Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Malicious Code Detection Method Based on Semantic Mapping Association

A malicious code detection and semantic mapping technology, applied in the field of malicious code detection based on semantic mapping association fusion, can solve the problems of insufficient feature vector space, affecting detection accuracy, affecting researchers' judgment of code maliciousness, etc., to achieve accurate Contribution, improve detection accuracy, improve the effect of accuracy

Active Publication Date: 2021-05-07
BEIJING INSTITUTE OF TECHNOLOGYGY +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Summarizing the published research results, it can be found that the current analysis and detection methods based on API call sequences have the following deficiencies: (1) Researchers usually only extract the static or dynamic API sequences of the code, that is, only analyze and utilize the static or dynamic features of the code to develop detection, but did not combine the two effectively, resulting in insufficient space for the generated feature vectors, and the detection process is easily affected by malicious code obfuscation methods, which ultimately affects the detection accuracy; (2) Researchers analyze the static or dynamic features of the code separately To carry out detection, there is a lack of effective fusion of static features and dynamic features, so that researchers cannot effectively evaluate the impact of static features and dynamic features on the maliciousness of the analyzed code, which will eventually affect the researchers' judgment on the maliciousness of the code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Malicious Code Detection Method Based on Semantic Mapping Association
  • A Malicious Code Detection Method Based on Semantic Mapping Association
  • A Malicious Code Detection Method Based on Semantic Mapping Association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] 1. Data collection process:

[0051] We extract the program's static API sequence from its PE structure and its dynamic API sequence from the dynamic analysis report generated in the Cuckoo sandbox environment.

[0052] 2. Collection and purification of dynamic and static API sequences

[0053] In order to hide malicious intentions, malicious code authors usually deliberately insert a large number of redundant APIs in their normal API call sequences, thereby covering up their behavioral intentions and increasing the difficulty of analysis. like figure 2 As shown, the right side is the redundant API in the dynamic API sequence of the sample Backdoor.IRC.Agent.f.

[0054] In addition, malicious codes usually deliberately add some seemingly normal event noise APIs (that is, API substrings) in their behavior sequences to disguise their real malicious behaviors and increase the difficulty of analysis for researchers. like figure 2 As shown, the left side is the dynami...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious code detection method based on semantic mapping association fusion, based on the semantic mapping relationship between dynamic and static API sequences of malicious code, the malicious code sample is converted into an API-based feature vector sample, based on the obtained malicious code Code sample feature vectors train machine learning classifiers to detect malicious code. The present invention converts the static and dynamic API sequences of the code into semantic block sequences divided by the behavior types by defining the code behavior type, realizes the association and fusion of the static and dynamic API sequences through the mapping between semantic blocks, and generates more abundant The feature vector space realizes a more systematic and comprehensive description of malicious codes, effectively improving the detection accuracy of malicious codes; by using the path length between semantic blocks as the weight of semantic blocks, it can accurately reflect the importance of the semantic path , thereby improving the accuracy of the eigenvector space.

Description

technical field [0001] The invention relates to the field of malicious code detection, in particular to a malicious code detection method based on semantic mapping association fusion. Background technique [0002] In the cyberspace environment, the security threats brought by malicious codes are increasing day by day, and the detection and protection of malicious codes is a focus of security research. Detecting whether a code is malicious based on behavioral characteristics is a commonly used malicious code detection method. In this regard, API call information can accurately reflect the behavior characteristics of the program, and can effectively resist anti-analysis methods such as malicious code obfuscation, so the method of detecting malicious code by extracting and analyzing API call sequences has been widely used. [0003] Summarizing the published research results, it can be found that the current analysis and detection methods based on API call sequences have the fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/562G06F21/566G06F2221/033
Inventor 韩伟杰薛静锋王勇黄露钱克昌贾录良熊达鹏
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com