Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method, system and storage medium for identifying malware mining

A malicious software and identification method technology, applied in the field of network security, can solve the problems that deformation and packing methods are difficult to extract effective features, dynamic analysis methods are not very applicable, and computer resources are wasted, etc., so as to achieve consumption of less resources, Low false positive rate, highly targeted effect

Active Publication Date: 2021-10-26
GUANGZHOU UNIVERSITY
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, the static method of mining malicious sample detection based on binary files does not need to actually execute the malware, so the speed is relatively fast and will not cause malicious behaviors that endanger the operating system, but it is difficult for malware polymorphism, deformation and packing methods. Difficult to extract effective features
The signature-based detection method and the heuristic-based detection method in the static method are simple and effective, but rely on the signature library and security personnel's analysis of mining malware respectively, which will be limited with the increase of mining malicious samples, resulting in Low detection efficiency
The dynamic analysis method for mining malicious sample detection based on binary files needs to actually run the malware, and the dynamic method cannot be used to detect mining malicious samples that cannot run
In addition, simulating all malware behavior requires constant monitoring of malware behavior, resulting in a huge waste of computer resources, so dynamic analysis methods are not very applicable when detecting a large number of mining malware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method, system and storage medium for identifying malware mining
  • A method, system and storage medium for identifying malware mining
  • A method, system and storage medium for identifying malware mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0057] This embodiment provides a method for identifying mining malware. First, based on the binary file sample, through multi-dimensional analysis, it is preprocessed using a static analysis method, and vectorized to extract the multi-dimensional features of effective mining malware. , and then build a multi-model integrated mining malware recognition model.

[0058] Such as figure 1 As shown, the method of this embodiment specifically includes the following steps:

[0059] S1. Data preprocessing, performing multi-dimensional data operations on the original binary sample data set composed of mining malware and non-mining malware, to obtain corresponding characteristic data of different dimensions;

[0060] More specifically, in step S1, the multi-dimensional data operation includes:

[0061] For the binary file sample, read the file in the form of binary bytecode, and then decode it into a string, and filter out the string with a length within a certain interval;

[0062] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a mining malicious software identification method, system and storage medium. The method includes the following steps: data preprocessing of different dimensions; text feature extraction and vectorization; building a multi-model integrated mining malicious software based on Stacking The software recognizes the model; obtains the prediction result. The present invention is currently one of the few methods for detecting mining malware for binary files, which has strong pertinence, simple implementation process, and high efficiency; and the present invention extracts multi-dimensional features of mining software features from multiple angles, A multi-model integration method is designed for features of different dimensions, and a combination model for mining malware identification is constructed. This model has high recognition accuracy and low false positive rate.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a mining malicious software identification method, system and storage medium. Background technique [0002] In recent years, as the economic value of cryptocurrencies continues to rise, more and more cybercriminals use malware to occupy the victim's system and network resources for mining without the user's knowledge or permission, thereby Get cryptocurrencies for profit. Mining malware is generally highly concealed and difficult to detect. Once the computer is compromised, the malware will run silently in the background. Because the mining program consumes a lot of CPU or GPU resources, and takes up a lot of system resources and network resources, it will cause the system to run stuck or the status is abnormal, which will cause the performance of the victim's computer to decline, and the degree of performance decline will increase with the Mining malware i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F40/216G06F40/30G06K9/62G06N20/20
CPCG06F21/562G06F40/216G06F40/30G06N20/20G06F18/24G06F18/214
Inventor 李树栋张倩青吴晓波蒋来源韩伟红方滨兴田志宏殷丽华顾钊铨秦丹一
Owner GUANGZHOU UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com