Cross-platform malicious software confrontation sample generation method and system

A malware and anti-sample technology, applied in the field of software security, to achieve the effect of optimizing feature vectors, improving efficiency, and improving robustness

Active Publication Date: 2022-04-01
SOUTHWEST PETROLEUM UNIV
View PDF19 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to overcome the existing problems in the prior art that can only analyze malware on a single platform, and provide a method and system for generating cross-platform malware countermeasure samples based on deep reinforcement learning

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-platform malicious software confrontation sample generation method and system
  • Cross-platform malicious software confrontation sample generation method and system
  • Cross-platform malicious software confrontation sample generation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068] In an exemplary embodiment, a method for generating cross-platform malware adversarial samples is provided, such as figure 1 As shown, the method includes:

[0069] Collect multiple types of malware samples from different platforms, and map different types of malware samples into unified binary files;

[0070] Perform feature extraction on the binary file to generate a feature vector representing malicious software;

[0071] According to the eigenvectors, build an agent and an Actor-Critic network, design malware disturbance actions and encapsulate them in the deep reinforcement learning action space, and obtain a malware confrontation sample generation model; actions in the action space will act on the eigenvectors, and the action The design will be based on the eigenvector, and we hope to achieve our goal with the smallest disturbance.

[0072] Input a new binary file to train the malware confrontation sample generation model, and the deep reinforcement learning env...

Embodiment 2

[0088] Based on Embodiment 1, a method for generating a cross-platform malware countermeasure sample is provided, and the various types of malware samples include PE executable files on the Windows platform, ELF executable files on the Linux platform, and apk files on the Android platform.

[0089] The full name of PE files is Portable Executable, which means portable executable files. Common EXE, DLL, OCX, SYS, and COM are all PE files. PE files are program files on the Microsoft Windows operating system (maybe indirectly execution, such as a DLL).

[0090] The full name of the ELF file is Executable and Linkable Format, which means an executable and linkable format. ELF files are divided into three categories: 1. Relocatable (relocabtable) files, which store code and appropriate data, used to communicate with other object files together to create an executable or a shared file. 2. The executable (executable) file stores a program for execution, which indicates how exec (BA_...

Embodiment 3

[0102] Based on the above embodiments, for the existing anti-sample generation method, there is a problem that the malware loses its integrity and function after a series of excessive or strong injections, resulting in too redundant model training for the anti-virus engine and malware adversarial samples. For the problem of poor robustness, the present invention provides a method for generating cross-platform malware adversarial samples, designing malware disturbance actions and encapsulating them into the deep reinforcement learning action space, the action space includes:

[0103] String obfuscation: Find strings and function calls by analyzing the abstract syntax tree, then obfuscate the strings, insert variable definitions / assignments at appropriate positions (including functions or global contexts), and hide functions and then obfuscate the code;

[0104] Section table modification: overwrite and append, import and append, rename, add, and append operations to the section ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a cross-platform malicious software confrontation sample generation method and system, belongs to the technical field of software security, and aims to map various types of malicious software samples of different platforms into a unified binary file, improve the generalization ability of a malicious software confrontation sample generation model and the diversification of confrontation samples, and improve the generation efficiency of the confrontation samples. And the malicious software analysis efficiency is improved. Besides, by modifying the action space, a character string confusion method is added, the robustness of the adversarial sample can be better improved, a decision network algorithm and an integrity verification method are applied to malicious software adversarial sample generation, the training calculation overhead can be reduced, and it is guaranteed that the sample function is complete.

Description

technical field [0001] The invention relates to the technical field of software security, in particular to a method and system for generating cross-platform malicious software confrontation samples. Background technique [0002] With the development of the Internet, the vulnerability of the Internet itself has led to the emergence of a large number of malicious software in cyberspace, and it has been widely disseminated. In recent years, most major network security incidents, such as botnets, persistent advanced threats, and ransomware, will Software is used as the main attack component to cause significant damage. Machine learning techniques have been widely used in malware detection and classification, but they still face the threat of adversarial samples, so the anti-attack performance of malware detection models is particularly important. Adversarial sample research is a hot field, but there is less research on the attack and defense of malware adversarial samples. [...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N20/00
Inventor 郑德生吴欣隆周永温冬李政禹刘建超柯武平张秀容付锦涛许锡振
Owner SOUTHWEST PETROLEUM UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap