Malicious file detection method based on composite feature code

A malicious file and detection method technology, applied in the computer field, can solve the problem of low detection accuracy, achieve great application value, realize false negatives, and increase difficulty

Active Publication Date: 2013-01-30
XIAMEN FUYUN INFORMATION TECH CO LTD
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a method for detecting malicious files based on composite signatures, which is used to solve the problem of low detection accuracy due to false positives in existing signature detection methods. The malicious file detection based o

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious file detection method based on composite feature code
  • Malicious file detection method based on composite feature code
  • Malicious file detection method based on composite feature code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] Embodiments of the present invention provide a method for detecting malicious files based on composite signatures, the method comprising:

[0030] Step 1: Set the main signature set in advance, and set the corresponding non-signature code for each main signature in the main signature set;

[0031] Step 2: Use the main signature set to scan the file to be detected, if and only if the file to be detected can match any one of the main signatures in the main signature set and cannot match any of the main signatures corresponding to the main signature. When a non-signature code is detected, the file to be detected is judged as a malicious file.

[0032] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0033] figure 1 It is a flow chart of the first method for detecting malicious files based on composite signatures provided by the embodiment of the present invention. The method includes the following ste...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious file detection method based on a composite feature code. The method comprises the steps of: presetting a main feature code set, and setting a corresponding non-feature code for each main feature code; scanning and matching a file to be detected by employing the main feature code set, and judging that the detected file is a malicious file only when any one main feature code in the main feature code set is matched in the file to be detected and any one non-feather code which corresponds to the main feature code can not be matched in the file to be detected. According to the method, the missing report and false report conditions are effectively controlled under the condition that the matching efficiency is guaranteed, the reverse difficulty of feather code positioning software is improved, and the practicality is high.

Description

technical field [0001] The invention relates to the field of computers, in particular to a method for detecting malicious files based on composite feature codes. Background technique [0002] Since the first computer Trojan horse PC-Write in 1986, malicious file detection and anti-detection technologies have been continuously developed in the competition. Traditional malicious file detection mainly uses signature technology, and signature extraction is the core of this detection method. The signature is obtained by performing reverse analysis on known malicious files and extracting code segments with malicious file characteristics. The signature code detection method has high detection efficiency and can accurately detect the type of malicious files and even the specific names of malicious files. [0003] Before 2004, the use of mature signature code antivirus technology can still achieve good antivirus results, but false positives have always been a headache. For example:...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 黄腾
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap