Malicious code family classification method based on fuzzy assembly instruction sequence

• Main Authors: BAI BING, LI YUANZHANG, ZHANG RUYUN, QIU KEFAN, SUN CAIJUN, TAN YU'AN, MA YUJIE
• Format: Patent
• Language: Chinese; English
• Published: 02.11.2021
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

The invention relates to a malicious code family classification method based on a fuzzy assembly instruction sequence, and belongs to the technical field of computer network malicious code detection. According to the method, fuzzy assembly instruction sequence features after immediate operands and constant address operands are filtered are extracted from malicious codes of different families, and a long-short-term memory network model used for malicious code family classification is trained. Compared with an existing byte code sequence and an existing operation code sequence, the adopted fuzzy assembly instruction sequence has higher accuracy in PE malicious code family classification tasks. A fuzzy assembly instruction sequence is adopted, a written instruction mask is used for shielding part of types of operands, compared with existing bytecode sequence features, the length of an input sequence is reduced, and the method has lower time cost in LSTM model training and family detection links. Compared with th