56
CPCG06F21/561G06N3/045G06F18/23G06F18/24G06F18/214
Inventor 孙玉霞任羽翁健
Owner JINAN UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com