Malicious software API call sequence detection method based on graph convolution

An API call and malware technology, applied in the field of network security, can solve the problems of not being able to make full use of API parameters, not considering various relationships of API calls, etc., to achieve the effect of flexible organizational structure and improved accuracy

Active Publication Date: 2020-06-09
SUN YAT SEN UNIV
View PDF4 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

This technology helps detect malicious software programs through analyzed APIs called file or directory entry accesses that are associated with specific parameters like time stamps (time-stamp) values). By learning from these data it create models that identify patterns related to certain types of attacks on computer systems. These models help predict future threats based upon their previous behavior over time. Overall this approach improves efficiency and reliability in identifying cyberattacks against computers.

Problems solved by technology

This patented technical problem addressed by this patents relates specifically to detecting malwares that may be hidden inside executable programs or executed on hardware devices (such as smartphones). Current techniques require manual inspections with virus scanning tools like antivirus agents) while doing away from traditional ways of prevention against them.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software API call sequence detection method based on graph convolution
  • Malicious software API call sequence detection method based on graph convolution
  • Malicious software API call sequence detection method based on graph convolution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] This embodiment proposes a malware API call sequence detection method based on graph convolution, such as figure 1 As shown, it is a flow chart of the method for detecting malware API calling sequences based on graph convolution in this embodiment.

[0046] In the malware API call sequence detection method based on graph convolution proposed in this embodiment, the following steps are included:

[0047] S1: Collect and record API call sequence information of processes and sub-processes of a large number of software samples when they are running, wherein the API call sequence information includes API functions and API parameters.

[0048] In this embodiment, a dynamic analysis tool is used to collect and record API call sequence information of a large number of running processes and sub-processes of software samples, and the tags of software samples are obtained and recorded through anti-virus engine or manual analysis. Among them, the API function in the call sequence in

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious software API (Application Program Interface) call sequence detection method based on graph convolution. The method comprises the following steps: acquiring and recording API call sequence information of processes and sub-processes when a large number of software samples run; performing vectorization processing on the API calling sequence information; extracting aparameter relationship, a dependency relationship and a sequence relationship of the API function; establishing an API call graph; inputting the API call graph into a graph convolutional neural network for training to obtain a malicious software detection network model; collecting API calling sequence information of processes and sub-processes when the executable file to be detected runs; constructing an API call graph of the executable file to be detected, then inputting the API call graph of the executable file to be detected into the malicious software detection network model, If the output result of the malicious software detection network model is 1, indicating that the judgment result is malicious software; If the output result of the malicious software detection network model is 0,indicating that the judgment result is normal software.

Description

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap