Method and system for automatically analyzing malicious codes based on virtual hardware environment

A malicious code, virtual system technology, applied in software testing/debugging, instrumentation, electrical digital data processing, etc., can solve problems such as difficulty in comprehensive coverage and limiting analysis efficiency

Active Publication Date: 2010-02-10
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF0 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since the behavior of malicious code often depends on the external environment, it is difficult to fully cover all possible behaviors of malicious code in this way.
At the same time, the characteristics of this analysis method also determine that its analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for automatically analyzing malicious codes based on virtual hardware environment
  • Method and system for automatically analyzing malicious codes based on virtual hardware environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] Below in conjunction with accompanying drawing and specific embodiment the present invention is described in further detail:

[0030] Analysts set up a malicious code operating environment, configure parameters such as the analysis environment and analysis target, start the hardware virtual module, load and start the operating system image required for the malicious code to run, and run the malicious code to be analyzed. According to the analysis target, the data collection module intercepts specific virtual CPU instructions and virtual hardware access operations, and collects and records related access data. The data analysis module integrates various data collected by the data acquisition module, displays the malicious code running information in real time through the user control module, and after the analysis process is terminated, correlates and analyzes all the collected data, and outputs the analysis results.

[0031] Reference attached figure 1 , the detailed ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for automatically analyzing malicious codes based on a virtual hardware environment, and belongs to the technical field of network security. By establishing an operating environment required by the malicious codes on the basis of the virtual hardware environment and operating and controlling virtual CPU instructions and the access operation of multiplekinds of virtual hardware, multiple kinds of operation information of the malicious codes is collected, the running process of the malicious codes is controlled, all collected data is analyzed, and virtual system state information and malicious code running information are dynamically displayed. Because the data acquisition is implemented by virtual hardware, the malicious codes cannot sense thatwhether the malicious codes run in the virtual environment and also cannot distinguish that whether the malicious codes are tracked, and further the completely transparent analysis on the malicious codes is realized.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a malicious code analysis method and system. Background technique [0002] With the continuous development and progress of society, computers are more and more widely used in various fields of society. Due to the widespread existence of software vulnerabilities and the lack of user security awareness, malicious codes spread faster and faster, the scope of infection continues to expand, and the damage caused is becoming more and more serious. Traditional security protection methods are limited by analysis efficiency, and the response cycle is difficult to shorten. The response speed has gradually failed to adapt to this new situation. Therefore, it is very necessary to improve the speed and efficiency of malicious code analysis. [0003] Existing malicious code analysis methods mainly rely on traditional software analysis and debugging tools, mainly includin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F11/36G06F21/56
Inventor 应凌云苏璞睿冯登国
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap