Malicious program behavior characterization method based on morpheme word vector model

Malicious program behavior characterization method based on morpheme word vector model

The invention discloses a malicious program behavior characterization method based on a morpheme word vector model. The method comprises the steps that captured malicious program function call information is sorted and abstracted, a high-frequency sequence is extracted, and segmentation points are s...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: MI JIAPENG, ZHENG TIANYU, YUAN JIAN, LYU SHENGLAN, FANG YUSHEN, HAN FEIJIANG, ZHAO YING, ZHOU FANGFANG
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a malicious program behavior characterization method based on a morpheme word vector model. The method comprises the steps that captured malicious program function call information is sorted and abstracted, a high-frequency sequence is extracted, and segmentation points are set; carrying out redundancy removal and confusion removal to obtain a new function sequence S '; obtaining morphemes in a function name f to obtain a morpheme list M corresponding to the function, filling a non-maximum-length morpheme list with a marker Mask, numbering the morphemes and the function name respectively, and applying one-hot coding to the numbers of the function name, the morphemes and placeholders to train a word vector model; feature vectors of the functions are calculated, and the TF-IDF of each function is calculated; the problems of encryption and confusion in dynamic function calling are effectively solved, and behaviors of malicious programs can be quickly perceived and understood. 本发明公开了一种基于词素