首页>
外国专利>
Malicious software clustering method expressed based on TLSH feature
Malicious software clustering method expressed based on TLSH feature
展开▼
机译:基于TLSH特征的恶意软件聚类方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
This invention public a kind of malicious software clustering method expressed based on TLSH feature, which belongs to the analysis and test area of malicious software. Firstly, the Cuckoo Sandbox is used to analyze the malicious software to acquire three kinds of character string features, which are the static feature of the software, resource assess record during operation and API; And then the character strings are disassembled, filtered and sorted and the TLSH algorithm is used to compress them into three groups of feature values with size of 70 characters; Finally the OPTICS algorithm is utilized to realize the automatic classification on the malicious software family. This invention adopts unsupervised learning methods, which does not need the manual tab for the training in advance. The features which are extracted are compressed and expressed by using the TLSH. Under the situation that the feature is not lost, the data dimension is largely lowered and the clustering speed is improved; Through adoption of OPTICS clustering algorithm based on the density, it can not only recognize the cluster of any shape or any number but also largely reduce the influence of the input parameters on the clustering result while improving the efficiency and quality of clustering.
展开▼