The invention provides a multi-model malicious code detection
system based on reliability probability interval. Each
machine learning detection model corresponds to a distribution of the underlying data, and various threshold-based detection models can be integrated into the statistical platform, so that the distribution of the
semantic code data is detected from the multi-angle view, and the model
degradation problem caused by the
concept drift is relieved. The detection
system changes the prediction mode of 0 or 1 of the existing
machine learning detection model, calculates the
score based on the existing detection model, carries out
statistical analysis, and establishes a isotonic regression function for the
score distribution of the sample and the
label of the sample. For an unknown sample, according to the
score given by the existing detection model, the calculated isotonic regression function is input, the reliability probability interval of a certain
label can be given, and theprobability interval can relieve the problem of over-fitting of the fixed threshold to the training
data set, the adaptive ability of the detection model to the current
dynamic data is improved, and the
concept drift phenomenon is found in advance.