公开(公告)号：US20210027114A1

公开(公告)日：2021-01-28

申请号：US16887436

申请日：2020-05-29

Applicant: HOSEO UNIVERSITY ACADEMIC COOPERATION FOUNDATION

Inventor： Tae Jin LEE ,  Young Joo LEE

IPC: G06K9/62 ,  G06F40/284 ,  G06F16/903 ,  G06N3/08

Abstract: A packer classification apparatus extracts features based on a section that holds packer information from files and classifies packers using a Deep Neural Network(DNN) for detection of new/variant packers. A packer classification apparatus according to an embodiment uses PE section information. packer classification apparatus includes a collection classification module collecting a data set and classifying data by packer type to prepare for a model learning, a token hash module tokenizing a character string obtained after extracting labels and section names of each data and combining the section names, and obtaining a certain standard output value using Feature Hashing, and a type classification module generating a learning model after learning the data set with a Deep Neural Network(DNN) algorithm using extracted features, and classifying files for each packer type using the learning model after extracting features for the files to be classified.

公开(公告)号：US20230164162A1

公开(公告)日：2023-05-25

申请号：US17988939

申请日：2022-11-17

Applicant: HOSEO UNIVERSITY ACADEMIC COOPERATION FOUNDATION

Inventor： Tae Jin LEE ,  Hong Bi KIM ,  Yong Soo LEE ,  Eun Gyu LEE

IPC: H04L9/40 ,  G06N20/20

CPC classification number: H04L63/1433 ,  H04L63/1416 ,  G06N20/20

Abstract: A valuable alert screening method for detecting malicious threat includes generating an AI model based on training data for predicting test data, generating XAI explainability and selecting important features based on summary plot by using an explainer and training data, performing range processing based on data distribution of important features selected for analysis without bias, calculating a SHAP value average and standard deviation of each range group and then storing them to determine suspicion and reliability of test data, making prediction by using an AI model generated in advance after feature processing in the same way as the training data at the time of inputting the test data, calculating a SHAP value by using the test data and the explainer, loading FOS calculation information to calculate FOS for each important feature, and calculating a suspicion score for each data by aggregating the FOS after calculating the FOS for each feature.

公开(公告)号：US20220174082A1

公开(公告)日：2022-06-02

申请号：US17393567

申请日：2021-08-04

Applicant: HOSEO UNIVERSITY ACADEMIC COOPERATION FOUNDATION

Inventor： Tae Jin LEE ,  Chan Woong HWANG ,  Hyo Sik KIM

IPC: H04L29/06 ,  G06F16/28 ,  G06N3/04

Abstract: A method for detecting and classifying a domain generation algorithm (DGA) generation domain according to an embodiment of the present disclosure includes entering a domain address expressed as a vector of sequence numbers in a TextCNN, and replacing the vector with a one-hot vector corresponding to sequence number vector elements to express image representation.