CN109684834B - XGboost-based gate-level hardware Trojan horse identification method - Google Patents
XGboost-based gate-level hardware Trojan horse identification method Download PDFInfo
- Publication number
- CN109684834B CN109684834B CN201811567722.XA CN201811567722A CN109684834B CN 109684834 B CN109684834 B CN 109684834B CN 201811567722 A CN201811567722 A CN 201811567722A CN 109684834 B CN109684834 B CN 109684834B
- Authority
- CN
- China
- Prior art keywords
- gate
- data set
- trojan
- level
- netlist
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
Abstract
The invention relates to a gate-level hardware Trojan horse identification method based on XGboost. Analyzing the integrated circuit gate-level netlist, and collecting a characteristic data set of each net in different gate-level netlists; dividing the gate-level netlist feature data set into a training data set and a testing data set by adopting a leave-one method; training the XGboost classifier by using a training data set to obtain an initial gate-level netlist hardware Trojan detection model, detecting the hardware Trojan of the test data set, and counting test results according to a confusion matrix; calculating to obtain Recall (R), F-measure, precision (P) and Accuracy indexes according to the confusion matrix of the detection result; if the average result of the 4 indexes is lower, performing parameter adjustment optimization on the gate-level netlist hardware Trojan horse detection model; and extracting a characteristic data set from the gate-level netlist to be detected, inputting the data set into a training-optimized gate-level netlist hardware Trojan detection model, and judging that the gate-level netlist contains the hardware Trojan.
Description
Technical Field
The invention belongs to the technical field of information security and hardware Trojan detection, and relates to a method for detecting a hardware Trojan in an integrated circuit gate-level netlist, in particular to a method for detecting a hardware Trojan in a gate-level netlist based on XGboost.
Background
The detection method of the hardware trojan is mainly divided into two categories: pre-silicon detection and post-silicon detection. Post-silicon detection includes side channel detection, destructive detection, and functional testing. The post-silicon detection is limited in practical application because it relies on gold as a reference, is expensive, requires special detection equipment and is susceptible to noise during detection. Particularly, in a very large scale integrated circuit (VLSI), the detection difficulty of a hardware Trojan horse is higher, and the post-silicon detection method is not applicable. The front silicon detection is a detection method in the chip design stage, and the condition constraint of the back silicon detection does not exist, so that the front silicon detection is the key research direction of hardware Trojan horse detection.
In recent years, some researchers apply machine learning methods such as SVM [1], NN [2], randomForest [3] and the like to a detection method of a gate-level netlist hardware Trojan, and obtain relatively good detection effect. These methods mainly determine the detection effect by using two indexes, precision and Accuracy. However, through analysis, in the gate-level netlist, the number of normal nets (nets) is much larger than that of the Trojan nets, the calculation results of Precision and Accuracy are dominated by the detection results of the normal nets, and in the hardware Trojan detection process, emphasis should be placed on detecting the Trojan nets as much as possible. Therefore, the detection effect of the hardware Trojan horse is judged through two indexes of Recall and F-measure, and the detection effect is more scientific. Among the existing methods of applying machine learning to gate-level netlist hardware Trojan detection, the use of the RandomForest method can achieve 94.9%. However, the Recall and F-measure of this method are only 74.9% and 79.8%. Therefore, a certain promotion space exists for the application of the machine learning method in the gate-level netlist hardware Trojan detection.
Reference documents:
[1] K.Hasegawa et al., Hardware trojans classification for gate-level netlists based on machine learning, IEEE International Symposium on On-Line Testing and Robust System Design (2016), 203–206.
[2] K.Hasegawa, M.Yanagisawa, and N.Togawa, A hardware-trojan
classification method using machine learning at gate-level netlists based on trojan features, Ieice Transactions on Fundamentals of Electronics Communications & Computer Sciences E100.A (2017), no. 7, 1427–1438.
[3] K.Hasegawa, M.Yanagisawa, and N.Togawa, Trojan-feature extraction at gate-level netlists and its application to hardware-trojan detection using random forest classifier, IEEE International Symposium on Circuits and Systems (2017),1-4.。
disclosure of Invention
The invention aims to provide a gate-level hardware Trojan identification method based on XGboost, aiming at the problems that the existing post-silicon detection method needs gold chips as reference, is high in cost, needs specific detection equipment and is easily influenced by noise in the detection process and the defects of the existing gate-level netlist hardware Trojan detection method by using a machine learning method on the Trojan detection effect.
In order to achieve the purpose, the technical scheme of the invention is as follows: a gate-level hardware Trojan horse identification method based on XGboost comprises the following steps:
s1, analyzing an integrated circuit gate-level netlist according to N Trojan characteristics, and collecting a characteristic data set of each net in different gate-level netlists;
s2, dividing a gate-level netlist feature data set into a training data set and a testing data set by adopting a leave-one-out method;
s3, training the XGboost classifier by using a training data set to obtain an initial gate-level netlist hardware Trojan horse detection model;
s4, detecting the hardware Trojan on the test data set by using the trained gate-level netlist hardware Trojan detection model, and calculating to obtain Recall (R), F-measure, precision (P) and Accuracy indexes according to a confusion matrix of a detection result;
s5, if the average results of Recall (R), F-measure, precision (P) and Accuracy of the test data set obtained by calculation in the step S4 are low, performing parameter adjustment optimization on the gate-level netlist hardware Trojan horse detection model;
and S6, extracting a characteristic data set from the gate-level netlist to be detected, inputting the data set into a training-optimized gate-level netlist hardware Trojan detection model, and judging that the gate-level netlist contains the hardware Trojan.
In an embodiment of the present invention, in the step S1, N is 51.
In an embodiment of the present invention, a specific implementation manner of step S2 is: recording feature data sets extracted from different gate-level netlists as netlist (1), netlist (2) \ 8230, netlist (k), and performing k combined grouping on the feature data sets for k times of experiments; in the ith grouping case, netlist (i) is used as a test data set, and the rest k-1 characteristic data sets are combined into a training data set.
In an embodiment of the present invention, in the step S4, the calculation method of the Recall (R), the F-measure, the Precision (P), and the Accuracy index is as follows:
Recall(R)=TP/(TP+FN)
F-measure=2P*R/(P+R)
Precision(P)=TN/(TN+FN)
Accuracy=(TP+TN)/(TP+FN+FP+TN);
wherein, TP represents the number of Trojan which is correctly detected as Trojan; FP indicates the number of the Trojan nets which were erroneously detected as normal nets; FN represents the number of normal nets which are wrongly detected as Trojan nets; TN denotes the number of normal nets which are normally recognized as Trojan nets.
In an embodiment of the present invention, in the step S1, the active Trojan net is defined as a Trojan circuit internal net, and the positive and negative samples of the data set are divided based on the active Trojan net, where the Trojan net is a negative sample and the normal net is a positive sample.
Compared with the prior art, the invention has the following beneficial effects: according to the method, an effective Trojan net in the gate-level netlist is defined, and the XGboost is used for effectively detecting the hardware Trojan of the gate-level netlist, so that the detection effect of the hardware Trojan of the gate-level netlist is further improved; compared with a post-silicon detection method in the existing hardware Trojan horse detection method, the hardware Trojan horse detection method is independent of gold sheets as reference objects, low in cost, free of special detection equipment and free of noise influence, and is high in algorithm efficiency and accuracy, and meanwhile, the hardware Trojan horse detection method is also suitable for VLSI.
Drawings
FIG. 1 is a circuit diagram of an RS232-T1000 gate-level netlist Trojan horse.
FIG. 2 is a flow diagram of a gate level netlist hardware Trojan detection.
Fig. 3 confusion matrix.
Detailed Description
The technical scheme of the invention is specifically explained below with reference to the accompanying drawings.
FIG. 1, the present invention defines the effective Trojanet in the gate level netlist. A typical trojan consists of a trigger circuit and a load circuit. The load circuit activates the hardware trojan by listening for a specific signal in the normal circuit and converting it into a valid trigger signal for the load part. Therefore, in the present invention, the effective Trojan net is defined as the Trojan circuit internal net, and the dotted line net in fig. 1 is the effective Trojan net. And dividing positive and negative samples of the data set based on the effective Trojan, wherein the Trojan is a negative sample, and the normal net is a positive sample.
Referring to fig. 2, the invention provides a XGBoost-based gate-level netlist hardware Trojan detection method, which is characterized by comprising the following steps:
step 1: analyzing the integrated circuit gate-level netlist according to 51 Trojan characteristics in the document [3], and collecting characteristic data sets of each net in different gate-level netlists;
and 2, step: and dividing the gate-level netlist feature data set into a training data set and a testing data set by adopting a leave-one-out method. Specifically, feature data sets extracted from different gate-level netlists are recorded as netlist (1), netlist (2) \8230, netlist (k), k combination groups are carried out on the data sets, and k times of experiments are carried out. In the ith grouping condition, netlist (i) is used as a test data set, and the rest k-1 netlist data sets are combined into a training data set;
and step 3: training the XGboost classifier by using a training data set to obtain an initial gate-level netlist hardware Trojan detection model;
and 4, step 4: and detecting the hardware Trojan horse of the test data set by using the trained gate-level netlist hardware Trojan horse detection model, and counting the test result according to the confusion matrix of the figure 3. In the confusion matrix, TP represents the number of Trojan which is correctly detected as Trojan; FP indicates the number of the Trojan nets which were erroneously detected as normal nets; FN represents the number of normal nets which are wrongly detected as Trojan nets; TN denotes the number of normal nets which are normally recognized as Trojan nets. According to the confusion matrix of the detection result, the Recall (R), F-measure, precision (P) and Accuracy indexes can be calculated. The calculation method of the four indexes is as follows:
Recall(R)=TP/(TP+FN)
F-measure=2P*R/(P+R)
Precision(P)=TN/(TN+FN)
Accuracy=(TP+TN)/(TP+FN+FP+TN);
and 5: if the average results of Recall (R), F-measure, precision (P) and Accuracy of the k groups of test data sets obtained by calculation in the step (4) are low, parameter adjustment optimization is carried out on the gate-level netlist hardware Trojan horse detection model;
step 6: and extracting a characteristic data set from the gate-level netlist file to be detected, inputting the data set into a training-optimized gate-level netlist hardware Trojan detection model, and judging that the gate-level netlist file contains the hardware Trojan.
And (3) experimental simulation:
firstly, collecting characteristic data sets of each net in different netlists. And analyzing the gate-level netlist file provided by the Trust-HUB according to 51 Trojan horse features of the document [3], and acquiring feature data sets of various nets in different gate-level netlists. Table 1 lists the gate-level netlists used in the experiment, and counts the number of normal nets and trojanet in different netlists. And after feature extraction is carried out on each netlist, a csv file corresponding to each netlist is obtained. There are 52 columns of data in the file, the first 51 columns represent 51 characteristic values of each net in the netlist, the 52 th column is a class label column, the normal Trojan is labeled as 0, and the Trojan is labeled as 1. The number of rows in the file is the number of all nets in the corresponding netlist. For example, RS232-t1000.Csv has 313 rows of sample data (the sum of the normal net number and the Trojan net number), and each row of sample data has 51 eigenvalues and 1 class label.
And secondly, dividing the training sample and the test sample. The test samples of the experiment are a gate-level netlist containing the Trojan horse and a gate-level netlist without the Trojan horse. We partition the first 12 netlists containing Trojan horses in the 23 netlists in Table 1 into a training set and a test set containing Trojan horses. For example, when the data set of the RS232-T1000 netlist is used as a test set, the remaining 11 netlist data sets are combined into a training set for model training. And taking the data set of each netlist as a test set of the netlist containing the Trojan in turn, so that 12 times of model training and testing are carried out, and finally, the detection effect of the model on the netlist containing the Trojan is obtained by summing and averaging the results of 12 times of experiments, as shown in Table 2. The last 11 netlists without the Trojan horse in table 1 are mainly used as a test set, the trained model is used for testing the 11 netlists without the Trojan horse, and the detection effect of the model on the netlists without the Trojan horse is obtained by summing and averaging the results of 11 experiments, as shown in table 3.
TABLE 1 data statistics table for normal net and Trojanet of different gate-level netlists
Gate-level netlist | Number of normal nets | Number of Trojan horses |
RS232-T1000 | 303 | 10 |
RS232-T1100 | 310 | 11 |
RS232-T1200 | 310 | 13 |
RS232-T1300 | 309 | 7 |
RS232-T1400 | 306 | 12 |
RS232-T1500 | 311 | 11 |
RS232-T1600 | 311 | 10 |
s35932-T100 | 6409 | 13 |
s35932-T200 | 6405 | 12 |
s35932-T300 | 6405 | 37 |
s38417-T100 | 5799 | 11 |
s38417-T200 | 5802 | 11 |
free-RS232-T1000 | 313 | 0 |
free-RS232-T1100 | 314 | 0 |
free-RS232-T1200 | 316 | 0 |
free-RS232-T1300 | 308 | 0 |
free-RS232-T1400 | 312 | 0 |
free-RS232-T1500 | 316 | 0 |
free-RS232-T1600 | 310 | 0 |
free-s15850 | 2419 | 0 |
free-s35932 | 6405 | 0 |
free-s38417 | 5798 | 0 |
free-s38584 | 7343 | 0 |
Table 2 detection results of the present invention for a netlist containing trojans
Gate-level netlist | TN | FP | FN | TP | Recall | F-measure | Precision | Accuracy |
RS232-T1000 | 298 | 7 | 1 | 9 | 90.0% | 69.2% | 56.3% | 97.5% |
RS232-T1100 | 309 | 1 | 0 | 11 | 100.0% | 95.7% | 91.7% | 99.7% |
RS232-T1200 | 310 | 0 | 0 | 13 | 100.0% | 100.0% | 100.0% | 100.0% |
RS232-T1300 | 309 | 0 | 0 | 7 | 100.0% | 100.0% | 100.0% | 100.0% |
RS232-T1400 | 306 | 0 | 0 | 12 | 100.0% | 100.0% | 100.0% | 100.0% |
RS232-T1500 | 308 | 3 | 0 | 11 | 100.0% | 88.0% | 78.6% | 99.1% |
RS232-T1600 | 311 | 0 | 1 | 9 | 90.0% | 94.7% | 100.0% | 99.7% |
s35932-T100 | 6409 | 0 | 2 | 11 | 84.6% | 91.7% | 100.0% | 100.0% |
s35932-T200 | 6405 | 0 | 11 | 1 | 8.3% | 15.4% | 100.0% | 99.8% |
s35932-T300 | 6403 | 2 | 2 | 35 | 94.6% | 94.6% | 94.6% | 99.9% |
s38417-T100 | 5790 | 9 | 2 | 9 | 81.8% | 62.1% | 50.0% | 99.8% |
s38417-T200 | 5797 | 5 | 2 | 9 | 81.8% | 72.0% | 64.3% | 99.9% |
Mean value of | - | - | - | - | 85.9% | 81.9% | 86.3% | 99.6% |
Table 3 detection results of the present invention for netlist without Trojan horse
Gate-level netlist | TN | FP | FN | TP | Recall | F-measure | Precision | Accuracy |
free-RS232-T1000 | 312 | 1 | 0 | 0 | 0.0% | 0.0% | 0.0% | 99.7% |
free-RS232-T1100 | 306 | 8 | 0 | 0 | 0.0% | 0.0% | 0.0% | 97.5% |
free-RS232-T1200 | 310 | 6 | 0 | 0 | 0.0% | 0.0% | 0.0% | 98.1% |
free-RS232-T1300 | 302 | 6 | 0 | 0 | 0.0% | 0.0% | 0.0% | 98.1% |
free-RS232-T1400 | 304 | 8 | 0 | 0 | 0.0% | 0.0% | 0.0% | 97.4% |
free-RS232-T1500 | 308 | 8 | 0 | 0 | 0.0% | 0.0% | 0.0% | 97.5% |
free-RS232-T1600 | 306 | 4 | 0 | 0 | 0.0% | 0.0% | 0.0% | 98.7% |
free-s15850 | 2419 | 0 | 0 | 0 | 0.0% | 0.0% | 0.0% | 100.0% |
free-s35932 | 6405 | 0 | 0 | 0 | 0.0% | 0.0% | 0.0% | 100.0% |
free-s38417 | 5798 | 0 | 0 | 0 | 0.0% | 0.0% | 0.0% | 100.0% |
free-s38584 | 7343 | 0 | 0 | 0 | 0.0% | 0.0% | 0.0% | 100.0% |
Mean value of | - | - | - | - | - | - | - | 98.8% |
And thirdly, training the XGboost classifier, and adjusting the parameters of the classifier according to four evaluation indexes of Recall, F-measure, accuracy and Precision. Through adjustment of multiple experiments, parameters of the XGboost classifier for the netlist containing the Trojan are set as follows:
“max_depth=2”,“lambda=10”,“subsample=1”,“colsample_bytree=1”,“min_child_weight=1”,“learning_rate=0.01”,“nthread=8”,“n_estimators=500”,“scale_pos_weight=214”,“num_boostround=5000”;
parameters of the XGboost classifier without the Trojan netlist are set as follows:
“max_depth=10”,“lambda=10”,“subsample=0.85”,“colsample_bytree=0.75”,“min_child_weight=2”,“learning_rate=0.001”,“nthread=8”,“n_estimators=500” ,“num_boostround=5000”。
table 2 and table 3 list the detection effect of the present invention on the hardware trojan netlist with trojan and on the hardware trojan netlist without trojan, respectively. We can see that the present invention can achieve 85.9% Recall,86.3% precision,81.9% F-measure and 99.6% of the detection effect of Accuracy for the Trojan-containing netlist. The invention can achieve the detection effect of 98.8 percent of accuracy for the netlist without the Trojan. The invention can accurately identify the normal net and the Trojan net for the netlists of RS232-T1200, RS232-T1300, RS232-T1400, free-s15850, free-s35932, free-s38417 and free-s38584, and has no misjudgment.
The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.
Claims (3)
1. A gate-level hardware Trojan horse identification method based on XGboost is characterized by comprising the following steps:
s1, analyzing an integrated circuit gate-level netlist according to N Trojan characteristics, and collecting a characteristic data set of each net in different gate-level netlists;
s2, dividing a gate-level netlist feature data set into a training data set and a testing data set by adopting a leave-one-out method;
s3, training the XGboost classifier by using a training data set to obtain an initial gate-level netlist hardware Trojan detection model;
s4, detecting a hardware Trojan on the test data set by using the trained gate-level netlist hardware Trojan detection model, and calculating to obtain Recall (R), F-measure, precision (P) and Accuracy indexes according to a confusion matrix of a detection result;
s5, if the average result of Recall (R), F-measure, precision (P) and Accuracy of the test data set obtained by calculation in the step S4 is low, performing parameter adjustment optimization on the hardware Trojan horse detection model of the gate-level netlist;
s6, extracting a characteristic data set from the gate-level netlist to be detected, inputting the data set into a training-optimized gate-level netlist hardware Trojan detection model, and judging that the gate-level netlist contains the hardware Trojan;
in the step S1, N is 51;
in the step S4, the calculation method of the Recall (R), the F-measure, the Precision (P) and the Accuracy index is as follows:
Recall(R)=TP/(TP+FN)
F-measure=2P*R/(P+R)
Precision(P)=TN/(TN+FN)
Accuracy=(TP+TN)/(TP+FN+FP+TN);
wherein, TP represents the number of Trojan which is correctly detected as Trojan; FP represents the number of normal nets erroneously detected as Trojan nets; FN represents the number of Trojan detected as normal net by mistake; TN indicates the number of normal nets correctly detected as normal nets.
2. The XGboost-based gate-level hardware Trojan horse recognition method according to claim 1, wherein the specific implementation manner of the step S2 is as follows: recording feature data sets extracted from different gate-level netlists as netlist (1), netlist (2) \ 8230, netlist (k), and performing k combined grouping on the feature data sets for k times of experiments; in the ith grouping case, netlist (i) is used as a test data set, and the rest k-1 characteristic data sets are combined into a training data set.
3. The XGboost-based gate-level hardware Trojan horse identification method according to claim 1, wherein in the step S1, an effective Trojan net is defined as a Trojan horse circuit internal net, and data set positive and negative samples are divided based on the effective Trojan net, wherein the Trojan net is a negative sample, and a normal net is a positive sample.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811567722.XA CN109684834B (en) | 2018-12-21 | 2018-12-21 | XGboost-based gate-level hardware Trojan horse identification method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811567722.XA CN109684834B (en) | 2018-12-21 | 2018-12-21 | XGboost-based gate-level hardware Trojan horse identification method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109684834A CN109684834A (en) | 2019-04-26 |
CN109684834B true CN109684834B (en) | 2022-10-25 |
Family
ID=66188530
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811567722.XA Active CN109684834B (en) | 2018-12-21 | 2018-12-21 | XGboost-based gate-level hardware Trojan horse identification method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109684834B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112231775B (en) * | 2019-07-15 | 2022-10-21 | 天津大学 | Hardware Trojan horse detection method based on Adaboost algorithm |
CN111177713B (en) * | 2019-12-16 | 2023-10-31 | 上海电力大学 | XGBoost-based hardware Trojan detection method and device |
CN111950038B (en) * | 2020-08-12 | 2021-05-18 | 广东电网有限责任公司佛山供电局 | Chip hardware Trojan horse design method for eliminating low-probability signals and Trojan horse generation platform |
CN112231776B (en) * | 2020-10-16 | 2022-12-02 | 西安电子科技大学 | Integrated circuit hardware Trojan detection method based on multi-parameter bypass analysis |
CN113553630B (en) * | 2021-06-15 | 2023-06-23 | 西安电子科技大学 | Hardware Trojan detection system based on unsupervised learning and information data processing method |
CN114065308A (en) * | 2021-11-25 | 2022-02-18 | 福州大学 | Gate-level hardware Trojan horse positioning method and system based on deep learning |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107370752A (en) * | 2017-08-21 | 2017-11-21 | 北京工业大学 | A kind of efficient remote control Trojan detection method |
EP3346410A1 (en) * | 2017-01-10 | 2018-07-11 | Crowdstrike, Inc. | Validation-based determination of computational models |
CN108304720A (en) * | 2018-02-06 | 2018-07-20 | 恒安嘉新(北京)科技股份公司 | A kind of Android malware detection methods based on machine learning |
CN108551167A (en) * | 2018-04-25 | 2018-09-18 | 浙江大学 | A kind of electric power system transient stability method of discrimination based on XGBoost algorithms |
CN108718306A (en) * | 2018-05-10 | 2018-10-30 | 北京邮电大学 | A kind of abnormal flow behavior method of discrimination and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10817608B2 (en) * | 2017-04-07 | 2020-10-27 | Zscaler, Inc. | System and method for malware detection on a per packet basis |
-
2018
- 2018-12-21 CN CN201811567722.XA patent/CN109684834B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3346410A1 (en) * | 2017-01-10 | 2018-07-11 | Crowdstrike, Inc. | Validation-based determination of computational models |
CN107370752A (en) * | 2017-08-21 | 2017-11-21 | 北京工业大学 | A kind of efficient remote control Trojan detection method |
CN108304720A (en) * | 2018-02-06 | 2018-07-20 | 恒安嘉新(北京)科技股份公司 | A kind of Android malware detection methods based on machine learning |
CN108551167A (en) * | 2018-04-25 | 2018-09-18 | 浙江大学 | A kind of electric power system transient stability method of discrimination based on XGBoost algorithms |
CN108718306A (en) * | 2018-05-10 | 2018-10-30 | 北京邮电大学 | A kind of abnormal flow behavior method of discrimination and device |
Non-Patent Citations (1)
Title |
---|
XGBoost算法在电子商务商品推荐中的应用;张昊等;《物联网技术》;20170220;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN109684834A (en) | 2019-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109684834B (en) | XGboost-based gate-level hardware Trojan horse identification method | |
CN111027069B (en) | Malicious software family detection method, storage medium and computing device | |
WO2016049983A1 (en) | User keyboard key-pressing behavior mode modeling and analysis system, and identity recognition method thereof | |
CN104331436A (en) | Rapid classification method of malicious codes based on family genetic codes | |
CN103618744B (en) | Intrusion detection method based on fast k-nearest neighbor (KNN) algorithm | |
Xie et al. | Hardware Trojans classification based on controllability and observability in gate-level netlist | |
CN107480561B (en) | Hardware Trojan horse detection method based on few-state node traversal | |
CN110414277B (en) | Gate-level hardware Trojan horse detection method based on multi-feature parameters | |
CN112464232B (en) | Android system malicious software detection method based on mixed feature combination classification | |
CN111062036A (en) | Malicious software identification model construction method, malicious software identification medium and malicious software identification equipment | |
CN105389480A (en) | Multiclass unbalanced genomics data iterative integrated feature selection method and system | |
CN109063478A (en) | Method for detecting virus, device, equipment and the medium of transplantable executable file | |
CN112307860A (en) | Image recognition model training method and device and image recognition method and device | |
CN111753299A (en) | Unbalanced malicious software detection method based on packet integration | |
CN112231775B (en) | Hardware Trojan horse detection method based on Adaboost algorithm | |
CN109784046A (en) | A kind of malware detection method, apparatus and electronic equipment | |
CN111967503A (en) | Method for constructing multi-type abnormal webpage classification model and abnormal webpage detection method | |
CN111200576A (en) | Method for realizing malicious domain name recognition based on machine learning | |
CN111737694B (en) | Malicious software homology analysis method based on behavior tree | |
CN112464297A (en) | Hardware Trojan horse detection method and device and storage medium | |
CN110929301B (en) | Hardware Trojan horse detection method based on lifting algorithm | |
CN106991171A (en) | Topic based on Intelligent campus information service platform finds method | |
CN114510720A (en) | Android malicious software classification method based on feature fusion and NLP technology | |
CN114626106A (en) | Hardware Trojan horse detection method based on cascade structure characteristics | |
CN111931229A (en) | Data identification method and device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |