A kind of API log monitoring method and device
A log and operation process technology, applied in special data processing applications, instruments, electrical digital data processing, etc., can solve the problems of missing API flow logs, low throughput, low speed, etc., and achieve the comprehensive effect of API flow logs
Active Publication Date: 2015-11-04
BEIJING KINGSOFT INTERNET SECURITY SOFTWARE CO LTD +2
View PDF3 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The advantages of this static automatic analysis technology are: fast, high throughput, can handle a large number of samples every day, and give results; the disadvantage is: the accuracy is average, the malicious behavior of the samples cannot be given, and the encrypted There are many false positives and false negatives in the sample
The advantages of this dynamic automatic analysis technology are: high accuracy, can clearly point out the malicious behavior of samples and can accurately characterize samples; the disadvantages are: low speed, low throughput, if you want to deal with massive samples, you need a lot of hardware resource investment
[0014] 1. There is a potential risk of missing the API flow log of a virus with the same name as the system file;
[0015] 2. For the virus method of replacing system files, the API flow log of the virus will be missed;
[0017] 4. For the file image pointing to the normal file of the system, but the API flow log of the content of the virus in the memory is missing;
[0018] 5. For the virus method of renaming and calling the system file name, a large amount of garbage information will be generated
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0051] In order to make the technical problems, technical solutions and advantages to be solved by the present invention clearer, the following will describe in detail with reference to the drawings and specific embodiments.
[0052] like figure 1 As shown, the embodiment of the present invention provides a kind of API log monitoring method, comprises:
[0053] Step 11, determine whether the modules in all processes generated during the operation of the target sample and the subsequent dynamically loaded modules are credible;
[0054] Step 12, obtain each API log generated during the running of the target sample, if the module to which the API log belongs is credible, then do not record the API log, otherwise, record.
[0055]In this embodiment of the present invention, by determining whether the modules in all processes generated during the operation of the target sample and the modules loaded later are credible, if they are credible, the modules are marked, and further judg...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides a method and a device for monitoring application program interface (API) logs. The method comprises the following steps of: judging whether all modules which are generated in the running process of a target sample in progresses and modules which are subjected to dynamic loading subsequently are credible or not; and acquiring each API log generated in the running process of the target sample, if the module to which the API log belongs is credible, stopping recording the API log, and otherwise, recording the API log. By the method and the device, the safety of the modules to which API belongs can be determined accurately.
Description
technical field [0001] The invention relates to the field of computer anti-virus, in particular to an API log monitoring method and device. Background technique [0002] In the field of anti-virus, the incremental samples generated by computers are massive, and the existing automatic analysis of samples can be classified into two categories: [0003] 1. Static automatic analysis: Qualify samples through disassembly code analysis, sample static content comparison, and a system heuristic rule comparison. The advantages of this static automatic analysis technology are: fast, high throughput, can handle a large number of samples every day, and give results; the disadvantage is: the accuracy is average, the malicious behavior of the samples cannot be given, and the encrypted There are many false positives and false negatives in the sample. [0004] 2. Dynamic automatic analysis: execute the sample dynamically, record the dynamic behavior during the running process of the sample...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F17/30
Inventor 白彦庚刘欢邹义鹏张楠陈勇
Owner BEIJING KINGSOFT INTERNET SECURITY SOFTWARE CO LTD