Classification system and classification method of computer rogue programs based on file instruction sequence

A technology of instruction sequences and malicious programs, applied in computer security devices, calculations, special data processing applications, etc., can solve problems such as no unified standard for naming rules and unsatisfactory classification effects

Active Publication Date: 2009-12-16
BEIJING KINGSOFT INTERNET SECURITY SOFTWARE CO LTD
View PDF0 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] For a large number of malicious program samples collected by computer anti-malware software manufacturers, different anti-malware software gives different classification results, and there is no uniform standard for naming rules. Even if the names are the same, they may not necessarily belong to the same family. , so the classification effect is not satisfactory

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Classification system and classification method of computer rogue programs based on file instruction sequence
  • Classification system and classification method of computer rogue programs based on file instruction sequence
  • Classification system and classification method of computer rogue programs based on file instruction sequence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The computer malicious program classification system based on file instruction sequence of the present invention comprises:

[0043] Instruction sequence feature extraction module, which first unpacks the sample file, extracts all the functions contained in the sample file, and removes the operands in the function, only retains the assembly instruction, and then uses the function as a unit to extract the instruction sequence of each function Slicing with the specified slice length at the specified step length, counting the instruction fragments appearing in each sample file, and generating a set of instruction fragments as the feature representation of the sample file;

[0044] A sample file difference degree calculation module, which calculates the difference degree between two malicious program sample files, and its calculation formula is:

[0045] WJD mn = w m ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a classification system and a classification method of computer rogue programs based on file instruction sequence. The classification system of computer rogue programs based on file instruction sequence comprises an instruction sequence feature extraction module used for generating aggregation of instruction segments, a sample file diversity factor calculation module used for calculating the diversity factor between two sample points; a dimensionality weight calculation module used for calculating the weight of each dimensionality of each family and dimensionality weight vectors of families and a sample family division module used for calling all modules to complete family division of all sample points. The device can reasonably divide families of rogue program samples according to the file instruction sequence.

Description

technical field [0001] The invention relates to the field of computer anti-malicious program software, in particular to a system and method for classifying computer malicious programs based on file instruction sequences. Background technique [0002] At present, the basic principle of computer anti-malware program software for malicious programs is: first identify suspicious files and determine whether they belong to normal programs or malicious programs; The characteristics of malicious programs in the same family are extracted from their "pass-kill" features; the remaining samples that cannot extract "pass-kill" features extract "automatic" features to generate corresponding malicious program feature libraries. According to the generated malicious program signature database, the computer anti-malware program software scans the files in the client computer, and judges whether each file matches the malicious program signature in the signature database, and if it matches, it ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F17/30G06F21/50
Inventor 叶艳芳黄锴梁飞朱文祥
Owner BEIJING KINGSOFT INTERNET SECURITY SOFTWARE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap