Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Automatic analyzing system and method for dynamic action of malicious program

A technology for automatic analysis and malicious programs, which is applied in the field of system security and network security, and automatic analysis system for dynamic behavior of malicious programs. Effects on Performance and Operational Efficiency

Inactive Publication Date: 2008-04-02
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF0 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Manual analysis of unknown binary programs discovers the internal functions of the program through manual debugging and tracing, which requires a high level of experience and ability of the analysts, and the analysis results are often incomplete
With the continuous improvement of malicious programs, the functions are more complex, accompanied by a sharp increase in code
This poses a huge challenge to traditional manual analysis
At the same time, the traditional manual debugging technology faces many difficulties in analyzing malicious binary programs, the most important of which is the inability to fully grasp the execution control flow range of the program, so that many codes of malicious programs are executed without the debugger being able to track them.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic analyzing system and method for dynamic action of malicious program
  • Automatic analyzing system and method for dynamic action of malicious program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0025] Referring to Fig. 1, the initialization component of the malicious program dynamic behavior automatic analysis system first starts the unknown binary program to be analyzed, and will also load the virtual execution component and the behavior monitoring component at the same time. The virtual execution unit will be loaded into the process space of the target binary program, so as to effectively control the execution of the target binary program code flow. The behavior monitoring component contains the default security behavior rule library, and users can also access the interface to process these rules, and support the addition, deletion and modification of rules.

[0026] After the initialization is completed, the binary program enters the execution state. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an automatic analysis system and a method of malice binary program dynamic behavior. The system consists of an initialization unit, a virtual execution unit, a disassembling unit, a behavior monitoring unit and a behavior analysis unit. The method is that: the initialization unit activates a monitored program, and the virtual execution unit and the behavior monitoring unit are then loaded; the disassembling unit acquires the assembler instruction of the binary code flow of an object program, the virtual execution unit slices and generates a corresponding basic block, and the behavior monitoring unit judges whether the basic block contains any malice behavior defined by a rule base; if the basic block does contain a malice behavior, the behavior monitoring unit can transfer the command to the behavior analysis unit and record the malice behavior; after being returned, each instruction in the basic block can be virtually executed; the behavior analysis unit puts forward a malice behavior analysis report after the program execution quits or a user stops the analysis process forcibly. The invention enables complete control and analysis of malice program running behavior in a virtual environment and a detailed report can provide effective buckler aiming at the malice program.

Description

technical field [0001] The invention relates to a malicious program dynamic behavior automatic analysis system and method, and belongs to the related fields of system security and network security. The invention is used for coarse-grained analysis of the dynamic behavior of unknown malicious programs. Background technique [0002] The dynamic behavior analysis of unknown binary programs is a challenging task, which will provide the key information needed to build the core structure and function blueprint of unknown software. Most of the current researches on the analysis of unknown binary programs are manual analysis methods. [0003] The manual analysis of unknown binary programs discovers the internal functions of the program through manual debugging and tracing, which has high requirements on the experience and ability of the analysts, and the analysis results are generally incomplete. With the continuous improvement of malicious programs, the functions are more complex...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/22G06F21/56
Inventor 梁晓曹跃李毅超黄沾徐胜
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products