Automatic malicious code analysis method and system

A malicious code and automatic analysis technology, applied in the field of malicious code automatic analysis systems, can solve the problems of inability to analyze malicious code, prevent unknown malicious code attacks, and lag in signature extraction.

Inactive Publication Date: 2012-10-03
BEIJING UNIV OF POSTS & TELECOMM
View PDF2 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Traditional static analysis and methods based on code feature detection can no longer prevent more and more unknown malicious code attacks
The current malicious code has adopted technologies such as deformation, fuzzy transformation, and polymorphism. The analysis method based on the signature code cannot accurately analyze the malicious code, and the false negative rate is high.
At present, the types of illegal programs such as viruses and Trojan horses are increasing rapidly, and the changes are accelerating, causing increasingly serious harm, and the extraction of signatures must lag behind the emergence of illegal programs.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic malicious code analysis method and system
  • Automatic malicious code analysis method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be further described below in conjunction with the accompanying drawings.

[0017] The malware analysis process goes through three steps:

[0018] First, perform sample matching, calculate the HASH value of the sample file, and compare it with the previously analyzed samples to determine whether it has been analyzed. If it has been analyzed, it will directly return to the previous analysis results to shorten the analysis time.

[0019] Then, for unanalyzed samples, the antivirus engine is called to perform virus scanning to determine whether the malicious code is known malicious code. For known malicious code, information such as its malicious code name, type, harm level, etc. can be obtained.

[0020] Finally, for unknown malicious code samples, a more comprehensive dynamic analysis is carried out, and malicious codes are divided into computer malicious codes and mobile phone malicious codes according to the different platforms on which the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of network security, in particular to an automatic malicious code analysis method and an automatic malicious code analysis system. The automatic malicious code analysis system comprises a client browser, a control center, a sample receiving and registering module, a sample processing module, a report generation module and a client information database. The automatic malicious code analysis method comprises the following steps of: calculating a HASH value of a sample file; comparing the HASH value of the sample file with that of an originally analyzed sample, judging whether the sample file is analyzed before, and if the sample file is analyzed before, directly returning the old analysis result; if the sample file is not analyzed, calling a virus killing engine to scan viruses, judging whether a malicious code is a known malicious code, and if the malicious code is the known malicious code, acquiring information of the malicious code, such as the name, the type and the hazard grade; if the sample file has the unknown malicious code, comprehensively and dynamically analyzing the sample file, wherein the malicious code can be classified as a computer malicious code and a mobile phone malicious code according to different platforms on which the malicious code runs. By the automatic malicious code analysis method and the automatic malicious code analysis system, known malicious codes in a computer and an intelligent mobile phone can be quickly and effectively identified; and various malicious operation behaviors of unknown malicious codes during running can be accurately analyzed.

Description

technical field [0001] The invention belongs to the field of network security, and relates to a malicious code automatic analysis system for computers and smart phone terminals, in particular to the malicious code automatic analysis system and a malicious code automatic analysis method. Background technique [0002] While the network provides convenient information and resource sharing, it brings various security risks to users due to its diverse transmission channels and complex application environments. The intrusion of malicious code has become the primary security problem that individual users need to face in the process of using computers and smart phones in recent years. Malicious code intrusion can waste system resources, tamper with the user's browser or pop up advertising pages, or steal user information and confidential files, or even damage the system by destroying system files and formatting hard drives, causing huge economic losses to users. loss. For enterpri...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/56
Inventor 郑康锋武斌张冬梅王秀娟芦天亮
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products