Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious software multi-label classification method based on graph convolutional neural network

A convolutional neural network and classification method technology, applied in the field of malware detection, can solve problems such as behavioral deviation, bad behavior, and not being able to represent the real behavior of samples, and achieve good classification results

Pending Publication Date: 2021-12-21
NANJING UNIV OF POSTS & TELECOMM
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In recent years, with the development of Graph Neural Network (GNN), it has achieved good results in extracting the connection between entities. Various fields have begun to try to introduce graph neural network for research, and the field of malware detection has also tried The control flow graph (Control Flow Graph, CFG) and function call graph (Function Call Graph, FCG) of the binary file are used as the starting point for research, but in the multi-classification of malware, the label of the data set will only have one behavior Labels are often classified as one of ransomware, worms, and Trojan horses. During the training process, only one label is used. The single result obtained after training such a model deviates from the behavior of the actual sample. Can not represent the real behavior of all samples

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software multi-label classification method based on graph convolutional neural network
  • Malicious software multi-label classification method based on graph convolutional neural network
  • Malicious software multi-label classification method based on graph convolutional neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] In order to make the purpose, technical solutions and advantages of the embodiments of the present disclosure clearer, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below in conjunction with the accompanying drawings of the embodiments of the present disclosure.

[0063] see Figure 1-3 Shown, is a kind of malware multi-label classification method based on graph convolutional neural network of the present invention, this malware multi-label classification method based on graph convolutional neural network comprises the following steps:

[0064] S100: feature extraction of the function call graph, disassemble the original binary file, obtain the assembly code, extract the semantic and structural features of the function call graph, and obtain the graph embedding vector of the sample;

[0065] S200: feature extraction of multi-label relationship, constructing a model for extracting label relationship through ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious software multi-label classification method based on a graph convolutional neural network. A classification method comprises the following steps: S100, extracting features of a function call graph, disassembling an original binary file, obtaining a sink code, extracting semantic and structural features of the function call graph, and obtaining a graph embedding vector of a sample; S200, carrying out feature extraction of a multi-label relationship: constructing a model for extracting the label relationship through the label relationship graph to obtain a multi-label classifier; S300, performing point multiplication on the graph embedding vector and the multi-label classifier, and performing structure mapping on a result obtained by the point multiplication to obtain a classification result; and S400, constructing a multi-label loss function, and calculating a loss value of the classification model by calculating a difference value between a classification result and a real result of each label. Compared with the prior art, the method has a good multi-label classification effect on malicious software with various labels.

Description

technical field [0001] The invention relates to the technical field of malware detection, in particular to a multi-label classification method for malware based on a graph convolutional neural network. Background technique [0002] With the game between malware protection technology and malware, in today’s network environment, malware is no longer limited to one behavioral attack, such as WannaCry, which broke out in 2017, because of its distinctive encrypted data for extortion, it was The general public is classified as ransomware, but in addition to the behavior of ransomware encrypted files, this malware also has the behavior of worms replicating and spreading through the network, and Trojan horses disguising software. In recent years, with the development of Graph Neural Network (GNN), it has achieved good results in extracting the connection between entities. Various fields have begun to try to introduce graph neural network for research, and the field of malware detect...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06K9/62G06N3/04G06N3/08
CPCG06F21/566G06N3/08G06N3/045G06F18/241Y02D10/00
Inventor 宋玉蓉白敬华
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com