Method for capturing dynamic behavior aiming at computer virus

A computer virus and behavior technology, applied in computer security devices, computing, instruments, etc., can solve problems such as failure, difficulty in finding code sequences, and inability to deal with malicious code.

Inactive Publication Date: 2009-02-25
THE THIRD RES INST OF MIN OF PUBLIC SECURITY
View PDF0 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage is that most of the writers of illegal programs such as viruses and Trojan horses have encrypted, deformed, and packed them in order to allow these programs to spread and run as much as possible. Difficulty finding code sequences in its code that correspond to illegal program behavior
[0023

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for capturing dynamic behavior aiming at computer virus
  • Method for capturing dynamic behavior aiming at computer virus
  • Method for capturing dynamic behavior aiming at computer virus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0089] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific illustrations.

[0090] The method of the present invention is specifically realized by the prepared virus dynamic behavior automatic analysis system. The main function of the system is to automatically acquire and analyze the dynamic behavior data of the sample program. The system consists of the following modules:

[0091] (1) Sample library: The sample library includes two types of samples, namely black sample library (virus sample) and white sample library (legal program).

[0092] (2) Storage screening module: responsible for saving the information of a file or a file in a folder that can be directly accessed on the specified network to the specified database, and at the same time checking whether the sample meets the operating conditions of the automated ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a dynamic behavior capturing method for computer viruses in an automatic analysis system used for preventing and curing the computer viruses. In the method, by setting the calling of API as a debugging event, a system kernel captures the event and informs a debugger; debugging breakpoints are set at specified API call entries, and when capturing programs are executed to the debugging breakpoints, an interruption event occurs; subsequently, the system kernel injects a dynamic link library to a malicious code process space through a capturing tool; the dynamic link library is used for analyzing the stack content of API.

Description

Technical field: [0001] The invention relates to the fields of computer virus prevention and data analysis and processing, in particular to a method for capturing the dynamic behavior of computer viruses in an automatic analysis system used to prevent and control computer viruses. Background technique: [0002] The so-called computer virus refers to a group of computer instructions or program codes that are compiled or inserted into computer programs to destroy computer functions or data, affect computer use, and can replicate themselves; computer viruses have the following basic characteristics: (1) Latent In computer storage media and programs; (2) activated when certain conditions are met; (3) programs or instruction sets that have a destructive effect on computer resources; just like biological viruses, computer viruses have a unique self-replicating ability, they Capable of attaching itself to various types of files, they spread with the files as they are copied or tran...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/55
Inventor 胡永涛沈寒辉肖新光候强黄刚姚静晶
Owner THE THIRD RES INST OF MIN OF PUBLIC SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap