Automatic malicious code analysis method and system

Abstract

The invention belongs to the field of network security, in particular to an automatic malicious code analysis method and an automatic malicious code analysis system. The automatic malicious code analysis system comprises a client browser, a control center, a sample receiving and registering module, a sample processing module, a report generation module and a client information database. The automatic malicious code analysis method comprises the following steps of: calculating a HASH value of a sample file; comparing the HASH value of the sample file with that of an originally analyzed sample, judging whether the sample file is analyzed before, and if the sample file is analyzed before, directly returning the old analysis result; if the sample file is not analyzed, calling a virus killing engine to scan viruses, judging whether a malicious code is a known malicious code, and if the malicious code is the known malicious code, acquiring information of the malicious code, such as the name, the type and the hazard grade; if the sample file has the unknown malicious code, comprehensively and dynamically analyzing the sample file, wherein the malicious code can be classified as a computer malicious code and a mobile phone malicious code according to different platforms on which the malicious code runs. By the automatic malicious code analysis method and the automatic malicious code analysis system, known malicious codes in a computer and an intelligent mobile phone can be quickly and effectively identified; and various malicious operation behaviors of unknown malicious codes during running can be accurately analyzed.

Description

technical field [0001] The invention belongs to the field of network security, and relates to a malicious code automatic analysis system for computers and smart phone terminals, in particular to the malicious code automatic analysis system and a malicious code automatic analysis method. Background technique [0002] While the network provides convenient information and resource sharing, it brings various security risks to users due to its diverse transmission channels and complex application environments. The intrusion of malicious code has become the primary security problem that individual users need to face in the process of using computers and smart phones in recent years. Malicious code intrusion can waste system resources, tamper with the user's browser or pop up advertising pages, or steal user information and confidential files, or even damage the system by destroying system files and formatting hard drives, causing huge economic losses to users. loss. For enterpri...

AI Technical Summary

Problems solved by technology

Traditional static analysis and methods based on code feature detection can no longer prevent more and more unknown malicious code attacks

The current malicious code has adopted technologies such as deformation, fuzzy transformation, and polymorphism. The analysis method based on the signature code cannot accurately analyze the malicious code, and the false negative rate is high.

At present, the types of illegal programs such as viruses and Trojan horses are increasing rapidly, and the changes are accelerating, causing increasingly serious harm, and the extraction of signatures must lag behind the emergence of illegal programs.

Images