CN110222507B - Intelligent learning and recognition method for malicious software big data based on fuzzy hash - Google Patents
Intelligent learning and recognition method for malicious software big data based on fuzzy hash Download PDFInfo
- Publication number
- CN110222507B CN110222507B CN201910424747.2A CN201910424747A CN110222507B CN 110222507 B CN110222507 B CN 110222507B CN 201910424747 A CN201910424747 A CN 201910424747A CN 110222507 B CN110222507 B CN 110222507B
- Authority
- CN
- China
- Prior art keywords
- mobile software
- software
- file
- mobile
- fuzzy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a malicious software big data intelligent learning and identifying method based on fuzzy hash, which comprises the following steps of obtaining a mobile software folder path and reading mobile software according to the folder path; decompiling each mobile software to obtain a source code of the mobile software; preprocessing the source code of the mobile software, namely acquiring a source code characteristic value; acquiring a fuzzy hash value set and a code line number set in each file of mobile software through a source code characteristic value; then similarity score calculation and fuzzy hash value and similarity score weight calculation are carried out, similarity comparison is carried out between mobile software, a comparison result is obtained, and then mobile malicious software is screened; according to the method, the fuzzy hash value corresponding to each file of the mobile software is obtained through the mobile software source code, the similarity score and the weight are calculated by utilizing the fuzzy hash value, so that the mobile software is distinguished, malicious mobile software is effectively monitored and distinguished, a user is far away from the malicious software, and loss is reduced.
Description
Technical Field
The invention relates to the research field of malicious software detection, in particular to a fuzzy hash-based intelligent learning and identifying method for large data of malicious software.
Background
With the rapid development of the internet and smart phones, mobile internet software is rapidly popularized, and especially application software using mobile as an operating system is prominent, so that the number of mobile internet software released each year is huge. However, the mobile internet software is increasingly prominent in safety due to the openness and popularity of the mobile internet software, and the openness and popularity of the Android application pose a threat to the safety of the mobile internet software. Lawless persons reissue by adding obfuscation and virus codes to the source code of popular native applications. And the popularity of the original application and a huge user group are utilized to induce the user to download, so that the user privacy, the mobile phone charge, the flow and the like are stolen, and virus software is rapidly transmitted. Malware tends to be reissued by modifying the native App code, and impersonating the native App propagates its malware.
In the face of increasing numbers of malicious Android application software, how to improve the detection efficiency of the malicious software becomes a research-worthy problem.
Disclosure of Invention
The invention mainly aims to overcome the defects and shortcomings of the prior art, and provides a mobile malicious software intelligent detection method based on fuzzy hash under a big data software sample, and the similarity between software can be rapidly calculated through the calculation of the fuzzy hash.
The aim of the invention is achieved by the following technical scheme:
the intelligent learning and recognition method for the big data of the malicious software based on the fuzzy hash is characterized by comprising the following steps of,
s1, acquiring a folder path of mobile software, and reading the mobile software according to the folder path;
s2, decompiling each mobile software to obtain a source code of each mobile software;
s3, preprocessing the source code of the mobile software, namely acquiring a source code characteristic value;
s4, acquiring a fuzzy hash value set and a code line number set in each file of each mobile software through a source code characteristic value;
s5, calculating the similarity of the fuzzy hash values of the source code files and the weight of the similarity score of the source code files between the software according to the fuzzy hash value set and the code line number set in each file of each mobile software, so that a similarity comparison result between the software is obtained, and further the mobile malicious software is identified.
Further, the step S2 specifically includes: and decompiling the mobile software by using a static analysis tool android, and storing source codes in corresponding files after decompiling.
Further, the source code feature value includes: the total number of lines of source codes, the fuzzy hash value and the number of lines of codes in each file of each mobile software.
Further, the pretreatment specifically comprises: acquiring the total line number of the source codes, namely writing all file codes of the mobile software into a text document, and counting the total line number of the text document;
using fuzzy hash tool to process fuzzy hash to code in each decompiled file of mobile software to obtain corresponding fuzzy hash value,
the specific process is as follows: firstly, setting a fragment value to divide codes in a decompiled file into a plurality of fragments, carrying out hash calculation on each fragment of codes by using an FNV (Fowler-Noll-Vo) algorithm to obtain hash values, taking the first 6 bits of the hash values of each fragment, compressing and representing the 6 bits of the hash values by using 1 ASCII code, and finally connecting all compressed values, namely ASCII codes, into a character string to serve as a fuzzy hash value of the source codes of the file;
each fuzzy hash value corresponds to a code in each file of a piece of mobile software; the fuzzy hash value set is as follows:
Hash A ={ahj 1 ,ahj 2 ,…,ahj m };
therein, ahj i (i=1, 2, …, m) represents a fuzzy hash value of a code in an i-th java file of the mobile software a, and m java files are decompiled by the mobile software a; bhj i (i=1, 2, …, n) represents a fuzzy hash value of a code in an i-th java file of the mobile software B, and n java files are decompiled by the mobile software B;
the method comprises the steps of obtaining the number of code lines in each file of each mobile software, wherein the number of code lines in each file of each mobile software is as follows:
L A ={alj 1 ,alj 2 ,…,alj m };
therein, alj i (i=1, 2, …, m) represents the number of lines of code in the i-th java file of the mobile software a; blj i (i=1, 2, …, n) represents the number of lines of code in the i-th java file of the mobile software B.
Further, the fuzzy hash tool is ssdeep.
Further, the number of the code fuzzy hash values of each mobile software depends on the number of files of the mobile software.
Further, the fuzzy hash value is a long string.
Further, the step S4 specifically includes:
acquiring fuzzy hash value sets of two mobile software by the source code eigenvalues:
the fuzzy hash value set of the mobile software a is: hash A ={ahj 1 ,ahj 2 ,…,ahj m };
The fuzzy hash value set of the mobile software B is: hash B ={bhj 1 ,bhj 2 ,…,bhj n };
Therein, ahj i (i=1, 2, …, m) is a fuzzy hash value of a code in an ith Java file of the mobile software a, and m Java files are obtained after decompilation of the mobile software; bhj i (i=1, 2, …, n) is a fuzzy hash value of a code in an ith Java file of the mobile software B, and n Java files are decompiled by the mobile software B;
acquiring a code line number set in a file of two mobile software through a source code characteristic value, wherein the code line number set in each file of each mobile software is as follows:
the Java file code line number set of the mobile software A is as follows: l (L) A ={alj 1 ,alj 2 ,…,alj m };
The Java file code line number set of the mobile software B is as follows: l (L) B ={blj 1 ,blj 2 ,…,blj n };
Therein, alj i (i=1, 2, …, m) is the number of lines of code in the ith Java file of the mobile software a, blj i (i=1, 2, …, n) is the number of lines of code in the i-th Java file of the mobile software B;
further, a similarity score is calculated:
score[i]=max{comp(ahj i ,bhj 1 ),comp(ahj i ,bhj 2 ),…,comp(ahj i ,bhj n )},(i=1,2,…,m);
wherein comp is a similarity algorithm for calculating hash values, comp (ahj) i ,bhj j ) Representing the ith Java file code of the mobile software AText similarity score calculation based on editing distance is carried out on the fuzzy hash value of the (j) th Java file code of the mobile software B and the fuzzy hash value of the (j) th Java file code, and max represents taking the maximum similarity value, score [ i ] in the maximum similarity value]Calculating similarity scores of ith Java file fuzzy hash value of mobile software A and mobile software B;
calculating the weight of each Java file fuzzy hash value of the mobile software A and the similarity score of the mobile software B:
weight[i]=alj i /al A ,(i=1,2,…,m);
therein, alj i The i-th Java file source code line number, al representing mobile software A A Representing the total number of source code lines of the mobile software A;
calculating the similarity score of the mobile software A and the mobile software B:
further, the similarity score of the mobile software a versus the mobile software B is different from the score of the mobile software B versus the mobile software a, i.e., the similarity score results are calculated unidirectionally.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the invention obtains the source code of the mobile software through decompilation, preprocesses the source code, and obtains the characteristic value of the source code, which comprises the following steps: the total line number of the source codes, the fuzzy hash value and the line number of codes in each file of each mobile software; and performing similarity score calculation and weight calculation through the fuzzy hash value and the code line number to finally obtain the similarity scores of the two pieces of mobile software, so that the malicious software is rapidly and effectively identified under the condition that the sample data size of the mobile software is large.
Drawings
FIG. 1 is a flow chart of a method for intelligent learning and identifying of malicious software big data based on fuzzy hash;
FIG. 2 is a graph showing the comparison of the calculated time of the present invention with the Androgard algorithm;
FIG. 3 is a schematic diagram of the result of the similarity score calculation with the android algorithm.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but embodiments of the present invention are not limited thereto.
Examples:
an intelligent learning and recognition method for big data of malicious software based on fuzzy hash, as shown in figure 1, comprises the following steps,
the method comprises the steps of firstly, acquiring a folder path of mobile software, and reading a file of the mobile software according to the folder path;
second, decompiling the file of each mobile software to obtain the source code of each mobile software; the method comprises the following steps: and decompiling the mobile software by using a static analysis tool android, and storing source codes in corresponding files after decompiling.
Thirdly, preprocessing the source code of the mobile software to obtain a source code characteristic value; the source code characteristic value includes: the total line number of the source codes, the fuzzy hash value and the line number of codes in each file of each mobile software;
the pretreatment is specifically as follows: acquiring the total line number of the source codes, namely writing all file codes of the mobile software into a text document, and counting the total line number of the text document;
and (3) performing fuzzy hash processing on codes in each decompiled file of the mobile software by using a fuzzy hash tool, namely ssdeep algorithm, so as to obtain corresponding fuzzy hash values, wherein the specific process is as follows: firstly, setting a fragment value to divide codes in a decompiled file into a plurality of fragments, carrying out hash calculation on each fragment of codes by using an FNV (Fowler-Noll-Vo) algorithm to obtain hash values, taking the first 6 bits of the hash values of each fragment, compressing and representing the 6 bits of the hash values by using 1 ASCII code, and finally connecting all compressed values, namely ASCII codes, into a long character string to serve as a fuzzy hash value of the source codes of the file;
each fuzzy hash value corresponds to codes in each file of one mobile software, the number of the code fuzzy hash values of each mobile software depends on the number of the files of the mobile software, and the fuzzy hash values are character strings; the fuzzy hash value set is as follows:
Hash A ={ahj 1 ,ahj 2 ,…,ahj m };
therein, ahj i (i=1, 2, …, m) represents a fuzzy hash value of a code in an i-th java file of the mobile software a, and m java files are decompiled by the mobile software a; bhj i (i=1, 2, …, n) represents a fuzzy hash value of a code in an i-th java file of the mobile software B, and n java files are decompiled by the mobile software B;
the method comprises the steps of obtaining the number of code lines in each file of each mobile software, wherein the number of code lines in each file of each mobile software is as follows:
L A ={alj 1 ,alj 2 ,…,alj m };
therein, alj i (i=1, 2, …, m) represents the number of lines of code in the i-th java file of the mobile software a; blj i (i=1, 2, …, n) represents the number of lines of code in the i-th java file of the mobile software B.
Step four, acquiring a fuzzy hash value set and a code line number set in each file of each mobile software through a source code characteristic value, then carrying out similarity score calculation and weight calculation of the fuzzy hash value and the similarity score, comparing the mobile software to obtain a comparison result, and further screening the mobile malicious software;
the method comprises the following steps:
acquiring fuzzy hash value sets of two mobile software by the source code eigenvalues:
the fuzzy hash value set of the mobile software a is: hash A ={ahj 1 ,ahj 2 ,…,ahj m };
The fuzzy hash value set of the mobile software B is: hash B ={bhj 1 ,bhj 2 ,…,bhj n };
Therein, ahj i (i=1, 2, …, m) is a fuzzy hash value of the code in the ith Java file of the mobile software a, the mobileM Java files are formed after decompiling of dynamic software; bhj i (i=1, 2, …, n) is a fuzzy hash value of a code in an ith Java file of the mobile software B, and n Java files are decompiled by the mobile software B;
acquiring a code line number set in a file of two mobile software through a source code characteristic value, wherein the code line number set in each file of each mobile software is as follows:
the Java file code line number set of the mobile software A is as follows: l (L) A ={alj 1 ,alj 2 ,…,alj m };
The Java file code line number set of the mobile software B is as follows: l (L) B ={blj 1 ,blj 2 ,…,blj n };
Therein, alj i (i=1, 2, …, m) is the number of lines of code in the ith Java file of the mobile software a, blj i (i=1, 2, …, n) is the number of lines of code in the i-th Java file of the mobile software B;
calculating a similarity score:
score[i]=max{comp(ahj i ,bhj 1 ),comp(ahj i ,bhj 2 ),…,comp(ahj i ,bhj n )},(i=1,2,…,m);
wherein comp is a similarity algorithm for calculating hash values, comp (ahj) i ,bhj j ) Text similarity score calculation based on editing distance is carried out on the fuzzy hash value of the ith Java file code of the mobile software A and the fuzzy hash value of the jth Java file code of the mobile software B, and max represents taking the maximum similarity value and score [ i ]]Calculating similarity scores of ith Java file fuzzy hash value of mobile software A and mobile software B; FIG. 2 is a schematic diagram of the comparison result of the calculation time of the invention with the Androgard algorithm, wherein the abscissa is a mobile software pair, the ordinate is the calculation time, the solid bar is the calculation time of the Androgard, and the hollow bar is the calculation time of the invention; FIG. 3 is a schematic diagram of the calculation result of similarity score between the invention and the android algorithm, wherein the abscissa is a mobile software pair, the ordinate is a similarity score, the solid bar is an android similarity score, and the hollow bar is a similarity score; wherein Androgard in the legend represents Androgard calculationIn the method, CFH represents the method of the invention;
calculating the weight of each Java file fuzzy hash value of the mobile software A and the similarity score of the mobile software B:
weight[i]=alj i /al A ,(i=1,2,…,m);
therein, alj i The i-th Java file source code line number, al representing mobile software A A Representing the total number of source code lines of the mobile software A;
calculating the similarity score of the mobile software A and the mobile software B:
the similarity score of the mobile software A and the mobile software B is different from the score of the mobile software B and the mobile software A, namely the similarity score result is calculated unidirectionally.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.
Claims (9)
1. The intelligent learning and recognition method for the big data of the malicious software based on the fuzzy hash is characterized by comprising the following steps of,
s1, acquiring a folder path of mobile software, and reading the mobile software according to the folder path;
s2, decompiling each mobile software to obtain a source code of each mobile software;
s3, preprocessing the source code of the mobile software, namely acquiring a source code characteristic value;
s4, acquiring a fuzzy hash value set and a code line number set in each file of each mobile software through a source code characteristic value;
s5, calculating the weight of the similarity of the fuzzy hash values of the source code files and the similarity score of the source code files between the software according to the fuzzy hash value set and the code line number set in each file of each mobile software, so as to obtain a similarity comparison result between the software, and further identifying the mobile malicious software;
the step S5 specifically comprises the following steps:
calculating a similarity score:
score[i]=max{comp(ahj i ,bhj 1 ),comp(ahj i ,bhj 2 ),…,comp(ahj i ,bhj n )},i=1,2,…,m;
wherein comp is a similarity algorithm for calculating hash values, comp (ahj) i ,bhj j ) Representation will ahj i And bhj j Text similarity score calculation based on coding distance is performed ahj i Fuzzy hash value bhj representing code in ith java file of mobile software a j A fuzzy hash value of codes in a j-th java file of the mobile software B is represented; max represents the maximum similarity value taken from the values of score [ i ]]Calculating similarity scores of ith Java file fuzzy hash value of mobile software A and mobile software B; m represents the total number of Java files after decompiling of the mobile software A; j=1, 2, …, n, n represents the total number of Java files decompiled by the mobile software B;
calculating the weight of each Java file fuzzy hash value of the mobile software A and the similarity score of the mobile software B:
weight[i]=alj i /al A ;
therein, alj i The i-th Java file source code line number, al representing mobile software A A Representing the total number of source code lines of the mobile software A;
calculating the similarity score of the mobile software A and the mobile software B:
2. the intelligent learning and identifying method for the malicious software big data based on fuzzy hashing according to claim 1, wherein the step S2 is specifically: and decompiling the mobile software by using a static analysis tool android, and storing source codes in corresponding files after decompiling.
3. The intelligent learning and identifying method for malicious software big data based on fuzzy hashing according to claim 1, wherein the source code characteristic value comprises: the total number of lines of source codes, the fuzzy hash value and the number of lines of codes in each file of each mobile software.
4. The intelligent learning and identifying method for malicious software big data based on fuzzy hashing according to claim 3, wherein the preprocessing specifically comprises the following steps: acquiring the total line number of the source codes, writing all file codes of the mobile software into a text document, and counting the total line number of the text document;
and carrying out fuzzy hash processing on codes in each decompiled file of the mobile software by using a fuzzy hash tool to obtain corresponding fuzzy hash values, wherein the specific process is as follows: firstly, setting a fragment value to divide codes in a decompiled file into a plurality of fragments, carrying out hash calculation on each fragment of codes by using an FNV (Fowler-Noll-Vo) algorithm to obtain hash values, taking the first 6 bits of the hash values of each fragment, compressing and representing the 6 bits of the hash values by using 1 ASCII code, and finally connecting all compressed values, namely ASCII codes, into a character string to serve as a fuzzy hash value of the source codes of the file;
each fuzzy hash value corresponds to a code in each file of a piece of mobile software; the fuzzy hash value set is as follows:
Hash A ={ahj 1 ,ahj 2 ,…,ahj m };
the method comprises the steps of obtaining the number of code lines in each file of each mobile software, wherein the number of code lines in each file of each mobile software is as follows:
L A ={alj 1 ,alj 2 ,…,alj m }。
5. the intelligent learning and identifying method for malicious software big data based on fuzzy hashing according to claim 4, wherein the fuzzy hashing tool is ssdeep.
6. The intelligent learning and identifying method for malicious software big data based on fuzzy hash according to claim 4, wherein the number of code fuzzy hash values of each mobile software depends on the number of files of the mobile software.
7. The intelligent learning and recognition method for the malicious software big data based on fuzzy hash according to claim 4, wherein the fuzzy hash value is a long character string.
8. The intelligent learning and identifying method for the malicious software big data based on fuzzy hashing according to claim 1, wherein the step S4 is specifically:
acquiring fuzzy hash value sets of two mobile software by the source code eigenvalues:
the fuzzy hash value set of the mobile software a is: hash A ={ahj 1 ,ahj 2 ,…,ahj m };
The fuzzy hash value set of the mobile software B is: hash B ={bhj 1 ,bhj 2 ,…,bhj n };
Acquiring a code line number set in a file of two mobile software through a source code characteristic value, wherein the code line number set in each file of each mobile software is as follows:
the Java file code line number set of the mobile software A is as follows: l (L) A ={alj 1 ,alj 2 ,…,alj m };
The Java file code line number set of the mobile software B is as follows: l (L) B ={blj 1 ,blj 2 ,…,blj n };
Therein, blj j Is the number of lines of code in the j-th Java file of the mobile software B.
9. The intelligent learning and identifying method for malicious software big data based on fuzzy hashing according to claim 1, wherein the similarity score is different from the similarity score of the mobile software a to the mobile software B and the similarity score of the mobile software B to the mobile software a, and the similarity score result is calculated unidirectionally.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910424747.2A CN110222507B (en) | 2019-05-21 | 2019-05-21 | Intelligent learning and recognition method for malicious software big data based on fuzzy hash |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910424747.2A CN110222507B (en) | 2019-05-21 | 2019-05-21 | Intelligent learning and recognition method for malicious software big data based on fuzzy hash |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110222507A CN110222507A (en) | 2019-09-10 |
CN110222507B true CN110222507B (en) | 2023-07-07 |
Family
ID=67821547
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910424747.2A Active CN110222507B (en) | 2019-05-21 | 2019-05-21 | Intelligent learning and recognition method for malicious software big data based on fuzzy hash |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110222507B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112487432A (en) * | 2020-12-10 | 2021-03-12 | 杭州安恒信息技术股份有限公司 | Method, system and equipment for malicious file detection based on icon matching |
CN115022011B (en) * | 2022-05-30 | 2024-02-02 | 北京天融信网络安全技术有限公司 | Method, device, equipment and medium for identifying access request of missing scan software |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8312546B2 (en) * | 2007-04-23 | 2012-11-13 | Mcafee, Inc. | Systems, apparatus, and methods for detecting malware |
US8806641B1 (en) * | 2011-11-15 | 2014-08-12 | Symantec Corporation | Systems and methods for detecting malware variants |
CN104978522B (en) * | 2014-04-10 | 2018-05-08 | 北京启明星辰信息安全技术有限公司 | A kind of method and apparatus for detecting malicious code |
CN104063318A (en) * | 2014-06-24 | 2014-09-24 | 湘潭大学 | Rapid Android application similarity detection method |
-
2019
- 2019-05-21 CN CN201910424747.2A patent/CN110222507B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN110222507A (en) | 2019-09-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109005145B (en) | Malicious URL detection system and method based on automatic feature extraction | |
CN109359439B (en) | software detection method, device, equipment and storage medium | |
WO2019096099A1 (en) | Real-time detection method and apparatus for dga domain name | |
CN109829306B (en) | Malicious software classification method for optimizing feature extraction | |
WO2015101097A1 (en) | Method and device for feature extraction | |
CN104123501B (en) | A kind of viral online test method based on many assessor set | |
CN107679403B (en) | Lesso software variety detection method based on sequence comparison algorithm | |
Harichandran et al. | Bytewise approximate matching: the good, the bad, and the unknown | |
CN110222507B (en) | Intelligent learning and recognition method for malicious software big data based on fuzzy hash | |
CN106845220B (en) | Android malicious software detection system and method | |
CN111639337A (en) | Unknown malicious code detection method and system for massive Windows software | |
CN111723371B (en) | Method for constructing malicious file detection model and detecting malicious file | |
Naik et al. | Evaluating automatically generated YARA rules and enhancing their effectiveness | |
CN1235108C (en) | Computer viruses detection and identification system and method | |
CN107451467A (en) | A kind of weak passwurd check method and device | |
CN110704841A (en) | Convolutional neural network-based large-scale android malicious application detection system and method | |
Zhao et al. | A retrieval algorithm for encrypted speech based on perceptual hashing | |
Lian et al. | Cryptomining malware detection based on edge computing-oriented multi-modal features deep learning | |
CN105243327B (en) | A kind of secure file processing method | |
CN105468972B (en) | A kind of mobile terminal document detection method | |
CN109284465B (en) | URL-based web page classifier construction method and classification method thereof | |
CN111818067B (en) | Flow characteristic extraction method and device | |
WO2020233322A1 (en) | Description-entropy-based intelligent detection method for big data mobile software similarity | |
CN111553386B (en) | AdaBoost and CNN-based intrusion detection method | |
CN110197068B (en) | Android malicious application detection method based on improved grayish wolf algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |