Malicious code detection method

A malicious code detection and malicious code technology, applied in the fields of instrumentation, computing, electrical digital data processing, etc., can solve the problems of backwardness, easy to be bypassed, and inability to identify polymorphism or deformation of malicious code.

Inactive Publication Date: 2008-09-17
PEKING UNIV
View PDF0 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, this method cannot identify malicious codes with unknown characteristics, and the release of new virus signatures or "fingerprints" always lags behind the spread of viruses
Moreover, because different gram...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method
  • Malicious code detection method
  • Malicious code detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0041] 1. Finite State Automata for Obtaining Known Malicious Behaviors

[0042] In this embodiment, by analyzing the key steps of known malicious behaviors (such as some API calls) and the timing relationship between them, judging the changes between program states, and using finite state automata to describe these malicious behaviors.

[0043] The construction process of the finite state automaton is as follows: the state of the known malicious behavior before or after each key step is taken as the state set Q, and the actions of the key steps such as API calls are used as the input alphabet A, according to the known malicious behavior The specific execution of the malicious code establishes the state transition function δ, and the state after the malicious behavior is triggered is taken as the receiving state set F, and the initial...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious code examination method based on the semanteme, which may completely portray aggressive behaviors based on the function call, effectively distinguishes malicious behaviors in the binary suspicious procedure, and belongs to the Internet safety technology domain. The method of the invention includes: a) to obtain the finite state automata of the known malicious code; b) to obtain the push down automata of the binary suspicious procedure to be examined; c) to use a model inspection method to inspect whether an input character string which can be simultaneously received exists between the push down automata and the finite state automata or not, if yes, the suspicious procedure to be examined is judged as the malicious procedure. The invention uses the finite state automata to describe the malicious behaviors, combines the existing tool and the method to convert the suspicious program to be the push down automata, then uses the existing model inspection method to examine whether the malicious code is contained in the suspicious procedure or not. And the malicious code examination in the Internet safety technology domain can be effectively used.

Description

technical field [0001] The invention relates to a malicious code detection method based on semantics, which can completely characterize the attack behavior based on function calling, and effectively identify the malicious behavior in binary suspicious programs. It belongs to the field of Internet security technology. Background technique [0002] With the rapid development of network and computer technology, the types of malicious code, the speed of transmission, the number of infections and the scope of influence are gradually increasing. Malicious code has become an important factor threatening Internet security and computer system security, and the analysis and detection of malicious code is an important link in all security strategies. [0003] The traditional most widely used malicious code detection technology is the detection technology based on signature. It extracts a certain binary fragment in the malicious code as the "fingerprint" of the malicious code. When th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F9/45G06F21/00H04L29/06G06F21/56
Inventor 毛剑韦韬戴帅夫邹维王铁磊张超赵新建李佳静
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap