CN102567661B - 基于机器学习的程序识别方法及装置 - Google Patents
基于机器学习的程序识别方法及装置 Download PDFInfo
- Publication number
- CN102567661B CN102567661B CN201010620202.8A CN201010620202A CN102567661B CN 102567661 B CN102567661 B CN 102567661B CN 201010620202 A CN201010620202 A CN 201010620202A CN 102567661 B CN102567661 B CN 102567661B
- Authority
- CN
- China
- Prior art keywords
- program
- feature
- class
- class behavior
- unknown
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000010801 machine learning Methods 0.000 title claims abstract description 23
- 230000006399 behavior Effects 0.000 claims abstract description 84
- 238000000605 extraction Methods 0.000 claims description 27
- 239000000284 extract Substances 0.000 claims description 26
- 230000006870 function Effects 0.000 claims description 18
- 238000004364 calculation method Methods 0.000 claims description 9
- 230000026676 system process Effects 0.000 claims description 9
- 230000003542 behavioural effect Effects 0.000 claims description 8
- 238000003066 decision tree Methods 0.000 claims description 3
- 238000012706 support-vector machine Methods 0.000 claims description 3
- 230000008676 import Effects 0.000 abstract description 11
- 238000005516 engineering process Methods 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 12
- 241000700605 Viruses Species 0.000 description 9
- 230000008569 process Effects 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 4
- 238000007418 data mining Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Abstract
Description
Claims (9)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410062777.0A CN103853979B (zh) | 2010-12-31 | 2010-12-31 | 基于机器学习的程序识别方法及装置 |
CN201010620202.8A CN102567661B (zh) | 2010-12-31 | 2010-12-31 | 基于机器学习的程序识别方法及装置 |
US13/990,146 US9349006B2 (en) | 2010-11-29 | 2011-11-18 | Method and device for program identification based on machine learning |
PCT/CN2011/082416 WO2012071989A1 (zh) | 2010-11-29 | 2011-11-18 | 基于机器学习的程序识别方法及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010620202.8A CN102567661B (zh) | 2010-12-31 | 2010-12-31 | 基于机器学习的程序识别方法及装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410062777.0A Division CN103853979B (zh) | 2010-12-31 | 2010-12-31 | 基于机器学习的程序识别方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102567661A CN102567661A (zh) | 2012-07-11 |
CN102567661B true CN102567661B (zh) | 2014-03-26 |
Family
ID=46413048
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201010620202.8A Active CN102567661B (zh) | 2010-11-29 | 2010-12-31 | 基于机器学习的程序识别方法及装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102567661B (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103853979A (zh) * | 2010-12-31 | 2014-06-11 | 北京奇虎科技有限公司 | 基于机器学习的程序识别方法及装置 |
CN106960154A (zh) * | 2017-03-30 | 2017-07-18 | 兴华永恒(北京)科技有限责任公司 | 一种基于决策树模型的恶意程序动态识别方法 |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103634264A (zh) * | 2012-08-20 | 2014-03-12 | 江苏中科慧创信息安全技术有限公司 | 一种基于行为分析的主动诱捕方法 |
CN103679012A (zh) * | 2012-09-03 | 2014-03-26 | 腾讯科技(深圳)有限公司 | 一种可移植可执行文件的聚类方法和装置 |
CN103810424B (zh) * | 2012-11-05 | 2017-02-08 | 腾讯科技(深圳)有限公司 | 一种异常应用程序的识别方法及装置 |
CN103761476B (zh) * | 2013-12-30 | 2016-11-09 | 北京奇虎科技有限公司 | 特征提取的方法及装置 |
CN104123500B (zh) * | 2014-07-22 | 2017-07-28 | 北京知多星科技有限公司 | 一种基于深度学习的Android平台恶意应用检测方法及装置 |
CN106997367B (zh) | 2016-01-26 | 2020-05-08 | 华为技术有限公司 | 程序文件的分类方法、分类装置和分类系统 |
CN105797377B (zh) * | 2016-03-10 | 2019-08-23 | 武汉斗鱼网络科技有限公司 | 一种游戏进程识别和显示方法及系统 |
CN105975861A (zh) * | 2016-05-27 | 2016-09-28 | 百度在线网络技术(北京)有限公司 | 应用检测方法和装置 |
CN106228398A (zh) * | 2016-07-20 | 2016-12-14 | 武汉斗鱼网络科技有限公司 | 基于c4.5决策树算法的特定用户挖掘系统及其方法 |
CN106485139B (zh) * | 2016-09-29 | 2019-06-04 | 商客通尚景科技(上海)股份有限公司 | 一种应用程序的安全验证方法 |
CN107103254B (zh) * | 2017-06-06 | 2021-06-29 | 北京奇虎科技有限公司 | 加密程序识别方法及装置、电子设备 |
CN107742079B (zh) * | 2017-10-18 | 2020-02-21 | 杭州安恒信息技术股份有限公司 | 恶意软件识别方法及系统 |
KR20190053675A (ko) * | 2017-11-10 | 2019-05-20 | 삼성전자주식회사 | 전자 장치 및 그 동작 방법 |
CN110943961B (zh) | 2018-09-21 | 2022-06-21 | 阿里巴巴集团控股有限公司 | 数据处理方法、设备以及存储介质 |
CN109324953B (zh) * | 2018-10-11 | 2020-08-04 | 北京理工大学 | 一种虚拟机能耗预测方法 |
CN110187939B (zh) * | 2019-05-30 | 2021-03-02 | 广东电网有限责任公司 | 一种运用WebService调用Vensim模型的实现方法及系统 |
CN113486350B (zh) * | 2021-08-18 | 2023-08-25 | 广州市京腾网络科技有限公司 | 恶意软件的识别方法、装置、设备及存储介质 |
CN113763429A (zh) * | 2021-09-08 | 2021-12-07 | 广州市健坤网络科技发展有限公司 | 基于视频的猪只行为识别系统及方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090113128A1 (en) * | 2007-10-24 | 2009-04-30 | Sumwintek Corp. | Method and system for preventing virus infections via the use of a removable storage device |
CN101593253A (zh) * | 2009-06-22 | 2009-12-02 | 成都市华为赛门铁克科技有限公司 | 一种恶意程序判断方法及装置 |
-
2010
- 2010-12-31 CN CN201010620202.8A patent/CN102567661B/zh active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090113128A1 (en) * | 2007-10-24 | 2009-04-30 | Sumwintek Corp. | Method and system for preventing virus infections via the use of a removable storage device |
CN101593253A (zh) * | 2009-06-22 | 2009-12-02 | 成都市华为赛门铁克科技有限公司 | 一种恶意程序判断方法及装置 |
Non-Patent Citations (4)
Title |
---|
吴云芳等.多分类器集成的汉语词义消歧研究.《计算机研究与发展》.2008,第45卷(第8期), |
基于机器学习的恶意程序检测研究;毛明明等;《软件导刊》;20100930;第9卷(第9期);第23页左栏最后1段至第24页右栏最后1段,图1 * |
多分类器集成的汉语词义消歧研究;吴云芳等;《计算机研究与发展》;20081231;第45卷(第8期);摘要、第1355页左栏第1-3段、第1357页左栏第4-7段 * |
毛明明等.基于机器学习的恶意程序检测研究.《软件导刊》.2010,第9卷(第9期), |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103853979A (zh) * | 2010-12-31 | 2014-06-11 | 北京奇虎科技有限公司 | 基于机器学习的程序识别方法及装置 |
CN106960154A (zh) * | 2017-03-30 | 2017-07-18 | 兴华永恒(北京)科技有限责任公司 | 一种基于决策树模型的恶意程序动态识别方法 |
Also Published As
Publication number | Publication date |
---|---|
CN102567661A (zh) | 2012-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102567661B (zh) | 基于机器学习的程序识别方法及装置 | |
CN103853979A (zh) | 基于机器学习的程序识别方法及装置 | |
CN102479298B (zh) | 基于机器学习的程序识别方法及装置 | |
Aslan et al. | A new malware classification framework based on deep learning algorithms | |
CN103839006B (zh) | 基于机器学习的程序识别方法及装置 | |
Nguyen et al. | Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning | |
Caliskan et al. | When coding style survives compilation: De-anonymizing programmers from executable binaries | |
Darem et al. | Visualization and deep-learning-based malware variant detection using OpCode-level features | |
Alam et al. | A framework for metamorphic malware analysis and real-time detection | |
Siddiqui et al. | A survey of data mining techniques for malware detection using file features | |
CN111639337B (zh) | 一种面向海量Windows软件的未知恶意代码检测方法及系统 | |
CN103870754A (zh) | 恶意程序识别及训练模型生成方法和装置 | |
CN101685483B (zh) | 一种病毒特征码提取的方法和装置 | |
Savenko et al. | Metamorphic Viruses' Detection Technique Based on the Equivalent Functional Block Search. | |
CN102542190B (zh) | 基于机器学习的程序识别方法及装置 | |
CN103942495A (zh) | 基于机器学习的程序识别方法及装置 | |
Darshan et al. | Windows malware detection based on cuckoo sandbox generated report using machine learning algorithm | |
CN103473104A (zh) | 一种基于关键词上下文频率矩阵的应用重打包辨别方法 | |
CN109614795A (zh) | 一种事件感知的安卓恶意软件检测方法 | |
CN104680065A (zh) | 病毒检测方法、装置及设备 | |
Manavi et al. | A new method for malware detection using opcode visualization | |
Li et al. | An adversarial machine learning method based on OpCode N-grams feature in malware detection | |
Feng et al. | Hrs: A hybrid framework for malware detection | |
Mehra et al. | DaCoMM: detection and classification of metamorphic malware | |
Hang et al. | Malware detection method of android application based on simplification instructions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
C53 | Correction of patent of invention or patent application | ||
CB03 | Change of inventor or designer information |
Inventor after: Zhou Hongdai Inventor after: Dong Yi Inventor after: Zhou Hui Inventor before: Dong Yi Inventor before: Zhou Hui |
|
COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: DONG YI ZHOU HUI TO: ZHOU HONGYI DONG YI ZHOU HUI |
|
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee after: Beijing Qizhi Business Consulting Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
TR01 | Transfer of patent right |
Effective date of registration: 20220329 Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Beijing Qizhi Business Consulting Co.,Ltd. |
|
TR01 | Transfer of patent right |