CN114491849A - Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium - Google Patents
Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114491849A CN114491849A CN202210077359.3A CN202210077359A CN114491849A CN 114491849 A CN114491849 A CN 114491849A CN 202210077359 A CN202210077359 A CN 202210077359A CN 114491849 A CN114491849 A CN 114491849A
- Authority
- CN
- China
- Prior art keywords
- sample
- instruction
- detected
- parameters
- malicious
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/10—Geometric CAD
- G06F30/17—Mechanical parametric or variational design
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B21—MECHANICAL METAL-WORKING WITHOUT ESSENTIALLY REMOVING MATERIAL; PUNCHING METAL
- B21J—FORGING; HAMMERING; PRESSING METAL; RIVETING; FORGE FURNACES
- B21J15/00—Riveting
- B21J15/02—Riveting procedures
- B21J15/04—Riveting hollow rivets mechanically
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
- G06F30/27—Design optimisation, verification or simulation using machine learning, e.g. artificial intelligence, neural networks, support vector machines [SVM] or training a model
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Geometry (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Computational Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Mechanical Engineering (AREA)
- Investigating Strength Of Materials By Application Of Mechanical Stress (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the invention relates to the technical field of self-piercing riveting, in particular to a method and a device for determining self-piercing riveting technological parameters, electronic equipment and a storage medium. The method for determining the self-piercing riveting process parameters comprises the following steps: performing static analysis on a sample to be detected to obtain all behavior instructions existing in the sample to be detected; wherein the behavior instruction comprises an instruction type and an instruction parameter; determining abnormal instructions in all the behavior instructions; and judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction. The technical scheme provided by the invention accelerates the detection efficiency of the sample to be detected by using a static analysis mode, and can effectively judge whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction, thereby solving the problem that the malicious sample is difficult to be effectively detected.
Description
Technical Field
The embodiment of the invention relates to the technical field of self-piercing riveting, in particular to a method and a device for determining self-piercing riveting technological parameters, electronic equipment and a storage medium.
Background
Self-piercing riveting (namely self-piercing riveting) is a new connecting technology, is widely applied to the fields of aviation, aerospace, automobiles, ships and the like, and has the advantages of no need of punching, drilling, heating and the like compared with the traditional threaded connection, riveting and welding. The self-piercing riveting process is approximately as follows: under the action of a punch, the semi-hollow rivet is pressed into a plate fixed on a die, so that the rivet pierces through the upper plate and does not pierce through the lower plate; under the action of the punch and the die, the legs of the semi-hollow rivet are opened to the periphery to form a firm mechanical internal lock so as to realize the connection of the upper plate and the lower plate. In order to ensure the quality of self-piercing riveting, the parameters of the self-piercing riveting process need to be optimized.
In the related technology, a large number of self-piercing riveting trial and error experiments are often required in the early stage of self-piercing riveting, so that better self-piercing riveting process parameters are obtained by utilizing manual practical experience to ensure the quality of self-piercing riveting. However, this approach requires a lot of trial and error experiments to re-determine the self-piercing riveting process parameters, which consumes a lot of manpower and material resources.
Disclosure of Invention
In order to solve the problem that a large amount of manpower and material resources are consumed in the related technology for determining the self-piercing riveting process parameters, the embodiment of the invention provides a method and a device for determining the self-piercing riveting process parameters, electronic equipment and a storage medium.
In a first aspect, an embodiment of the present invention provides a method for determining parameters of a self-piercing riveting process, including:
performing static analysis on a sample to be detected to obtain all behavior instructions existing in the sample to be detected; wherein the behavior instruction comprises an instruction type and an instruction parameter;
determining abnormal instructions in all the behavior instructions;
and judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction.
In one possible design, the instruction type includes at least one of:
service instructions, file instructions, window instructions, registry instructions, process instructions, algorithm instructions, communication instructions, and hook instructions.
In one possible design, the exception instruction includes at least one of:
the method comprises the steps of sandbox prevention, softening prevention, screen monitoring, keyboard monitoring and data returning.
In a possible design, the statically analyzing the sample to be tested to obtain all the behavior commands existing in the sample to be tested includes:
analyzing a sample to be detected by using a static vector extraction technology to obtain the instruction types of all behavior instructions in the sample to be detected;
analyzing the sample to be detected by utilizing a disassembling technology to obtain the instruction parameters of all the behavior instructions in the sample to be detected.
In one possible design, the determining the abnormal instruction of all the behavioral instructions includes:
constructing an abnormal instruction rule base based on historical abnormal instructions and instruction types and instruction parameters corresponding to the historical abnormal instructions;
and judging whether each behavior instruction is an abnormal instruction or not based on the abnormal instruction rule base and the instruction type and instruction parameters of the current behavior instruction so as to determine the abnormal instructions in all the behavior instructions.
In one possible design, after the determining whether the current behavior instruction is an abnormal instruction, the method further includes:
if yes, outputting identification information for representing the abnormal instruction;
the determining whether the sample to be detected is a malicious sample based on the determined abnormal instruction includes:
respectively taking the identification information of the historical abnormal instruction and a preset sample label as input and output, and training a preset machine learning model to obtain a malicious sample recognition model; wherein the sample labels are a malicious sample and a normal sample;
and judging whether the sample to be detected is a malicious sample or not based on the malicious sample identification model and the determined identification information of the abnormal instruction.
In one possible design, the malicious sample identification model is a decision tree model;
after the step of judging whether the sample to be detected is a malicious sample, the method further comprises the following steps:
if not, acquiring a manual judgment result aiming at the sample to be detected;
and if the manual judgment result shows that the sample to be detected is a malicious sample, updating the tree structure of the malicious sample identification model, and detecting the sample to be detected by using the updated malicious sample identification model.
In a second aspect, an embodiment of the present invention further provides a device for determining parameters of a self-piercing riveting process, including:
the analysis module is used for carrying out static analysis on a sample to be detected to obtain all behavior instructions existing in the sample to be detected; wherein the behavior instruction comprises an instruction type and an instruction parameter;
the determining module is used for determining abnormal instructions in all the behavior instructions;
and the judging module is used for judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor executes the computer program to implement the method according to any embodiment of this specification.
In a fourth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed in a computer, the computer program causes the computer to execute the method described in any embodiment of the present specification.
The embodiment of the invention provides a method and a device for determining self-piercing riveting process parameters, electronic equipment and a storage medium, wherein all behavior instructions existing in a sample to be tested are obtained by performing static analysis on the sample to be tested, and abnormal instructions in all the behavior instructions are further determined; and then judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction. According to the scheme, the detection efficiency of the sample to be detected is accelerated by using a static analysis mode, and meanwhile, whether the sample to be detected is a malicious sample or not can be effectively judged based on the determined abnormal instruction, so that the problem that the malicious sample is difficult to effectively detect is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a method for determining parameters of a self-piercing riveting process according to an embodiment of the present invention;
fig. 2 is a flowchart of another method for determining parameters of a self-piercing riveting process according to an embodiment of the present invention;
FIG. 3 is a diagram of a hardware architecture of an electronic device according to an embodiment of the present invention;
fig. 4 is a structural diagram of an apparatus for determining parameters of a self-piercing riveting process according to an embodiment of the present invention;
fig. 5 is a structural diagram of another apparatus for determining parameters of a self-piercing riveting process according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
With the rapid development of the information technology in the world, people are threatened by computer viruses all the time while enjoying the convenience of work and life brought by the internet. As computer virus code writing technologies go from the simplest functional destruction to technologies such as polymorphic deformation and shell adding to avoid the detection of antivirus software, attacks with advanced threat behavior (i.e. malicious samples) are particularly common.
In the related art, the method for determining the parameters of the self-piercing riveting process generally comprises a feature-based detection method and a dynamic behavior-based detection method. The detection method based on the characteristics is to detect whether the content of the sample to be detected contains the malicious codes by utilizing a malicious code detection engine, and the detection method based on the dynamic behavior is to run the sample to be detected by utilizing a sandbox mode.
The inventor finds out in the development process that: 1) although the detection method based on the characteristics can provide more accurate detection, the detection method is easy to avoid detection by adopting 'killing-free' and malicious codes in the modes of 0DAY vulnerability, encryption confusion and the like, so that the detection method is difficult to effectively find malicious samples; 2) although the detection method based on the dynamic behavior can effectively detect the malicious samples, the analysis performance is low because the samples to be detected are operated in a sandbox mode, and the detection method cannot effectively meet the detection requirements of the increasing mass samples to be detected.
In order to solve the technical problem, the inventor considers that whether the sample to be detected is a malicious sample is judged based on the abnormal instruction by analyzing all behavior instructions of the sample to be detected and further determining the abnormal instruction in all the behavior instructions, so that the determining efficiency of the self-piercing riveting process parameter can be increased, and the malicious sample can be effectively detected.
Specific implementations of the above concepts are described below.
Referring to fig. 1, an embodiment of the present invention provides a method for determining parameters of a self-piercing riveting process, including:
step 100: performing static analysis on a sample to be detected to obtain all behavior instructions existing in the sample to be detected; the behavior instruction comprises an instruction type and an instruction parameter;
step 102: determining abnormal instructions in all the behavior instructions;
step 104: and judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction.
In the embodiment of the invention, all behavior instructions existing in the sample to be tested are obtained by carrying out static analysis on the sample to be tested, and abnormal instructions in all the behavior instructions are further determined; and then judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction. According to the scheme, the detection efficiency of the sample to be detected is accelerated by using a static analysis mode, and meanwhile, whether the sample to be detected is a malicious sample or not can be effectively judged based on the determined abnormal instruction, so that the problem that the malicious sample is difficult to effectively detect is solved.
The embodiment of the invention adopts the static analysis method to detect the malicious sample, and considers the detection efficiency and the determination capability of the self-piercing riveting process parameter, thereby not only solving the problem that the detection method based on the characteristics is easy to be attacked and bypassed, but also solving the problem that the detection method based on the dynamic behavior cannot effectively meet the requirement of mass detection.
It should be noted that the abnormal instruction refers to an instruction abnormal to a basic function of the sample to be tested, for example, the sample to be tested is software, in the process of downloading the software, the antivirus software in the terminal device needs to detect the downloaded software, and if an instruction avoiding the antivirus software (that is, anti-antivirus software) exists in the detection process, the instruction may be called an abnormal instruction.
The manner in which the various steps shown in fig. 1 are performed is described below.
With respect to step 100:
in some embodiments, step 100 may comprise:
analyzing a sample to be detected by using a static vector extraction technology to obtain the instruction types of all behavior instructions in the sample to be detected;
and analyzing the sample to be detected by utilizing a disassembling technology to obtain the instruction parameters of all the behavior instructions in the sample to be detected.
In this embodiment, the instruction types of all the behavior instructions present in the sample to be tested are obtained by using a static vector extraction technique, and the instruction parameters of all the behavior instructions present in the sample to be tested are obtained by using a disassembly technique. The static vector extraction technique and the disassembling technique are well known to those skilled in the art, and will not be described herein.
For example, the abnormal instruction for determining whether to kill virus is determined by traversing the process instruction and comparing the process name in the process instruction with the process name of the antivirus software. The process instruction is an instruction type, and the process name is an instruction parameter.
In some embodiments, the instruction type includes at least one of:
service instructions, file instructions, window instructions, registry instructions, process instructions, algorithm instructions, communication instructions, and hook instructions.
The service instruction refers to a relevant instruction provided by the operating system and used for modifying the system service, for example: create, delete, start, stop, etc. services; the window instruction refers to a window operation related instruction provided by a system or software and used by other software, such as: creating a window, destroying a window, popping up a window, moving a window and the like; the process instruction refers to relevant instructions provided by an operating system and used for modifying the system process, such as: creating a process, monitoring a process, traversing a process, terminating a process, and the like; the algorithm instruction refers to a standard or non-standard encryption algorithm used by the soft program, such as: a symmetric encryption algorithm, an asymmetric encryption algorithm, a digest algorithm, etc.; the communication instruction refers to a communication-related instruction provided by a system or a program, for example: initializing communications, creating sockets, sending data, receiving data, and the like; the hook instruction is a related instruction provided by the operating system and used by other programs to acquire or modify the functions of the operating system, such as creating a hook, releasing a hook, and the like.
With respect to step 102:
in some embodiments, the exception instruction includes at least one of:
the method comprises the steps of sandbox prevention, softening prevention, screen monitoring, keyboard monitoring and data returning.
The instruction of the anti-sandbox refers to an instruction for avoiding the sandbox from running when the sandbox is used for running the sample to be tested; the instruction for monitoring the screen refers to the instruction for monitoring the screen in the running process of the sample to be detected; the instruction of keyboard monitoring refers to the instruction of monitoring the keyboard in the running process of the sample to be tested; the instruction for returning data refers to an instruction for returning data in the running process of the sample to be tested.
In order to conveniently and quickly detect the abnormal instruction in the sample to be detected, the sample to be detected cannot be in a dynamic running state. Therefore, the embodiment of the present invention detects by using a static analysis method, specifically, determines whether each behavior instruction is an abnormal instruction by analyzing the instruction type and instruction parameter of the obtained behavior instruction.
In some embodiments, step 100 may comprise:
constructing an abnormal instruction rule base based on the historical abnormal instructions and the instruction types and instruction parameters corresponding to the historical abnormal instructions;
and judging whether each behavior instruction is an abnormal instruction or not based on the abnormal instruction rule base and the instruction type and instruction parameters of the current behavior instruction so as to determine the abnormal instructions in all the behavior instructions.
In this embodiment, the abnormal instruction rule base is constructed based on the historical abnormal instructions, so that whether each behavior instruction is an abnormal instruction can be quickly determined based on the abnormal instruction rule base, and thus the abnormal instruction in all the behavior instructions of the sample to be detected can be quickly determined.
It can be understood that the abnormal instruction rule base is a mapping relation table, specifically a mapping relation between a set of instruction types and instruction parameters and an abnormal instruction. Through continuous summary and induction of the historical abnormal instructions, the accuracy of malicious judgment by using the abnormal instruction rule base can be effectively improved.
Of course, the abnormal instruction determination model may also be obtained by training a preset machine learning model based on other manners, for example, a determination manner of the machine learning model, that is, taking a set of instruction types and instruction parameters as input and a preset abnormal instruction as output, so as to determine whether each behavior instruction is an abnormal instruction by using the abnormal instruction determination model. However, the mode of the abnormal instruction rule base is compared with the mode of the machine learning model, so that the judgment accuracy can be effectively ensured; and because the abnormal instructions are scattered, if the judgment is carried out by adopting a machine learning model, the model is easy to expand.
In some embodiments, after determining whether the current behavior instruction is an abnormal instruction, the method further includes:
if yes, outputting identification information for representing the abnormal instruction.
In this embodiment, whether the sample to be tested is a malicious sample may be determined by using the output identification information of the abnormal instruction, specifically refer to the description of step 104.
With respect to step 104:
in some embodiments, step 104 may include:
respectively taking the identification information of the historical abnormal instruction and a preset sample label as input and output, and training a preset machine learning model to obtain a malicious sample recognition model; wherein the sample labels are a malicious sample and a normal sample;
and judging whether the sample to be detected is a malicious sample or not based on the malicious sample identification model and the determined identification information of the abnormal instruction.
In the embodiment, the identification information of the historical abnormal instruction and the preset sample label are used as data bases to train the preset machine learning model, so that whether the sample to be tested is a malicious sample can be judged by using the malicious sample recognition model obtained by training, and the determination efficiency of the self-piercing riveting process parameters is improved.
Meanwhile, since the data volume of the abnormal instruction may be large, in order to improve the training rate, it may be considered to reduce the data volume of the abnormal instruction, and therefore the machine learning model may be trained based on the identification information of the historical abnormal instruction.
In some embodiments, the malicious sample identification model may be a decision tree model or a neural network model, where the decision tree model may further increase the rate of malicious sample identification and may greatly reduce the complexity of the malicious sample identification model on the basis of ensuring a certain identification accuracy rate compared with the neural network model.
It should be noted that, a model identification mode is adopted in the determination of whether the sample to be tested is a malicious sample based on the determined abnormal instruction, rather than a database identification mode, because the former has a self-learning capability, and the latter can only determine a known threat. Therefore, when the abnormal instruction in the sample to be detected is unknown threat, the judgment result can be output in a model identification mode, and the judgment result cannot be output in a database identification mode.
If the judgment result in the step 104 is yes, outputting a determination result that the sample to be tested is the self-piercing riveting process parameter; if the determination result in step 104 is negative, the current process may be ended. However, in some cases, the result detected by the decision tree model is not the exact result desired by the user, for example, a malicious sample needs to hit A, B, C, D, E, F six abnormal instructions initially, and if only five of the abnormal instructions are hit, for example, A, B, C, D, E, the user may also consider the sample to be tested as still a malicious sample. Therefore, the decision tree model at this time is not very accurate.
In order to solve the technical problem, the feedback result of the user can be taken as an updating basis of the decision tree model to update the decision tree model.
Therefore, in some embodiments, the above detection method further comprises:
if the judgment result in the step 104 is negative, acquiring a manual judgment result aiming at the sample to be detected;
and if the manual judgment result shows that the sample to be detected is a malicious sample, updating the tree structure of the malicious sample identification model, and detecting the sample to be detected by using the updated malicious sample identification model.
In the embodiment, the tree structure of the malicious sample identification model is updated according to the obtained artificial judgment result for the sample to be detected, so that the accuracy of detecting the sample to be detected can be improved.
In conclusion, all behavior instructions existing in the sample to be tested are obtained by performing static analysis on the sample to be tested, and abnormal instructions in all the behavior instructions are further determined; and then judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction. According to the scheme, the detection efficiency of the sample to be detected is accelerated by using a static analysis mode, and meanwhile, whether the sample to be detected is a malicious sample or not can be effectively judged based on the determined abnormal instruction, so that the problem that the malicious sample is difficult to effectively detect is solved.
Fig. 2 shows a flow chart of a method for determining parameters of a self-piercing riveting process according to another embodiment. Referring to fig. 2, the method includes:
step 200: analyzing a sample to be detected by using a static vector extraction technology to obtain the instruction types of all behavior instructions in the sample to be detected;
step 202: analyzing the sample to be tested by utilizing a disassembling technology to obtain instruction parameters of all behavior instructions in the sample to be tested;
step 204: constructing an abnormal instruction rule base based on the historical abnormal instructions and the instruction types and instruction parameters corresponding to the historical abnormal instructions;
step 206: judging whether each behavior instruction is an abnormal instruction or not based on the abnormal instruction rule base and the instruction type and instruction parameter of the current behavior instruction; if yes, go to step 208, otherwise, end the current flow;
step 208: outputting identification information for representing an abnormal instruction;
step 210: respectively taking the identification information of the historical abnormal instruction and a preset sample label as input and output, and training a preset machine learning model to obtain a malicious sample recognition model;
step 212: judging whether the sample to be detected is a malicious sample or not based on the malicious sample identification model and the determined identification information of the abnormal instruction; if yes, go to step 214, otherwise go to step 216;
step 214: outputting a determination result of the self-piercing riveting process parameter of the sample to be tested;
step 216: acquiring a manual judgment result aiming at a sample to be detected;
step 218: and if the manual judgment result shows that the sample to be detected is a malicious sample, updating the tree structure of the malicious sample identification model, and detecting the sample to be detected by using the updated malicious sample identification model.
As shown in fig. 3 and 4, an embodiment of the present invention provides a device for determining parameters of a self-piercing riveting process. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware aspect, as shown in fig. 3, for a hardware architecture diagram of an electronic device where a device for determining self-piercing-riveting process parameters provided in the embodiment of the present invention is located, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, the electronic device where the device is located in the embodiment may generally include other hardware, such as a forwarding chip responsible for processing a message, and the like. Taking a software implementation as an example, as shown in fig. 4, as a logical device, a CPU of the electronic device reads a corresponding computer program in the non-volatile memory into the memory for running.
As shown in fig. 4, the apparatus for determining parameters of a self-piercing riveting process provided in this embodiment includes:
the analysis module 400 is configured to perform static analysis on the sample to be detected to obtain all behavior instructions existing in the sample to be detected; the behavior instruction comprises an instruction type and an instruction parameter;
a determining module 402, configured to determine an abnormal instruction in all the behavior instructions;
and the judging module 404 is configured to judge whether the sample to be detected is a malicious sample based on the determined abnormal instruction.
In an embodiment of the present invention, the analyzing module 400 may be configured to perform step 100 in the above-described method embodiment, the determining module 402 may be configured to perform step 102 in the above-described method embodiment, and the determining module 404 may be configured to perform step 104 in the above-described method embodiment.
In one embodiment of the invention, the instruction type includes at least one of:
service instructions, file instructions, window instructions, registry instructions, process instructions, algorithm instructions, communication instructions, and hook instructions.
In one embodiment of the invention, the exception instruction includes at least one of:
the method comprises the steps of sandbox prevention, softening prevention, screen monitoring, keyboard monitoring and data returning.
In one embodiment of the invention, the analysis module 400 is configured to perform the following operations:
analyzing a sample to be detected by using a static vector extraction technology to obtain the instruction types of all behavior instructions in the sample to be detected;
and analyzing the sample to be detected by utilizing a disassembling technology to obtain the instruction parameters of all the behavior instructions in the sample to be detected.
In an embodiment of the present invention, the determining module 402 is configured to perform the following operations:
constructing an abnormal instruction rule base based on the historical abnormal instructions and the instruction types and instruction parameters corresponding to the historical abnormal instructions;
and judging whether each behavior instruction is an abnormal instruction or not based on the abnormal instruction rule base and the instruction type and instruction parameters of the current behavior instruction so as to determine the abnormal instructions in all the behavior instructions.
In an embodiment of the present invention, the determining module 402 is further configured to:
if yes, outputting identification information for representing the abnormal instruction;
a determining module 404, configured to perform the following operations:
respectively taking the identification information of the historical abnormal instruction and a preset sample label as input and output, and training a preset machine learning model to obtain a malicious sample recognition model; wherein the sample labels are a malicious sample and a normal sample;
and judging whether the sample to be detected is a malicious sample or not based on the malicious sample identification model and the determined identification information of the abnormal instruction.
As shown in FIG. 5, in one embodiment of the present invention, the malicious sample identification model is a decision tree model;
further comprising:
an obtaining module 406, configured to obtain a manual determination result for the sample to be detected when the sample to be detected is not a malicious sample;
and the updating module 408 is configured to update the tree structure of the malicious sample identification model when the manual determination result indicates that the sample to be detected is a malicious sample, and then detect the sample to be detected by using the updated malicious sample identification model.
It is understood that the structure illustrated in the embodiment of the present invention does not constitute a specific limitation to a device for determining parameters of a self-piercing riveting process. In other embodiments of the invention, a device for determining parameters of a self-piercing riveting process may include more or fewer components than those shown, or some components may be combined, some components may be separated, or a different arrangement of components may be used. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Because the content of information interaction, execution process, and the like among the modules in the device is based on the same concept as the method embodiment of the present invention, specific content can be referred to the description in the method embodiment of the present invention, and is not described herein again.
The embodiment of the invention also provides electronic equipment which comprises a memory and a processor, wherein the memory is stored with a computer program, and when the processor executes the computer program, the method for determining the self-piercing riveting process parameters in any embodiment of the invention is realized.
The embodiment of the invention also provides a computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the processor is enabled to execute a method for determining the self-piercing rivet process parameter in any embodiment of the invention.
Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion module to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
In summary, the present invention provides a method and an apparatus for determining self-piercing-riveting process parameters, an electronic device and a storage medium, and the method and the apparatus at least have the following beneficial effects:
1. in one embodiment of the invention, all behavior instructions existing in a sample to be tested are obtained by performing static analysis on the sample to be tested, and abnormal instructions in all the behavior instructions are further determined; and then judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction. According to the scheme, the detection efficiency of the sample to be detected is accelerated by using a static analysis mode, and meanwhile, whether the sample to be detected is a malicious sample or not can be effectively judged based on the determined abnormal instruction, so that the problem that the malicious sample is difficult to effectively detect is solved.
2. In an embodiment of the invention, an abnormal instruction rule base is constructed based on historical abnormal instructions, so that whether each behavior instruction is an abnormal instruction can be quickly judged based on the abnormal instruction rule base, and the abnormal instruction in all behavior instructions of a sample to be detected can be quickly determined.
3. In an embodiment of the invention, the identification information of the historical abnormal instruction and the preset sample label are used as data bases to train the preset machine learning model, so that whether the sample to be tested is a malicious sample can be judged by using the malicious sample recognition model obtained by training, and the determination efficiency of the self-piercing riveting process parameter is improved.
The malicious sample identification model is a decision tree model, so that the speed of malicious sample identification can be further improved on the basis of ensuring certain identification accuracy, and the complexity of the malicious sample identification model can be greatly reduced.
4. In an embodiment of the invention, the tree structure of the malicious sample identification model is updated according to the obtained artificial judgment result aiming at the sample to be detected, so that the accuracy of detecting the sample to be detected can be improved.
5. In an embodiment of the present invention, in order to conveniently and quickly detect the abnormal instruction in the sample to be tested, the sample to be tested cannot be in a dynamic running state. Therefore, the embodiment of the present invention detects by using a static analysis method, specifically, determines whether each behavior instruction is an abnormal instruction by analyzing the instruction type and instruction parameter of the obtained behavior instruction.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for determining self-piercing riveting process parameters is characterized by comprising the following steps:
acquiring plate parameters of a plate to be riveted;
obtaining a pre-trained process parameter determination model; the process parameter determination model is obtained by training sample plate parameters and sample process parameters;
and inputting the plate parameters into the process parameter determination model, and determining the process parameters for performing self-piercing riveting on the plate to be riveted.
2. The method of claim 1, wherein the sheet parameters comprise modulus of elasticity, yield strength, elongation, hardness, reduction of area, and thickness, and the sample sheet parameters comprise modulus of elasticity, yield strength, elongation, hardness, reduction of area, and thickness.
3. The method of claim 1, wherein the process parameters include punch travel, riveting speed, piercing force, holding pressure, pre-tightening force, rivet model, mold model, and the sample process parameters include punch travel, riveting speed, piercing force, holding pressure, pre-tightening force, rivet model, mold model.
4. The method of claim 2, wherein the sample sheet material parameter is determined by:
acquiring experimental parameters of a self-piercing riveting experiment; the experimental parameters comprise parameters of the plate to be screened and technological parameters of a sample;
and screening the parameters of the sample plate from the parameters of the plate to be screened by utilizing a gray level correlation degree analysis method to obtain the parameters of the sample plate.
5. The method according to any of claims 1-4, wherein the process parameter determination model is determined by:
constructing a back propagation neural network; wherein the back propagation neural network comprises an input layer, a hidden layer and an output layer, the number of neurons of the input layer is the same as the input parameter category, and the number of neurons of the output layer is the same as the parameter category to be predicted.
6. The method of claim 5, after said determining whether the current behavior instruction is an abnormal instruction, further comprising:
if yes, outputting identification information for representing the abnormal instruction;
the determining whether the sample to be detected is a malicious sample based on the determined abnormal instruction includes:
respectively taking the identification information of the historical abnormal instruction and a preset sample label as input and output, and training a preset machine learning model to obtain a malicious sample recognition model; wherein the sample labels are a malicious sample and a normal sample;
and judging whether the sample to be detected is a malicious sample or not based on the malicious sample identification model and the determined identification information of the abnormal instruction.
7. The method of claim 6, wherein the malicious sample identification model is a decision tree model;
after the step of judging whether the sample to be detected is a malicious sample, the method further comprises the following steps:
if not, acquiring a manual judgment result aiming at the sample to be detected;
and if the manual judgment result shows that the sample to be detected is a malicious sample, updating the tree structure of the malicious sample identification model, and detecting the sample to be detected by using the updated malicious sample identification model.
8. A device for determining self-piercing riveting process parameters is characterized by comprising:
the analysis module is used for carrying out static analysis on a sample to be detected to obtain all behavior instructions existing in the sample to be detected; wherein the behavior instruction comprises an instruction type and an instruction parameter;
the determining module is used for determining abnormal instructions in all the behavior instructions;
and the judging module is used for judging whether the sample to be detected is a malicious sample or not based on the determined abnormal instruction.
9. An electronic device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210077359.3A CN114491849A (en) | 2022-01-24 | 2022-01-24 | Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium |
| CN202210548922.0A CN114781098B (en) | 2022-01-24 | 2022-05-20 | Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210077359.3A CN114491849A (en) | 2022-01-24 | 2022-01-24 | Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114491849A true CN114491849A (en) | 2022-05-13 |
Family
ID=81472873
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210077359.3A Pending CN114491849A (en) | 2022-01-24 | 2022-01-24 | Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium |
| CN202210548922.0A Active CN114781098B (en) | 2022-01-24 | 2022-05-20 | Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210548922.0A Active CN114781098B (en) | 2022-01-24 | 2022-05-20 | Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN114491849A (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111199072B (en) * | 2019-12-13 | 2024-03-26 | 同济大学 | All-aluminum vehicle body riveting system based on online process library self-learning and implementation method thereof |
| CN111611654B (en) * | 2020-04-16 | 2022-09-09 | 清华大学 | Fatigue prediction method, device and equipment for riveted structure and storage medium |
| CN112683774B (en) * | 2020-12-03 | 2021-12-14 | 中国科学技术大学 | Self-piercing riveting quality detection device and method for new energy automobile body |
| CN113591234B (en) * | 2021-06-16 | 2024-06-11 | 长三角先进材料研究院 | Method for analyzing and checking parameters of self-punching riveting process simulation model based on machine learning |
-
2022
- 2022-01-24 CN CN202210077359.3A patent/CN114491849A/en active Pending
- 2022-05-20 CN CN202210548922.0A patent/CN114781098B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN114781098B (en) | 2022-10-18 |
| CN114781098A (en) | 2022-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9781139B2 (en) | Identifying malware communications with DGA generated domains by discriminative learning | |
| RU2454714C1 (en) | System and method of increasing efficiency of detecting unknown harmful objects | |
| US9521156B2 (en) | Method and product for providing a predictive security product and evaluating existing security products | |
| US10713358B2 (en) | System and method to extract and utilize disassembly features to classify software intent | |
| US8464345B2 (en) | Behavioral signature generation using clustering | |
| JP5460887B2 (en) | Classification rule generation device and classification rule generation program | |
| CN107679403B (en) | Lesso software variety detection method based on sequence comparison algorithm | |
| Blount et al. | Adaptive rule-based malware detection employing learning classifier systems: a proof of concept | |
| CN113221109B (en) | Intelligent malicious file analysis method based on generation countermeasure network | |
| CN110674479B (en) | Abnormal behavior data real-time processing method, device, equipment and storage medium | |
| CN110619213A (en) | Malicious software identification method, system and related device based on multi-model features | |
| CN112632537A (en) | Malicious code detection method, device, equipment and storage medium | |
| CN110543765A (en) | malicious software detection method | |
| CN114090406A (en) | Electric power Internet of things equipment behavior safety detection method, system, equipment and storage medium | |
| Haider et al. | Integer data zero-watermark assisted system calls abstraction and normalization for host based anomaly detection systems | |
| TW202240453A (en) | Method and computer for learning corredpondence between malicious behaviors and execution trace of malware and method for implementing neural network | |
| CN113468524B (en) | RASP-based machine learning model security detection method | |
| CN108229168B (en) | Heuristic detection method, system and storage medium for nested files | |
| CN114491849A (en) | Method and device for determining self-piercing riveting process parameters, electronic equipment and storage medium | |
| CN113688391A (en) | Power software malicious code monitoring method, system, equipment and medium | |
| CN106919837B (en) | Unknown self-starting identification method and system for malicious code | |
| CN110581857B (en) | Virtual execution malicious software detection method and system | |
| Mosli et al. | Creating adversarial malware examples through guided metamorphic changes | |
| Shekhawat et al. | A review of malware classification methods using machine learning | |
| CN112149121A (en) | Malicious file identification method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20220513 |
|
| WD01 | Invention patent application deemed withdrawn after publication |