CN114329472A - BIOS (basic input output System) malicious program detection method and device based on double embedding and model pruning - Google Patents

BIOS (basic input output System) malicious program detection method and device based on double embedding and model pruning Download PDF

Info

Publication number
CN114329472A
CN114329472A CN202111671081.4A CN202111671081A CN114329472A CN 114329472 A CN114329472 A CN 114329472A CN 202111671081 A CN202111671081 A CN 202111671081A CN 114329472 A CN114329472 A CN 114329472A
Authority
CN
China
Prior art keywords
vector
bios
data set
len
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111671081.4A
Other languages
Chinese (zh)
Other versions
CN114329472B (en
Inventor
李翔
张豪杰
赵建洋
谢乾
汪涛
周国栋
陈礼青
寇海洲
高尚兵
束玮
张宁
丁婧娴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huai'an Xinye Electric Power Design Consulting Co ltd
Original Assignee
Jiangsu Zhuoyi Information Technology Co ltd
Nanjing Byosoft Co ltd
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Zhuoyi Information Technology Co ltd, Nanjing Byosoft Co ltd, Huaiyin Institute of Technology filed Critical Jiangsu Zhuoyi Information Technology Co ltd
Priority to CN202111671081.4A priority Critical patent/CN114329472B/en
Publication of CN114329472A publication Critical patent/CN114329472A/en
Application granted granted Critical
Publication of CN114329472B publication Critical patent/CN114329472B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Image Processing (AREA)

Abstract

The invention discloses a BIOS (basic input output System) malicious program detection method and device based on double embedding and model pruning. Firstly, reading a BIOS mirror image file to construct an original data set, and performing binary translation processing on the original data set; then, converting the translated data set into a two-dimensional matrix by using a B2M algorithm, and mapping a program file into an uncompressed gray level image to extract features; inputting an original data set into a Bert pruning model with 6 layers of transformers, cross-layer connecting small-scale TextCNNs in series behind the transformers, and introducing uncertainty for outputting a simple program in advance; and finally, splicing the image vector and the text vector of the BIOS program, and outputting a program detection result based on the fused vector. The method of the invention uses double embedding of the text and the gray level image to carry out feature expansion, so that variant viruses in the BIOS program can be effectively resisted, and meanwhile, the program detection efficiency can be improved by the deep learning model after pruning, so that the method can be better applied to an actual scene.

Description

BIOS (basic input output System) malicious program detection method and device based on double embedding and model pruning
Technical Field
The invention belongs to the technical field of text classification and multi-feature fusion, and particularly relates to a BIOS malicious program detection method and device based on double embedding and model pruning.
Background
In recent years, the number of variants of malicious codes is increased explosively, rapid variants and confusion means of the malicious codes make the variants of the malicious codes more and more difficult to identify, and the rapid variants and the confusion means pose a significant threat to network security, so that detection of the malicious codes becomes a research hotspot.
In the existing malicious program detection method, the following defects exist: 1. the detection of the malicious programs always depends on a feature code detection method similar to the traditional virus, and the method cannot deal with novel powerful malicious programs; 2. the existing malicious program detection cannot cope with rapid variant malicious programs, and single characteristics in algorithm detection cannot resist variant forms; 3. the detection of the algorithm malicious program is easily interfered by an obfuscation technology, so that the detection precision is reduced.
Disclosure of Invention
The purpose of the invention is as follows: in order to solve the problems, the invention provides a BIOS malicious program detection method and device based on double embedding and model pruning, which can effectively resist variant viruses by combining image information and semantic structure information of a BIOS program, and meanwhile, the detection efficiency of the model is effectively improved by constructing a pruning model.
The invention is realized by the following technical scheme:
the invention provides a BIOS malicious program detection method and device based on double embedding and model pruning, which comprises the following steps:
step 1: reading the BIOS image file, constructing a BIOS program original data set D1, and performing binary translation processing on the data after the data is cleaned to obtain a data set D2, wherein the specific method comprises the following steps:
step 1.1: reading the BIOS image file, obtaining the data to be cleaned, defining the BIOS image program data set as D1, D1 ═ D1,d2,d2…dn},dnThe nth data to be cleaned;
step 1.2: performing data cleaning on the data set D1 to obtain a data set D1';
step 1.3: binary translation processing is performed on the cleaned data set D1' to obtain a data set D2, D2 ═ Doc1,Doc2,Doc3…DocNTherein Doc ofNIs the Nth data to be processed.
Step 2: converting a data set D2 into an uncompressed gray image by using a B2M algorithm, extracting LBP textures and SIFT features represented by a BoVW bag-of-words model, splicing, and inputting the spliced SIFT features into an SVM classifier, wherein the specific method comprises the following steps:
step 2.1: reading a binary file in a BIOS data set D2, converting a group of 8 bits into an unsigned integer, setting a value interval between (0, 255) and converting into a one-dimensional array A1;
step 2.2: defining a two-dimensional array A2, and setting a fixed width, width being 2nTaking the numerical value of a one-dimensional array A1 as an element of A2 to obtain a fixed width matrix M1;
step 2.3: dumping the two-dimensional matrix with the fixed width into a gray image G;
step 2.4: performing K-means clustering on the extracted whole SIFT characteristics to obtain K clustering centers serving as visual word lists;
step 2.5: taking a word list as a standard, and calculating the distance between each SIFT feature point and each word in the word list;
step 2.6: obtaining a characteristic vector F of the image, and obtaining a data set vector sequence F ═ F1,f2,f3…flen(D2)Len (D2) is defined as the data set D2 length;
step 2.7: calculating an LBP characteristic image of the BIOS program image, and carrying out blocking processing;
step 2.8: calculating a histogram of each regional characteristic image, and normalizing;
step 2.9: arranging the histograms of the characteristic images of each block according to the spatial sequence of the blocks to obtain an LBP characteristic vector u;
step 2.10: obtaining a data set LBP feature vector sequence U ═ U1,u2,u3…ulen(D2)}。
Step 2.11: the LBP feature vector and the SIFT feature vector are spliced and input into an SVM classifier, and the output vector sequence R is { R ═ R1,r2,r3…rlen(D2)}。
And step 3: inputting a data set D1' of cleaned BIOS programs into an embedding layer of Bert, and obtaining a vector containing a program structure and semantics by combining token information, segment information and position information, wherein the specific method comprises the following steps:
step 3.1: processing the data set D1' cleaned by the BIOS program, defining the data set Text ═ t1,t2,t3…tlen(D1′)},tj={label,dj},j<len(D1′),djE is D1 ', len (D1 ') is the length of the data set D1 ', and label is the BIOS program data set label;
step 3.2: defining a loop variable i, circularly traversing the Text data set, giving the variable i an initial value of 1, and defining len (S)i) Defining len (text) as the length of the data set for the ith data length, and unifying the fixed text length len _ max;
step 3.3: if i < len (text), skipping to step 3.4, otherwise skipping to step 3.12;
step 3.4: if len (S)i) And (2) len _ max is more than or equal to len _ max, zero filling is carried out on the sequence, otherwise, the sequence is truncated, and the sequence is unified and fixed in length;
step 3.5: obtaining a new sequence TiLength is defined as len (T)i);
Step 3.6: inputting token embedding layer, segment embedding layer and position embedding layer to obtain vector v1,v2And v3Defining a cycle variable Na and assigning an initial value of 1;
step 3.7:if Na < len (T)i) Skipping to step 3.8, otherwise skipping to step 3.10;
step 3.8: definition vector v (na) ═ v1+v2+v3
Step 3.9: na +1, skipping to step 3.7;
step 3.10: obtain a vector yi={V1,V2,V3…V(len_max)};
Step 3.11: i is i +1, and skipping to step 3.3;
step 3.12: outputting the final vector sequence Y ═ Y1,y2,y3…ylen(Text)}。
And 4, step 4: inputting the obtained vector sequence into 6 layers of transformers after pruning, and performing cross-layer tandem connection on small-scale TextCNNs behind the transformers for outputting simple samples in advance, wherein the specific method comprises the following steps:
step 4.1: constructing a Bert pruning model of 6 layers of transformers, and transmitting the Bert pruning model into a vector sequence Y;
step 4.2: defining a cycle variable j, wherein an initial value assigned to the j is 1, and defining a threshold index Speed and an Uncertainty;
step 4.3: if j < len (Y), skipping to step 4.4, otherwise skipping to step 4.10;
step 4.4: will vector yjInto the Transformer layer, yjE, defining a cycle variable i, wherein i is less than or equal to 3, and an initial value of i is 1;
step 4.5: if the loop variable i is less than 3, executing the step 4.5.1-4.5.3, otherwise, jumping to the step 4.7;
step 4.5.1: outputting a vector Pt at a 2i layer of a transform, connecting small-scale TextCNN in series at a 2i layer of the transform, and inputting the vector Pt into a TextCNN network;
step 4.5.2: outputting a prediction vector Ps through a convolution layer, a pooling layer and a Softmax layer of the convolutional neural network;
step 4.5.3: calculating uncertainty
Figure BDA0003449520360000031
If Uncertainty > SpeedTransmitting the next layer of transform, jumping to the step 4.6, otherwise outputting the vector Ps;
step 4.6: i is i +1, and skipping to step 4.5;
step 4.7: outputting a vector Pt by a last layer of Transformer layer, and outputting a vector Ps through a convolutional neural network;
step 4.8: j equals j +1, go to step 4.3;
step 4.9: outputting the whole vector sequence H ═ Ps1,Ps2,Ps3…Pslen(Y)}。
And 5: fusing a BIOS program data set image vector and a text vector, and outputting a program detection result based on the fused vector, wherein the specific method comprises the following steps:
step 5.1: splicing vector sequences R and H, defining variables i and PsiRepresenting the ith vector, r, of the sequence of vectors HiRepresenting the ith vector of the vector sequence R;
step 5.2: stitching vector PsiAnd vector ri
Step 5.3: and obtaining a new vector sequence B, and performing class prediction on an output layer to realize the detection of the BIOS malicious program.
The invention is realized by the following technical scheme
The device for detecting the BIOS malicious programs based on the double embedding and the model pruning comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and is characterized in that when the computer program is loaded to the processor, the method for detecting the BIOS malicious programs based on the double embedding and the model pruning described in any one of the steps 1 to 5 is implemented.
By adopting the technical scheme, the invention has the following beneficial effects:
1. the dual embedding and the model pruning adopted by the invention have important functions and significance for the detection and classification of the traditional BIOS malicious programs. When the problem of single feature is faced, the B2M algorithm is used for reading the binary bit stream of the BIOS program, the BIOS program is converted into a non-compressed gray scale image, and the image feature of the BIOS program is extracted. Then BIOS semantics and structure information are extracted through an imbedding layer of Bert, a pruning model of 6 layers of transformers is constructed, a small-scale TextCNN model is connected in series in a cross-layer mode, uncertainty is introduced, simple samples can be output in advance, and efficiency is improved. And finally, splicing the image characteristics and the text characteristics of the BIOS program, and outputting a BIOS program detection result based on the fused characteristics.
2. The fusion of the image information and the program text information of the BIOS program can effectively resist variant viruses with strong functions during model detection;
3. the image SIFT features expressed by the BoVW model are beneficial to large-scale image retrieval and the expandability of the SIFT features is realized, so that the image SIFT features can be conveniently combined with feature vectors in other forms.
4. According to the invention, the construction of a pruning model of 6 layers of transformers and the cross-layer series connection TextCNN model are adopted, so that the efficiency of model detection is better improved;
5. according to the method, the dynamic vector can be generated by adopting the Tranformer, so that the extracted text information can better adapt to the situation;
6. the invention adopts the Bert model to extract the semantic and structural information of the BIOS program, so that the extracted text information is more abundant;
7. the deep network has excellent performance compared with the shallow network, and the deep bidirectional language representation of the Bert model ensures that the Bert model has higher performance.
Drawings
FIG. 1 is an overall flow chart of the present invention;
FIG. 2 is a flow chart of BIOS program dataset cleaning;
FIG. 3 is a flow chart of extracting BIOS program image features;
FIG. 4 is a flow chart of extracting BIOS program text information by the imbedding layer of the Bert model;
FIG. 5 is a flow chart of pruning model construction;
FIG. 6 is a flow chart of vector stitching.
Detailed Description
The present invention is further illustrated in the following description with reference to the accompanying figures 1-6, which are intended to be illustrative only and not to be limiting of the scope of the invention, and various equivalent modifications of the invention will occur to those skilled in the art upon reading the present invention and fall within the scope of the appended claims.
The following takes a single BIOS image file as an example:
step 1: reading the BIOS image file, and performing binary translation processing on the BIOS image file, as shown in fig. 2:
step 1.1: reading BIOS image file, defining the BIOS image program data as d1
Step 1.2: for BIOS mirror image program data d1Binary translation processing is performed.
Step 2: data d is processed by using B2M algorithm1Converting into an uncompressed gray image, extracting LBP texture and SIFT features represented by a BoVW bag-of-words model, splicing, and inputting into an SVM classifier, specifically as shown in FIG. 3:
step 2.1: reading data d1In the binary file, one group of 8 bits is converted into unsigned integer, the value range is (0, 255), and the binary file is converted into a one-dimensional array A1;
step 2.2: defining a two-dimensional array A2, and setting a fixed width, width being 2nTaking the value of the one-dimensional array A1 and taking the fixed width as the element of A2 to obtain a fixed width matrix M1;
step 2.3: dumping the two-dimensional matrix with the fixed width into a gray image G;
step 2.4: performing K-means clustering on the extracted whole SIFT characteristics to obtain K clustering centers serving as visual word lists;
step 2.5: taking a word list as a standard, and calculating the distance between each SIFT feature point and each word in the word list;
step 2.6: obtaining a feature vector f1 of the image G;
step 2.7: calculating an LBP characteristic image of the BIOS program image G, and carrying out blocking processing;
step 2.8: calculating a histogram of each regional characteristic image, and normalizing;
step 2.9: the histograms of the characteristic images of each block are arranged according to the spatial sequence of the blocksObtaining LBP feature vector u1
Step 2.10: and (4) splicing the LBP feature vector and the SIFT feature vector, inputting the spliced LBP feature vector and SIFT feature vector into an SVM classifier, and outputting a vector r 1.
And step 3: the BIOS program data d1Inputting an embedding layer of Bert, and obtaining a vector containing a program structure and semantics by combining token information, segment information and position information, wherein the concrete steps are as shown in FIG. 4:
step 3.1: definition of t1={label,d1And label of BIOS program data set;
step 3.2: definition len (S)1) As data d1Length, uniform fixed text length len _ max;
step 3.3: if len (S)1) And (2) len _ max is more than or equal to len _ max, zero filling is carried out on the sequence, otherwise, the sequence is truncated, and the sequence is unified and fixed in length;
step 3.4: obtaining a new sequence T1
Step 3.5: inputting token embedding layer, segment embedding layer and position embedding layer to obtain vector v1,v2And v3Defining a cycle variable Na and assigning an initial value of 1;
step 3.6: if Na < len (T)1) Skipping to step 3.7, otherwise skipping to step 3.9;
step 3.7: definition vector v (na) ═ v1+v2+v3
Step 3.8: na +1, skipping to step 3.6;
step 3.9: output vector y1={V1,V2,V3…V(len_max)}。
And 4, step 4: inputting the obtained vector into a 6-layer Transformer model after pruning, and cross-layer and series-connecting small-scale TextCNN behind the Transformer for outputting a simple sample in advance, as shown in fig. 5 specifically:
step 4.1: constructing a Bert pruning model of 6 layers of transformers, and transmitting the Bert pruning model into a vector sequence y1
Step 4.2: defining a threshold index Speed and an Uncertainty;
step 4.3: will vector y1Transmitting the data into a Transformer layer, and defining a cycle variable i, wherein i is less than or equal to 3, and an initial value of i is 1;
step 4.4: if the loop variable i is less than 3, executing the step 4.4.1-4.4.3, otherwise, jumping to the step 4.6;
step 4.4.1: outputting a vector Pt at a 2i layer of a transform, connecting small-scale TextCNN in series at a 2i layer of the transform, and inputting the vector Pt into a TextCNN network;
step 4.4.2: outputting the prediction vector Ps through a convolution layer, a pooling layer and a Softmax layer of the convolutional neural network1
Step 4.4.3: calculating uncertainty
Figure BDA0003449520360000071
If Uncertainty>Speed, transferring next layer of Transformer, jumping to step 4.5, otherwise outputting vector Ps1
Step 4.5: i is i +1, and skipping to step 4.5;
step 4.6: the last layer of Transformer layer outputs a vector Pt, and the vector Ps is output through a convolutional neural network1
And 5: fusing the image vector and the text vector of the BIOS program data set, and outputting a program detection result based on the fused vector, as shown in FIG. 6 specifically:
step 5.1: stitching vector Ps1And vector r1
Step 5.3: obtain a new vector b1And performing class prediction on an output layer, and performing malicious virus detection on the BIOS program.
Figure BDA0003449520360000072
Figure BDA0003449520360000081
The device comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and when the computer program is loaded to the processor, the BIOS malicious program detection method based on the double embedding and the model pruning is realized.

Claims (7)

1. The BIOS malicious program detection method based on double embedding and model pruning is characterized by comprising the following steps of:
step 1: reading a BIOS mirror image file, constructing a BIOS program original data set D1, and performing binary translation processing on the data after the data are cleaned to obtain a data set D2;
step 2: converting a data set D2 into an uncompressed gray image by using a B2M algorithm, extracting LBP textures and SIFT features represented by a BoVW bag-of-words model, splicing, and inputting the spliced SIFT features into an SVM classifier;
and step 3: inputting a data set D1' of a cleaned BIOS program into an embedding layer of a Bert model, and obtaining a vector containing a program structure and semantics by combining token information, segment information and position information;
and 4, step 4: inputting the obtained vector sequence into 6 layers of transmormers after pruning, and performing cross-layer series connection on small-scale TextCNNs behind the transmormers for outputting simple samples in advance;
and 5: and fusing the image vector and the text vector of the BIOS program data set, and outputting a program detection result based on the fused vector.
2. The method for detecting the BIOS malware based on double embedding and model pruning as claimed in claim 1, wherein the specific method of step 1 is:
step 1.1: reading the BIOS image file, obtaining the data to be cleaned, defining the BIOS image program data set as D1, D1 ═ D1,d2,d2…dn},dnThe nth data to be cleaned;
step 1.2: performing data cleaning on the data set D1 to obtain a data set D1';
step 1.3: binary conversion of the cleaned data set D1The translation processing results in a data set D2, D2 ═ Doc1,Doc2,Doc3…DocNTherein Doc ofNIs the Nth data to be processed.
3. The dual-embedding and model-pruning-based BIOS malware detection method of claim 1, wherein the specific method of step 2 is:
step 2.1: reading a binary file in a BIOS data set D2, converting a group of 8 bits into an unsigned integer, setting a value interval between (0, 255) and converting into a one-dimensional array A1;
step 2.2: defining a two-dimensional array A2, and setting a fixed width, width being 2nTaking the numerical value of a one-dimensional array A1 as an element of A2 to obtain a fixed width matrix M1;
step 2.3: dumping the two-dimensional matrix with the fixed width into a gray image G;
step 2.4: performing K-means clustering on the extracted whole SIFT characteristics to obtain K clustering centers serving as visual word lists;
step 2.5: taking a word list as a standard, and calculating the distance between each SIFT feature point and each word in the word list;
step 2.6: obtaining a characteristic vector F of the image, and obtaining a data set vector sequence F ═ F1,f2,f3…flen(D2)Len (D2) is defined as the data set D2 length;
step 2.7: calculating an LBP characteristic image of the BIOS program image, and carrying out blocking processing;
step 2.8: calculating a histogram of each regional characteristic image, and normalizing;
step 2.9: arranging the histograms of the characteristic images of each block according to the spatial sequence of the blocks to obtain an LBP characteristic vector u;
step 2.10: obtaining a data set LBP feature vector sequence U ═ U1,u2,u3…ulen(D2)}。
Step 2.11: the LBP feature vector and the SIFT feature vector are spliced and input into an SVM classifier, and the output vector sequence R is { R ═ R1,r2,r3…rlen(D2)}。
4. The dual-embedding and model-pruning-based BIOS malware detection method of claim 1, wherein the specific method of step 3 is:
step 3.1: processing the data set D1' cleaned by the BIOS program, defining the data set Text ═ t1,t2,t3…tlen(D1′)},tj={label,dj},j<len(D1′),djE is D1 ', len (D1 ') is the length of the data set D1 ', and label is the BIOS program data set label;
step 3.2: defining a loop variable i, circularly traversing the Text data set, giving the variable i an initial value of 1, and defining len (S)i) Defining len (text) as the length of the data set for the ith data length, and unifying the fixed text length len _ max;
step 3.3: if i < len (text), skipping to step 3.4, otherwise skipping to step 3.12;
step 3.4: if len (S)i) And (2) len _ max is more than or equal to len _ max, zero filling is carried out on the sequence, otherwise, the sequence is truncated, and the sequence is unified and fixed in length;
step 3.5: obtaining a new sequence TiLength is defined as len (T)i);
Step 3.6: inputting token embedding layer, segment embedding layer and position embedding layer to obtain vector v1,v2And v3Defining a cycle variable Na and assigning an initial value of 1;
step 3.7: if Na < len (T)i) Skipping to step 3.8, otherwise skipping to step 3.10;
step 3.8: definition vector v (na) ═ v1+v2+v3
Step 3.9: na +1, skipping to step 3.7;
step 3.10: obtain a vector yi={V1,V2,V3…V(len_max)};
Step 3.11: i is i +1, and skipping to step 3.3;
step 3.12: outputting the final vector sequence Y ═ Y1,y2,y3…ylen(Text)}。
5. The dual-embedding and model-pruning-based BIOS malware detection method of claim 1, wherein the specific method of step 4 is:
step 4.1: constructing a Bert pruning model of 6 layers of transformers, and transmitting the Bert pruning model into a vector sequence Y;
step 4.2: defining a cycle variable j, wherein an initial value assigned to the j is 1, and defining a threshold index Speed and an Uncertainty;
step 4.3: if j < len (Y), skipping to step 4.4, otherwise skipping to step 4.10;
step 4.4: will vector yjInto the Transformer layer, yjE, defining a cycle variable i, wherein i is less than or equal to 3, and an initial value of i is 1;
step 4.5: if the loop variable i is less than 3, executing the step 4.5.1-4.5.3, otherwise, jumping to the step 4.7;
step 4.5.1: outputting a vector Pt at a 2i layer of a transform, connecting small-scale TextCNN in series at a 2i layer of the transform, and inputting the vector Pt into a TextCNN network;
step 4.5.2: outputting a prediction vector Ps through a convolution layer, a pooling layer and a Softmax layer of the convolutional neural network;
step 4.5.3: calculating uncertainty
Figure FDA0003449520350000031
If Uncertainty is larger than Speed, transferring the next layer of transform, and skipping to the step 4.6, otherwise, outputting the vector Ps;
step 4.6: i is i +1, and skipping to step 4.5;
step 4.7: outputting a vector Pt by a last layer of Transformer layer, and outputting a vector Ps through a convolutional neural network;
step 4.8: j equals j +1, go to step 4.3;
step 4.9: outputting the whole vector sequence H ═ Ps1,Ps2,Ps3…Pslen(Y)}。
6. The dual-embedding and model-pruning-based BIOS malware detection method of claim 1, wherein the specific method of step 5 is:
step 5.1: splicing vector sequences R and H, defining variables i and PsiRepresenting the ith vector, r, of the sequence of vectors HiRepresenting the ith vector of the vector sequence R;
step 5.2: stitching vector PsiAnd vector ri
Step 5.3: and obtaining a new vector sequence B, and performing class prediction on an output layer to realize the detection of the BIOS malicious program.
7. Dual embedding and model pruning based BIOS malware detection apparatus comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the computer program when loaded into the processor implements the dual embedding and model pruning based BIOS malware detection method according to any one of claims 1-6.
CN202111671081.4A 2021-12-31 2021-12-31 BIOS malicious program detection method and device based on dual embedding and model pruning Active CN114329472B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111671081.4A CN114329472B (en) 2021-12-31 2021-12-31 BIOS malicious program detection method and device based on dual embedding and model pruning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111671081.4A CN114329472B (en) 2021-12-31 2021-12-31 BIOS malicious program detection method and device based on dual embedding and model pruning

Publications (2)

Publication Number Publication Date
CN114329472A true CN114329472A (en) 2022-04-12
CN114329472B CN114329472B (en) 2023-05-19

Family

ID=81020806

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111671081.4A Active CN114329472B (en) 2021-12-31 2021-12-31 BIOS malicious program detection method and device based on dual embedding and model pruning

Country Status (1)

Country Link
CN (1) CN114329472B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105005786A (en) * 2015-06-19 2015-10-28 南京航空航天大学 Texture image classification method based on BoF and multi-feature fusion
CN111143563A (en) * 2019-12-27 2020-05-12 电子科技大学 Text classification method based on integration of BERT, LSTM and CNN
CN111914613A (en) * 2020-05-21 2020-11-10 淮阴工学院 Multi-target tracking and facial feature information identification method
WO2021000362A1 (en) * 2019-07-04 2021-01-07 浙江大学 Deep neural network model-based address information feature extraction method
CN113378163A (en) * 2020-03-10 2021-09-10 四川大学 Android malicious software family classification method based on DEX file partition characteristics
CN113468527A (en) * 2021-06-22 2021-10-01 上海电力大学 Malicious code family classification method based on feature expression enhancement
CN113836903A (en) * 2021-08-17 2021-12-24 淮阴工学院 Method and device for extracting enterprise portrait label based on situation embedding and knowledge distillation

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105005786A (en) * 2015-06-19 2015-10-28 南京航空航天大学 Texture image classification method based on BoF and multi-feature fusion
WO2021000362A1 (en) * 2019-07-04 2021-01-07 浙江大学 Deep neural network model-based address information feature extraction method
CN111143563A (en) * 2019-12-27 2020-05-12 电子科技大学 Text classification method based on integration of BERT, LSTM and CNN
CN113378163A (en) * 2020-03-10 2021-09-10 四川大学 Android malicious software family classification method based on DEX file partition characteristics
CN111914613A (en) * 2020-05-21 2020-11-10 淮阴工学院 Multi-target tracking and facial feature information identification method
CN113468527A (en) * 2021-06-22 2021-10-01 上海电力大学 Malicious code family classification method based on feature expression enhancement
CN113836903A (en) * 2021-08-17 2021-12-24 淮阴工学院 Method and device for extracting enterprise portrait label based on situation embedding and knowledge distillation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张豪杰 等: ""基于Bi-GRU和Self-Attention模型的企业关系抽取"", 《工业控制计算机》 *

Also Published As

Publication number Publication date
CN114329472B (en) 2023-05-19

Similar Documents

Publication Publication Date Title
CN109165306B (en) Image retrieval method based on multitask Hash learning
JP7193252B2 (en) Captioning image regions
Yan et al. Supervised hash coding with deep neural network for environment perception of intelligent vehicles
JP5774985B2 (en) Image similarity search system and method
Wang et al. A deep semantic framework for multimodal representation learning
CN109033833B (en) Malicious code classification method based on multiple features and feature selection
JP2016042359A (en) Recognition apparatus, real number matrix decomposition method, and recognition method
CN106033426A (en) Image retrieval method based on latent semantic minimum hash
CN116089648B (en) File management system and method based on artificial intelligence
Kishorjit Singh et al. Image classification using SLIC superpixel and FAAGKFCM image segmentation
Zheng et al. Mid‐level deep Food Part mining for food image recognition
Al-Jubouri Content-based image retrieval: Survey
Adnan et al. An improved automatic image annotation approach using convolutional neural network-Slantlet transform
CN112163114A (en) Image retrieval method based on feature fusion
Chen et al. Visual-based deep learning for clothing from large database
Li Image semantic segmentation method based on GAN network and ENet model
Siddiqui et al. A robust framework for deep learning approaches to facial emotion recognition and evaluation
CN111368176A (en) Cross-modal Hash retrieval method and system based on supervision semantic coupling consistency
Solanki et al. Flower species detection system using deep convolutional neural networks
Saaim et al. Light-weight file fragments classification using depthwise separable convolutions
CN116796288A (en) Industrial document-oriented multi-mode information extraction method and system
JP6364387B2 (en) Feature generation apparatus, method, and program
WO2023078009A1 (en) Model weight acquisition method and related system
CN114329472B (en) BIOS malicious program detection method and device based on dual embedding and model pruning
Hu et al. Efficient scene text recognition model built with PaddlePaddle framework

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230918

Address after: Room 1107, Building B3, Financial Center, No. 16 Shuidukou Avenue, Qingjiangpu District, Huai'an City, Jiangsu Province, 223001

Patentee after: Jiangsu Kewen Enterprise Management Co.,Ltd.

Address before: 223005 Jiangsu Huaian economic and Technological Development Zone, 1 East Road.

Patentee before: HUAIYIN INSTITUTE OF TECHNOLOGY

Patentee before: NANJING BYOSOFT Co.,Ltd.

Patentee before: JIANGSU ZHUOYI INFORMATION TECHNOLOGY Co.,Ltd.

Effective date of registration: 20230918

Address after: 223005 Qingchuang Space 16F-03, Huai'an Ecological and Cultural Tourism Zone, Huai'an City, Jiangsu Province

Patentee after: Huai'an Xinye Power Construction Co.,Ltd.

Address before: Room 1107, Building B3, Financial Center, No. 16 Shuidukou Avenue, Qingjiangpu District, Huai'an City, Jiangsu Province, 223001

Patentee before: Jiangsu Kewen Enterprise Management Co.,Ltd.

CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 223005 Qingchuang Space 16F-03, Huai'an Ecological and Cultural Tourism Zone, Huai'an City, Jiangsu Province

Patentee after: Huai'an Xinye Electric Power Design Consulting Co.,Ltd.

Country or region after: China

Address before: 223005 Qingchuang Space 16F-03, Huai'an Ecological and Cultural Tourism Zone, Huai'an City, Jiangsu Province

Patentee before: Huai'an Xinye Power Construction Co.,Ltd.

Country or region before: China