Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Multi-model cross detection of malicious code based on statistical learning

A malicious code and statistical learning technology, applied in computing, computer security devices, instruments, etc., can solve the problems of malicious code variation, machine learning model prediction results that cannot be compared with each other and common defense, etc. Effect

Active Publication Date: 2018-12-18
NANKAI UNIV
View PDF10 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to solve the existing problem of variation of malicious codes, and the problem that the prediction results of various machine learning models cannot be compared with each other and jointly defended, and provides a multi-model cross-detection method for malicious codes based on statistical learning

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-model cross detection of malicious code based on statistical learning
  • Multi-model cross detection of malicious code based on statistical learning
  • Multi-model cross detection of malicious code based on statistical learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The present invention takes the detection of botnets as an example for specific description, and any machine learning algorithm using threshold value comparison can be applied to the method as a bottom-level scoring function.

[0053] 1. Malicious behavior on the Internet

[0054] In this embodiment, a data set including real network communication traffic is used, and the data set includes various botnets.

[0055] 2. Extract features

[0056] In this embodiment, multiple features related to each network trace are extracted. These characteristics include communication frequency, communication duration, number of bytes sent and received, number of packets sent and received, protocol type, and proportion of using 3 ports (SystemPorts, UserPorts, Dynamic or Private Ports), etc., and are not limited Based on these features, the network trace is abstracted into a feature vector. The format of the vector is as Figure 8 As shown, each column is a feature point, and each r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a multi-model cross detection of a malicious code based on statistical learning, which can be well applied in the field of malicious code detection. This method introduces credibility, solves the problem of isolation among machine learning models, and provides a platform for machine learning models to learn from each other. In addition, on the fine-grained statistical learning platform, multiple machine learning models statistically analyze the mutation process of malicious code from different perspectives, alleviate the degradation problem of a single model, and use APValgorithm to identify concept drift phenomenon, so as to achieve common defense of multiple models.

Description

technical field [0001] The invention belongs to the technical field of computer antivirus. Background technique [0002] It is difficult for manual analysis to analyze such a large amount of newly added malicious codes in a timely manner, so machine learning technology has been widely applied to malicious code analysis and detection systems. However, network security threats are constantly mutating and evolving rapidly. While the number is increasing, more than 70% of new malicious code samples adopt self-protection techniques to evade machine learning, and some samples even use multiple evasion techniques. Therefore, the data distribution and significance level of malicious codes are constantly changing over time, which leads to serious rapid degradation problems in machine learning-based detection models. This requires that the malicious code analysis model needs to be dynamically adjusted according to changes in network security threats, quickly absorb new knowledge, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/561G06F21/563
Inventor 王志余沛然孙心怡魏然邱克帆
Owner NANKAI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products