一种基于特征融合的静态恶意代码分类方法

一种基于特征融合的静态恶意代码分类方法,它属于静态恶意代码特征提取和融合领域。本发明解决了传统静态恶意代码检测和分类方法仅考虑了单一维度特征的问题。本发明将hash值转换成像素矩阵生成灰度图像,再提取图像纹理全局特征和局部特征,并将全局特征和局部特征融合,在获取恶意代码图像全局特征信息的前提条件下突出局部特点。基于控制流程图的n-gram方法对操作码进行特征提取,这种方法的检测颗粒度较小,与控制流程图相结合会得到代码上下文之间的关联,从而将操作码转换成特征向量形式。将两种特征向量融合成一个向量,弥补了在单一层面提取特征的局限性。本发明方法可以应用于对静态恶意代码进行分类。 The invent...

Full description

Saved in:
Bibliographic Details
Format Patent
LanguageChinese
Published 05.07.2024
Subjects
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:一种基于特征融合的静态恶意代码分类方法,它属于静态恶意代码特征提取和融合领域。本发明解决了传统静态恶意代码检测和分类方法仅考虑了单一维度特征的问题。本发明将hash值转换成像素矩阵生成灰度图像,再提取图像纹理全局特征和局部特征,并将全局特征和局部特征融合,在获取恶意代码图像全局特征信息的前提条件下突出局部特点。基于控制流程图的n-gram方法对操作码进行特征提取,这种方法的检测颗粒度较小,与控制流程图相结合会得到代码上下文之间的关联,从而将操作码转换成特征向量形式。将两种特征向量融合成一个向量,弥补了在单一层面提取特征的局限性。本发明方法可以应用于对静态恶意代码进行分类。 The invention discloses a static malicious code classification method based on feature fusion, and belongs to the field of static malicious code feature extraction and fusion. The problem that a traditional static malicious code detection and classification method only considers single-dimension features is solved. According to the method, the hash value is converted into the pixel matrix to generate the grayscale image, then the global feature and the local feature of the image texture are extracted, the global feature and the local feature are fused, and the local feature is highlighted under the precondition of obtaining the global feature information of the malicious code image. Feature extraction is carried out on the o
Bibliography:Application Number: CN202210151968