Mining type malicious code robustness detection method and system based on integration strategy and medium
A code robustness and integrated strategy technology, applied in the field of robustness detection of mining malicious codes, can solve problems such as difficult feature extraction, waste of computing resources, large time overhead, etc., and achieve simple construction process and improved robustness , the effect of high accuracy
Pending Publication Date: 2021-11-26
GUANGZHOU UNIVERSITY
View PDF6 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Third, there are endless system-level vulnerabilities, which are easily exploited by malicious mining programs
The second is the harmful behavior of concealing profit
Existing static analysis methods require analysts to have a high professional level in order to extract effective features, and feature extraction will become extremely difficult in the case of file packing, resource confusion, etc.
However, the dynamic analysis method needs to monitor the behavior of program files in real time, resulting in the waste of a large amount of computing resources and inevitably causing a large time overhead.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0056] Static analysis: Treat the PE file as a binary file, read the file in the form of binary bytecode, and then decode it into a string, and perform data exploration and feature extraction from the string level. Strings are sequences of printable characters in program binaries, and malware analysts often rely on strings in malicious samples to quickly understand what might be happening in them. The strings of binary files usually contain some key information, such as HTTP and FTP commands to download web pages and files, IP addresses and hostnames that reveal the address information of the connection, text explaining the purpose of the binary file, and the compilation used to create the binary file. compiler, and the programming language used to write the binary, embedded script or HTML, etc. The raw string format of the sample file is like figure 2 shown.
[0057] Such as figure 1 As shown, this embodiment provides a method for robust detection of mining-type malicious...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a mining type malicious code robustness detection method and system based on an integration strategy and a medium. The method comprises the steps: reading a character string of a binary file through a static analysis method; carrying out feature vectorization through a TF-IDF algorithm; obtaining a training sample; randomly extracting a training sample by adopting a Bagging strategy; training a model by adopting a Boosting strategy according to the extracted training sample, and performing prediction; and taking an average value of predicted results after multiple times of training. According to the method and system, an existing static analysis method is improved, only the character string distribution characteristics of the mining type malicious codes are concerned, and characteristic engineering is simple and rapid; besides, the detection model is designed by adopting an integration strategy, the thinking of Bagging and Boosting algorithms is fused, the process of constructing the detection model is simple, the prediction speed is high, the accuracy is high, the robustness of the model is improved, and the prediction result is more accurate and stable.
Description
technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a mining-type malicious code robustness detection method, system and medium based on an integrated strategy. Background technique [0002] Malicious code is harmful computer code or web scripts designed to create system vulnerabilities and thereby cause backdoors, security risks, information and data theft, and other potential damage to files and computer systems. Common malicious codes include computer viruses, computer worms, Trojan horses, and the like. Trojan horse (referred to as Trojan horse) is a class of programs that seem to have normal functions, but actually hide many functions that users do not want. As a specific type of Trojan horse, mining malicious code (also known as mining Trojan horse and mining virus) mainly earns profits by invading computer systems and implanting mining machines to earn encrypted digital currency. [0003] In recent ye...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N20/00G06K9/62
CPCG06F21/563G06N20/00G06F18/214
Inventor 李树栋厉源吴晓波韩伟红方滨兴田志宏殷丽华顾钊铨仇晶唐可可李默涵
Owner GUANGZHOU UNIVERSITY