Novel file-static-structure-attribute-based malware detection method

A static structure, malware technology, applied in the direction of platform integrity maintenance, instrumentation, electrical digital data processing, etc. Effect

Active Publication Date: 2011-04-27
SICHUAN UNIV
View PDF2 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its disadvantages are: it can hardly detect new types of malware, the malware that can be detected cannot be detected after being simply packed, and specific malware can be easily exempted after being detected and killed by anti-virus software
[0009] First, whether it is a static analysis method or a dynamic analysis method, the feature extraction method is complicated, and the extracted features are many, resulting in a relatively long time for detecting each file, which is difficult to use in the actual deployment of anti-virus software;
[0010] Second, the above static detection methods are easily affected by packing and obfuscation techniques. After packing, the binary code and disassembled code of the malware are completely ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Novel file-static-structure-attribute-based malware detection method
  • Novel file-static-structure-attribute-based malware detection method
  • Novel file-static-structure-attribute-based malware detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0068] Detection model and basic idea:

[0069] The idea on which the present invention is based is that the behavior and nature of the software will definitely be reflected in the static structural attributes of the software, and by analyzing the static structural attributes of the software, the attributes that have a good degree of discrimination between malicious software and normal software are extracted , using a classification algorithm to learn, so that malware and normal files can be correctly identified. The present invention analyzes the PE files under the WINDOWS platform and the ELF files under the LINUX platform, and analyzes the static structural attributes of the files from the concept of software structural integrity. These attributes can measure the credibility of software; Various types of software, including software, use statistical methods to obtain the value distribution characteristics of these structural attributes in similar software. These results pro...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a novel file-static-structure-attribute-based malware detection method, in particular a detection method for portable execute (PE) files and executable and linkable format (ELF) files. The method comprises the following steps of: in a training phase, extracting a file sample static structure attribute; preprocessing data, performing selection filtering by using a selectionfiltering algorithm and training a classifier by using the data; and in a detecting phase, classifying detected files by using the trained classifier according to the filtered static structure attribute to obtain a result indicating whether the files are malware or normal files. The novel file-static-structure-attribute-based malware detection method detects known or unknown malware with the accuracy of over 99 percent, has short detection time, occupies a few system resources and can be actually deployed in antivirus software. The method is not influenced by technology such as packing, aliasing, deformation, polymorphism and the like, can be applied to Windows and Linux platforms at present and also can be applied to embedded platforms such as various mobile phones, palm computers and the like.

Description

technical field [0001] The invention relates to a malware detection method in information security, especially a novel and practical malware detection method for PE files and ELF files, which can detect known and unknown malware after training through a limited training set, Because it only needs to extract a small number of file static structure attributes, the detection time of a single file is about 0.25 seconds, and the detection accuracy rate is above 99%, which has reached the requirements of detection software that can be actually deployed and applied. Background technique [0002] According to the statistics of major anti-virus companies at home and abroad, the number of various new virus samples intercepted in 2008 has exceeded 10 million, with an average of tens of thousands of virus samples intercepted every day. The number of computer viruses has increased sharply, its transmission routes are diversified, and its ability to resist anti-virus software is strong. C...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/22G06F21/56
Inventor 王俊峰白金荣赵宗渠刘达富佘春东
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap