公开(公告)号：US20220318387A1

公开(公告)日：2022-10-06

申请号：US17709923

申请日：2022-03-31

Applicant: ACADEMIA SINICA

Inventor： Meng-Chang Chen ,  Yi-Ting Huang

IPC: G06F21/56 ,  G06F21/55 ,  G06N5/02

Abstract: A method for learning a correspondence between malware behaviors and an execution trace of the malware, comprising: receiving an execution trace which includes one or more sequences of application programming interface (API) calls, wherein each of the API calls is corresponding to one or more resources of a computer system; processing each sequence of the API calls in a process, respectively, for generating a binding group embedding for each of the resources corresponding to the API calls in each of the process; aggregating the binding group embeddings in each of the processes; producing a malware representation according to the aggregated binding group embeddings; and classifying the malware representation corresponding to techniques implemented by the malware.