CN108460277A - A kind of automation malicious code mutation detection method - Google Patents
A kind of automation malicious code mutation detection method Download PDFInfo
- Publication number
- CN108460277A CN108460277A CN201810138012.9A CN201810138012A CN108460277A CN 108460277 A CN108460277 A CN 108460277A CN 201810138012 A CN201810138012 A CN 201810138012A CN 108460277 A CN108460277 A CN 108460277A
- Authority
- CN
- China
- Prior art keywords
- malicious code
- program
- detected
- detecting system
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The invention discloses a kind of automation malicious code mutation detection methods, program to be detected is sent into program quality detecting system, predominantly detect whether program to be detected is a stringent program being able to carry out, specifically needs the simple features such as size, suffix and the naming rule of proving program.It will be preserved in the database by the program to be detected of program quality detecting system, while program delivery malicious code mutation detecting system to be detected being detected.If the malicious code quantity newly detected stored in Database Systems reaches the pre- threshold value set, the trigger that will be set in the system of trigger data library, automatic fine tuning system proceeds by work.The present invention flexibly applies to software component technology in the design and development of system, reliability, scalability and the maintainability of raising system, and the malicious code mutation detecting system of perfect in shape and function is realized, improve at present in a manner of manually choosing Malicious Code Detection feature.
Description
Technical field
The invention belongs to information security field more particularly to a kind of malicious code mutation detection methods, belong to malicious code
Guard technology.
Background technology
In recent years, rogue program quantity in internet continues to keep rapid growth trend, classifies by its malicious act, preceding
Three are indecent behavior class, class of maliciously deducting fees and rate consumption class respectively.Although under the guidance of the Ministry of Industry and Information Technology, strictly
The approach that rogue program is propagated is controlled, but also is continuing to increase by the quantity of informal platform approach propagation rogue program.Together
When, the number sharp increase of malicious code mutation, malicious code authors take more time slight change or be packaged to
It is propagated further and evades detection.It needs to provide different effective solution party for different types of malicious code
Case.Otherwise, malicious code not only cannot be quickly and effectively solved to result in greater loss because of error handle malicious code instead.
Therefore, malicious code mutation detection has important research significance.
Malicious code mutation direction can substantially be divided into 2 classes:One kind is to reuse basic module to realize malicious code mutation, separately
One kind is malicious code obfuscation.Malicious code obfuscation can be divided into 2 classes according to its realization principle:One kind is that interference is anti-
Compilation, prevents dis-assembling from accessing correct analysis result, to hinder progressive Analysis on Mechanism;Another kind of is to use instruction,
This kind of obfuscation generally use shell adding, rubbish code insertion, equivalent instruction are replaced, register is redistributed and code conversion etc.
Mode changes the grammar property of malicious code, hides its intrinsic call logical relation.
And for the two kinds of above situations, Malicious Code Detection algorithm is broadly divided into 2 classes:It is binary based on malicious code
The static detection of static nature and when being run based on malicious code behavior dynamic detection.Based on the quiet of malicious code static nature
State detection method is called etc. by system after code after analyzing its PE file structure, binary system byte code, dis-assembling, dis-assembling
Factor simultaneously distinguishes benign software and malicious code using the sorting algorithm based on study.But static analysis heavy dependence is counter to converge
Volume technology, various obfuscations can hinder dis-assembling to analyze, and static analysis is caused to be difficult to obtain correct result.It is special based on dynamic
The malicious code detecting method cardinal principle of sign is that code to be checked is put into a sandbox or honey jar, by detecting target program
The malicious act of operational process is to determine whether be malicious code.But current dynamic analysis technology is mostly to use behavior sequence
Manhatton distance or weighted manhattan distance are detected, and malicious code can use system to call and reset and be added rubbish calling
Etc. modes increase the distance between behavior, and then around the detection scheme characterized by behavior sequence.
In general, on the basis of Malicious Code Detection technology is divided into static analysis and dynamic analysis, the malicious code of mainstream
Detection technique can be divided into 4 classes:The detection method of detection method, feature based code based on Active Learning, Behavior-based control feature
Detection method and semantic-based characteristic detection method.
Malicious code detecting method based on Active Learning, strategy of this method based on least estimated risk, incrementally
Active Learning unknown sample, constantly improve Malicious Code Detection grader, it is only necessary to which a small amount of known sample can be obtained more satisfactory
Malicious Code Detection effect.But there is also the selections of Active Learning step-length to influence Malicious Code Detection effect to a certain extent
The problem of fruit and a small number of malicious code missing inspections.The malicious code detecting method of feature based code according to extraction malicious code two into
The morphological feature of file processed, detects malicious code by way of pattern match.But when malicious code by simple deformation or
After person obscures, the detection method of feature based code cannot correctly identify the malicious code.
The malicious code detecting method of Behavior-based control feature, the technology compile one group of self-defined behavioural characteristic of malicious act
Code indicates, by that the abstract rear matching characteristic coding of program behavior, can reduce the influence of Code obfuscation to a certain extent, but should
Method be still not enough to solve the problems, such as behavior replacement of equal value, system call the methods of reset caused by fail to report or report by mistake.Based on language
The feature of justice is detected from semantic angle extraction feature, and ternary is used in conjunction with instruction semantic information by static analysis malicious code
Operator construction feature vector is detected, and this method can effectively antagonize instruction rearrangements, rubbish code insertion, deposit and think highly of point
Interference with equal obfuscations.But presence is weaker to the anti-interference ability of behavior obfuscation, and it matches decision process and compares
It is complicated.
But it static detection whether based on the binary static nature of malicious code or is run based on malicious code
The dynamic detection of Shi Hangwei face sharp increase malicious code mutation quantity the case where be all difficult meet enterprise and country it is right
Detect the demand of malicious code mutation speed.Because it is suitable appropriate that both methods requires that the developer of authority proposes
Static nature or behavioral characteristics.But malware writer applied to evade detected rule it is various obscure method or
Person's inbreak method so that Malicious Code Detection program needs to constantly update the static nature or behavioral characteristics for needing to detect.This
The time loss of Malicious Code Detection will seriously be increased, it is also possible to make because of feature database could not be updated on time malicious code at
Work(has evaded detection.Thus, design becomes particularly important with an automation malicious code detection system is realized.
Invention content
The present invention is not influencing malicious code inspection on the basis of studying domestic and international malicious code mutation detection related system
The speed of raising malicious code mutation detection on the basis of survey precision, the integrated use system engineering theory and theory of software engineering
Principle and thought are flexibly applied to software component technology in the design and development of system using the development idea of object-oriented,
The malicious code mutation detection system of perfect in shape and function is studied and realized to reliability, scalability and the maintainability of raising system
System improves at present in a manner of manually choosing Malicious Code Detection feature, realizes the imagination of malicious code mutation detection automation.
It is a primary object of the present invention to propose a kind of malicious code mutation detecting system of automation, this is a whole set of
Complete malicious code mutation detection platform, is made of, client and server is interacted client and server.This
System includes mainly program quality detecting system, data base management system, malicious code mutation detecting system and automatic fine tuning
System.Program quality detecting system is responsible for detecting whether program is a stringent executable program, and data base management system is negative
The real time information of each step in preservation system is blamed, malicious code mutation detecting system is responsible for malicious code according to malicious code
Family correctly classifies, and automatic fine tuning system is responsible for finely tuning the required disaggregated model of malicious code mutation detecting system detection.This
Several models are connected with each other mutually service, collectively constitute the malicious code mutation detecting system of automation.
The detection method realized using the detecting system includes following below scheme:
First, program to be detected is sent into program quality detecting system, predominantly detects whether program to be detected is one tight
The program of lattice being able to carry out, specifically needs the simple features such as size, suffix and the naming rule of proving program.If to be checked
Ranging sequence could not then illustrate this not by program quality detecting system and be a stringent program being able to carry out, also there is no need to
Continue malicious code mutation detection, directly exits malicious code mutation detecting system.
Then, it will be preserved in the database by the program to be detected of program quality detecting system, while will be to be detected
Program delivery malicious code mutation detecting system is detected.1) binary file of code to be detected is become by malicious code
Correlation method as defined in kind detecting system is mapped as the gray level image of no compression.2) gray level image without compression of generation is carried out
Detection data pretreatment operation, main includes going the operations such as mean value.3) picture handled well is transported to trained evil
Propagated forward is carried out in meaning code mutation detection model, testing result is obtained by softmax graders, testing result is preserved
In the database and it is transferred to client end interface and is shown.
It finally, will if the malicious code quantity newly detected stored in Database Systems reaches the pre- threshold value set
The trigger set in the system of trigger data library, automatic fine tuning system proceed by work.Automatic fine tuning system proposes first
Inner feelings is in order to prevent because malware writer applies to evade detected rule and various obscures method or new invasion
Method so that Malicious Code Detection program needs to constantly update the static nature or behavioral characteristics for needing to detect, and increases evil
The time loss for code detection of anticipating, or so that malicious code has successfully been evaded detection now because of feature database could not be updated on time
The generation of elephant.
The operating procedure of automatic fine tuning system is as follows:
The first step, using gray scale image mapping method, by given malicious code binary file, according to every eight sequences
Two are combined into one without symbol space vector into value, are stored as a two-dimensional array according to the height of image setting and are visualized as
Gray scale image.
Second step, solves that data are very few and data are unbalanced using the unbalanced method of solution data based on Epoch
The problem of, avoid the occurrence of over-fitting and undertrained extensive problem.In the training process each Epoch according to weight to every
A classification carries out random resampling, makes the sample in each Epoch of training process that can be averaged expression;According to resampling
Weight is added to each sample, then according to weight proportion from sample database one Epoch size of random resampling sample set,
To reach the result of the data relative equilibrium of resampling Epoch.
Third walks, and passes through data balancing to previous step by using the convolutional neural networks towards gray level image changed
Gray scale image data later are trained.The convolutional neural networks towards gray level image used are finely tuned to need to retain former network
For extracting former layer networks of shallow-layer feature, only changes last several layers of participation training and detect it for choosing malicious code mutation
The feature of decisive role, and re -training grader, final output one are used for the new of the differentiation of malicious code mutation detection
Model.The phenomenon that old model in malicious code detection system is detected, avoids missing inspection or false retrieval is replaced using new model
Occur.
Compared with prior art, the present invention has the advantages that.
1. a kind of automation malicious code mutation detecting system.Related system is detected studying domestic and international malicious code mutation
On the basis of, go out from the mission feature for improving Malicious Code Detection speed on the basis of not influencing Malicious Code Detection precision
Hair, the principle and thought of the integrated use system engineering theory and theory of software engineering will be soft using the development idea of object-oriented
Part component technology flexibly applies in the design and development of system, improves the reliability, scalability and maintainability of system, grinds
Study carefully and realize the malicious code mutation detecting system of perfect in shape and function, improves at present manually to choose Malicious Code Detection feature
Mode realizes the imagination of malicious code mutation detection automation.
2. the present invention proposes program quality detecting system.Program to be detected is sent into program quality detecting system, mainly
Detect whether program to be detected is a stringent program being able to carry out, specifically need the size of proving program, suffix and
The simple features such as naming rule.If it is one stringent that program to be detected, which could not illustrate this by program quality detecting system not,
The program being able to carry out directly exits malicious code mutation detection system also there is no need to continue malicious code mutation detection
System.
3. the present invention proposes malicious code detection system.First, the binary file of code to be detected is passed through into malice
Correlation method as defined in code mutation detecting system is mapped as the gray level image of no compression.Secondly, to the ash without compression of generation
Degree image is detected data preprocessing operation, and main includes going the operations such as mean value.Finally, the picture handled well is transported to
Propagated forward is carried out in trained good malicious code mutation detection model, testing result is obtained by softmax graders, together
When testing result is preserved in the database and is transferred to client end interface and is shown.
4. the present invention proposes automatic fine tuning system.The original intention that automatic fine tuning system proposes is in order to prevent because of malicious code
Author applies to evade detected rule various obscures method or new inbreak method so that Malicious Code Detection journey
Sequence needs to constantly update the static nature or behavioral characteristics for needing to detect, and the time for seriously increasing Malicious Code Detection disappears
Consumption, it is also possible to malicious code be made successfully to have evaded the generation for the phenomenon that detecting because of feature database could not be updated on time.
Description of the drawings
Fig. 1 automates the basic flow chart of malicious code mutation detecting system;
Fig. 2 design patterns figures;
Fig. 3 automates malicious code mutation detecting system detailed design figure;
Fig. 4 Object Relation Mapping design drawings;
Specific implementation mode
To make the purpose of the present invention, technical solution and feature be more clearly understood, below in conjunction with specific embodiment, and join
According to attached drawing, further refinement explanation is carried out to the present invention.Automate the basic flow chart of malicious code mutation detecting system such as
Shown in Fig. 1.
Each step is explained as follows:
1) program quality detecting system is proposed.Program quality detecting system predominantly detects whether program to be detected is one
The stringent program being able to carry out, if program to be detected could not directly exit malicious code by program quality detecting system
Mutation detecting system.
2) malicious code mutation detecting system is proposed.Program delivery malicious code mutation detecting system to be detected is carried out
Detection.1) binary file of code to be detected is mapped as nothing by correlation method as defined in malicious code mutation detecting system
The gray level image of compression.2) data preprocessing operation is detected to the gray level image without compression of generation, main includes going
The operations such as value.3) picture handled well is transported to before being carried out in trained malicious code mutation detection model to biography
It broadcasts, testing result is obtained by softmax graders.
3) automatic fine tuning system is proposed.The original intention that automatic fine tuning system proposes is in order to prevent because of malware writer
It is applied to evade detected rule and various obscures method or new inbreak method so that Malicious Code Detection program needs
The static nature or behavioral characteristics for needing to detect are constantly updated, the time loss of Malicious Code Detection is seriously increased, also may be used
The generation for the phenomenon that malicious code can be made successfully to have evaded detection because of feature database could not be updated on time.
Embodiment
This section will be described in detail specific embodiments of the present invention.Implementation environment be ubuntu14.04 hosts, 8G memories,
1T hard disks.Development environment is python 3.5.3, and background data base uses Mysql databases, malicious code mutation detecting system
The detection model used is the model trained by using the malicious code mutation detection method based on deep learning.Maliciously
The design pattern of code mutation detecting system implements figure as shown in Figure 2 using MVC models, the specific pattern that designs.
MVC is a kind of Software for Design model.It is with a kind of method that service logic, data are detached with interface display come group
Code is knitted, numerous service logics is gathered into an inside components, is handed over needing improvement and personalized customization interface and user
While mutual, service logic need not be rewritten, reaches the time for reducing coding.The appearance of MVC not only realizes function mould
The separation of block and display module, while it also improves the maintainability of application system, scalability, portability and component
Reusability.
It is as shown in Figure 3 to automate malicious code mutation detecting system detailed design figure.
First, WEB server operates on the basis of Python included asyncio and aiohttp.asyncio
The directly built-in support to asynchronous IO, the programming model of asyncio is exactly a message loop.It is straight from asyncio modules
The reference for taking an EventLoop is obtained, then association's journey that needs execute is thrown into EventLoop and is executed, is achieved that different
Walk IO.And aiohttp is then the simple HTTP frames realized based on asyncio.But comparatively aiohttp frames compare bottom
Layer, the processing function for writing a URL is cumbersome, it is complex for operation step and with much repeat work.Based on asyncio
And aiohttp, an asynchronous high-performance WEB server has been write, mainly for reducing some unnecessary repeated works, letter
Changing development process allows user to write code as few as possible and can individually test.
The first step, it is that a URL handles function get functions and post functions to define two by a Function Mapping, so
Function is handled to encapsulate a URL with RequestHandler () afterwards, RequestHandler purposes are exactly from URL functions
Its parameter for needing to receive is analyzed, necessary parameter is obtained from request, URL functions is called, then converts the result to
Web.Response objects.An add_routes function is write again, and function is handled for registering a URL, it is automatic to register
All qualified functions of handler modules.Finally, the branch of middleware and jinja2 templates is added in the server
It holds.Middleware is a kind of blocker, and a URL can pass through a series of before by the processing of some function
The processing of middleware.Jinja2 is the template engine that pure python writes, and supports inline expression formula and an optional sand
Case environment.
Then, WEB frames use the asynchronous model based on association's journey that cannot be called common in asynchronous association's journey
Synchronous I/O operation is assisted the execution speed of journey must be very fast, could be handled because all users are by a threading service
The request of a large number of users.Present invention design realizes a kind of relationship object mapping of asynchronous system, using aiomysql as MySQL
The driving of the asynchronous IO of database.A global connection pool is created, each HTTP request can be from connection pool directly
Obtain database connection.Mysql sentences are packaged, wherein select abstracts select functions, and due to Insert,
The parameter of tri- functions of Update, Delete is similar, can take out a common function execute, returns to an integer
Indicate the line number influenced.
Design object relationship map needs to design from upper layer caller angle, and first have to definition is all ORM mappings
Base class Model.Model is inherited from dict, so having the function of all dict, while realizing specific process again.Finally
The methods of findAll () and findNum () are realized in order to improve ORM and convenient for searching.Specific Object Relation Mapping
Design drawing is as shown in Figure 4.
Claims (2)
1. a kind of automation malicious code mutation detection method, malicious code mutation detecting system of this method based on automation is real
Existing, which is a whole set of complete malicious code mutation detection platform, is made of client and server, client
It is interacted with server end;This system includes mainly program quality detecting system, data base management system, malicious code mutation
Detecting system and automatic fine tuning system;Program quality detecting system is responsible for detecting whether program is a stringent executable journey
Sequence, data base management system are responsible for the real time information of each step in preservation system, responsible pair of malicious code mutation detecting system
Malicious code is correctly classified according to malicious code family, and automatic fine tuning system is responsible for finely tuning the detection of malicious code mutation detecting system
Required disaggregated model;These models are connected with each other mutually service, collectively constitute the malicious code mutation detection of automation
System;
It is characterized in that:Detection method includes following below scheme,
First, program to be detected is sent into program quality detecting system, predominantly detects whether program to be detected is one stringent
The program being able to carry out specifically needs the simple features such as size, suffix and the naming rule of proving program;If ranging to be checked
It is a stringent program being able to carry out that sequence could not then illustrate this not by program quality detecting system, and also there is no need to continue
Malicious code mutation detection is carried out, malicious code mutation detecting system is directly exited;
Then, it will be preserved in the database by the program to be detected of program quality detecting system, while by program to be detected
Malicious code mutation detecting system is delivered to be detected;1) binary file of code to be detected is examined by malicious code mutation
Correlation method as defined in examining system is mapped as the gray level image of no compression;2) gray level image without compression of generation is detected
Data preprocessing operation, main includes going the operations such as mean value;3) picture handled well is transported to trained malice generation
Propagated forward is carried out in code mutation detection model, testing result is obtained by softmax graders, testing result is stored in number
According in library and being transferred to client end interface and be shown;
Finally, it if the malicious code quantity newly detected stored in Database Systems reaches the pre- threshold value set, will trigger
The trigger set in Database Systems, automatic fine tuning system proceed by work;Automatic fine tuning system propose original intention be
Prevent because malware writer applied to evade detected rule it is various obscure method or new inbreak method,
So that Malicious Code Detection program needs to constantly update the static nature or behavioral characteristics for needing to detect, malicious code is increased
The time loss of detection, or the hair that makes because of feature database could not be updated on time malicious code successfully evade detected artifacts
It is raw.
2. a kind of automation malicious code mutation detection method according to claim 1, the operation step of automatic fine tuning system
It is rapid as follows:
The first step, using gray scale image mapping method, malicious code binary file that will be given, according to every eight sequences two into
Value is combined into one without symbol space vector, is stored as a two-dimensional array according to the height of image setting and is visualized as grayscale
Image;
Second step, solves that data are very few and data are unbalanced asks using the unbalanced method of solution data based on Epoch
Topic, avoids the occurrence of over-fitting and undertrained extensive problem;In the training process each Epoch according to weight to each class
Random resampling is not carried out, makes the sample in each Epoch of training process that can be averaged expression;According to the weight of resampling
Be added to each sample, then according to weight proportion from sample database one Epoch size of random resampling sample set, to reach
To the result of the data relative equilibrium of resampling Epoch;
Third walks, by using the convolutional neural networks towards gray level image changed to previous step by after data balancing
Gray scale image data be trained;Finely tuning the convolutional neural networks towards gray level image used needs the former network of reservation to be used for
Former layer networks of shallow-layer feature are extracted, only the last several layers of participations training of modification, which are used for choosing malicious code mutation, detects its decision
Property effect feature, and re -training grader, the new model of differentiation of the final output one for malicious code mutation detection;
The phenomenon that old model in malicious code detection system is detected, avoids missing inspection or false retrieval is replaced using new model to occur.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810138012.9A CN108460277A (en) | 2018-02-10 | 2018-02-10 | A kind of automation malicious code mutation detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810138012.9A CN108460277A (en) | 2018-02-10 | 2018-02-10 | A kind of automation malicious code mutation detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108460277A true CN108460277A (en) | 2018-08-28 |
Family
ID=63240054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810138012.9A Pending CN108460277A (en) | 2018-02-10 | 2018-02-10 | A kind of automation malicious code mutation detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108460277A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714323A (en) * | 2018-12-17 | 2019-05-03 | 清创网御(合肥)科技有限公司 | A kind of the whole network dangerous criminal platform and its working method |
| CN110012000A (en) * | 2019-03-29 | 2019-07-12 | 深圳市腾讯计算机系统有限公司 | Order detection method, device, computer equipment and storage medium |
| CN110837638A (en) * | 2019-11-08 | 2020-02-25 | 鹏城实验室 | Method, device and equipment for detecting lasso software and storage medium |
| CN112560041A (en) * | 2021-02-25 | 2021-03-26 | 北京微步在线科技有限公司 | Method, apparatus and computer storage medium for automated quality verification detection |
| CN113282926A (en) * | 2021-05-25 | 2021-08-20 | 贵州师范大学 | Malicious software classification method based on three-channel image |
| CN115189905A (en) * | 2022-05-09 | 2022-10-14 | 济南大学 | Network communication and safety control all-in-one machine and working method thereof |
| EP3918500B1 (en) * | 2019-03-05 | 2024-04-24 | Siemens Industry Software Inc. | Machine learning-based anomaly detections for embedded software applications |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9690933B1 (en) * | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
| CN106951782A (en) * | 2017-03-22 | 2017-07-14 | 中南大学 | A kind of malicious code detecting method applied towards Android |
| CN107392019A (en) * | 2017-07-05 | 2017-11-24 | 北京金睛云华科技有限公司 | A kind of training of malicious code family and detection method and device |
| CN107578071A (en) * | 2017-10-13 | 2018-01-12 | 北京工业大学 | The unbalanced method of solution data based on Epoch |
| CN107609399A (en) * | 2017-09-09 | 2018-01-19 | 北京工业大学 | Malicious code mutation detection method based on NIN neutral nets |
-
2018
- 2018-02-10 CN CN201810138012.9A patent/CN108460277A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9690933B1 (en) * | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
| CN106951782A (en) * | 2017-03-22 | 2017-07-14 | 中南大学 | A kind of malicious code detecting method applied towards Android |
| CN107392019A (en) * | 2017-07-05 | 2017-11-24 | 北京金睛云华科技有限公司 | A kind of training of malicious code family and detection method and device |
| CN107609399A (en) * | 2017-09-09 | 2018-01-19 | 北京工业大学 | Malicious code mutation detection method based on NIN neutral nets |
| CN107578071A (en) * | 2017-10-13 | 2018-01-12 | 北京工业大学 | The unbalanced method of solution data based on Epoch |
Non-Patent Citations (1)
| Title |
|---|
| 罗世奇等: ""栈式自编码的恶意代码分类算法研究"", 《计算机应用研究》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714323A (en) * | 2018-12-17 | 2019-05-03 | 清创网御(合肥)科技有限公司 | A kind of the whole network dangerous criminal platform and its working method |
| CN109714323B (en) * | 2018-12-17 | 2021-02-02 | 清创网御(合肥)科技有限公司 | Whole-network danger sensing platform and working method thereof |
| EP3918500B1 (en) * | 2019-03-05 | 2024-04-24 | Siemens Industry Software Inc. | Machine learning-based anomaly detections for embedded software applications |
| CN110012000A (en) * | 2019-03-29 | 2019-07-12 | 深圳市腾讯计算机系统有限公司 | Order detection method, device, computer equipment and storage medium |
| CN110837638A (en) * | 2019-11-08 | 2020-02-25 | 鹏城实验室 | Method, device and equipment for detecting lasso software and storage medium |
| CN110837638B (en) * | 2019-11-08 | 2020-09-01 | 鹏城实验室 | Method, device and equipment for detecting lasso software and storage medium |
| CN112560041A (en) * | 2021-02-25 | 2021-03-26 | 北京微步在线科技有限公司 | Method, apparatus and computer storage medium for automated quality verification detection |
| CN112560041B (en) * | 2021-02-25 | 2021-05-25 | 北京微步在线科技有限公司 | Method, apparatus and computer storage medium for automated quality verification detection |
| CN113282926A (en) * | 2021-05-25 | 2021-08-20 | 贵州师范大学 | Malicious software classification method based on three-channel image |
| CN115189905A (en) * | 2022-05-09 | 2022-10-14 | 济南大学 | Network communication and safety control all-in-one machine and working method thereof |
| CN115189905B (en) * | 2022-05-09 | 2023-05-23 | 济南大学 | Network communication and safety control integrated machine and working method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108460277A (en) | A kind of automation malicious code mutation detection method | |
| Darabian et al. | Detecting cryptomining malware: a deep learning approach for static and dynamic analysis | |
| CN109697162B (en) | Software defect automatic detection method based on open source code library | |
| CN111459799B (en) | Software defect detection model establishing and detecting method and system based on Github | |
| Le et al. | Deepcva: Automated commit-level vulnerability assessment with deep multi-task learning | |
| CN109391706A (en) | Domain name detection method, device, equipment and storage medium based on deep learning | |
| CN106537333A (en) | Systems and methods for a database of software artifacts | |
| CN108985060A (en) | A kind of extensive Android Malware automated detection system and method | |
| Huo et al. | Learning semantic features for software defect prediction by code comments embedding | |
| CN109255234A (en) | Processing method, device, medium and the electronic equipment of machine learning model | |
| CN110008703A (en) | Malware static detection system and method in a kind of container | |
| Xu et al. | Vulnerability detection for source code using contextual LSTM | |
| CN110362663A (en) | Adaptive more perception similarity detections and parsing | |
| CN114036531A (en) | Multi-scale code measurement-based software security vulnerability detection method | |
| CN114154550A (en) | Domain name countermeasure sample generation method and device | |
| CN109787958A (en) | Network flow real-time detection method and detection terminal, computer readable storage medium | |
| Kaur et al. | A systematic literature review on the use of machine learning in code clone research | |
| Cheng et al. | HINNPerf: Hierarchical interaction neural network for performance prediction of configurable systems | |
| Niu et al. | Crosscodebench: Benchmarking cross-task generalization of source code models | |
| Gong et al. | What is the intended usage context of this model? An exploratory study of pre-trained models on various model repositories | |
| Luo et al. | Semi-supervised teacher-student architecture for relation extraction | |
| US10990762B2 (en) | Chat analysis using machine learning | |
| Ma et al. | Learning code representations using multifractal-based graph networks | |
| Sotgiu et al. | Explainability-based debugging of machine learning for vulnerability discovery | |
| Remmide et al. | Detection of phishing URLs using temporal convolutional network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180828 |
|
| RJ01 | Rejection of invention patent application after publication |