Unlock instant, AI-driven research and patent intelligence for your innovation.

Malware detector training method, detector, electronic equipment and storage medium

A technology of malware and training methods, applied in the fields of instruments, electrical components, electrical digital data processing, etc., can solve the problem of high difficulty in model training, and achieve the effect of reducing labor costs, ensuring accuracy, and reducing difficulty

Pending Publication Date: 2022-06-07
AGRICULTURAL BANK OF CHINA
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the inventors found that: the rule-based Android malware detection method can reflect the causal relationship between features and detection results, but this method is based on a large number of manual analysis, and the training of the model is difficult

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware detector training method, detector, electronic equipment and storage medium
  • Malware detector training method, detector, electronic equipment and storage medium
  • Malware detector training method, detector, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] figure 1 Embodiment 1 of the present invention provides a flowchart of a malware detector training method, such as figure 1 As shown, the method includes:

[0028] S110. Obtain an original sample data set, and obtain an original malware detection rate of the original sample data set.

[0029] Specifically, the original sample data set includes multiple original samples. When the original sample data set is obtained, the type of the original sample (malware or benign software) can be known at the same time, that is to say, the original sample data set can be known at this time. The specific number of malware; input the original sample into the feature set training classifier, and then the probability of each sample being classified as malware or benign software can be obtained (for example, the probability of a sample being malware is 0.6, and the probability of benign software is 0.6). 0.4, the sample is determined to be malware); assuming that the specific number of ...

Embodiment 2

[0043] figure 2 This is a flowchart of a malware detector training method provided in Embodiment 2 of the present invention. This embodiment is an example of the previous embodiment, and specifically describes how to ensure the difference between the malware detection rate and the original malware detection rate. The value is within the first preset range.

[0044] Specifically, as figure 2 As shown, the method includes:

[0045] S210. Obtain an original sample data set, and obtain an original malware detection rate of the original sample data set.

[0046] S220. Acquire characteristic parameters of each original sample.

[0047] S230 , according to the characteristic parameters, select a representative sample data set whose proportion of the total samples is α from the original sample data set, and obtain the malware detection rate of the representative sample data set.

[0048] S240: Determine whether the difference between the malware detection rate and the original m...

Embodiment 3

[0055] image 3 This is a flowchart of a malware detector training method provided in Embodiment 3 of the present invention. This embodiment is an example of the foregoing embodiments, and specifically describes how to obtain a malware detector.

[0056] Specifically, as image 3 As shown, the method includes:

[0057] S310. Obtain an original sample data set, and obtain an original malware detection rate of the original sample data set.

[0058] S320. Acquire characteristic parameters of each original sample.

[0059] S330 , according to the characteristic parameters, select a representative sample data set whose proportion of the total samples is α from the original sample data set, and obtain the malware detection rate of the representative sample data set.

[0060] S340. Input the representative sample data set into the detection model based on the AdaBoost algorithm, and extract the initial detection rule.

[0061] Specifically, in this embodiment, the detection model...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious software detector training method, a detector, electronic equipment and a storage medium. The malicious software detector training method comprises the steps of obtaining an original sample data set, and obtaining an original malicious software detection rate of the original sample data set; characteristic parameters of each original sample are obtained, wherein the characteristic parameters are used for representing the uncertainty degree that the original samples are malicious software; according to the characteristic parameters, a representative sample data set accounting for the total sample proportion of alpha is selected from the original sample data set, the malicious software detection rate of the representative sample data set is obtained, alpha is larger than 0 and smaller than 1, and the difference value between the malicious software detection rate and the original malicious software detection rate is within a first preset range; and inputting the representative sample data set into a preset training model for training to obtain the malicious software detector. According to the malicious software detector training method provided by the invention, the model training difficulty can be reduced, and meanwhile, the accuracy of the trained model is ensured.

Description

technical field [0001] The invention relates to the technical field of software security, and in particular, to a training method for a malware detector, a detector, an electronic device and a storage medium. Background technique [0002] At present, a huge amount of malware poses a great threat to Android system security and user rights. Therefore, researching Android malware detection methods is one of the important contents in the field of mobile operating system security protection. [0003] The interpretable Android malware detection method is mainly a rule-based Android malware detection method. This method mainly extracts the permissions that are frequently requested by malware but rarely requested by benign software as the rules for detecting Android malware. Use this rule set to detect malware. [0004] However, the inventor found that the rule-based Android malware detection method can reflect the causal relationship between the features and the detection results...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00G06F21/56
CPCH04L9/006G06F21/566
Inventor 王海州
Owner AGRICULTURAL BANK OF CHINA