Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Suspicious file analyzing method and suspicious file analyzing system

An analysis method, a suspicious technology, applied in the direction of instruments, electrical digital data processing, computer security devices, etc., can solve problems such as costing a lot of manpower and material resources, starting, suspending, restarting, and shutting down the VirtualMachine system, so as to improve analysis efficiency, The effect of saving time and labor costs

Active Publication Date: 2009-12-02
HUAWEI DIGITAL TECH (CHENGDU) CO LTD
View PDF0 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the process of implementing the present invention, the inventor found that there are at least the following problems in the prior art: manual operations are required when using a virtual machine, such as creating, restoring, and deleting operations on a single object storage (Single Instance Storage, SIS) and The startup, suspension, restart, shutdown and other operations of the VirtualMachine system require manual participation. The analysis engineers and test engineers of the software information security company must manually operate the virtual machine to achieve the work purpose when analyzing and testing the malware. Therefore, the software Information security companies spend a lot of manpower and material resources in this link

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Suspicious file analyzing method and suspicious file analyzing system
  • Suspicious file analyzing method and suspicious file analyzing system
  • Suspicious file analyzing method and suspicious file analyzing system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, and are not intended to limit the present invention.

[0021] Please refer to figure 1 , which is a schematic flow chart of a suspicious file analysis method in an embodiment of the present invention, and its steps specifically include:

[0022] Step S10: read the configuration file; the configuration file is pre-stored information related to suspicious files, such as the path of suspicious files, custom rules for suspicious file analysis (including steps or strategies for suspicious file analysis) and other information . The configuration file can be modified according to actual needs, for example, the path location of the actual...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a suspicious file analyzing method which comprises the following steps: obtaining one or more suspicious files according to a prestored configuration file, wherein the configuration file is information relevant to the suspicious file; selecting one of the suspicious files, transmitting the selected suspicious file to a virtual machine and running the selected suspicious file; recoding the behavior characteristics of the suspicious file in the virtual machine during running and storing the behavior characteristics into a log; and analyzing the suspicious file according to the recorded log and outputting an analyzing result. The embodiment of the invention also provides a suspicious file analyzing system. The embodiment of the invention automatically transmits one or more suspicious files to the virtual machine, automatically outputs the analyzing result by monitoring and analyzing the behavior characteristics of the suspicious file in the virtual machine during running and can automatically analyze the suspicious file and output the analyzing result, improve the analyzing efficiency and save the time and the manpower cost.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a suspicious file analysis method and system. Background technique [0002] A virtual machine (Virtual Machine) is a fictitious computer that is realized by simulating various computer functions on a real computer. One or more virtual computers (virtual machines) can be simulated on a computer (host) through virtual machine software, and each virtual computer can run a separate operating system without interfering with each other, that is, a virtual computer A computer is an independent computer with its own operating system. The virtual machine uses the CPU, part of the disk space, and memory of the real system. The virtual machine works exactly like a real computer, such as installing an operating system, installing applications, and accessing network resources. [0003] Because the biggest advantage of virtual machines is convenience, speed, and resource saving, it...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/51
CPCG06F21/51
Inventor 张增现
Owner HUAWEI DIGITAL TECH (CHENGDU) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com