Detecting method and system for malicious codes

A malicious code and detection method technology, applied in the field of malicious code network behavior characteristic analysis and detection system, can solve the problems of increasing computer systems being infected and attacked, malicious code is complicated, and cannot be identified

Inactive Publication Date: 2012-02-22
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +1
View PDF2 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has a low false positive rate, but it must first obtain its characteristics before detecting a malicious code, which increases the possibility of the computer system being infected and attacked
Emerging malicious codes are also becoming more and more complex. By adopting fuzzy transformation technologies such as polymorphism and deformation, the survivability of malicious codes has been enhanced, and tools based on signature detection technology are generally unable to identify them. brought great challenges

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detecting method and system for malicious codes
  • Detecting method and system for malicious codes
  • Detecting method and system for malicious codes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The features and technical effects of the technical solution of the present invention will be described in detail below with reference to the accompanying drawings and in conjunction with schematic embodiments. , A mining-based malicious code detection method; this method utilizes an OLAP engine, and by building a Cube, it can improve the processing speed of massive behavioral feature data, and provide a friendly data query and access interface; at the same time, this method can track the host of malicious code in real time. Behavior changes ensure that the knowledge base is updated automatically in a timely manner to obtain information on malicious code variants.

[0020] The detection and analysis process of the entire malicious code interaction behavior characteristics is as follows: figure 1 , first detect the network step 101; then extract the suspicious main control terminal behavior 201; next expand the training set 301-303; train the classifier 401; refresh the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a detecting method and a system for malicious codes, which are assisted by an OLAP engine, characterized by interaction behaviors of a main control end and a controlled end of malicious codes and are based on excavation, wherein the detecting method comprises a step 101 of detecting a network; a step 201 of extracting suspicious main control end behaviors; steps 301-303 of expanding a training set; a step 401 of training a classifier; a step of 501 of brushing Cube; steps 601-606 of excavating sequences; and a step 701 of generating a rule. The detecting system comprises a detecting module, a training sample pool, an SVM classifier, a relation database, an OLAP engine, a characteristic sequence excavation engine and a knowledge base.

Description

technical field [0001] The invention relates to a malicious code detection method and system thereof, more specifically, to a mining-based malicious code detection method and a malicious code network behavior characteristic analysis and detection system. Background technique [0002] With the popularity of the Internet, information security has become more and more important, and information security has also become an important research field that has attracted much attention. Due to the flaws in the design of the Internet itself and its openness, it is extremely vulnerable to attacks. In Internet security incidents, economic losses caused by malicious codes account for the largest proportion. At the same time, malicious codes have become an important means of information warfare and network warfare. What's more, the types of malicious codes, propagation speed, number of infections and scope of influence are gradually increasing. [0003] In terms of detecting malicious c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F17/30G06F21/56
Inventor 郑礼雄孙波许俊峰严寒冰王伟平袁春阳林绅文杨鹏向小佳王永建王进张伟郭承青
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap