Malicious code detection method and device, electronic equipment and storage medium

• Main Authors: XU MING, YIN QIAN'AN, LIU SHENG, TAO JINGLONG, XIA YUMING, WANG QIFAN, YU XIANZHE, LIANG SHUYUN, ZHOU XIAOYONG, MA YING, WEI GUOFU
• Format: Patent
• Language: Chinese; English
• Published: 30.11.2021
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; HANDLING RECORD CARRIERS; PHYSICS; PRESENTATION OF DATA; RECOGNITION OF DATA; RECORD CARRIERS

The invention discloses a malicious code detection method and device, electronic equipment and a storage medium, and the method comprises the steps: carrying out the simulation operation of an executable program code in a dynamic sandbox, and obtaining a data set; using the data set to train an XGBoost model; training a TextCNN model by using the data set; and respectively inputting data collected in real time into the trained XGBoost model and the trained TextCNN model, and carrying out normalization processing on output results of the two models to obtain a final prediction result. The method and device have the advantage that the malicious code recognition rate is high. 本发明公开了一种恶意代码检测的方法、装置、电子设备及存储介质，所述方法包括：将可执行程序代码在动态沙箱中模拟运行，获取数据集；利用数据集训练XGBoost模型；利用数据集训练TextCNN模型；将实时采集的数据分别输入训练好的XGBoost模型和训练好的TextCNN模型，将两个模型的输出结果进行归一化处理得到最终的预测结果；本发明的优点在于：恶意代码的识别率高。