Unlock instant, AI-driven research and patent intelligence for your innovation.

Feature code extraction method and device, computer equipment and readable storage medium

An extraction method and signature technology, which is applied in the field of security threat processing, can solve the problems of slowing down the extraction speed of signatures, lack of automation, and consuming manpower of enterprises, so as to achieve the effect of automatic extraction, improving efficiency and accuracy

Pending Publication Date: 2021-07-16
BEIJING QIANXIN TECH +1
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] However, in the actual use of enterprises, the above method 1) analyzes the disassembly code based on manual or semi-automatic methods, which requires manual participation in the analysis, consumes a lot of manpower of the enterprise, and the efficiency of extracting signatures is extremely low, lacks automation, and cannot be widely used. It is used in enterprises, especially small enterprises; the above method 2) extracts signatures based on the comparison or matching of sequence fragments. Although it is relatively more automated, the comparison or matching between sequences often has high time complexity and reduces The speed of feature code extraction cannot effectively meet the demand for real-time update of feature codes under massive malicious codes, and it is easy to cause false positives
This situation greatly limits the use of signature technology within the enterprise, reducing the effectiveness and real-time performance of scanning and killing malicious codes

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Feature code extraction method and device, computer equipment and readable storage medium
  • Feature code extraction method and device, computer equipment and readable storage medium
  • Feature code extraction method and device, computer equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] The embodiment of the present invention provides a feature code extraction method. In a usage scenario, the unknown code to be detected is detected by this method, and when it is detected that the code to be detected belongs to malicious code, the feature of the malicious code is extracted. code; in another usage scenario, this method can be used to extract known malicious code signatures, or it can also be applied to other scenarios. No matter in which usage scenario, this method can improve the performance of signature extraction. Efficiency and accuracy, specifically, the feature code extraction method provided in this embodiment includes the following steps S101 to S107.

[0034] Step S101: Read the code to be detected in binary format to form an original byte sequence.

[0035] Optionally, when the code to be detected is in binary format, directly read the code to be detected in binary format in bytes, and when the code to be detected is not in binary format, first...

Embodiment 2

[0072] On the basis of the first embodiment above, the second embodiment of the present invention provides a preferred feature code extraction method, and some technical features can refer to the related description of the first embodiment above. In this embodiment, the extraction of the characteristic code of the malicious code is carried out for the existing malicious code data set, image 3 The flow chart of the feature code extraction method provided by Embodiment 2 of the present invention, such as image 3 As shown, the feature code extraction method provided by this embodiment includes the following steps:

[0073] (1) The generator, including a downloader and a processor, completes the download and preprocessing of the original malicious code data set through the generator, and outputs the malicious code set to be trained and the malicious code set to be extracted.

[0074] (2) A learner, constructing a training data set based on the malicious data set to be trained a...

Embodiment 3

[0118] Corresponding to Embodiment 1 above, Embodiment 3 of the present invention provides a feature code extraction device. For the corresponding technical features and corresponding technical effects, refer to Embodiment 1 and Embodiment 2 above, and this Embodiment 3 will not be repeated. Figure 5 The block diagram of the feature code extracting device provided for the third embodiment of the present invention, such as Figure 5 As shown, the device includes: a reading module 301 , a conversion module 302 , an input module 303 , an acquisition module 304 , a first calculation module 305 , a second calculation module 306 and a determination module 307 .

[0119] The reading module 301 is used to read the code to be detected in the binary format in the form of bytes to form the original byte sequence; the conversion module 302 is used to convert the original byte sequence to form a conversion sequence; the input module 303 is used to Input the converted sequence to the prese...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a feature code extraction method and device, computer equipment and a readable storage medium. The feature code extraction method comprises the steps of obtaining a conversion sequence of a to-be-detected code; inputting the conversion sequence to a preset deep learning model, wherein the deep learning model comprises a convolution layer; when an output layer outputs a malicious category representing that the to-be-detected code belongs to the malicious code, obtaining a feature map of a convolutional layer, wherein the convolutional layer comprises a plurality of channels; determining a gradient value on each channel; calculating thermodynamic diagram data according to the feature map and the gradient value, wherein the thermodynamic diagram data comprise contribution scores used for representing all bytes in the original byte sequence to malicious categories; and determining a feature code of the to-be-detected code according to the contribution score. According to the invention, the efficiency and accuracy of feature code extraction can be improved.

Description

technical field [0001] The present invention relates to the technical field of security threat processing, in particular to a feature code extraction method, device, computer equipment and readable storage medium. Background technique [0002] With the rapid development of computer network technology, especially the application of the Internet has become more and more extensive, while bringing convenience to people's lives, the threat of computer malicious programs to network information security has become increasingly huge. Once these malicious programs occur, they will cause damage to the computer system, tampering with files, affecting system stability, and stealing information, and causing system paralysis and even destroying the overall hardware of the system, seriously threatening information security and causing inestimable damage. Loss. [0003] At present, most antivirus software technologies detect and kill known types of malicious programs, and the most widely u...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N3/04G06N3/08
CPCG06F21/563G06N3/08G06F2221/2133G06N3/045
Inventor 吴萌王占一刘凯张勇
Owner BEIJING QIANXIN TECH