Program detection method, device and program analyzing method

A program detection and program technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems such as complexity, system resource consumption, misjudgment, etc.

Inactive Publication Date: 2008-05-21
白杰 +2
View PDF3 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] Since normal application programs or system programs inevitably have behaviors and instructions involving sensitive operations, the technical solution in the above example reduces the accuracy of judging whether it is a virus based on the program behavior, and misjudgments are frequent. occur
[0010] In addition, in reality, there are many and complex operations of computer instructions, and the difference in the parameters of the same instruction also leads to wildly different execution results. Therefore, it is also necessary to simply rely on the detection of sensitive instruction operations in the program to determine whether it is a virus. One of the factors causing misjudgment
[0011] In addition, in practical applications, some people also propose to simply use virtual technology to simulate the running of the program. This technical solution produces a huge overhead on the consumption of system resources, and it is also unbearable for computer users.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program detection method, device and program analyzing method
  • Program detection method, device and program analyzing method
  • Program detection method, device and program analyzing method

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0062] Example 1: Assume that on the windows platform, there is a virus virus1 with a system file specially deleted (c:\windows\regedit.exe), the function to be called by virus1 is:

[0063] SOCKET(DEL(PATH(FILENAME(regedit.exe)))),

[0064] ,

[0065] Valid functions for virus1 .

example 2

[0066] Example 2: Suppose virus virus2 instruction code:

[0067] A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11, A12, A13, A14, A15...An

[0068] Instructions: A2, A3, A5, A8, A9, A11, A12, and A15 correspond to the logical functions:

[0069] ,

[0070] ,

[0071] Then, A2, A3, A5, A8, A9, A11, A12, A15 are effective instruction codes of virus2, and the remaining codes are non-important function codes or useless codes.

example 3

[0072] Example 3: Suppose the running process of the virus virus3 is:

[0073] The first step is to use the FILENAME() function to determine that the file to be deleted is regedit.exe;

[0074] In the second step, use the PATH() function to determine that the logical path of regedit.exe is c:\windows\regedit.exe;

[0075] The third step is to use the DEL() function to delete c:\windows\regedit.exe.

[0076] The function to be called by the virus virus3 to complete the above three steps is:

[0077] DEL(PATH(FILENAME(regedit.exe))).

[0078] The behavior of virus virus3 is:

[0079] Behavior 1: Determine that the file to be deleted is regedit.exe;

[0080] Behavior 2: Determine the logical path of regedit.exe is c:\windows\regedit.exe;

[0081] Behavior 3: Delete c:\windows\regedit.exe.

[0082] Then, behavior 1→result 1=file regedit.exe is determined;

[0083] Behavior 2→Result 2=the logical path of file regedit.exe is determined;

[0084] Action 3 → Result 3 = The fil...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a program detection method, a program detection device and a program analysis method. The program detection method comprises the following steps: after the running process and the running result of a program to be detected are obtained, a behavioral data sequence of the program is generated; the behavioral data sequence of the program is compared with the data stored in a behavioral data sequence base of risk programs, and the risk coefficient of the program to be detected is determined based on the comparison result; the program to be detected is then labeled or recorded according to the risk coefficient. The invention has the advantages that the program detection method can dynamically trace the program running, the recognition rate of risk programs is improved and the miss killing rate to normal programs is reduced.

Description

technical field [0001] The invention relates to a method and device for program detection and a method for program analysis. Background technique [0002] With the development of computer technology today, people's life, work, travel, etc. have gradually become inseparable from computer technology. Maintaining the normal operation of the computer system is already an important and complicated work that depends on the computer technology industry. Preventing the harm of computer viruses has become one of the key tasks to maintain the normal operation of the computer system. As we all know, a large part of the reason why the computer system cannot work normally is caused by computer viruses. [0003] With the development of computer application technology and computer network technology, the harmful ability of computer viruses has developed to destroy computer systems and steal confidential information along with the initial pranks; Media transmission has developed to the us...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/56
Inventor 白杰
Owner 白杰
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap