Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious code classification method based on deep residual network and mixed attention mechanism

A malicious code and classification method technology, applied in neural learning methods, biological neural network models, computer parts and other directions, can solve problems such as reducing the classification accuracy, single source of malicious code images, and increasing the difficulty of malicious code classification, etc. Classification accuracy and efficiency, the effect of efficient and accurate classification

Pending Publication Date: 2021-10-01
HANGZHOU DIANZI UNIV
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Some visualization schemes choose to calculate information entropy to enhance image information to improve classification accuracy. However, these methods have problems such as single source of malicious code image and high computational complexity of enhanced information, which increases the difficulty of malicious code classification to a certain extent and reduces the classification accuracy. classification accuracy
[0004] In addition, the conventional convolutional neural network focuses on the global features of the image, but does not pay attention to the detailed features of the key areas of the image, while malicious codes often exist in the local position of the program, manifested as local image features

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code classification method based on deep residual network and mixed attention mechanism
  • Malicious code classification method based on deep residual network and mixed attention mechanism
  • Malicious code classification method based on deep residual network and mixed attention mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029]The invention proposes a malicious code visual classification method based on a deep residual network and an attention mechanism. Among them, the malicious code visualization part uses the bytecode file and assembly file of the malware to visualize the malicious code as an RGBA image without additional calculation of the information entropy of the code, so as to make up for the single information source of the malicious code image, the unobvious image features and the amount of calculation. At the same time, the deep residual network is combined with the attention mechanism to build a malicious code classification model. The deep residual network can improve the classification accuracy while using short-circuit connections to alleviate the problem of gradient disappearance, accelerate model convergence, and improve The discriminative ability of the model is improved; and a mixed attention mechanism is used after each residual unit to extract more critical deep features fr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious code classification method based on a deep residual network and a mixed attention mechanism. According to the method, the malicious code is visualized into an RGBA image, and the information entropy of the code is not additionally calculated, so that the defects that the malicious code image information source is single, the image feature is not obvious and the calculation amount is too large are overcome; meanwhile, a deep residual network and an attention mechanism are combined to construct a malicious code classification model, the deep residual network improves the classification precision, and meanwhile, the gradient disappearance problem is relieved through short circuit connection, so that model convergence is accelerated, and the discrimination ability of the model is improved; and a mixed attention mechanism is adopted behind each residual unit, so that more critical deep features are extracted from two dimensions of channels and spaces, and the malicious code classification accuracy is further improved.

Description

technical field [0001] The invention belongs to the technical field of software security and deep learning, and in particular relates to a malicious code classification method based on a deep residual network and a mixed attention mechanism. Background technique [0002] In recent years, with the rapid development of information technology, the exponential growth of malicious codes has become a major threat to information security, and the research on malicious code detection and classification is becoming increasingly important. Traditional malicious code detection and classification methods mainly include static analysis methods and dynamic analysis methods. The former refers to malicious code analysis without executing binary programs, and the latter refers to the use of program debugging tools to track and observe malicious code under the condition of malicious code execution, and verify the static analysis results according to the working process of malicious code. Mal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62G06N3/04G06N3/08
CPCG06F21/561G06N3/08G06F2221/033G06N3/045G06F18/241
Inventor 方景龙陆洋邵艳利王兴起魏丹陈滨
Owner HANGZHOU DIANZI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com