Malicious code detection method and device and computer readable storage medium

A malicious code detection and malicious code technology, applied in the detection of malicious code, computer-readable storage media, can solve the problem of partially ignoring the interpretation of feature extraction and analysis schemes, etc.

Pending Publication Date: 2022-06-03
XIAMEN FUYUN INFORMATION TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the methods using machine learning tend to be more usable and interpretable. With the advent of a large number of efficient classifiers, the explanatory part of feature extraction and analysis schemes is ignored.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method and device and computer readable storage medium
  • Malicious code detection method and device and computer readable storage medium
  • Malicious code detection method and device and computer readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] figure 1 It is a schematic flowchart of a method for detecting malicious code according to an embodiment of the present invention. like figure 1 , a method for detecting malicious code according to an embodiment of the present invention, which is used to detect the category of binary malicious code, including: obtaining the running information of the malicious code file to be detected, the running information including the API calling information of the malicious code file to be detected, or The operation information includes API call information and DLL call information; the obtained operation information is input into the malicious code detection model trained in advance using the characteristics of the heterogeneous network, and the malicious code detection model outputs the category of the malicious code file to be detected.

[0049] figure 2 This is a schematic flowchart of training a malicious code detection model in a malicious code detection method accordin...

Embodiment 2

[0058] overall design

[0059] image 3 It is a schematic diagram of an overall design flow of a malicious code detection method according to another embodiment of the present invention. like image 3 , in this embodiment, the data to be used is obtained by analyzing the malicious code test sample in the Cuckoo sandbox, and the obtained information includes API information, dynamic link DLL information, relevant text information, and the like. The detection method of this embodiment mainly involves the content of random walk scheme, word vector training, classifier design and so on.

[0060] In the detection method of the embodiment of the present invention, a malicious code test sample is input, and the category to which the sample belongs is output. The malicious test code test sample is an executable file. like image 3 , the detection method of the embodiment of the present invention comprises:

[0061] Step 301, use the cuckoo sandbox to parse the test sample to ob...

Embodiment 3

[0102] The invention also provides a detection device for malicious code, such as Figure 14 As shown, the apparatus includes a processor 1401, a memory 1402, a bus 1403, and a computer program stored in the memory 1402 and executable on the processor 1401, the processor 1401 including one or more processing cores, a memory 1402 is connected to the processor 1401 through the bus 1403, and the memory 1402 is used for storing program instructions. When the processor executes the computer program, the steps in the above method embodiment of the first embodiment of the present invention are implemented.

[0103] Further, as an executable solution, the device for identifying microplastics may be a computer unit, and the computer unit may be a computing device such as a desktop computer, a notebook computer, a palmtop computer, and a cloud server. The computer unit may include, but is not limited to, a processor, a memory. Those skilled in the art can understand that the compositio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious code detection method. The method comprises the following steps: acquiring operation information of a to-be-detected malicious code file; inputting the operation information into a malicious code detection model which is trained by utilizing the characteristics of the heterogeneous network in advance, and outputting the category of the to-be-detected malicious code file; the malicious code detection model is trained through the following steps: S1, obtaining a file sample as a training set; s2, extracting operation information of the file sample; s3, constructing a heterogeneous network; s4, according to the heterogeneous network paradigms, obtaining a relation adjacency matrix of the heterogeneous network for each heterogeneous network paradigm, and obtaining a random walk vector; s5, using the random walk information to construct and train a corresponding word vector model and a classification model; and S6, performing principal angle weighting on the classification result to determine the category to which the malicious code file to be detected belongs. By means of the technical scheme, the environment information of the malicious codes is fully utilized, and the classification accuracy of the malicious code files is improved.

Description

technical field [0001] The present invention relates to the field of computer security, and in particular, to a malicious code detection method, device and computer-readable storage medium. Background technique [0002] Binary malicious code is a collective term for various types of malware, including viruses, Trojans, backdoors, worms, and more. Malicious codes have posed a great threat to the data security and property security of Internet companies and individual users. With the development of various development tools, the generation of malicious code has become simpler and the anti-detection capability has become stronger and stronger, which makes major anti-virus and security vendors face huge challenges. [0003] In the game with malicious code, the detection method of malicious code based on signature is the most commonly used analysis method. The feature code detection method refers to the method of obtaining code features from malicious code and using this featur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F16/35G06F40/289G06N20/00
CPCG06F21/566G06F16/353G06F40/289G06N20/00G06F2221/033
Inventor 姚刚陈奋陈荣有孙晓波龚利军
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap