Multilayer semantic annotation and detection method against malignancy

A detection method and semantic annotation technology, applied in the field of computer security, can solve problems such as the efficiency of unknown computer virus analysis, achieve the effects of improving adaptability and accuracy, improving protection capabilities, and improving work efficiency

Inactive Publication Date: 2009-02-04
THE PLA INFORMATION ENG UNIV
View PDF0 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the detection of malicious behavior in binary codes, the present invention proposes a multi-layer software malicious behavior marking method based on program semantic analysis, and a malicious behavior monitoring system based on this marking method, which is mainly used to solve the analysis of unknown computer viruses Efficiency issues and detection of computer malicious behavior at a higher level

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multilayer semantic annotation and detection method against malignancy
  • Multilayer semantic annotation and detection method against malignancy
  • Multilayer semantic annotation and detection method against malignancy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] see figure 1 , figure 2 , image 3 , Figure 4 , Figure 5 , a method of recording and analyzing intermediate results using multi-layer semantic annotation technology in malicious behavior detection, and layer-by-layer detection of annotation information on this basis, that is, a multi-layer semantic annotation and detection method for malicious behavior. Including the labeling sub-module and the detection sub-module, wherein the labeling sub-module and the detection sub-module include the binary semantic layer L0, the linear instruction semantic layer L1, the control flow graph semantic layer L2, the procedure call graph semantic layer L3 and the application level semantic layer L4 labeling and detection respectively; the labeling sub-module labels specific analysis target objects at each layer; the detection sub-module detects malicious behaviors at all levels based on corresponding analysis strategies and algorithms; labeling and detection layers The intermediat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method of adopting the multi-layer semantic annotation technology to analyze the intermediate result and detect the annotation information in layering mode based on the analyzed intermediate result during the malicious behavior detection. The model includes an annotation sub-module and a detection sub-module; wherein, the annotation sub-module includes a binary semantic layer, a linear instruction semantic layer, a control flow chart semantic layer, a process call chart semantic layer and an application level semantic layer. The annotation is processed towards the specified analysis target object in each layer. The detection sub-module detects the malicious behavior on the annotation information in layers based on the corresponding analysis strategy and the algorithm. The invention has the advantages of effectively decomposing the complexity of the malicious behavior detection, utilizing the advantages of different detection mechanisms, avoiding the inherent defects of different mechanisms, improving the adaptability and accuracy of the malicious behavior detection.

Description

1. Technical field: [0001] The invention relates to a multi-layer labeling and detection method for computer malicious behavior codes, belongs to the technical field of computer security, and is particularly suitable for the analysis and identification technology of malicious behavior codes in binary executable codes. 2. Background technology: [0002] Computer viruses have plagued computer experts and users alike for a long time. The ability of replication, transmission and destruction of computer virus makes it a serious threat to the normal use of computers. In recent years, the rapid development of the network has made the spread of computer viruses more convenient, and the number of computer virus programs has grown explosively, posing a serious threat to computer systems and information security. The emergence of simple computer virus generation tools makes the writing of computer viruses a common phenomenon, which makes the situation of computer virus defense increas...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/56
Inventor 庞建民张靖博赵荣彩付文刘晓楠王强白莉莉韩小素
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap