Method and system for identifying malicious program

A malicious program and new program technology, applied in the field of information security, can solve problems such as dynamic analysis failure, strategy interference, inaccuracy, etc., and achieve the effect of improving accuracy, reducing false alarm rate, and high false alarm rate
CN101944167AActive Publication Date: 2011-01-12INST OF COMPUTING TECH CHINESE ACAD OF SCI
2 Cites 59 Cited by

Patent Information

Authority / Receiving Office
CN ยท China
Current Assignee / Owner
INST OF COMPUTING TECH CHINESE ACAD OF SCI
Publication Date
2011-01-12

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention relates to a method and a system for identifying a malicious program. The method comprises the following steps: 1. acquiring information and acts of all processes in a computer system, establishing a process relational tree according to the set membership among the processes, and storing a process information and a process behavior list corresponding to each process; 2. classifying the process behaviors in the process behavior list of the parent process, and allocating the information of the parent process to sub-process according to the classification and the order of the process relation tree from top to bottom; 3. symbolizing according to the process relation tree and the process information, judging a malicious program based on a preset malicious behavior threshold, and running the malicious program in the computer system to obtain an expert system for judging the malicious program; and 4. when the process of a new program is created, using the expert system to judge whether the new program is a malicious program. Compared with the prior art, the invention lowers the implementation complexity and can improve the efficiency.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the field of information security, in particular to a method and system for identifying malicious programs. Background technique

[0002] With the rapid development of computers and the Internet, software with malicious behaviors such as viruses, Trojan horses, and worms (hereinafter collectively referred to as malware) emerges in an endless stream, and new viruses are produced almost every day, spreading and damaging, causing great harm to the majority of Internet users. The hazards pose a serious threat to system security. Therefore, the security of computers and networks has aroused people's general attention. So far, the corresponding application of prevention and control strategies include anti-virus software, intrusion detection systems, firewalls, physical network gates and so on. As the technology of malicious software is constantly updated with the development of computer technology, it presents an increasing number a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More