Unlock instant, AI-driven research and patent intelligence for your innovation.
Program detection method, device and program analyzing method
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A program detection and program technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems such as complexity, system resource consumption, misjudgment, etc.
Inactive Publication Date: 2008-05-21
白杰 +2
View PDF3 Cites 18 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0009] Since normal application programs or system programs inevitably have behaviors and instructions involving sensitive operations, the technical solution in the above example reduces the accuracy of judging whether it is a virus based on the program behavior, and misjudgments are frequent. occur
[0010] In addition, in reality, there are many and complex operations of computer instructions, and the difference in the parameters of the same instruction also leads to wildly different execution results. Therefore, it is also necessary to simply rely on the detection of sensitive instruction operations in the program to determine whether it is a virus. One of the factors causing misjudgment
[0011] In addition, in practical applications, some people also propose to simply use virtual technology to simulate the running of the program. This technical solution produces a huge overhead on the consumption of system resources, and it is also unbearable for computer users.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
example 1
[0062] Example 1: Assume that on the windows platform, there is a virus virus1 with a system file specially deleted (c:\windows\regedit.exe), the function to be called by virus1 is:
[0068] Instructions: A2, A3, A5, A8, A9, A11, A12, and A15 correspond to the logical functions:
[0069] ,
[0070] ,
[0071] Then, A2, A3, A5, A8, A9, A11, A12, A15 are effective instruction codes of virus2, and the remaining codes are non-important function codes or useless codes.
example 3
[0072] Example 3: Suppose the running process of the virus virus3 is:
[0073] The first step is to use the FILENAME() function to determine that the file to be deleted is regedit.exe;
[0074] In the second step, use the PATH() function to determine that the logical path of regedit.exe is c:\windows\regedit.exe;
[0075] The third step is to use the DEL() function to delete c:\windows\regedit.exe.
[0076] The function to be called by the virus virus3 to complete the above three steps is:
[0077] DEL(PATH(FILENAME(regedit.exe))).
[0078] The behavior of virus virus3 is:
[0079] Behavior 1: Determine that the file to be deleted is regedit.exe;
[0080] Behavior 2: Determine the logical path of regedit.exe is c:\windows\regedit.exe;
[0081] Behavior 3: Delete c:\windows\regedit.exe.
[0082] Then, behavior 1→result 1=file regedit.exe is determined;
[0083] Behavior 2→Result 2=the logical path of file regedit.exe is determined;
[0084] Action 3 → Result 3 = The fil...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention provides a program detection method, a program detection device and a program analysis method. The program detection method comprises the following steps: after the running process and the running result of a program to be detected are obtained, a behavioral data sequence of the program is generated; the behavioral data sequence of the program is compared with the data stored in a behavioral data sequence base of risk programs, and the risk coefficient of the program to be detected is determined based on the comparison result; the program to be detected is then labeled or recorded according to the risk coefficient. The invention has the advantages that the program detection method can dynamically trace the program running, the recognition rate of risk programs is improved and the miss killing rate to normal programs is reduced.
Description
technical field [0001] The invention relates to a method and device for program detection and a method for program analysis. Background technique [0002] With the development of computer technology today, people's life, work, travel, etc. have gradually become inseparable from computer technology. Maintaining the normal operation of the computer system is already an important and complicated work that depends on the computer technology industry. Preventing the harm of computer viruses has become one of the key tasks to maintain the normal operation of the computer system. As we all know, a large part of the reason why the computer system cannot work normally is caused by computer viruses. [0003] With the development of computer application technology and computer network technology, the harmful ability of computer viruses has developed to destroy computer systems and steal confidential information along with the initial pranks; Media transmission has developed to the us...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More