Weighted heterogeneous graph-oriented malicious behavior identification method and system and storage medium

An identification method and heterogeneous technology, applied in the field of network security, can solve the problems of poor generalization ability, reduce the accuracy of malicious behavior identification tasks, and not make full use of relational attributes, and achieve the effect of improving accuracy.

Active Publication Date: 2021-01-22
GUANGZHOU UNIVERSITY
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The existing malicious behavior recognition technology based on NLP or image processing is mainly based on the self-attribute characteristics of a single sample for learning and recognition, ignoring the potential relationship between samples due to the same type or homology; although some studies have begun to use Relevant technologies in the graph field mine the feature information of these potential associations, but the graph structure they construct does not make full use of the relational properties of the graph structure, which may reduce the accuracy of malicious behavior recognition tasks; in addition, most of the existing technologies and system models belong to direct inference For new samples, it is often necessary to retrain the model parameters, which may lead to slow update speed and poor generalization ability of the model.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Weighted heterogeneous graph-oriented malicious behavior identification method and system and storage medium
  • Weighted heterogeneous graph-oriented malicious behavior identification method and system and storage medium
  • Weighted heterogeneous graph-oriented malicious behavior identification method and system and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0057]Such asfigure 1 ,figure 2 As shown, the present invention, a method for identifying malicious behaviors for weighted heterogeneous graphs, includes the following steps:

[0058]S1. Construct an inductive graph neural network model, specifically:

[0059]In this embodiment, the inductive graph neural network model includes a subgraph extraction module, a plurality of feature vector generation and fusion modules, and a classification learning module; the feature vector generation and fusion module includes a MalSage layer and a subgraph feature fusion layer; The MalSage layer includes M MalConv layers, which act on M subgraphs respectively, seeimage 3 ; The classification learning module includes a fully connected layer and a Softmax layer.

[0060]In this embodiment, the input of the inductive graph neural network model is a weighted heterogeneous graph constructed based on the malicious behavior data set, the original feature vector of the node, and multiple meta-paths defined on the h...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a weighted heterogeneous graph-oriented malicious behavior recognition method and system and a storage medium, and the method comprises the following steps: constructing an inductive graph neural network model which comprises a sub-graph extraction module, a plurality of feature vector generation fusion modules and a classification learning module; carrying out training learning, sub-graph extraction and learning of potential vector representation of nodes in sub-graphs on the inductive graph neural network model to obtain a plurality of sub-graph feature vectors corresponding to the sub-graphs, fusing the sub-graph feature vectors, and carrying out classified learning on the node feature vectors obtained through fusion in a classification learning module; and performing malicious behavior identification by using the trained inductive graph neural network model. According to the method, rich topological feature information and attribute information contained inthe heterogeneous graph are fully combined and utilized, an inductive learning graph neural network model is designed on the basis to complete feature extraction and representation learning in the heterogeneous graph, and finally malicious behavior recognition is achieved.

Description

Technical field[0001]The invention belongs to the technical field of network security, and specifically relates to a method, a system and a storage medium for identifying malicious behaviors oriented to weighted heterogeneous graphs.Background technique[0002]With the rapid development of the Internet, the technology of malicious software is constantly updated and iterated. The number of malicious software is increasing day by day, and the types and transmission methods are changing with each passing day. The threat to personal, enterprise and national security is increasing. With the continuous confrontation and upgrade of malware offensive and defensive technologies, malware gradually tends to be multivariate, highly concealed, large in number, and fast-updated. Faced with this network security situation, academia and industry are constantly seeking traditional malware The combination of detection technology and machine learning is expected to achieve the prevention and detection o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N3/04
CPCG06F21/562G06N3/045
Inventor 范美华李树栋吴晓波韩伟红方滨兴田志宏殷丽华顾钊铨张倩青蒋来源秦丹一
Owner GUANGZHOU UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products