Nothing Special   »   [go: up one dir, main page]

CN108846284A - A kind of Android malicious application detection method based on bytecode image and deep learning - Google Patents

A kind of Android malicious application detection method based on bytecode image and deep learning Download PDF

Info

Publication number
CN108846284A
CN108846284A CN201810695190.1A CN201810695190A CN108846284A CN 108846284 A CN108846284 A CN 108846284A CN 201810695190 A CN201810695190 A CN 201810695190A CN 108846284 A CN108846284 A CN 108846284A
Authority
CN
China
Prior art keywords
image
entropy
deep learning
android
dex
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810695190.1A
Other languages
Chinese (zh)
Inventor
陈铁明
项彬彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University of Technology ZJUT
Original Assignee
Zhejiang University of Technology ZJUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University of Technology ZJUT filed Critical Zhejiang University of Technology ZJUT
Priority to CN201810695190.1A priority Critical patent/CN108846284A/en
Publication of CN108846284A publication Critical patent/CN108846284A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/40Extraction of image or video features

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Evolutionary Computation (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Virology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Multimedia (AREA)
  • Image Analysis (AREA)

Abstract

A kind of Android malicious application detection method based on bytecode image and deep learning, includes the following steps:1) APK program code is mapped to RGB image;2):Local message entropy is calculated, local message entropy matrix, fusion RGB image and local comentropy matrix is generated, generates RGBA image;3) feature extraction and classification are carried out to Android malicious application using convolutional neural networks.Detection accuracy of the present invention is higher, rate of false alarm is lower and detection speed is fast.

Description

It is a kind of to be detected based on the Android malicious application of bytecode image and deep learning Method
Technical field
The present invention relates to malicious code analysis technical field, especially a kind of Android malicious application detection method.
Background technique
The development that the appearance of Android open source system has pushed rapidly Global Internet to apply, while also having caused many Safety problem.360 companies pointed out that Android platform in 2017 was average new daily in 2017 in Android malware special topic Increase Malware 2.1 ten thousand, average daily malware infection amount is about 58.8 ten thousand person-times, monitors that Android user infects and dislikes It anticipates software 2.14 hundred million, wherein being more than that 80% Malware seeks improper economic interests in the form that rate consume.It is current to dislike Meaning software has used new technologies and methods to achieve the purpose that destroy and attack around detection, such as new technology for system Runtime Library It hits, carries out remote control operation etc. using Telegram software protocol.Meanwhile report points out to have automation and antagonism Just in volume production malice APP, this technology can detect the detection model of antivirus software for Malware factory, be inferred to antivirus software institute The feature and detected rule used constructs specific APK in conjunction with the information and obfuscation detected, to bypass antivirus software Detection.Malware, which is generated, forms confrontation type development with its detection method, and Malware emerges one after another, and detection method also needs to push away old It is new out.
Most current security firm uses the detection method based on feature code.The spy that such method passes through detection file Code is levied to judge whether it is Malware.Its advantages are that speed is fast, and accuracy rate is high and rate of false alarm is low, but are needed timely Update feature database, it is difficult to resist the malicious application of short time outburst.Interference of such method vulnerable to Code obfuscation and encryption simultaneously. Malware can by the technological means such as shell adding, deformation prevent researcher's reverse program, and then increase detection difficulty and at This.For being presently considered to the shop safest Google Play, have many researchs point out to have a large amount of Malware around Cross the safety detection in the store Google Play.
The not influence vulnerable to Code obfuscation and encryption of behavior-based detection method, but need to collect malicious application a large amount of Information, such as permission, function call, operation action etc..Such method is better than based on spy unknown malicious application detection effect The detection method of code is levied, but needs to consume a large amount of computing resource and time.A kind of detection speed is urgently proposed at this stage Fastly, timeliness is high, the detection method of energy antialiasing.
Most of malicious application is only to increase the mutation of a small amount of module on the basis of some malicious application, between the two There is a large amount of multiplexing code, there is apparent family's feature.Malicious code method for visualizing is intended to pass through malicious code visual Change method is converted into picture, in conjunction with code homology analysis, extracts characteristics of image, is classified using machine learning method. 2011, Nataraj and Karthikeyan proposed in paper it is a kind of desktop end malicious code is mapped as grayscale image, and from GIST feature, the method classified by K nearest neighbor algorithm are extracted in grayscale image.Kancherla et al. is filtered using Gabor Device carries out signal processing to grayscale image and obtains feature, is classified using SVM.Malicious code is mapped as no pressure by Han Xiaoguang et al. Contracting grayscale picture carries out piecemeal to image with the partitioning algorithm based on texture, is made by the textural characteristics that algorithm extracts each piece For texture fingerprint, while texture fingerprint index is established, finally texture fingerprint similarity matching methods is segmented using weighted comprehensive more Detection.
Deep learning obtains a large amount of application in terms of computer vision and Language Processing with brilliant effect.HD DEX file is mapped as RGB image by Huang et al., and million rank training datas are sent into deep learning Inception-v3 mould Type is trained;The dynamic and static nature of DeepDroid combination Android uses depth confidence network (DBN) as training Model is detected;Sieve generation surprise et al. collects malicious code activity and generates vector space, benefit using code image as static nature From compiling model extraction feature and classified with stack.
Summary of the invention
In order to overcome rate of false alarm, the higher deficiency of rate of failing to report of existing Android malicious application detection method, the present invention is mentioned Higher for a kind of accurate measurement precision, rate of false alarm, rate of failing to report are lower to be answered based on bytecode image and the Android of deep learning malice Use detection method.
The technical solution adopted by the present invention to solve the technical problems is:
A kind of Android malicious application detection method based on bytecode image and deep learning, the detection method packet Include following steps:
1) APK program code is mapped to RGB image
Android with .apk using being ended up, wherein including the file of .dex ending;DEX is that Android system can be The file format directly run on Dalvik virtual machine;DEX file is read by bytecode, each byte includes 8bit, value Range be 0x00~0xFF, i.e., 0~255;DEX file is divided into the data block of 3 byte lengths, data block is mapped as figure The place of the rgb value of piece, curtailment is filled using 0, i.e., converts RGB color image for DEX file, and stored For PNG picture;
2) local message entropy matrix and RGBA image generate, and process is as follows:
2.1) pre-processes DEX file, is divided by every 256 byte of length, end is then carried out with 0 less than 256 bytes Filling;
2.2) calculates information entropy using shannon formula to each data block;
2.3) the calculated result entropy of entropy is in [0,8], and the value range in the channel Alpha is 0~255, therefore Entropy is amplified with exponential form, amplified entropy range is that [0~255] is consistent with the interval range in the channel Alpha;
2.4) since entropy is the division carried out using every 256 bytes as data block, each entropy represents in fact The transparency of 85 or 86 pixels is mapped as the matrix in the complete channel Alpha by this rule;
2.5) combines RGB image with Alpha matrix, generates new RGBA image;
3) based on the detection of deep learning
Feature extraction is carried out to input picture using convolutional neural networks, and is classified using softmax.
Technical concept of the invention is:The method by malicious code visualization and deep learning classification is introduced into for the first time Android platform, and propose that one kind can quickly generate the bytecode figure containing RGBA four-way according to the characteristics of Android platform The method of picture, then this method is combined with deep learning method, for detecting Android malicious application, have precision high and The low feature of rate of false alarm.
Basic ideas are to convert the Dalvik bytecode combination local message entropy of Android malicious application in RGBA figure Then picture extracts complex characteristic with the convolutional neural networks of deep learning and classifies.
For overall flow as shown in Figure 1, the DEX file in APK is extracted, which contains Dalvik byte Code, can be executed by Dalvik virtual machine.Then, DEX file is read by bytecode, each byte includes 8bit, value Range be 0x00~0xFF, i.e., 0~255.DEX file is divided into the data block of 3 byte lengths, data block is mapped as picture Rgb value, it can convert RGB color image for DEX file.Then the comentropy value matrix for calculating DEX file, by matrix In conjunction with color image, RGBA image is generated.Finally, using image as input, using deep learning convolutional neural networks into Row feature extraction and classification.
Beneficial effects of the present invention are mainly manifested in:
(1) malicious application is visualized as code image, omits code Decompilation, reduce generation in conjunction with shannon entropy Code obscures bring influence, makes up the single defect in code image source.
(2) compared with the method for current industry mainstream, Android malicious application detection accuracy height of the invention, rate of false alarm Low and detection speed is fast.
Detailed description of the invention
Fig. 1 is the flow chart of the Android malicious application detection method based on bytecode image and deep learning.
Fig. 2 is the corresponding relationship of DEX file structure Yu bytecode RGB image.
Fig. 3 is the RGBA image of same family, wherein (a) is 5 groups of images of DroidKungFu family, is (b) 5 groups of images of Plankton family are (c) 5 groups of images of Opfake family, are (d) 5 groups of images of Kmin family.
Fig. 4 is the illustraton of model of deep learning convolutional neural networks.
Fig. 5 is experimental result picture.
Specific embodiment
The invention will be further described below in conjunction with the accompanying drawings.
Referring to Fig.1~Fig. 4, a kind of Android malicious application detection method based on bytecode image and deep learning, packet Include following steps:
1) APK program code is mapped to gray level image
Android application is usually ended up with .apk, wherein including the file of .dex ending.DEX is that Android system can be with The file format directly run on Dalvik virtual machine, entire file are divided into three bulks:File header, index area, data field. The some essential informations and rough data distribution of file header record DEX file;There is the word in entire DEX file in index area The index of information of string, type, method statement, field and method etc. is accorded with, and the offset in index area finally all points to count According to area.
Usual color image has three Color Channels of RGB (RGB), and each channel has 8 (256 kinds of color grades).Therefore will DEX file is read by bytecode, and each byte includes 8bit, and the range of value is 0x00~0xFF, i.e., and 0~255.By DEX text Part is divided into the data block of 3 byte lengths, and data block is mapped as to the rgb value (example of picture:FFB6C1=R:255G:182B: 193), the place of curtailment is filled using 0, it can is converted RGB color image for DEX file, and is stored For PNG picture.Fig. 2 is the corresponding relationship of DEX file structure and RGB image, as seen from Figure 2, between identical family There are certain similitude, there is larger difference between different families.Mapping method based on image can effectively avoid code mixed Failing to report caused by confusing, simultaneously because the image of identical family presents a degree of similitude, therefore code image can be made For a kind of characteristic of division.It is compared to grayscale image and only possesses single channel, color image possesses RGB triple channel, therefore RGB color figure The effective information of picture is three times of grayscale image, can the detection for after more more accurate features are provided.
2) local message entropy matrix and RGBA image generate, and process is as follows:
2.1) pre-processes DEX file, is divided by every 256 byte of length, end is then carried out with 0 less than 256 bytes Filling;
2.2) calculates information entropy using formula (1) to each data block;
2.3) is in general, the calculated result entropy of entropy is in [0,8], and the value range in the channel Alpha is 0~255, Therefore entropy is amplified with exponential form, amplified entropy range is the interval range one of [0~255] and the channel Alpha It causes;
2.4) since entropy is the division carried out using every 256 bytes as data block, each entropy represents in fact The transparency of 85 or 86 pixels is mapped as the matrix in the complete channel Alpha by this rule
2.5) combines RGB image with Alpha matrix, generates new RGBA image,
Fig. 3 is that the RGBA of different families schemes
The specific implementation of RGBA image is generated as shown in algorithm 1:
3) based on the classification of deep learning
Convolutional neural networks are that one kind receives the inspiration of biological neural network " activation " phenomenon, introduce activation primitive and volume The machine learning model accumulating core and constructing.Convolutional neural networks generally comprise following several layers of:Convolutional layer, line rectification layer, Pond layer, full articulamentum.
Fig. 4 is convolutional neural networks model used herein.By convolution algorithm, feature can be enhanced, reduce simultaneously Noise.Different convolution nuclear energy extracts different feature map, therefore model carries out spy using two layers of 32 3x3 convolution kernels Sign is extracted, and using ReLU as activation primitive.Feature map is compressed by the pond layer of 2x2, to reduce meter Calculation amount.Softmax classifier is sent into finally by full linking layer to classify.
Test uses the open source sample database of German brother's Dettingen university DREBIN project.DREBIN data set has altogether There are 5560 malicious applications, covers 179 malice families.Several big malice more using sample size in data set of experiment herein Family is as malicious application sample.Benign application conduct is obtained from Androids software markets such as Google shop, 360 software stores simultaneously Optimum sample.
Randomly select 500 training samples, 1000 training samples, 1500 training samples and 2000 training samples into Ten folding cross validation of row.Experimental result is as shown in Figure 5, it can be deduced that with the increase of sample, just started to accuracy rate have compared with Big promotion, but it is unobvious more than the amplitude promoted after certain amount, and line is presented with the increase of sample in the training time The increase mode of property.
Then malice family classify and assess classifying quality.Since each family's malice sample is less, Therefore 8 more families of malice sample are chosen to be tested.Experimental result is as shown in table 1, and generally average detected rate is higher than 90%, average rate of false alarm is 1.1%, shows that this method has better effects to malice family classification.
Table 1.

Claims (1)

1. a kind of Android malicious application detection method based on bytecode image and deep learning, which is characterized in that the inspection Survey method includes the following steps:
1) APK program code is mapped to RGB image
Android with .apk using being ended up, wherein including the file of .dex ending;DEX is that Android system can be in Dalvik The file format directly run on virtual machine;DEX file is read by bytecode, each byte includes 8bit, the range of value For 0x00~0xFF, i.e., 0~255;DEX file is divided into the data block of 3 byte lengths, data block is mapped as picture The place of rgb value, curtailment is filled using 0, i.e., converts RGB color image for DEX file, and be stored as PNG picture;
2) local message entropy matrix and RGBA image generate, and process is as follows:
2.1) pre-processes DEX file, is divided by every 256 byte of length, end is then filled out with 0 less than 256 bytes It fills;
2.2) calculates information entropy using shannon formula to each data block;
2.3) the calculated result entropy of entropy is in [0,8], and the value range in the channel Alpha is 0~255, therefore by entropy Value is amplified with exponential form, and amplified entropy range is that [0~255] is consistent with the interval range in the channel Alpha;
2.4) is since entropy is the division carried out using every 256 bytes as data block, each entropy represent in fact 85 or The transparency of 86 pixels is mapped as the matrix in the complete channel Alpha by this rule;
2.5) combines RGB image with Alpha matrix, generates new RGBA image;
3) based on the detection of deep learning
Feature extraction is carried out to input picture using convolutional neural networks, and is classified using softmax.
CN201810695190.1A 2018-06-29 2018-06-29 A kind of Android malicious application detection method based on bytecode image and deep learning Pending CN108846284A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810695190.1A CN108846284A (en) 2018-06-29 2018-06-29 A kind of Android malicious application detection method based on bytecode image and deep learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810695190.1A CN108846284A (en) 2018-06-29 2018-06-29 A kind of Android malicious application detection method based on bytecode image and deep learning

Publications (1)

Publication Number Publication Date
CN108846284A true CN108846284A (en) 2018-11-20

Family

ID=64201619

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810695190.1A Pending CN108846284A (en) 2018-06-29 2018-06-29 A kind of Android malicious application detection method based on bytecode image and deep learning

Country Status (1)

Country Link
CN (1) CN108846284A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543772A (en) * 2018-12-03 2019-03-29 北京锐安科技有限公司 Data set automatic matching method, device, equipment and computer readable storage medium
CN111488574A (en) * 2020-04-08 2020-08-04 湖南大学 Malicious software classification method, system, computer equipment and storage medium
CN111552966A (en) * 2020-04-07 2020-08-18 哈尔滨工程大学 Malicious software homology detection method based on information fusion
CN111552963A (en) * 2020-04-07 2020-08-18 哈尔滨工程大学 Malicious software classification method based on structural entropy sequence
CN112182577A (en) * 2020-10-14 2021-01-05 哈尔滨工程大学 Android malicious code detection method based on deep learning
CN112329016A (en) * 2020-12-31 2021-02-05 四川大学 Visual malicious software detection device and method based on deep neural network
CN113987488A (en) * 2021-10-21 2022-01-28 河南省鼎信信息安全等级测评有限公司 Malicious software detection method and system based on memristive neural network
CN114579970A (en) * 2022-05-06 2022-06-03 南京明博互联网安全创新研究院有限公司 Convolutional neural network-based android malicious software detection method and system
CN115080969A (en) * 2022-06-14 2022-09-20 贵州师范大学 Malicious document detection method based on three-channel Markov diagram
CN116996278A (en) * 2023-07-21 2023-11-03 广东技术师范大学 Webpage detection method and device based on mining behavior of WASM module
EP3918500B1 (en) * 2019-03-05 2024-04-24 Siemens Industry Software Inc. Machine learning-based anomaly detections for embedded software applications

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100079596A1 (en) * 2008-09-26 2010-04-01 Hong Fu Jin Precision Industry (Shenzhen)Co., Ltd. Device and method for automatically testing display device
CN106096411A (en) * 2016-06-08 2016-11-09 浙江工业大学 A kind of Android malicious code family classification method based on bytecode image clustering
CN108062478A (en) * 2018-01-04 2018-05-22 北京理工大学 The malicious code sorting technique that global characteristics visualization is combined with local feature

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100079596A1 (en) * 2008-09-26 2010-04-01 Hong Fu Jin Precision Industry (Shenzhen)Co., Ltd. Device and method for automatically testing display device
CN106096411A (en) * 2016-06-08 2016-11-09 浙江工业大学 A kind of Android malicious code family classification method based on bytecode image clustering
CN108062478A (en) * 2018-01-04 2018-05-22 北京理工大学 The malicious code sorting technique that global characteristics visualization is combined with local feature

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
任卓君等: "熵可视化方法在恶意代码分类中的应用", 《计算机工程》 *
苏欣等: "《Android手机应用网络流量分析与恶意行为检测研究》", 31 October 2016, 湖南大学出版社 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543772B (en) * 2018-12-03 2020-08-25 北京锐安科技有限公司 Data set automatic matching method, device, equipment and computer readable storage medium
CN109543772A (en) * 2018-12-03 2019-03-29 北京锐安科技有限公司 Data set automatic matching method, device, equipment and computer readable storage medium
EP3918500B1 (en) * 2019-03-05 2024-04-24 Siemens Industry Software Inc. Machine learning-based anomaly detections for embedded software applications
CN111552966A (en) * 2020-04-07 2020-08-18 哈尔滨工程大学 Malicious software homology detection method based on information fusion
CN111552963A (en) * 2020-04-07 2020-08-18 哈尔滨工程大学 Malicious software classification method based on structural entropy sequence
CN111488574B (en) * 2020-04-08 2023-04-07 湖南大学 Malicious software classification method, system, computer equipment and storage medium
CN111488574A (en) * 2020-04-08 2020-08-04 湖南大学 Malicious software classification method, system, computer equipment and storage medium
CN112182577A (en) * 2020-10-14 2021-01-05 哈尔滨工程大学 Android malicious code detection method based on deep learning
CN112329016A (en) * 2020-12-31 2021-02-05 四川大学 Visual malicious software detection device and method based on deep neural network
CN112329016B (en) * 2020-12-31 2021-03-23 四川大学 Visual malicious software detection device and method based on deep neural network
CN113987488A (en) * 2021-10-21 2022-01-28 河南省鼎信信息安全等级测评有限公司 Malicious software detection method and system based on memristive neural network
CN114579970B (en) * 2022-05-06 2022-07-22 南京明博互联网安全创新研究院有限公司 Convolutional neural network-based android malicious software detection method and system
CN114579970A (en) * 2022-05-06 2022-06-03 南京明博互联网安全创新研究院有限公司 Convolutional neural network-based android malicious software detection method and system
CN115080969A (en) * 2022-06-14 2022-09-20 贵州师范大学 Malicious document detection method based on three-channel Markov diagram
CN115080969B (en) * 2022-06-14 2023-03-10 贵州师范大学 Malicious document detection method based on three-channel Markov graph
CN116996278A (en) * 2023-07-21 2023-11-03 广东技术师范大学 Webpage detection method and device based on mining behavior of WASM module
CN116996278B (en) * 2023-07-21 2024-01-19 广东技术师范大学 Webpage detection method and device based on mining behavior of WASM module

Similar Documents

Publication Publication Date Title
CN108846284A (en) A kind of Android malicious application detection method based on bytecode image and deep learning
Mi et al. Wheat stripe rust grading by deep learning with attention mechanism and images from mobile devices
CN110765458B (en) Malicious software image format detection method and device based on deep learning
CN106096411B (en) A kind of Android malicious code family classification methods based on bytecode image clustering
KR102007809B1 (en) A exploit kit detection system based on the neural net using image
CN109284372B (en) User operation behavior analysis method, electronic device and computer readable storage medium
WO2020151173A1 (en) Webpage tampering detection method and related apparatus
CN105184160B (en) A kind of method of the Android phone platform application program malicious act detection based on API object reference relational graphs
CN112182577A (en) Android malicious code detection method based on deep learning
US11030312B2 (en) System and method for machine based detection of a malicious executable file
CN110096878A (en) A kind of detection method of Malware
CN110830489B (en) Method and system for detecting counterattack type fraud website based on content abstract representation
EP4150480A1 (en) Descriptive insight generation and presentation system
CN117669384B (en) Intelligent monitoring method and system for temperature sensor production based on Internet of things
Somanchi et al. Discovering anomalous patterns in large digital pathology images
Cheong et al. Causal structure learning of bias for fair affect recognition
O’Shaughnessy Image-based malware classification: A space filling curve approach
Chen et al. Efficient Windows malware identification and classification scheme for plant protection information systems
Joren et al. Learning document graphs with attention for image manipulation detection
Li et al. Target segmentation of industrial smoke image based on LBP Silhouettes coefficient variant (LBPSCV) algorithm
Bilgin Code2image: Intelligent code analysis by computer vision techniques and application to vulnerability prediction
CN117909972A (en) ViLT-based image-text multi-mode android App research and judgment classification method
CN117766067A (en) AOP solid alkali material performance detection data analysis method and system
CN116541841A (en) Classification method, classification device and storage medium for malicious software
Wang et al. Deep learning-based multi-classification for malware detection in IoT

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181120

RJ01 Rejection of invention patent application after publication