Weighted heterogeneous graph-oriented malicious behavior identification method and system and storage medium

Abstract

The invention discloses a weighted heterogeneous graph-oriented malicious behavior recognition method and system and a storage medium, and the method comprises the following steps: constructing an inductive graph neural network model which comprises a sub-graph extraction module, a plurality of feature vector generation fusion modules and a classification learning module; carrying out training learning, sub-graph extraction and learning of potential vector representation of nodes in sub-graphs on the inductive graph neural network model to obtain a plurality of sub-graph feature vectors corresponding to the sub-graphs, fusing the sub-graph feature vectors, and carrying out classified learning on the node feature vectors obtained through fusion in a classification learning module; and performing malicious behavior identification by using the trained inductive graph neural network model. According to the method, rich topological feature information and attribute information contained inthe heterogeneous graph are fully combined and utilized, an inductive learning graph neural network model is designed on the basis to complete feature extraction and representation learning in the heterogeneous graph, and finally malicious behavior recognition is achieved.

Description

Technical field[0001]The invention belongs to the technical field of network security, and specifically relates to a method, a system and a storage medium for identifying malicious behaviors oriented to weighted heterogeneous graphs.Background technique[0002]With the rapid development of the Internet, the technology of malicious software is constantly updated and iterated. The number of malicious software is increasing day by day, and the types and transmission methods are changing with each passing day. The threat to personal, enterprise and national security is increasing. With the continuous confrontation and upgrade of malware offensive and defensive technologies, malware gradually tends to be multivariate, highly concealed, large in number, and fast-updated. Faced with this network security situation, academia and industry are constantly seeking traditional malware The combination of detection technology and machine learning is expected to achieve the prevention and detection o...

AI Technical Summary

Problems solved by technology

[0006] The existing malicious behavior recognition technology based on NLP or image processing is mainly based on the self-attribute characteristics of a single sample for learning and recognition, ignoring the potential relationship between samples due to the same type or homology; although some studies have begun to use Relevant technologies in the graph field mine the feature information of these potential associations, but the graph structure they construct does not make full use of the relational properties of the graph structure, which may reduce the accuracy of malicious behavior recognition tasks; in addition, most of the existing technologies and system models belong to direct inference For new samples, it is often necessary to retrain the model parameters, which may lead to slow update speed and poor generalization ability of the model.

Images