Unlock instant, AI-driven research and patent intelligence for your innovation.

Malicious code classification method based on graph convolution network and topic model

A malicious code and topic model technology, applied in biological neural network models, neural learning methods, character and pattern recognition, etc.

Pending Publication Date: 2021-02-05
SICHUAN UNIV
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1) The number of malicious codes keeps increasing rapidly;
[0004] 2) The vast majority of malicious codes belong to known malicious code families;
[0005] 3) Most malicious codes of the same family have some commonality
However, the number of instructions is large, and there are some redundant instructions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code classification method based on graph convolution network and topic model
  • Malicious code classification method based on graph convolution network and topic model
  • Malicious code classification method based on graph convolution network and topic model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The present invention classifies malicious codes based on graph convolutional networks and theme models, and is mainly aimed at malicious codes in PE format under the windows system. Firstly, the function call graph and function instruction distribution of the malicious code are extracted, and then input into the classification model for family classification. The classification model includes multi-layer graph convolutional network, attention layer, topic layer, pooling layer, fully connected layer and Softmax layer. In order to further illustrate the specific implementation of the present invention, it will be described in detail in conjunction with the accompanying drawings. The invention proposes a malicious code homology analysis method based on a graph convolutional network and a topic model, which can reduce the matching complexity of a function call graph.

[0018] Extract the function call graph of the malicious code: First, traverse all functions of the malic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious code homology method based on a graph convolution network and a topic model. According to the method, the function call graph and the function instruction distribution can be automatically extracted from malicious codes, the function call graph is embedded by using a graph convolution network, and the instruction distribution is transformed and dimensionally reduced by using a topic model. The method mainly comprises the following steps of (1) extracting a function call graph of malicious codes; (2) extracting function instruction distribution of malicious codes; (3) selecting an optimal theme number; (4) converting the function instruction distribution into function topic distribution; (5) inputting the function topic distribution and the function call graph into a classification model, and training the model; and (6) the trained model is used for judging family classification of malicious codes.

Description

technical field [0001] The invention relates to the technical field of machine learning and network security. Background technique [0002] In recent years, the situation of the global network security offensive and defensive game has become increasingly severe, and various attacks that use malicious code to seek political and economic interests emerge in an endless stream. The current malicious code has several characteristics: [0003] 1) The number of malicious codes keeps increasing rapidly; [0004] 2) The vast majority of malicious codes belong to known malicious code families; [0005] 3) Most malicious codes of the same family have some commonality. [0006] According to the above points, it can be concluded that the family classification of malicious codes by extracting features can realize the homology determination of most malicious codes. Currently, homology analysis techniques for malicious codes include dynamic analysis and static analysis. Static analysis...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62G06N3/04G06N3/08
CPCG06F21/563G06N3/08G06N3/045G06F18/2414
Inventor 方勇刘亮张磊刘凯
Owner SICHUAN UNIV