Method and system for identifying malicious program

A malicious program and new program technology, applied in the field of information security, can solve problems such as dynamic analysis failure, strategy interference, inaccuracy, etc., and achieve the effect of improving accuracy, reducing false alarm rate, and high false alarm rate

Active Publication Date: 2011-01-12
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF2 Cites 59 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the policies within the system are vulnerable to interference by malicious programs, resulting in inaccurate results
Although programs outside the system do not have this defect, because malicious programs can

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for identifying malicious program
  • Method and system for identifying malicious program
  • Method and system for identifying malicious program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0111] It is used in the network shooting range experiment platform of the Network Key Laboratory of the Institute of Computing Technology, Chinese Academy of Sciences.

[0112] The application scenarios of the process association and process behavior analysis method proposed in this patent include, antivirus software based on dynamic analysis technology, including inside and outside the system; host-based intrusion detection system; network-based intrusion detection system; firewall; network experiment platform.

[0113] Figure 5 It is the embodiment of the present invention on the network experiment platform system. Compared with the traditional feature-based mode of anti-malware, process correlation and process behavior analysis can be run on a distributed system, and malicious behavior thresholds and corresponding values ​​can be manually defined. It has the ability to discover unknown attacks, vulnerabilities, malware and other comprehensive detection methods. .

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and a system for identifying a malicious program. The method comprises the following steps: 1. acquiring information and acts of all processes in a computer system, establishing a process relational tree according to the set membership among the processes, and storing a process information and a process behavior list corresponding to each process; 2. classifying the process behaviors in the process behavior list of the parent process, and allocating the information of the parent process to sub-process according to the classification and the order of the process relation tree from top to bottom; 3. symbolizing according to the process relation tree and the process information, judging a malicious program based on a preset malicious behavior threshold, and running the malicious program in the computer system to obtain an expert system for judging the malicious program; and 4. when the process of a new program is created, using the expert system to judge whether the new program is a malicious program. Compared with the prior art, the invention lowers the implementation complexity and can improve the efficiency.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method and system for identifying malicious programs. Background technique [0002] With the rapid development of computers and the Internet, software with malicious behaviors such as viruses, Trojan horses, and worms (hereinafter collectively referred to as malware) emerges in an endless stream, and new viruses are produced almost every day, spreading and damaging, causing great harm to the majority of Internet users. The hazards pose a serious threat to system security. Therefore, the security of computers and networks has aroused people's general attention. So far, the corresponding application of prevention and control strategies include anti-virus software, intrusion detection systems, firewalls, physical network gates and so on. As the technology of malicious software is constantly updated with the development of computer technology, it presents an increasing number a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F9/46G06F21/55
Inventor 李金明林游龙王元卓刘悦林思明余智华程学旗
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap