등록
기계 학습에서 앙상블 학습법 및 DB를 이용한 특징 인자 유사도 기반 File-less 악성 스크립트 탐지 최적화 장치
- 발명자
-
김정태, 송지현, 김익균, 이상민, 이종훈, 김영수, 김종현, 박종근
- 출원번호
-
17100541 (2020.11.20)
- 공개번호
-
20210240827 (2021.08.05)
- 등록번호
- 11783034 (2023.10.10)
- 출원국
- 미국
- 협약과제
-
19HH6200, 지능화된 악성코드 위협으로부터 ICT 인프라 보호,
김종현
- 초록
- Disclosed herein are an apparatus and method for detecting a malicious script. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to extract token-type features, each of which corresponds to a lexical unit, and tree-node-type features of an abstract syntax tree from an input script, to train two learning models to respectively learn two pieces of learning data that are generated in consideration of features extracted respectively from the token-type features and the node-type features as having the highest frequency, and to detect whether the script is a malicious script based on the result of ensemble-based malicious script detection performed for the script, which is acquired using an ensemble detection model generated from the two learning models.
- KSP 제안 키워드
- Abstract syntax, Detection model, Executable memory, Learning data, Learning model, Malicious script, Syntax tree, abstract syntax tree, ensemble-based