Method for filtering and monitoring behavior of program

A technology for filtering programs and monitoring programs, applied in the field of computer security, can solve problems such as large manpower, high cost, and difficulty in promotion, and achieve the effects of reducing interference, reducing processing capacity, and improving accuracy

Active Publication Date: 2010-02-10
KINGSOFT
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This monitoring method requires a lot of manpower, the cost is high, and the ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for filtering and monitoring behavior of program
  • Method for filtering and monitoring behavior of program
  • Method for filtering and monitoring behavior of program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] figure 1 Is a flowchart of constructing a behavior sample library in an embodiment of the present invention, figure 2 Is app figure 1 The flow chart of the behavior sample library for filtering the behavior of the program is shown.

[0031] Such as figure 1 As shown, after starting step S100, in step S102, the behaviors of a large number of program samples are collected to obtain a large number of behavior samples, and the total amount D of the collected behavior samples is recorded. According to statistical principles, the larger the sample size, the closer to the true value the statistical results obtained. Therefore, in the process of constructing the behavior sample library, it is preferable to collect as many behavior samples of the program samples as possible. Those skilled in the art should be aware that, with the existing technology, the behavior of a large number of program samples can be collected by means of setting intercept points, such as file read and wri...

Embodiment 2

[0043] image 3 Is a flowchart of constructing a behavior sample library in another embodiment of the present invention; Figure 4 Is app image 3 The flow chart of the behavior sample library for filtering the behavior of the program is shown.

[0044] image 3 The flow of the construction behavior sample library shown and figure 1 The construction process shown is similar. More specifically, image 3 The steps S300 to S304 shown are and figure 1 The steps S100 to S104 shown are the same. They are the starting step, collecting a large number of behavior samples and recording the total amount D of behavior samples, and calculating the number of occurrences D of each behavior sample. wi .

[0045] Next, in step S306, the inverse text frequency index (IDF) of each behavior sample is calculated. As mentioned above, the inverse text frequency index is recognized as an important parameter for measuring relevance and value. The inverse text frequency index IDF(i) of the i-th behavio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for filtering and monitoring the behavior of a program. The method for filtering the behavior of the program comprises the following steps: constructing a behavior sample database which comprises behavior samples collected from a plurality of program samples, and the weight of each behavior sample calculated based on the frequency of occurrence of the behavior sample, wherein the weight can be an inverse document frequency index, the probability of occurrence and the like; acquiring the behavior of the program to be processed, judging whether a behavior sampleidentical to the behavior of the program exists in the behavior sample database, if the behavior sample identical to the behavior of the program does not exist in the behavior sample database, keeping the behavior of the program; and if the behavior sample identical to the behavior of the program exists in the behavior sample database, judging whether the weight of the behavior sample falls intoa preset filtering threshold range, if so, filtering the behavior of the program, otherwise, keeping the behavior of the program. The method can reduce the interferences to monitoring or analysis caused by non-characteristic behaviors, reduce the treating capacity, and improve the accuracy.

Description

Technical field [0001] The present invention relates to the field of computer security, and more specifically, to a method for filtering and monitoring program behavior. Background technique [0002] Intercepting and monitoring the behavior of programs is a common method used by security software to defend against viruses. In practice, security software products based on non-signature detection usually identify suspicious programs (such as viruses, Trojan horses) through monitoring and analysis of program behavior. For example, you can intercept and monitor program behavior based on certain interception points (for example, system resource calls), including file read and write operations, registry read and write operations, etc., and then determine the type of program (virus) based on these behaviors. , Trojan horses, system programs, etc.). [0003] In statistical language processing, some commonly used adverbs, conjunctions and other parts of speech, such as "的", "得", "中", etc....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/22
CPCG06F21/50
Inventor 黄声声
Owner KINGSOFT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap