Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malware family classification method, system and medium based on rgb image and stacking multi-model fusion

An RGB image, malware technology, applied in the direction of nuclear methods, character and pattern recognition, computer components, etc., can solve problems such as the impact of correlation classification results, the lack of consideration of API and API correlation, the increase in the number of malware variants, etc. , to achieve the effect of rapid classification, improved accuracy, and accurate prediction results

Active Publication Date: 2022-03-15
GUANGZHOU UNIVERSITY
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Second, the abuse of automated malware generation tools has led to an increase in the number of malware variants
However, this method only considers the execution times of the malware during the entire execution process, and does not consider the correlation between the API and the API. In practice, the correlation between the APIs called by the malware and the API is very important for the classification results. has great influence

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware family classification method, system and medium based on rgb image and stacking multi-model fusion
  • Malware family classification method, system and medium based on rgb image and stacking multi-model fusion
  • Malware family classification method, system and medium based on rgb image and stacking multi-model fusion

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0074] Aiming at the inability to solve the shortcomings of packing, confusion and encryption in the malware family classification technology in the prior art, the present invention proposes a malware family based on RGB image and Stacking multi-model fusion on the basis of known malware families classification scheme.

[0075] The main idea of ​​the present invention is: use the dynamic analysis method to extract the API call sequence of malware, firstly construct the API call sequence chain, and further construct the API call relationship pair graph, and obtain it according to the improved iterative scale algorithm training in the maximum entropy model The weight vector converted from the API call relationship pair, the RGB image set is constructed according to the API call relationship pair and the weight vector, and finally the malware family is trained and predicted using the Stacking model fusion method.

[0076] The purpose of adopting the technical solution of the pres...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malware family classification method, system and medium based on the fusion of RGB images and Stacking multi-models. The method includes: constructing an API category database Q; extracting malware API call sequence chains; constructing API calls according to the API call sequence chains relationship pair, get the directed graph G of the API call relationship pair; use the improved iterative scaling algorithm in the maximum entropy model to determine the weight, and obtain the weight w of each API call relationship pair i,j ;Obtain the RGB image representing the behavior of malware calling the API; Construct a stacking multi-model fusion classifier and conduct training and learning, input the RGB image data set representing each malware behavior feature into the classifier, so as to predict the name of the malware family . The present invention converts the API call behavior of malicious software into RGB images through conversion rules. The conversion process not only considers the number of API calls, but also considers the relationship between API calls, and uses Stacking technology for multi-model fusion, which can improve the accuracy of the model. Accuracy.

Description

technical field [0001] The invention belongs to the technical field of malware classification, and in particular relates to a malware family classification method, system and medium based on the fusion of RGB images and Stacking multi-models. Background technique [0002] Malware is an executable program written to serve some malicious purpose, including viruses, worms, and Trojan horses. Among them, ransomware has caused a serious impact on society. Ransomware mainly uses email phishing, account blasting, and loophole exploitation to attack enterprises, governments, education and other medium and large government and enterprise institutions, and make huge profits from it. At the same time, the number of malicious software is also increasing year by year. For example, in 2020, the number of malicious executable software known to the security community has exceeded 1.1 billion, and this number may continue to grow. There are three reasons for the increase in the number of ma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06V10/80G06V10/56G06V10/46G06V10/70G06K9/62G06N20/10G06F21/53G06F21/56
CPCG06N20/10G06F21/53G06F21/56G06V10/56G06V10/464G06F18/253G06F18/254
Inventor 李树栋许娜吴晓波韩伟红方滨兴田志宏顾钊铨殷丽华唐可可仇晶
Owner GUANGZHOU UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com