Malicious behavior identification method and system based on weak correlation integration strategy, and medium
The invention discloses a malicious behavior identification method and system based on a weak correlation integration strategy, and a medium. The method comprises the following steps: constructing a base model by using a sample set; screening the dynamic behavior characteristics of the malicious cod...
Gespeichert in:
| Hauptverfasser: | , , , , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The invention discloses a malicious behavior identification method and system based on a weak correlation integration strategy, and a medium. The method comprises the following steps: constructing a base model by using a sample set; screening the dynamic behavior characteristics of the malicious codes on the basis of XGBoost; performing correlation test on the base model based on a weak correlation integration strategy; determining the integration weight according to the accuracy of the base model; and classifying malicious codes based on a Bagging integration strategy. The XGBoost algorithm is firstly adopted to determine the number of the integrated learning base models in malicious code identification, so that the selection problem of the base models in integrated learning is reduced, and the accuracy of malicious code identification is also improved. Besides, a weak correlation integration strategy of the integrated learning base model is adopted, the problem of correlation between base models generally e |
|---|