Unlock instant, AI-driven research and patent intelligence for your innovation.
Malicious code detection method based on malicious code dynamic forensic model
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A malicious code detection and malicious code technology, which is applied in the field of malicious code detection based on the malicious code dynamic forensics model, can solve the problems of a wide range of malicious code, it is difficult to provide protection solutions, and malicious code detection is more difficult to achieve. The effect of dynamic detection capability, ensuring dynamic updateability, and ensuring system security
Pending Publication Date: 2022-07-12
HUNAN UNIV OF SCI & ENG
View PDF0 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
However, "the way is one foot high, the devil is one foot high", malicious attack technology is also constantly improving, malicious code through various "fragmentation", "encryption" and other anti-forensics methods, making it difficult to detect malicious code Disaster
At the same time, because the real-time emergency response mechanism for new malicious code is not perfect, the scope of influence of malicious code is getting wider and wider.
[0004] Most of the traditional network malicious code forensics technology focuses on the forensics of a given static malicious code data set in a specific background, and does not discuss the dynamic protection of newly added malicious code. Therefore, new or variant malicious code generated by malicious attackers When the traditional malicious code detection model cannot define and measure the dynamically evolving malicious code, it is difficult to provide an effective protection scheme
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0032] The present invention provides a malicious code detection method based on a malicious code dynamic forensics model, please refer to figure 1 , including the following specific steps:
[0033] Step 1: Obtain the code sequence flow to be detected;
[0034] Step 2: Based on the 3-Gramfeature generation method and using the sliding window technology to slide on the code sequence flow to extract the dynamic behavior feature vector of each sample to be tested;
[0035] Wherein, the sample to be tested is a sequence fragment of a code sequence stream;
[0036] The dynamic behavior feature vector of each sample to be tested is expressed as:
[0037] B={gs 1 , gs 2 ,...gs i ...,gs n }
[0038] In the formula, B is the dynamic behavior feature vector of a sample to be tested, gs i represents the i-th 3-Gram fragment, gs i The value of is 0 or 1, and n is the fragment length of the sample to be tested;
[0039] 3-Gram is an algorithm based on a statistical language mode...
Embodiment 2
[0051] The present invention provides a malicious code detection method based on a malicious code dynamic forensics model, please refer to figure 1 , including the following specific steps:
[0052] Step 1: Obtain the code sequence flow to be detected;
[0053] Step 2: Based on the 3-Gram feature generation method and using the sliding window technology to slide the code sequence stream to extract the dynamic behavior feature vector of each sample to be tested;
[0054] Wherein, the sample to be tested is a sequence fragment of a code sequence stream;
[0055] The dynamic behavior feature vector of each sample to be tested is expressed as:
[0056] B={gs 1 , gs 2 ,...gs i ...,gs n }
[0057] In the formula, B is the dynamic behavior feature vector of a sample to be tested, gs i represents the i-th 3-Gram fragment, gs i The value of is 0 or 1, and n is the fragment length of the sample to be tested;
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention belongs to the technical field of network security, and particularly relates to a malicious code detection method based on a malicious code dynamic evidence obtaining model, which comprises the following specific steps of: 1, acquiring a code sequence flow to be detected; and step 2, based on a 3-Gramfeature generation method and by utilizing a sliding window technology, sliding on the code sequence stream to extract a dynamic behavior feature vector of each sample to be detected. The initial detection of the code sequence is realized through the malicious code detection model, namely, the initial identification of malicious codes and non-malicious codes is realized; and clustering unknown sequences of the initially detected malicious codes by utilizing a clustering means, and further identifying whether the malicious codes are malicious codes or not by utilizing a mechanism that malicious code classifications corresponding to the samples to be detected in the same cluster should be consistent, so that the detection precision of the malicious codes is greatly improved through dual identification.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to a malicious code detection method based on a malicious code dynamic forensics model. Background technique [0002] In recent years, with the increasingly fierce competition in cyberspace, the problem of network attacks with the background of countries or hacker organizations has become more and more serious, and the frequency of malicious code (also known as malware) attacks has increased exponentially. A series of cyber security incidents have caused serious threats to the country and society. Therefore, it is necessary to speed up the construction of a security guaranteesystem for key information infrastructure, to perceive the network security situation in an all-round way, and to enhance the ability of network security defense and deterrence. Emergency response and disposal is to take corresponding remedial measures and actions after malicious code invades the syst...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More