Botnet software detection method based on API calling and network behaviors

A technology of API calling and software detection, applied in the field of computer science, can solve the problem of less malicious code identification, achieve the effect of improving accuracy, improving efficiency, and reducing the size of the graph
CN114707151APending Publication Date: 2022-07-05GUILIN UNIV OF ELECTRONIC TECH
0 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUILIN UNIV OF ELECTRONIC TECH
Publication Date
2022-07-05

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a zombie software detection method based on API (Application Program Interface) calling and network behaviors. The method comprises a host behavior pattern extraction layer module, a network behavior pattern extraction layer module and an aggregation training module, wherein the host behavior pattern extraction layer module comprises a file analysis and identification sub-module, a static FCG extraction sub-module, a sample distribution sub-module and a call context extraction sub-module, and sequentially performs analysis and identification of sample files, sample distribution, static analysis and dynamic analysis of samples, FCG call graph compression and node re-tagging; the network behavior mode advance layer module comprises a network behavior monitoring and data preprocessing sub-module and an LSTM representation learning sub-module, and is used for carrying out network behavior collection and data preprocessing and training the LSTM representation learning sub-module; and the aggregation training module performs aggregation training on output data of the host behavior pattern extraction layer module and the network behavior pattern extraction layer module, inputs the output data into the full-connection classification network, and finally obtains a classification result.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of computer science, in particular to a method for detecting zombie software based on API calling and network behavior. Background technique

[0002] With the application of deep learning, end-to-end natural language processing-based text classification techniques and learning models are also applied in malicious code detection. X.Xiao and others regard binary code as the lowest-level feature. The binary code is similar to the image pixels or the first few bytes of traffic in other applications of deep learning, and then uses CNN, RNN or LSTM, auto-encoder, etc. to mine the code structure or time series The features on the upper layer are learned through multiple hidden layers to learn more advanced features. M.Yeo first extracts the features and inputs them into the neural network for training and classification, because the traffic sent by malicious codes such as botware often has different characteristic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More