Unlock instant, AI-driven research and patent intelligence for your innovation.

System and method for confirming number of computer rogue program sample families

A malicious program and computer technology, applied in computer security devices, computing, electrical digital data processing, etc., can solve problems such as no commonality

Active Publication Date: 2009-12-16
KINGSOFT
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these newly emerging malicious codes are not completely without commonality: some malicious programs are modified and generated on the basis of the original codes. That is, "anti-kill"), based on which some modifications have been made; and these newly generated malicious programs also have commonality

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for confirming number of computer rogue program sample families
  • System and method for confirming number of computer rogue program sample families
  • System and method for confirming number of computer rogue program sample families

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] A system for determining the number of computer malware sample families, including:

[0037] The malicious program sample feature extraction module, which extracts the features of the malicious program samples and calculates the distance between every two malicious program samples through the following malicious program sample distance calculation module to obtain the distance matrix D. The characteristics of malicious program samples can be represented in various ways, such as: byte content based on N-Grams, Windows API sequence, instruction frequency, etc.

[0038] a) N-Grams-based byte content: N-Grams refers to a sequence of n consecutive byte subs in an executable file. For example, the string "text" may consist of the following N-Grams:

[0039] bi-grams: _T, TE, EX, XT, T_

[0040] tri-grams: _TE, TEX, EXT, XT_, T__

[0041] quad-grams: _tEX, TEXT, EXT_, XT__, T___

[0042] After extracting N-Grams, count the frequency of each N-Grams, and use this

[0043] as...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a system and a method for confirming number of computer rogue program sample families. The system comprises a rogue program sample feature extraction module used for extracting features of rogue program samples and calculating the distance between every two rogue program samples to obtain distance matrix D, a rogue program sample distance calculation module used for calculating the distance between rogue program samples, an inter-family distance calculation module used for calculating the distance between two families, a rogue program sample clustering module for clustering the rogue program samples in a layer-by-layer manner and calculating VNFS of the result of clustering of each layer and a VNFS calculation module for calculating the VNFS of the result of family division of each layer. The system of the invention can find the family division result of the layer with the minimum VNFS value by comparing the VNFS values of all layers, namely, obtaining the optimal number of families.

Description

technical field [0001] The invention relates to the field of computer anti-malware program software, in particular to a system and method for determining the number of computer malicious program sample families. Background technique [0002] At present, the basic principle of computer anti-malware program software processing malicious program files is: firstly identify suspicious files to determine whether they belong to normal programs or malicious programs; classify sample files confirmed as malicious programs into families, and then analyze malicious programs of the same family. and extract its "pass-kill" feature; the remaining samples that cannot extract the "pass-kill" feature extract the "automatic" feature, and generate the corresponding malicious program feature library. According to the generated malicious program signature database, the computer anti-malware program software scans the files in the client computer, and determines whether each file matches the malic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F17/30G06F21/50
Inventor 叶艳芳陈勇王幼玉万里
Owner KINGSOFT