Research On The Rule Set Of Malicious Program Ontology Based On Machine Learning

With the development of science and technology,people’s life and the Internet are inseparable.The Internet has brought great convenience to modern life.Whether it is information exchange or information storage,it depends on the Internet to a large extent.However,everything has two sides.While the Internet brings convenience,there are also many hidden dangers,such as information leakage and the spread of Trojan viruses.Most of them spread through malicious programs,posing a threat to people’s privacy and property security.Therefore,the analysis,prevention,and detection of malicious programs are particularly important.Taking the dynamic analysis of malicious programs as the entry point,the behavior of malicious programs is described based on ontology,and a complete ontology rule set of malicious programs is constructed,which can effectively conduct inference detection on unknown samples.This article mainly carries out research work from the following points:(1)A circular association decision algorithm is proposed to generate fine-grained rule sets(malrulesets)for malicious program behavior,in response to issues such as limited scalability and long time consumption when constructing inference rule sets manually in the field of malicious program ontology.Firstly,a formal extension description method of API call frequency based on malicious program is defined.Secondly,the behavior characteristic attributes of malicious programs and the frequency of API function calls are extracted.Subsequently,an association decision algorithm was proposed to mine the behavioral characteristics of malicious programs,forming a fine-grained rule set for malicious program behavior.Then,in response to issues such as incomplete and redundant rules mined by association decision algorithms,a cyclic association decision algorithm was proposed to optimize association decisions and generate fine-grained rule sets for malicious program behavior,achieving detection of fine-grained categories of malicious programs.The experimental results show that the fine-grained rule set generated by the circular association decision algorithm for malicious program behavior has high quality,and performs well in fine-grained detection of unknown program samples,with a total detection rate of 92.41%.(2)A Fisher linear discriminant algorithm is proposed to generate a coarse-grained rule set(softruleset)for malicious program behavior,as the Rule Set must be complete.The coarse grained rule set of program behavior(softruleset)and the fine grained rule set of malicious program behavior(malruleset)jointly construct a complete malicious program ontology rule set(Rule Set).Firstly,34 API functions that can best describe the behavior of the application program are listed.Secondly,Fisher linear discriminant algorithm is used to solve the weight vector of the API function and the discriminant threshold of the malicious program and normal program.The linear discriminant function is transformed into the decision rule,namely the coarse-grained rule set of the program behavior.The experimental results show that the generation of coarse-grained rule sets based on Fisher linear discriminant algorithm is shorter and more feasible than the artificial method.At the same time,the two coarse-grained rules generated for program behavior can effectively identify malicious and normal programs.This article conducts in-depth research on the generation method of malicious program ontology rule set based on machine learning.The proposed formal extended description method of API call frequency based on malicious program not only enhances the description of program behavior by ontology,but also avoids certain information omission.At the same time,the cyclic association decision algorithm and Fisher linear discriminant algorithm are used to automatically generate the ontology rule set of malicious programs.In the ontology,the inference of unknown samples has a high detection rate,which solves the shortcoming of the single feature analysis in the construction of inference rule set by traditional algorithms.