Malicious program detection method and scan engine

A malicious program and scanning engine technology, applied in the field of network virus detection and killing, can solve the problems of low implementation efficiency, malicious program detection and killing, and program failure, and achieve the effect of simple implementation, improved accuracy and efficiency

Active Publication Date: 2012-11-14
三六零数字安全科技集团有限公司
View PDF7 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0014] This application provides a malicious program detection method and a scanning engine to solve the problem that the existing malicious program detection and killing schemes cannot detect and kill unknown...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious program detection method and scan engine
  • Malicious program detection method and scan engine
  • Malicious program detection method and scan engine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] refer to figure 1 , shows a flow chart of steps of a malicious program detection method according to Embodiment 1 of the present application.

[0034] The malicious program detection method of the present embodiment includes the following steps:

[0035] Step S102: Obtain file information from malicious program samples and normal program samples.

[0036] Wherein, the file information includes a file name and a file path.

[0037] Malicious program samples and normal program samples can be existing samples, or both existing samples and samples collected in real time. Malicious program detection tools can obtain malicious program samples and Normal procedure sample.

[0038] File information can be acquired in a common way, such as from file attributes of the file, etc. Those skilled in the art can use an appropriate method according to the actual situation, which is not limited in this application.

[0039] Step S104: Use a feature selection algorithm to perform fea...

Embodiment 2

[0049] refer to figure 2 , shows a flow chart of steps of a malicious program detection method according to Embodiment 2 of the present application.

[0050] The malicious program detection method of the present embodiment includes the following steps:

[0051] Step S202: Acquiring and sorting the samples, and classifying the samples into malicious program samples and normal program samples.

[0052] Step S204: sort out malicious program samples and normal program samples, and obtain file information therefrom.

[0053] In this embodiment, the file information includes not only the file name and the file path, but also at least one of the following: file resource segment information, file copyright information, file time stamp information, and file length information.

[0054] According to the observation of malicious program samples, file name, file path, file resource information (including product description, file information, company name), file copyright information, ...

Embodiment 3

[0101] refer to image 3 , shows a flow chart of steps of a malicious program detection method according to Embodiment 3 of the present application.

[0102] In this embodiment, on the basis of detecting and killing malicious programs by the existing detection and killing engine, further detection of malicious programs is performed as an auxiliary means and beneficial supplement to the existing detection and killing engine.

[0103] Step S302: Obtain file information from malicious program samples and normal program samples.

[0104] In this embodiment, the file information includes not only the file name and the file path, but also at least one of the following: file resource segment information, file copyright information, file time stamp information, and file length information.

[0105] Step S304: Perform feature extraction on the acquired file information by using chi-square test.

[0106] For example, for the extracted file name sample "QQ hacking Trojan horse", use ch...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious program detection method and a scan engine. The malicious program detection method includes: obtaining file information from a malicious program sample and a normal program sample, wherein the file information includes file names and file paths; using the feature selection algorithm to perform feature extraction for the obtained file information; using the machine learning algorithm to generate a feature model according to feature data extracted in feature extraction; and using the feature model to detect malicious programs and process detected malicious programs. By aid of the malicious program detection method and the scan engine, effective searching and killing of the malicious programs are achieved.

Description

technical field [0001] The application relates to the technical field of network virus scanning and killing, in particular to a malicious program detection method and a scanning engine. Background technique [0002] A malicious program usually refers to a program with attacking intentions, which is a type of virus. It is a set of computer instructions or program codes that the compiler inserts into a computer program to destroy computer functions or data, affect the use of the computer and can replicate itself. [0003] At present, there are usually the following methods for identifying malicious programs: [0004] (1) According to the characteristics of the code or data segment of the file itself, adopt the method of feature code [0005] This is a common method of traditional antivirus engines. According to the samples of viruses that have been discovered, if there is a shell, it needs to be unpacked first, and then a professional will extract the signature and incorporat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00
Inventor 董毅刘绪平唐杰谢军样韩洪伟
Owner 三六零数字安全科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap