Unlock instant, AI-driven research and patent intelligence for your innovation.
Cross-platform malicious code detection method and system
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A malicious code detection, cross-platform technology, applied in the field of software security technology protection
Active Publication Date: 2022-02-18
SHANDONG COMP SCI CENTNAT SUPERCOMP CENT IN JINAN +1
View PDF19 Cites 3 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
No related technologies have been found to use malicious code samples from different platforms to build detection models to detect malicious code from other platforms, or use malicious code samples from multiple platforms to build a cross-platform malicious code detection model
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0059] A cross-platform malicious code detection method, comprising the following steps:
[0060] (1) Using large-scale benign program samples on multiple platforms, train a pre-training model (Pre-trainModel) to capture the structure and semantic correlation in the program instruction context and the structure and semantic commonality between program instructions on different platforms;
[0061] (2) On top of the pre-training model, a cross-platform malicious code detection model is constructed using limited-scale benign program samples and malicious program samples from multiple platforms, fine-tuning the parameters of the cross-platform malicious code detection model, and incorporating the knowledge Migrate to a cross-platform malicious code detection model;
[0062] (3) Use the constructed cross-platform malicious code detection model to detect unknown program samples on different platforms (including platforms not involved in pre-training and detection model training), an...
Embodiment 2
[0065] According to a kind of cross-platform malicious code detection method described in embodiment 1, such as figure 2 As shown, the difference is:
[0066] The specific implementation process of step (1) is as follows:
[0067] 1.1: Collect large-scale benign program samples on Windows, Andriod, Linux, and localization platforms, and construct a multi-platform benign program data set D, where samples in D are denoted as U i =[C i ,W i ]; where C i ={C 1 ,C 2 ,...,C n} represents the program instructions of the i-th sample, the set C i The subscript n represents the total number of program instructions (token); W i ={W 1 ,W 2 ,...,W m} denote annotations of the i-th sample, set W i The subscript m represents the total number of annotation words;
[0068] 1.2: If image 3 As shown, the pre-training model M is constructed based on the multi-layer Transformerencoder, and the pre-training model M is pre-trained using the multi-platform benign program dataset D; a...
Embodiment 3
[0083] According to a kind of cross-platform malicious code detection method described in embodiment 2, its difference is:
[0084] like Figure 4 As shown, the specific implementation process of step (2) is as follows:
[0085] 2.1: Build a malicious code detection model M' on the pre-training model M, and the malicious code detection model M' includes a pre-training model M and a linear classifier K;
[0086] The architecture of the malicious code detection model M' is to connect a linear classifier K to the pre-trained model M. The architecture of the malicious code detection model M' is as follows: Image 6 shown.
[0087] 2.2: In order to better learn the structural and semantic features of malicious codes on different platforms, construct a data set D' and train the malicious code detection model M'. The data set D' includes malicious code samples and benign codes from various platforms sample. In order to prevent the malicious code detection model M' from being bias...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention relates to a cross-platform malicious code detection method and system. The method comprises the steps of (1) training a pre-training model through employing benign program samples on a plurality of platforms, so as to capture the structure and semantic correlation in the context of a program instruction, and the structure and semantic generality between program instructions of different platforms, (2) on the pre-training model, constructing a cross-platform malicious code detection model by using a plurality of benign program samples and malicious program samples of a limited scale of platforms, performing parameter fine tuning on the cross-platform malicious code detection model, and migrating knowledge in the pre-training model into the cross-platform malicious code detection model, and (3) detecting unknown program samples on different platforms by using the constructed cross-platform malicious code detection model, and judging whether the unknown program samples are malicious or benign. Program samples of multiple platforms are used for model training, the generality of different platform programs in structure and semantic context is fully utilized, and the problem that malicious code training samples of a single platform are insufficient is solved.
Description
technical field [0001] The invention relates to a cross-platform malicious code detection method and system, belonging to the technical field of software security technology protection. Background technique [0002] Malicious code refers to computer code that is intentionally compiled or set up to pose a threat or potential threat to the network or system. The most common malicious codes include computer viruses (abbreviated as viruses), Trojan horses (abbreviated as Trojan horses), computer worms (abbreviated as worms), backdoors, logic bombs, etc. Malicious codes have brought serious security threats to network users, enterprises, industrial facilities, network and information equipment, etc. Therefore, malicious code detection technology has always been the focus of attention in the field of information and network security. [0003] Malicious code detection technology has been developed so far, which can be mainly divided into signature-based, heuristic-based and machi...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More