Malicious code family classification method based on fuzzy assembly instruction sequence
A technology of compiling instructions and malicious codes, applied in neural learning methods, biological neural network models, instruments, etc., can solve problems such as inaccurate classification results and poor robustness, and achieve enhanced characterization capabilities, high accuracy, and low time cost Effect
Pending Publication Date: 2021-11-02
ZHEJIANG LAB +1
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0005] The purpose of the present invention is to address the defects in the prior art. In order to solve the technical problems of inaccurate and poor robustness of the classification results of malicious code polymorphic variants when detecting traditional methods, a method based on fuzzy assembly instruction sequences is proposed. Malicious code family classification method
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0030] In the present invention, the immediate data and the constant memory address type operand filtered from the precise assembly instruction are as figure 2 shown.
[0031] In order to test the malicious code results of the present invention, the "BIG 2015" standard data set was selected to verify the performance of the classification model trained by the present invention. The experimental results are shown in Table 2. The classification model generated by the present invention can accurately identify 96% of malicious codes. To a certain extent, the classification performance of polymorphic variant malicious code is improved.
[0032] Table 2 Classification and recognition results of malicious code families based on fuzzy assembly instruction sequences
[0033]
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more PUM
Login to view more Abstract
The invention relates to a malicious code family classification method based on a fuzzy assembly instruction sequence, and belongs to the technical field of computer network malicious code detection. According to the method, fuzzy assembly instruction sequence features after immediate operands and constant address operands are filtered are extracted from malicious codes of different families, and a long-short-term memory network model used for malicious code family classification is trained. Compared with an existing byte code sequence and an existing operation code sequence, the adopted fuzzy assembly instruction sequence has higher accuracy in PE malicious code family classification tasks. A fuzzy assembly instruction sequence is adopted, a written instruction mask is used for shielding part of types of operands, compared with existing bytecode sequence features, the length of an input sequence is reduced, and the method has lower time cost in LSTM model training and family detection links. Compared with the existing operation code sequence features, the invention has the advantages that the depiction capability on different malicious code families is enhanced, and a better detection result is achieved.
Description
technical field [0001] The invention relates to a method for classifying a malicious code family on a network, in particular to a method for classifying a malicious code family based on a fuzzy assembly instruction sequence, and belongs to the technical field of computer network malicious code detection. Background technique [0002] With the development of the Internet, malicious code attacks have grown exponentially, and have become one of the main threats to network security. The increasingly serious information security problem has caused personal privacy information to be used maliciously, enterprises have suffered huge economic losses, and national security has also faced serious threats. [0003] With the increasing amount of malicious codes and increasingly serious threats, malware detection and defense in computer systems has become an important network security task for users and enterprises. The development trend of malicious code is very rapid. Traditional manua...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Application Information
Patent Timeline
Login to view more IPC IPC(8): G06F21/56G06N3/04G06N3/08
CPCG06F21/561G06N3/08G06N3/044
Inventor 邱克帆张汝云白冰孙才俊马煜杰谭毓安李元章
Owner ZHEJIANG LAB
Who we serve
- R&D Engineer
- R&D Manager
- IP Professional
Why Eureka
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Social media
Try Eureka
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap