CN109543406B - Android malicious software detection method based on XGboost machine learning algorithm - Google Patents

Android malicious software detection method based on XGboost machine learning algorithm Download PDF

Info

Publication number
CN109543406B
CN109543406B CN201811150736.1A CN201811150736A CN109543406B CN 109543406 B CN109543406 B CN 109543406B CN 201811150736 A CN201811150736 A CN 201811150736A CN 109543406 B CN109543406 B CN 109543406B
Authority
CN
China
Prior art keywords
xgboost
algorithm
malicious software
child
optimal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811150736.1A
Other languages
Chinese (zh)
Other versions
CN109543406A (en
Inventor
王雪敬
凌捷
孙玉
孙宇平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201811150736.1A priority Critical patent/CN109543406B/en
Publication of CN109543406A publication Critical patent/CN109543406A/en
Application granted granted Critical
Publication of CN109543406B publication Critical patent/CN109543406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/004Artificial life, i.e. computing arrangements simulating life
    • G06N3/006Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention relates to an Android malicious software detection method based on an XGboost machine learning algorithm. Compared with the traditional XGboost algorithm, the improved XGboost machine learning algorithm provided by the invention has higher classification precision in the detection of the Android malicious software, improves the accuracy of the detection of the malicious software, and reduces the probability of attack on the Android system caused by detection errors.

Description

Android malicious software detection method based on XGboost machine learning algorithm
Technical Field
The invention relates to the technical field of malicious software detection on an Android platform, in particular to an Android malicious software detection method based on an XGboost machine learning algorithm.
Background
The Android system is formally released by Google corporation in 2007, 11 month and 5 days, and as an operating system based on a Linux kernel, the Android system has the characteristics of being open-source and free, so that the Android system becomes an operating system of an intelligent mobile device with the largest market occupation amount at an extremely high speed. However, while it is popular with a wide range of App developers and users, it is also a preferred target for malicious attackers. The rapid growth of Android malicious software seriously threatens the safety and privacy of users, the malicious software steals private data of the users, property loss is caused, higher authority is obtained by using system bugs, and greater harm is realized. With the continuous advance of the mobile payment industry, the concept of internet and mobile payment explodes, mobile payment develops rapidly, and viruses paid by mobile phones emerge endlessly, which seriously endangers the property safety of users. There is therefore a need for a method of quickly and efficiently detecting malware.
At present, three detection methods for Android malicious software are mainly used, namely a static detection method, a dynamic detection method and a method combining static detection and dynamic detection.
The static detection method includes the steps that under the condition that the Android application program is not operated, the installation package of the application program is decompiled through reverse engineering, and relevant features such as authority information, API calling and instruction features are extracted, so that possible operation of the program during operation can be represented, and whether the application program is malicious software or not is judged. Static detection mostly uses a machine learning algorithm to perform classification detection on the extracted feature information. However, the classification accuracy of the static detection method is not high, the accuracy of malicious software detection is low, and the probability that the Android system is attacked due to detection errors is increased.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an Android malicious software detection method based on an XGboost machine learning algorithm, which has the advantages of higher classification precision and higher malicious software detection accuracy and greatly reduces the probability of the Android system being attacked due to detection errors.
In order to achieve the purpose, the technical scheme provided by the invention is as follows:
a method for detecting Android malicious software based on an XGboost machine learning algorithm comprises the steps of extracting the characteristics of Permission, intent, component and API call through decompiling an apk file, quantizing the characteristics to form a characteristic matrix, performing parameter optimization on an XGboost integrated learning framework by using an ant colony optimization algorithm, quickly finding out a global optimal solution, obtaining an optimal target value after multiple iterations, obtaining an optimal parameter combination contraction step length shrinkage of the XGboost and a minimum sample weight threshold value min _ child _ weight in a child node, and finally applying the optimized XGboost algorithm to an Android malicious software detection model.
Further, the Android malicious software detection method based on the XGboost machine learning algorithm comprises the following specific steps:
s1: decompiling the apk file by using the apktool to obtain android manifest.xml and classes.dex;
s2: extracting the Permission, intent, component and API call characteristics;
s3: quantizing the features, wherein the output value is a one-hot vector, if the features exist, the vector is marked as 1, otherwise, the vector is marked as 0;
s4: forming a feature vector set by all feature vectors, reducing the dimension of the feature vector set by adopting a feature selection algorithm, and selecting an optimal feature subset;
s5: performing parameter optimization on the XGboost integrated learning framework by using an ant colony optimization algorithm, quickly finding out a global optimal solution, obtaining an optimal target value after multiple iterations, and obtaining an optimal parameter combination shrinkage step length shrinkage of the XGboost and a minimum sample weight threshold value min _ child _ weight in a child node;
s6: randomly extracting 10% of the optimized feature vectors as a test set, and inputting the rest 90% of the optimized feature vectors as a training set into an optimized XGboost integrated learning frame for optimized learning;
s7: and evaluating the classification result from the true rate, the false positive rate and the classification precision, and judging whether the XGboost algorithm optimized based on the ant colony algorithm is used for generating an Android malicious software detection model to meet the detection requirement.
Further, the specific steps of utilizing the ant colony optimization algorithm to optimize the parameters of the XGboost ensemble learning frame are as follows:
A. setting the contraction step length shrinkage of the XGboost classifier parameter and the upper and lower limits of the minimum sample weight threshold min _ child _ weight in the child node, the maximum iteration times MaxIter, the ant colony scale M and the information evaporation coefficient Rho;
B. initializing populations, namely initializing shrinkage and min _ child _ weight as a position vector of each ant;
C. executing ant colony search;
D. XGboost training is carried out;
E. calculating the objective function value and the pheromone value of each ant by using an XGboost classifier, and searching the current optimal ant;
F. judging whether a termination condition is met: if the iteration times are larger than the MaxIter, outputting an ant colony optimal value and corresponding shrinkage and min _ child _ weight values, executing the step G, and if not, adding 1 to the iteration times, and executing the step C;
G. updating the pheromone;
H. and using the output shrinkage and min _ child _ weight in a detection model of the Android malware.
Further, the ant colony optimization algorithm is specifically as follows:
ant colony position initialization:
the classification accuracy of XGboost is assumed as the objective function value
max{F(s 1 ,w 1 ),F(s 2 ,w 2 ),...,F(s m ,w m ) Is denoted as max (ness = max { F (X) }, X = { X = { (X) } 1 ,x 2 ,...,x m In which x i Expressing ants, and generating an initialized population by using the chaotic sequence comprises the following steps:
1) Generating a random vector in D dimension:
Figure BDA0001817899010000041
2) Logitics mapping, using the above formula as an initial iteration, the Logitics mapping equation is as follows:
Figure BDA0001817899010000042
wherein μ =1, i =1, 2., N, D =1,2, ·, D;
3) Mapping the chaotic space to a search space of an optimized variable:
Figure BDA0001817899010000043
/>
in the formula, max d To take the upper limit, min d Taking a lower limit value;
the ant moving rule is as follows:
after the ant colony is initialized, the objective function is calculated,
Figure BDA0001817899010000044
defining the position vector of the jth ant in the kth iteration, wherein the larger the objective function is, the larger the concentration of the position pheromone is, and storing the ant with the maximum current target value as ^ based on the judgment result>
Figure BDA0001817899010000045
And its pheromone maximum->
Figure BDA0001817899010000046
Selecting local search or global search:
the probability of ant transfer is defined as follows:
Figure BDA0001817899010000047
in the formula, S is a standard deviation of the fitness function, and the calculation formula is as follows:
Figure BDA0001817899010000048
wherein m is the number of ants, F ave Is the average fitness value;
from the above formula, it is known that
Figure BDA0001817899010000049
The closer the ants are, the greater the transfer probability is, and the searching method is as follows:
if P (x) i ) P0 or less, wherein P0 is constant, 0<P0<1, the ant searches nearby local positions, and the movement formula is as follows:
Figure BDA00018178990100000410
in the formula
Figure BDA00018178990100000411
For the moved position, is>
Figure BDA00018178990100000412
For the position before the movement, a is the movement step, defined as follows:
Figure BDA0001817899010000051
if P (x) i ) If the answer is more than P0, the ants search in the solution space;
and (3) updating pheromone:
according to the size of the individual position function value, the update pheromone is as follows:
Figure BDA0001817899010000052
where ρ is an information evaporation coefficient.
Compared with the prior art, the principle and the advantages of the scheme are as follows:
compared with the traditional XGboost machine learning algorithm, the performance of XGboost algorithm classification is influenced by parameter selection in Android malicious software detection, the method and the device have the advantages that the ant colony algorithm is applied to optimize the parameters of the XGboost, the optimal parameters are quickly found, the XGboost algorithm has good classification performance, and the XGboost algorithm is applied to an Android malicious software detection model, so that the higher classification precision is realized during the Android malicious software detection, the malicious software detection accuracy is greatly improved, and the probability that an Android system is attacked due to detection errors is reduced.
Drawings
FIG. 1 is a detection flow chart of an Android malicious software detection method based on an XGboost machine learning algorithm according to the invention;
FIG. 2 is a flow chart of feature extraction in an Android malicious software detection method based on an XGboost machine learning algorithm of the invention;
fig. 3 is a flowchart of optimizing XGBoost parameters by using an ant colony algorithm in the Android malware detection method based on the XGBoost machine learning algorithm of the present invention.
Detailed Description
The invention will be further illustrated with reference to specific examples:
the Android malicious software detection method based on the XGboost machine learning algorithm described in this embodiment specifically includes the following contents:
an integrated learning algorithm proposed by Tian Chen in 2015 in XGboost (eXtreme Gradient Boosting) has the main parameters of shrinking step length (shrinkage) and minimum sample weight threshold (min _ child _ weight) in child nodes, which directly influence the classification performance, in an XGboost integrated learning framework. Too small a shrinkage will cause the algorithm to overfit, larger shrinkage will cause the algorithm to fail to converge, too small a shrinkage will cause the algorithm to overfit for min _ child _ weight, and too large mini _ child _ weight will cause the algorithm to classify linear irreparable data.
Therefore, in the embodiment, after feature matrixes are formed by inversely compiling apk files and extracting the Permission, intent, component and API call feature quantization, an ant colony optimization algorithm is used for performing parameter optimization on the XGBoost ensemble learning frame, a global optimal solution is quickly found, an optimal target value is obtained after multiple iterations, an optimal parameter combination contraction step shrinkage of the XGBoost and a minimum sample weight threshold min _ child _ weight in a child node are obtained, and finally the optimized XGBoost algorithm is applied to the Android malicious software detection model. As shown in fig. 1, the specific steps are as follows:
s1: decompiling the apk file by using the apktool to obtain android manifest.xml and classes.dex;
s2: extracting the Permission, intent, component and API call characteristics, wherein the specific process is shown in FIG. 2;
s3: quantizing the features, wherein the output value is a one-hot vector, if the features exist, the vector is marked as 1, otherwise, the vector is marked as 0;
s4: forming a feature vector set by all feature vectors, reducing the dimension of the feature vector set by adopting a feature selection algorithm, and selecting an optimal feature subset;
s5: performing parameter optimization on the XGboost integrated learning framework by using an ant colony optimization algorithm, quickly finding out a global optimal solution, obtaining an optimal target value after multiple iterations, and obtaining an optimal parameter combination shrinkage step length shrinkage of the XGboost and a minimum sample weight threshold value min _ child _ weight in a child node;
s6: randomly extracting 10% of the optimized feature vectors as a test set, and inputting the rest 90% of the optimized feature vectors as a training set into an optimized XGboost integrated learning frame for optimized learning;
s7: and evaluating the classification result from the true rate, the false positive rate and the classification precision, and judging whether the XGboost algorithm optimized based on the ant colony algorithm is used for generating an Android malicious software detection model to meet the detection requirement.
In the above, as shown in fig. 3, the specific steps of performing parameter optimization on the XGBoost ensemble learning framework by using the ant colony optimization algorithm are as follows:
A. setting the contraction step length shrinkage of the XGboost classifier parameter and the upper and lower limits of the minimum sample weight threshold min _ child _ weight in the child node, the maximum iteration times MaxIter, the ant colony scale M and the information evaporation coefficient Rho;
B. initializing populations, namely initializing shrinkage and min _ child _ weight as a position vector of each ant;
C. executing ant colony search;
D. XGboost training is carried out;
E. calculating the objective function value and the pheromone value of each ant by using an XGboost classifier, and searching the current optimal ant;
F. judging whether a termination condition is met: if the iteration times are larger than the MaxIter, outputting an ant colony optimal value and corresponding shrinkage and min _ child _ weight values, executing the step G, and if not, adding 1 to the iteration times, and executing the step C;
G. updating the pheromone;
H. and using the output shrinkage and min _ child _ weight in a detection model of the Android malware.
The specific ant colony optimization algorithm is as follows:
ant colony position initialization:
the classification accuracy of XGboost is assumed as the objective function value
max{F(s 1 ,w 1 ),F(s 2 ,w 2 ),...,F(s m ,w m ) Is denoted as max (ness = max { F (X) }, X = { X = { (X) } 1 ,x 2 ,...,x m In which x i Expressing ants, and generating an initialized population by using the chaotic sequence as follows:
1) Generating a random vector in D dimension:
Figure BDA0001817899010000071
2) Logitics mapping, using the above formula as an initial iteration, the Logitics mapping equation is as follows:
Figure BDA0001817899010000081
wherein μ =1, i =1, 2., N, D =1,2, ·, D;
3) Mapping the chaotic space to a search space of an optimized variable:
Figure BDA0001817899010000082
in the formula, max d To take the upper limit, min d Taking a lower limit value;
the ant moving rule is as follows:
after the ant colony is initialized, the objective function is calculated,
Figure BDA0001817899010000083
defining the position vector of the jth ant in the kth iteration, wherein the larger the objective function is, the larger the concentration of the position pheromone is, and storing the ant with the maximum current target value as ^ based on the judgment result>
Figure BDA0001817899010000084
And its pheromone maximum->
Figure BDA0001817899010000085
Selecting local search or global search:
the probability of ant transfer is defined as follows:
Figure BDA0001817899010000086
in the formula, S is a standard deviation of the fitness function, and the calculation formula is as follows:
Figure BDA0001817899010000087
wherein m is the number of ants, F ave Is the average fitness value;
from the above formula, it is known that
Figure BDA0001817899010000088
The closer the ants are, the greater the transfer probability is, and the searching method is as follows:
if P (x) i ) P0 or less, wherein P0 is constant, 0<P0<1, the ant searches nearby local positions, and the movement formula is as follows:
Figure BDA0001817899010000089
in the formula
Figure BDA00018178990100000810
For the moved position, is>
Figure BDA00018178990100000811
For the position before the movement, a is the movement step, defined as follows:
Figure BDA00018178990100000812
if P (x) i ) If the answer is more than P0, the ants search in the solution space;
and (3) updating pheromone:
according to the size of the individual position function value, the update pheromone is as follows:
Figure BDA0001817899010000091
where ρ is an information evaporation coefficient.
According to the method, firstly, permission, intent, component and API call characteristics are extracted through decompiling an apk file, a characteristic matrix is formed in a quantization mode, and parameters of the XGboost classifier are optimized by utilizing the parallelism and the strong robustness of an ant colony algorithm, so that an optimal target is obtained, and an optimal parameter combination of the XGboost is obtained. Compared with the traditional XGboost algorithm, the improved XGboost machine learning algorithm provided by the embodiment has higher classification precision in the detection of the Android malicious software, improves the accuracy of the detection of the malicious software, and reduces the probability of the attack on the Android system caused by the detection error.
The above-mentioned embodiments are merely preferred embodiments of the present invention, and the scope of the present invention is not limited thereto, so that variations based on the shape and principle of the present invention should be covered within the scope of the present invention.

Claims (2)

1. An Android malicious software detection method based on an XGboost machine learning algorithm is characterized in that Permission, intent, component and APIcall characteristics are extracted by decompiling an apk file, a characteristic matrix is formed in a quantized mode, an ant colony optimization algorithm is used for carrying out parameter optimization on an XGboost integrated learning framework, a global optimal solution is quickly found, an optimal target value is obtained after multiple iterations, an optimal parameter combination contraction step length shrinkage of the XGboost and a minimum sample weight threshold value min _ child _ weight in a child node are obtained, and finally the optimized XGboost algorithm is applied to an Android malicious software detection model;
the method specifically comprises the following steps:
s1: decompiling the apk file by using the apktool to obtain android manifest.xml and classes.dex;
s2: extracting the Permission, intent, component and API call characteristics;
s3: quantizing the features, wherein the output value is a one-hot vector, if the features exist, the vector is marked as 1, otherwise, the vector is marked as 0;
s4: forming a feature vector set by all feature vectors, reducing the dimension of the feature vector set by adopting a feature selection algorithm, and selecting an optimal feature subset;
s5: performing parameter optimization on the XGboost integrated learning framework by using an ant colony optimization algorithm, quickly finding out a global optimal solution, obtaining an optimal target value after multiple iterations, and obtaining an optimal parameter combination shrinkage step length shrinkage of the XGboost and a minimum sample weight threshold value min _ child _ weight in a child node;
s6: randomly extracting 10% of the optimized feature vectors as a test set, and inputting the rest 90% of the optimized feature vectors as a training set into an optimized XGboost integrated learning frame for optimized learning;
s7: and evaluating the classification result from the true rate, the false positive rate and the classification precision, and judging whether the Android malicious software detection model generated by the XGboost algorithm optimized based on the ant colony algorithm meets the detection requirement.
2. The Android malicious software detection method based on the XGboost machine learning algorithm as claimed in claim 1, wherein the specific steps of using the ant colony optimization algorithm to perform parameter optimization on the XGboost ensemble learning frame are as follows:
A. setting the contraction step length shrinkage of the XGboost classifier parameter and the upper and lower limits of the minimum sample weight threshold min _ child _ weight in the child node, the maximum iteration times MaxIter, the ant colony scale M and the information evaporation coefficient Rho;
B. initializing populations, namely initializing shrinkage and min _ child _ weight as a position vector of each ant;
C. executing ant colony search;
D. XGboost training is carried out;
E. calculating the objective function value and the pheromone value of each ant by using an XGboost classifier, and searching the current optimal ant;
F. judging whether a termination condition is met: if the iteration times are larger than the MaxIter, outputting an ant colony optimal value and corresponding shrinkage and min _ child _ weight values, executing the step G, and if not, adding 1 to the iteration times, and executing the step C;
G. updating the pheromone;
H. and using the output shrinkage and min _ child _ weight in a detection model of the Android malicious software.
CN201811150736.1A 2018-09-29 2018-09-29 Android malicious software detection method based on XGboost machine learning algorithm Active CN109543406B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811150736.1A CN109543406B (en) 2018-09-29 2018-09-29 Android malicious software detection method based on XGboost machine learning algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811150736.1A CN109543406B (en) 2018-09-29 2018-09-29 Android malicious software detection method based on XGboost machine learning algorithm

Publications (2)

Publication Number Publication Date
CN109543406A CN109543406A (en) 2019-03-29
CN109543406B true CN109543406B (en) 2023-04-11

Family

ID=65841391

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811150736.1A Active CN109543406B (en) 2018-09-29 2018-09-29 Android malicious software detection method based on XGboost machine learning algorithm

Country Status (1)

Country Link
CN (1) CN109543406B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110197068B (en) * 2019-05-06 2022-07-12 广西大学 Android malicious application detection method based on improved grayish wolf algorithm
CN110263539A (en) * 2019-05-15 2019-09-20 湖南警察学院 A kind of Android malicious application detection method and system based on concurrent integration study
CN110362995B (en) * 2019-05-31 2022-12-02 电子科技大学成都学院 Malicious software detection and analysis system based on reverse direction and machine learning
CN112818344A (en) * 2020-08-17 2021-05-18 北京辰信领创信息技术有限公司 Method for improving virus killing rate by applying artificial intelligence algorithm
CN112989342B (en) * 2021-03-04 2022-08-05 北京邮电大学 Malicious software detection network optimization method and device, electronic equipment and storage medium
CN115801463B (en) * 2023-02-06 2023-04-18 山东能源数智云科技有限公司 Industrial Internet platform intrusion detection method and device and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107194803A (en) * 2017-05-19 2017-09-22 南京工业大学 A kind of P2P nets borrow the device of borrower's assessing credit risks
CN107577942A (en) * 2017-08-22 2018-01-12 中国民航大学 A kind of composite character screening technique for Android malware detection

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6701311B2 (en) * 2001-02-07 2004-03-02 International Business Machines Corporation Customer self service system for resource search and selection
US8108933B2 (en) * 2008-10-21 2012-01-31 Lookout, Inc. System and method for attack and malware prevention

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107194803A (en) * 2017-05-19 2017-09-22 南京工业大学 A kind of P2P nets borrow the device of borrower's assessing credit risks
CN107577942A (en) * 2017-08-22 2018-01-12 中国民航大学 A kind of composite character screening technique for Android malware detection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于机器学习的移动终端高级持续性威胁检测技术研究;胡彬等;《计算机工程》;20170115(第01期);242-246 *

Also Published As

Publication number Publication date
CN109543406A (en) 2019-03-29

Similar Documents

Publication Publication Date Title
CN109543406B (en) Android malicious software detection method based on XGboost machine learning algorithm
US10867038B2 (en) System and method of detecting malicious files with the use of elements of static analysis
CN106899440B (en) Network intrusion detection method and system for cloud computing
CN105989288A (en) Deep learning-based malicious code sample classification method and system
US11256804B2 (en) Malware classification of executable files by convolutional networks
KR102317833B1 (en) method for machine LEARNING of MALWARE DETECTING MODEL AND METHOD FOR detecting Malware USING THE SAME
CN111914253B (en) Method, system, equipment and readable storage medium for intrusion detection
CN111368289B (en) Malicious software detection method and device
CN112673386A (en) Integration-based data management pipeline for efficient tag propagation
CN112395612A (en) Malicious file detection method and device, electronic equipment and storage medium
KR102058966B1 (en) Method for detecting malicious application and apparatus thereof
CN114692156A (en) Memory segment malicious code intrusion detection method, system, storage medium and equipment
US20170091451A1 (en) Creating rules describing malicious files based on file properties
CN116522338A (en) File processing method, equipment and computer readable storage medium
CN111382432A (en) Malicious software detection and classification model generation method and device
CN115081618A (en) Method and device for improving robustness of deep neural network model
CN108229168B (en) Heuristic detection method, system and storage medium for nested files
CN113868647A (en) Network unknown threat detection method based on feature extension CNN
CN110197068B (en) Android malicious application detection method based on improved grayish wolf algorithm
KR20200067044A (en) Method and apparatus for detecting malicious file
Yuan et al. Android applications categorization using bayesian classification
CN114238944A (en) File type determination method, device, equipment and medium
CN107622201A (en) A kind of Android platform clone&#39;s application program quick determination method of anti-reinforcing
De Lille et al. Automatically combining static malware detection techniques
Prabhavathi et al. Malware Prediction Using XGBOOST and CATBOOST

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant