Method for catching malicious codes

A malicious code and simulator technology, applied in the field of malicious code capture, can solve problems such as insufficient analysis of behavior and attack process, achieve high efficiency and accuracy, and ensure transparency

Active Publication Date: 2014-09-03
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] To sum up, the main drawbacks of current malicious code sample extraction are: the hidden process and malicious code are at the same level, which is easy to be detected by malicious code and generate corresponding countermeasures; only malicious code samples can be extracted, but the behavior and attack process Insufficient analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for catching malicious codes
  • Method for catching malicious codes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The technical scheme of the present invention is described in detail below in conjunction with accompanying drawing:

[0046] like figure 1 As shown, a method and system for capturing malicious code based on hardware simulator and taint propagation, comprising steps:

[0047] 1. Create the operating system image required for the target file to run

[0048] The invention adopts a linear addressing method to create a virtual image file, which is used as a virtual hard disk, and an operating system is installed on a virtual analysis platform based on the file.

[0049] 2. Configure and start the hardware emulator

[0050] Configure the image path of the operating system to obtain the location of the actual running operating system image; configure the simulated physical memory size, system startup time and simulated CPU type of the hardware emulator, and the hardware emulator allocates a corresponding amount of memory space according to the input memory size , as the si...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for catching malicious codes, which belongs to the technical field of network safety. The method comprises the steps of (1) configuring a hardware simulator and loading and starting a target operating system; (2) enabling the hardware simulator to read virtual memory of the target operating system, identifying all courses and an export table in a dynamic library loaded by the courses and obtaining all application program interface (API) addresses in the export table and intercepting network received API functions; (3) marking network received data packages of the courses into stain data packages; (4) enabling the hardware simulator to disassemble commands executed by current courses and calculating stain spread; and (5) judging whether current curse states in the stain spread process produce abnormal behaviors, confirming the current curses as the malicious codes if the abnormal behaviors are produced and extracting mirror images of the malicious codes from an internal memory of the target operating system. The method for catching the malicious codes achieves fully transparent analysis of the malicious codes and has high efficiency and accuracy.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a malicious code capture method based on a hardware simulator and stain propagation. Background technique [0002] With the continuous development and progress of society, computers are more and more widely used in various fields of society. Due to the widespread existence of software vulnerabilities and the lack of security awareness of users, Trojan horses spread faster and faster, the scope of infection continues to expand, and the damage caused is becoming more and more serious. Due to the limitations of analysis efficiency and user technical level, the traditional malicious code capture and analysis methods are difficult to shorten the response cycle, and the response speed has gradually been unable to adapt to this new situation. Therefore, it is necessary to improve the ability to capture and analyze malicious code. [0003] Existing malicious code c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/74
Inventor 杨轶冯登国苏璞睿应凌云
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap