Method and apparatus for identifying malicious software
US10635812B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 7, 2017 |
| Grant date | Apr 28, 2020 |
| Priority date | — |
| Expiry date | Jul 12, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/62
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method and apparatus are disclosed for identifying malicious software in the technical field of computers. The method includes: obtaining, according to a source code of to-be-detected software, a function call diagram of the software; generating a feature sequence of the software according to the function call diagram, the feature sequence including an eigenvalue of at least one feature, the feature being a function in a preset function library, and the eigenvalue of the feature being a quantity of times of calling of the function by the software; and identifying whether the software is malicious software according to the feature sequence and a random forest, the random forest including at least one decision tree, and the decision tree including reference eigenvalues of multiple features. The apparatus includes: an obtaining module, a generation module, and an identification module. The present disclosure may improve identification accuracy.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.