Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malevolence code automatic recognition method

A technology for automatic identification and malicious code, applied in the field of automatic analysis of malicious code, it can solve the problem that it is difficult to establish a robust and differentiated model, and achieve the effect of speeding up the analysis process and covering a wide range of analysis.

Inactive Publication Date: 2008-03-12
PEKING UNIV
View PDF0 Cites 58 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This approach establishes a correspondence between malicious behaviors and program fragments, but it is difficult to build a robust and discriminative model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malevolence code automatic recognition method
  • Malevolence code automatic recognition method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In the present invention, a component is defined as a program module composed of a cluster of related functions to complete a specific function. This function cluster contains a header function, that is, the construction header, which directly or indirectly calls all other functions in the cluster. Figure 2 is a schematic diagram of the components defined in the present invention.

[0035]The invention uses component extraction technology and binary code similarity comparison technology in the field of reverse engineering. Component extraction technology is an important research topic in the field of software engineering, and its main goal is to identify reusable components from legacy code. The method of component extraction and evaluation (see literature: Luo Jing, Zhang Lu, Sun Jiasu "Review of Component Extraction Technology", Computer Science, Volume 32, December 2005), including domain knowledge, structure and component measurement, etc., this kind of The method...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the field of malicious code automatic analysis, and a malicious code automatic identification method. The invention first dismantles an executable program sample under analysis into components under analysis; then, compare a component under analysis with a component affected by known malicious behaviors, in order to automatically determine whether the sample under analysis is a malicious code. The invention has advantages of broad analysis coverage scope, high analysis speed on malicious samples, and updating malicious code behavior component library.

Description

technical field [0001] The invention belongs to the field of automatic analysis of malicious codes, in particular to a method for accelerating the analysis of malicious codes by using reverse engineering technology and code similarity comparison technology. Background technique [0002] On the current Internet, malicious codes are ubiquitous and flooding, seriously threatening network security. Malicious code-related technologies are relatively difficult to implement, but in recent years, with the popularization of the Internet, there have been more and more websites on the Internet dedicated to discussing malicious code implementation technologies. People can directly obtain the source code of malicious code from the Internet. Source code becomes available at your fingertips. These have promoted the proliferation of malicious code variants. In different variants of malicious code, the phenomenon of code segment reuse is very obvious. Many new malicious codes have adopted t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/22H04L9/00H04L29/06G06F21/55
Inventor 梁知音韦韬邹维韩心慧诸葛建伟陈昱毛剑
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products