Unlock instant, AI-driven research and patent intelligence for your innovation.

Malicious software analysis report generation method and device, equipment and medium

A technology for analyzing reports and malicious software, applied in semantic analysis, computer security devices, platform integrity maintenance, etc., can solve the problems of low automation and achieve the effect of improving automation

Pending Publication Date: 2021-07-23
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The present invention provides a malware analysis report generation method, device, equipment and medium to solve the problem in the prior art that the degree of automation in generating malware analysis reports is still low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software analysis report generation method and device, equipment and medium
  • Malicious software analysis report generation method and device, equipment and medium
  • Malicious software analysis report generation method and device, equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] figure 1 It is a process schematic diagram of a method for generating a malicious software analysis report provided by an embodiment of the present invention, and the process includes the following steps:

[0050] S101: According to the entities contained in the pre-defined network security knowledge map ontology and the relationship between entities, obtain the corresponding entity data from the pre-saved network security data, and construct the target network containing entity data according to the relationship between entities A collection of security knowledge graphs.

[0051] A malware analysis report generation method provided by an embodiment of the present invention is applied to an electronic device, where the electronic device can be a smart terminal device such as a mobile phone, a PC, or a tablet computer; it can also be a server, where the server can be a local server, It can also be a cloud server.

[0052] In order to improve the automation of malware a...

Embodiment 2

[0069] In order to determine the sub-knowledge map corresponding to the block, on the basis of the above-mentioned embodiments, in the embodiment of the present invention, according to the query path corresponding to the block in the target network security knowledge map and the pre-saved target analysis report template, Determining the sub-knowledge graph corresponding to the plate in the target network security knowledge graph includes:

[0070] According to the set of the target network security knowledge map and the first entity corresponding to the plate in the pre-saved target analysis report template, determine each first target network security knowledge that contains the entity data corresponding to the first entity in the set Atlas;

[0071] According to the network security knowledge graph of each first target, the target first entity related to the content semantics of the section, and the relationship between the target first entity, determine the section in each ...

Embodiment 3

[0092] In order to generate the target analysis report, on the basis of the above-mentioned embodiments, in the embodiment of the present invention, according to the sub-knowledge map and the pre-generated codec model corresponding to the block, determine the corresponding The target text generated target analysis report includes:

[0093] Determine the vector of the sub-knowledge graph according to the sub-knowledge graph and the encoder sub-model in the pre-generated codec model corresponding to the block;

[0094] According to the vector of the sub-knowledge graph and the decoder sub-model in the codec model, determine the target text corresponding to the block to generate a target analysis report.

[0095] In order to generate the target text corresponding to the block, in the embodiment of the present invention, since the seq2seq model is only applicable to sequence data when the seq2seq model is used in the prior art for text generation, the sub-knowledge map correspondi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious software analysis report generation method and device, equipment and a medium. In the method, the equipment automatically determines a set of target network security knowledge maps containing entity data according to a predefined network security knowledge map body and pre-stored network security data; and the sub-knowledge map of each plate is extracted from the target network security knowledge map in the set, and the target text corresponding to the plate is determined according to the sub-knowledge maps and the coding and decoding models corresponding to the plate, so that a target analysis report of malicious software is generated, and the automation degree of analysis report generation is improved.

Description

technical field [0001] The present invention relates to the technical field of text generation, in particular to a method, device, device and medium for generating a malicious software analysis report. Background technique [0002] The malware analysis report is to make analysis conclusions and countermeasures by understanding the operation process and potential impact of malware, and combining relevant threat events. However, the discrete storage method of network security data such as malware analysis data and threat intelligence data is difficult to assist analysts to quickly discover the relationship between malware and malware, between malware and threat events, and between threat events and threat events. Deep association information of class entities. [0003] When generating malware analysis reports, in the prior art, analysts usually need to manually analyze a large amount of relevant data, including sandbox operation results, threat event reports, security vendor ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F16/36G06F40/186G06F40/205G06F40/295G06F40/30
CPCG06F21/561G06F40/205G06F40/186G06F40/295G06F16/367G06F40/30
Inventor 周娟章瑞康袁军李文瑾范敦球
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD