CN109086604A - Android malicious act software identification method and system based on sparse Bayesian model - Google Patents

Android malicious act software identification method and system based on sparse Bayesian model Download PDF

Info

Publication number
CN109086604A
CN109086604A CN201810730308.XA CN201810730308A CN109086604A CN 109086604 A CN109086604 A CN 109086604A CN 201810730308 A CN201810730308 A CN 201810730308A CN 109086604 A CN109086604 A CN 109086604A
Authority
CN
China
Prior art keywords
algorithm
sequence
malicious act
sparse bayesian
android
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810730308.XA
Other languages
Chinese (zh)
Inventor
刘宁
杨敏
张航
张仕斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu University of Information Technology
Original Assignee
Chengdu University of Information Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu University of Information Technology filed Critical Chengdu University of Information Technology
Priority to CN201810730308.XA priority Critical patent/CN109086604A/en
Publication of CN109086604A publication Critical patent/CN109086604A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/53Decompilation; Disassembly

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to software program technical fields, disclose a kind of Android malicious act software identification method and system based on sparse Bayesian model, are the opcode sequence indicated by letter by Dalvik sequence transitions;The probability of the 3-gram sequence of application program is extracted respectively;Model training is carried out using management loading algorithm;Using in sparse Bayesian algorithm, optimizing is carried out to alignment parameter using the hybrid algorithm of GA-PSO, using the rapid search attribute of the overall situation of the hybrid algorithm and particle swarm algorithm of Genetic Particle Swarm, gets alignment parameter good enough within the limited time;The identification of unknown Android application program is carried out using trained model.It can be very good that the accuracy of identification as caused by algorithm of support vector machine parameter selection mistake is avoided to decline the present invention is based on Method Using Relevance Vector Machine algorithm, i.e., still keep its higher identification accuracy in the case where inputting without more parameters.

Description

Android malicious act software identification method and system based on sparse Bayesian model
Technical field
The invention belongs to software program technical field more particularly to a kind of Android malice rows based on sparse Bayesian model For software identification method and system.
Background technique
Currently, the prior art commonly used in the trade is such that
Existing mobile device Malware recognition methods is more derived from computer Malware recognition methods, most of to dislike Meaning software identification method principle be by find software malicious act after record is labeled to some features of software again, It can be judged as when identification software encounters labeled software again in an operating system with the soft of malicious act Part, to avoid infection.And if the Partial Feature to software is modified, old method can not just be identified.It is based on The development of the Malware recognition methods of machine learning can make up above-mentioned deficiency.The existing side to the identification of Android Malware Method in method based on support vector machines is one of important branch.
In conclusion problem of the existing technology is:
(1) due to the limitation of support vector machines itself, it will may require that when being identified and parameter therein will be configured. The quality of parameter setting decides the accuracy height of identification, influences very deep.Existing much schemes based on support vector machines are all Be around how preferably carrying out parameter selection development, the setting of support vector machines kernel function there are also it is many limit (such as It also needs to meet merci rule etc.).
(2) may be implemented to get sufficiently high identification accuracy in a relatively short period of time, this allow to faster with Even if the identification that the time that upper new rogue program occurs carries out.
Solve the difficulty and meaning of above-mentioned technical problem:
While main difficulty is to maintain accuracy good enough, the time consumption situation of entire tool is reduced.
The present invention using sparse Bayesian algorithm due to, instead of original algorithm of support vector machine, may be implemented whole A algorithm does not need to carry out artificial parameter setting, can be obtained fairly good accuracy.It is greatly dropped compared with original method The low convenience used.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of, and the Android malice based on sparse Bayesian model is gone For software identification method and system.
The invention is realized in this way a kind of Android malicious act software identification method based on sparse Bayesian model, Android malicious act software identification method based on sparse Bayesian model, comprising:
Dalvik sequence transitions are the opcode sequence indicated by letter by step 1;
Step 2 extracts the probability of the 3-gram sequence of application program respectively;
Step 3 carries out model training using management loading algorithm;In using sparse Bayesian algorithm, first Secondary hybrid algorithm of the introducing based on Genetic Particle Swarm carries out optimizing to alignment parameter.
The hybrid algorithm of classical Genetic Particle Swarm uses two strategies to ensure that it can achieve the mesh of global search , one is intersected the other is variation.Crossover operation be intended in existing population it is more advantageous individual with it is excellent in group Different genes in the insufficient individual of gesture are combined to generate new individual.New individual will obtain part advantage individual with Individual Partial Feature that advantage is insufficient, may be allowed to more match or more mismatch the target that we are looked for.During this Due to situation individual in relevant the gene only population of source and initialization, may be implemented to search in the depth of a subrange Rope, but fallen into locally optimal solution it is also possible that obtaining algorithm.Mutation operation is intended to introduce the random individual feature of some overall situations, So that the hybrid algorithm of whole Genetic Particle Swarm can be to avoid falling among global optimum.But classical Genetic Particle Swarm is mixed The mutation operation of hop algorithm is intended to the carry out individual addition of completely random, this can greatly influence the hybrid algorithm of Genetic Particle Swarm Convergence rate.Traditional particle swarm algorithm is the searching algorithm of a fast convergence, it may be implemented to most a little gradually leaning on Close effect, but this algorithm is sensitive for the epidemic situation comparison of primary, if used aloned may also can fall into local optimum. So the hybrid algorithm based on a ring population introduces multiple particles in the variation step of the hybrid algorithm of Genetic Particle Swarm Group algorithm, assist the hybrid algorithm of original Genetic Particle Swarm when carrying out mutation operation can more directive optimizing, tie The global rapid search attribute of hybrid algorithm itself for utilizing Genetic Particle Swarm is closed, can to get foot within the limited time Enough good alignment parameters;
Step 4 carries out the identification of unknown Android application program using trained model;To unknown Android Application program carries out decompiling first, opcode is extracted and the extraction of 3-gram probability (extracts each 3 bit instruction sequence to exist The probability occurred in entire application program instructions sequence);It is one-dimensional using each 3 bit instruction sequence as dimension vector after extraction The probability of degree vector is the vector point that dimension vector value generates unknown Android application program, with the institute in hyperspace The position of category is compared with the hyperplane that training pattern is formed determines whether to belong to normal Android program section.
Further, by Dalvik sequence transitions be by letter indicate opcode sequence before, to the normal use journey of acquisition Sequence and known malicious application carry out obtaining its smali file using tool apktool progress decompiling and Dalvik refers to Enable sequence.
It further, is only to extract Dalvik instruction in the opcode sequence indicated by letter by Dalvik sequence transitions.
Another object of the present invention is to provide described in a kind of realize based on the Android malicious act of sparse Bayesian model The computer program of software identification method.
Another object of the present invention is to provide described in a kind of realize based on the Android malicious act of sparse Bayesian model The information data processing terminal of software identification method.
Another object of the present invention is to provide a kind of computer readable storage mediums, including instruction, when it is in computer When upper operation, so that computer executes the Android malicious act software identification method based on sparse Bayesian model.
The Android malicious act software identification based on sparse Bayesian model that another object of the present invention is to provide a kind of Control system, comprising:
Conversion module, for being the opcode sequence indicated by letter by Dalvik sequence transitions:
Extraction module extracts the probability of the 3-gram sequence of application program respectively;
Training module carries out model training using management loading algorithm;
Identification module carries out the identification of unknown malware using trained model.
The Android malice row that another object of the present invention is to provide a kind of equipped with described based on sparse Bayesian model For the information data processing terminal of software control system for identifying.
In conclusion advantages of the present invention and good effect are as follows:
The present invention has used APK decompiling, opcode extraction, n-gram points to be identified to Malware respectively The technologies such as analysis, management loading algorithm.
Classification and Identification in currently existing scheme is much based on algorithm of support vector machine.This method is based on rapid sparse pattra leaves This learning algorithm, this algorithm, which is based on Method Using Relevance Vector Machine algorithm, can be very good to avoid due to algorithm of support vector machine parameter selection The decline of accuracy of identification caused by mistake still keeps its higher identification accurate in the case where inputting without more parameters Degree.
As shown in Fig. 2, method of the invention is handling sample using 3-gram, and sample size is greater than test sample quantity 25% or more when can make substantially check probability reach 90% or more.
Although in addition can learn from 1-gram to 4-gram, the dimension of sample is presented index and rises, 1000 gross samples This Construction of A Model and identification total time-consuming is held within 30s, and the 3-gram that method of the invention uses can disappear the time Consumption control is almost the same with the time-consuming of 2-gram in 20s, but has better accuracy than 2-gram.
Fig. 4 is as it can be seen that method and GA-SMV algorithm of the invention compares it is found that accuracy is greater than 20% or more in training sample Phase difference is little.
Fig. 5 is as it can be seen that method and GA-SMV algorithm of the invention compares it is found that algorithm time-consuming of the invention is in identical training It is obviously less when with test sample quantity, significantly reduce time-consuming.
The present invention is in the case where ensuring certain detection accuracy, without carrying out the replacement of parameter configuration or kernel function, the side of improving The ease for use of method.
Generally, present invention setting parameter is simple, easy to use, and recognition efficiency is high, and time-consuming is few.
According to related experiment as a result, the present invention can obtain under normal and malicious application sample database enough and abundant Obtain 90%~95% Malware achievement discrimination.
Detailed description of the invention
Fig. 1 is the Android malicious act software identification method stream provided in an embodiment of the present invention based on sparse Bayesian model Cheng Tu.
Accuracy test result figure of the Fig. 2 at different n-gram and training samples number.
Time-consuming test result figure of the Fig. 3 at different n-gram and training samples number.
Accuracy test result figure of the Fig. 4 under algorithms of different and training samples number.
Time-consuming test result figure of the Fig. 5 under algorithms of different and training samples number.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
In the prior art, it due to the limitation of support vector machines itself, will may require that when being identified to parameter therein It is configured.The quality of parameter setting decides the accuracy height of identification, influences very deep.It is existing to be much based on support vector machines Scheme be all around how preferably carrying out parameter selection development, there are also many limits for the setting of support vector machines kernel function Fixed (for example also needing to meet merci rule etc.).
Android malicious act software identification method provided in an embodiment of the present invention based on sparse Bayesian model, comprising:
Preparation before operation: the normal application of acquisition and known malicious application are used first Apktool tool carries out decompiling and obtains its Dalvik instruction sequence.
Dalvik sequence transitions are the opcode sequence indicated by letter by step 1:
The generally following form of Dalvik instruction:
The present invention using Dalvik instruction type of 7 letters to 7 cores using being replaced, and specific replacement processing is such as Shown in following table:
Dalvik Move invoke If Return Goto Aget Aput
Opcode M I I R G T P
Step 2 extracts the probability of the 3-gram sequence of application program respectively;
So-called n-gram sequence refers to n letter (word, code etc.) institutes in entire sequence continuously occurred in sequence The ratio accounted for.When knowing n=1, the probability of n-gram sequence is the probability that each letter occurs in entire sequence.Work as 3-gram When, n=3, the probability that 3 bit sequences of each of representative occur in entire sequence, as shown in the table.
3-gram Vector Frequency
MMM 1 0.2%
MMV 2 1%
MMI 3 3%
PPP 343 0.1%
Step 3 carries out model training using management loading algorithm;
The 3-gram probability obtained using upper table, forms the vector of 343 dimensions for each app sample, and vector value is that it is general Rate value.Using management loading algorithm, look for so that normal android application program and malice Android application program Sample is constituted at a distance of nearest edge samples so that edge samples are apart from maximum hyperplane.Using sparse Bayesian algorithm In, present invention improves over the settings of its alignment parameter, carry out optimizing to it using the hybrid algorithm of GA-PSO, make to generate model more Add suitable current problem.
Step 4 carries out the identification of unknown malware using trained model.
Unknown Android application program is also required to first to carry out decompiling, opcode extraction and 3-gram probability It extracts.The vector point of the program is generated after extraction, and is compared with the hyperplane formed before.It determines if to belong to normal Android program section.
Before being the opcode sequence indicated by letter for Dalvik sequence transitions, normal application to acquisition and known Malicious application carry out using tool apktool carry out decompiling obtain its smali file and Dalvik instruction sequence.
Android malicious act software control system for identifying provided by the invention based on sparse Bayesian model, comprising:
Conversion module, for being the opcode sequence indicated by letter by Dalvik sequence transitions:
Extraction module extracts the probability of the 4-gram sequence of application program respectively;
Training module carries out model training using management loading algorithm;
Identification module carries out the identification of unknown malware using trained model.
Below with reference to emulation experiment, the invention will be further described.
As shown in Fig. 2, method of the invention is handling sample using 3-gram, and sample size is greater than test sample quantity 25% or more when can make substantially check probability reach 90% or more.
Accuracy test result of the Fig. 2 at different n-gram and training samples number.
Although in addition can learn from 1-gram to 4-gram, the dimension of sample is presented index and rises, 1000 gross samples This Construction of A Model and identification total time-consuming is held within 30s, and the 3-gram that method of the invention uses can disappear the time Consumption control is almost the same with the time-consuming of 2-gram in 20s, but has better accuracy than 2-gram.
Time-consuming test result of the Fig. 3 at different n-gram and training samples number.
Fig. 4 is as it can be seen that method and GA-SMV algorithm of the invention compares it is found that accuracy is greater than 20% or more in training sample Phase difference is little.
Accuracy test result of the Fig. 4 under algorithms of different and training samples number.
Fig. 5 is as it can be seen that method and GA-SMV algorithm of the invention compares it is found that algorithm time-consuming of the invention is in identical training It is obviously less when with test sample quantity, significantly reduce time-consuming.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When using entirely or partly realizing in the form of a computer program product, the computer program product include one or Multiple computer instructions.When loading on computers or executing the computer program instructions, entirely or partly generate according to Process described in the embodiment of the present invention or function.The computer can be general purpose computer, special purpose computer, computer network Network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or from one Computer readable storage medium is transmitted to another computer readable storage medium, for example, the computer instruction can be from one A web-site, computer, server or data center pass through wired (such as coaxial cable, optical fiber, Digital Subscriber Line (DSL) Or wireless (such as infrared, wireless, microwave etc.) mode is carried out to another web-site, computer, server or data center Transmission).The computer-readable storage medium can be any usable medium or include one that computer can access The data storage devices such as a or multiple usable mediums integrated server, data center.The usable medium can be magnetic Jie Matter, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk Solid State Disk (SSD)) etc..
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (8)

1. a kind of Android malicious act software identification method based on sparse Bayesian model is applied to support vector machines, special Sign is, the Android malicious act software identification method based on sparse Bayesian model, comprising:
It is the opcode sequence indicated by letter by Dalvik sequence transitions;
The probability of the 3-gram sequence of application program is extracted respectively;
Model training is carried out using management loading algorithm;Using in sparse Bayesian algorithm, introduces and be based on genetic particle The hybrid algorithm of group carries out optimizing to alignment parameter;Population calculation is introduced in the variation of the hybrid algorithm of Genetic Particle Swarm Method assists the hybrid algorithm of original Genetic Particle Swarm to carry out the optimizing of directionality when carrying out mutation operation;
The identification of unknown Android application program is carried out using trained model;Unknown Android application program is carried out Decompiling, opcode are extracted and the extraction of 3-gram probability;Using each 3 bit instruction sequence as dimension vector after extraction, with Position belonging in hyperspace is compared with the hyperplane that training pattern is formed, it is determined whether belongs to normal Android program section.
2. the Android malicious act software identification method based on sparse Bayesian model, feature exist as described in claim 1 In, before the opcode sequence that Dalvik sequence transitions are indicated by letter, normal application and known evil to acquisition Meaning application program carries out obtaining its smali file and Dalvik instruction sequence using tool apktool progress decompiling.
3. the Android malicious act software identification method based on sparse Bayesian model, feature exist as described in claim 1 In, in the opcode sequence that Dalvik sequence transitions are indicated by letter, only extraction Dalvik instruction.
4. a kind of Android malicious act software realized described in claims 1 to 3 any one based on sparse Bayesian model is known The computer program of other method.
5. a kind of Android malicious act software realized described in claims 1 to 3 any one based on sparse Bayesian model is known The information data processing terminal of other method.
6. a kind of computer readable storage medium, including instruction, when run on a computer, so that computer is executed as weighed Benefit requires the Android malicious act software identification method described in 1-3 any one based on sparse Bayesian model.
7. a kind of Android malicious act software identification method based on sparse Bayesian model as described in claim 1 based on dilute Dredge the Android malicious act software control system for identifying of Bayesian model, which is characterized in that described to be based on sparse Bayesian model Android malicious act software control system for identifying include:
Conversion module, for being the opcode sequence indicated by letter by Dalvik sequence transitions:
Extraction module extracts the probability of the 4-gram sequence of application program respectively;
Training module carries out model training using management loading algorithm;
Identification module carries out the identification of unknown malware using trained model.
8. a kind of Android malicious act software control system for identifying equipped with described in claim 7 based on sparse Bayesian model Information data processing terminal.
CN201810730308.XA 2018-07-05 2018-07-05 Android malicious act software identification method and system based on sparse Bayesian model Pending CN109086604A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810730308.XA CN109086604A (en) 2018-07-05 2018-07-05 Android malicious act software identification method and system based on sparse Bayesian model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810730308.XA CN109086604A (en) 2018-07-05 2018-07-05 Android malicious act software identification method and system based on sparse Bayesian model

Publications (1)

Publication Number Publication Date
CN109086604A true CN109086604A (en) 2018-12-25

Family

ID=64836964

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810730308.XA Pending CN109086604A (en) 2018-07-05 2018-07-05 Android malicious act software identification method and system based on sparse Bayesian model

Country Status (1)

Country Link
CN (1) CN109086604A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110795736A (en) * 2019-10-31 2020-02-14 四川大学 Malicious android software detection method based on SVM decision tree
CN113449461A (en) * 2021-06-08 2021-09-28 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Switch device aging equivalent method
CN116165274A (en) * 2023-02-17 2023-05-26 哈尔滨工业大学 Urban orbit damage identification method based on Bayesian global sparse probability principal component analysis

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104809469A (en) * 2015-04-21 2015-07-29 重庆大学 Indoor scene image classification method facing service robot
CN105468977A (en) * 2015-12-14 2016-04-06 厦门安胜网络科技有限公司 Method and device for Android malicious software classification based on Naive Bayes
CN106096405A (en) * 2016-04-26 2016-11-09 浙江工业大学 A kind of Android malicious code detecting method abstract based on Dalvik instruction
CN106845511A (en) * 2016-11-16 2017-06-13 吉林大学 A kind of network space-time monitoring method based on group management loading
CN107766968A (en) * 2017-09-26 2018-03-06 河海大学 Short-term wind speed forecasting method based on CAPSO RVM built-up patterns
CN107908963A (en) * 2018-01-08 2018-04-13 北京工业大学 A kind of automatic detection malicious code core feature method
CN108074011A (en) * 2017-11-02 2018-05-25 广州工程技术职业学院 The monitoring method and system of a kind of sludge discharge

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104809469A (en) * 2015-04-21 2015-07-29 重庆大学 Indoor scene image classification method facing service robot
CN105468977A (en) * 2015-12-14 2016-04-06 厦门安胜网络科技有限公司 Method and device for Android malicious software classification based on Naive Bayes
CN106096405A (en) * 2016-04-26 2016-11-09 浙江工业大学 A kind of Android malicious code detecting method abstract based on Dalvik instruction
CN106845511A (en) * 2016-11-16 2017-06-13 吉林大学 A kind of network space-time monitoring method based on group management loading
CN107766968A (en) * 2017-09-26 2018-03-06 河海大学 Short-term wind speed forecasting method based on CAPSO RVM built-up patterns
CN108074011A (en) * 2017-11-02 2018-05-25 广州工程技术职业学院 The monitoring method and system of a kind of sludge discharge
CN107908963A (en) * 2018-01-08 2018-04-13 北京工业大学 A kind of automatic detection malicious code core feature method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
吴良海: "基于粒子群优化相关向量机的网络入侵检测", 《微电子学与计算》 *
孙敏 等: "云环境下基于DO-GAPSO的任务调度算法", 《计算机科学》 *
梅朵 等: "基于混合算法优化SVM 的短时交通流预测", 《计算机技术与发展》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110795736A (en) * 2019-10-31 2020-02-14 四川大学 Malicious android software detection method based on SVM decision tree
CN113449461A (en) * 2021-06-08 2021-09-28 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Switch device aging equivalent method
CN116165274A (en) * 2023-02-17 2023-05-26 哈尔滨工业大学 Urban orbit damage identification method based on Bayesian global sparse probability principal component analysis
CN116165274B (en) * 2023-02-17 2023-11-14 哈尔滨工业大学 Urban orbit damage identification method based on Bayesian global sparse probability principal component analysis

Similar Documents

Publication Publication Date Title
Flagel et al. The unreasonable effectiveness of convolutional neural networks in population genetic inference
Fan et al. Can we trust your explanations? Sanity checks for interpreters in Android malware analysis
Yildiz et al. Permission-based android malware detection system using feature selection with genetic algorithm
Annachhatre et al. Hidden Markov models for malware classification
US9923912B2 (en) Learning detector of malicious network traffic from weak labels
CN107004159B (en) Active machine learning
Lange et al. Stability-based model selection
Koo et al. A Review for Detecting Gene‐Gene Interactions Using Machine Learning Methods in Genetic Epidemiology
CN109086604A (en) Android malicious act software identification method and system based on sparse Bayesian model
US8635171B1 (en) Systems and methods for reducing false positives produced by heuristics
Liu et al. Malware classification using gray-scale images and ensemble learning
CN107679403A (en) It is a kind of to extort software mutation detection method based on sequence alignment algorithms
US11809557B2 (en) Mobile malicious code classification method based on feature selection and recording medium and device for performing the same
US8626675B1 (en) Systems and methods for user-specific tuning of classification heuristics
Dang et al. SPY: A novel resampling method for improving classification performance in imbalanced data
Williams et al. Plant microRNA prediction by supervised machine learning using C5. 0 decision trees
Karathanasis et al. MiRduplexSVM: a high-performing miRNA-duplex prediction and evaluation methodology
Wang et al. TextDroid: Semantics-based detection of mobile malware using network flows
Yan et al. Automatic malware classification via PRICoLBP
Sivakumar et al. Malware Detection Using The Machine Learning Based Modified Partial Swarm Optimization Approach
CN110912917A (en) Malicious URL detection method and system
Yin et al. Improving the performance of SVM-RFE on classification of pancreatic cancer data
CN115344693A (en) Clustering method based on fusion of traditional algorithm and neural network algorithm
WO2020165610A1 (en) Systems and methods for conducting a security recognition task
CN114386511A (en) Malicious software family classification method based on multi-dimensional feature fusion and model integration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181225