Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious software confrontation sample generation method combined with API fuzzy processing technology

A malware and obfuscation technology, applied in the direction of electrical digital data processing, genetic rules, genetic models, etc., can solve the problem that it is difficult to ensure that the malware function is not damaged, the malware classifier has a high success rate of deception, and it is impossible to create an adversarial sample and other problems, to achieve the effect of improving the damage of malicious software functions, improving the low success rate of deception, and meeting the actual needs

Active Publication Date: 2021-01-15
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF8 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The basic problems to be solved in malware countermeasure generation methods are: generating irrelevant APIs to insert into the original API sequence, hiding imported API functions through an API obfuscation technique, and deceiving malware classifiers into misclassifications with a high success rate
But these methods usually break the functionality of the malware, resulting in the inability to create adversarial examples that can work effectively in practice.
[0008] To sum up, among the existing malware adversarial sample generation methods, the black-box-oriented attack method is more feasible, but it is difficult to guarantee that the malware function will not be destroyed after the disturbance is added, and that the adversarial samples can be used in real-world applications. counter attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software confrontation sample generation method combined with API fuzzy processing technology
  • Malicious software confrontation sample generation method combined with API fuzzy processing technology
  • Malicious software confrontation sample generation method combined with API fuzzy processing technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to better illustrate the purpose and advantages of the present invention, the implementation of the method of the present invention will be further described in detail below in conjunction with examples.

[0027] The specific process is:

[0028] Step 1, insert irrelevant API vectors into the original API call sequence, and generate malware feature vector X according to the modified API call sequence P , by adding redundant codes to preliminarily realize the obfuscation of malware features and functions.

[0029] Step 1.1, determine an ordered set V, which contains all API functions that PE programs can call.

[0030] Step 1.2, let l be the length of the API call sequence used in the attack, X be the malicious API sequence with length l, divide X into w of length n j ,in n is w j The number of API calls in each w j Randomly select an API position i ∈ {1...n} in , and insert an API vector at position i: where ⊥ represents the concatenation operation, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a malicious software confrontation sample generation method combined with an API fuzzy processing technology, and belongs to the technical field of computers and information science. The method comprises the following steps: firstly, inserting irrelevant API vectors into an original API calling sequence to preliminarily realize obfuscation of malicious software feature functions; then performing confusion operation of function call redirection on the sample, and hiding function functions of an API; and finally, feeding the modified sample to a malware classifier, checking whether the malware classifier realizes error classification or not, and solving an optimization problem by utilizing a genetic algorithm. The invention has higher practicability and better meetsthe actual requirements; compared with a black-box-oriented adversarial sample generation method, the invention has the advantages that original functions of malicious software are not damaged, the success rate is high when the malware classifier is cheated, and the problems that the success rate of cheating adversarial samples is low and the functions of the malicious software are damaged are greatly solved.

Description

technical field [0001] The invention relates to a method for generating malicious software confrontation samples combined with API fuzzy processing technology, and belongs to the technical field of computer and information science. Background technique [0002] Due to a large number of malware attacks in cyberspace, machine learning techniques have been widely used in malware detection and classification. In order to evaluate the anti-attack performance of malware detection models, it is particularly important to study attack methods for malware detection models. At the same time, the deep model itself has been proved to be vulnerable to the attack of adversarial samples. So far, although adversarial learning has been an active research field, most of the research on adversarial samples has been applied in the field of image recognition. Research based on deep learning Adversarial attack methods for malware detection systems are in the minority, and most adversarial sample g...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N3/12
CPCG06F21/562G06N3/126
Inventor 罗森林张荣倩潘丽敏闫晗张笈
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com