Malicious process detection method and device based on small sample learning, electronic equipment and storage medium

A detection method and small sample technology, applied in the field of information security, to achieve the effects of good detection rate, high detection rate and improved detection rate

Active Publication Date: 2021-08-27
ZHEJIANG UNIV
View PDF8 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in many practical applications, one may only be allowed access to very few training data for new categories, and within a limited range, only a very small number of samples for each new category

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious process detection method and device based on small sample learning, electronic equipment and storage medium
  • Malicious process detection method and device based on small sample learning, electronic equipment and storage medium
  • Malicious process detection method and device based on small sample learning, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, but not to limit the present invention.

[0045] It should be noted that, for the convenience of description, only parts related to the present invention are shown in the drawings but not all content. Before discussing the exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although the flowchart depicts various operations (or steps) as sequential processing, many of the operations may be performed in parallel, concurrently, or simultaneously unless otherwise specified. In addition, the order of operations can be rearranged. The process may be terminated when its operations are complete, but may also have additional steps not i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious process detection method and device based on small sample learning, electronic equipment and a storage medium, and the method comprises the steps: obtaining a serialized log reflecting a process behavior of a client as an original sample, and taking each process behavior type as a label added by the original sample; performing feature selection on each original sample to remove redundant features; performing serialization processing on each original sample subjected to feature selection to obtain a behavior feature vector of a corresponding process; performing small sample learning by utilizing the behavior feature vector of the non-malicious process behavior to obtain a prototype network, wherein the embedded function input of the prototype network is the behavior feature vector; and carrying out malicious behavior process detection on a to-be-detected sample by utilizing the behavior characteristics of the malicious process and the prototype network obtained by learning. According to the detection method, the detection rate is high under the condition that the existing malicious behavior samples are small in data size and unbalanced in distribution.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a malicious process detection method, device, electronic device and storage medium based on small sample learning. Background technique [0002] With the continuous development of Internet technology, the number of malicious programs on the network is also increasing rapidly. Remote access Trojan horse (RAT, remote access Trojan) is one of the malicious programs whose number continues to grow. Intruders can use RAT to Most of the malicious operations are carried out on the infected computer, such as monitoring user behavior, activating the system's camera and recording, disseminating viruses and other malicious software, accessing confidential information and passwords, etc., causing great harm. [0003] Currently, there have been some works to identify the behavior of RAT malicious programs. [0004] For RAT viruses, traditional detection methods are main...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566Y02D30/50
Inventor 阮伟王凌志王箭王昆王文海
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap