Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and method for automatically analyzing, detecting and classifying malicious program behavior

An automatic analysis and malicious program technology, applied in the field of automatic analysis of malicious program dynamic behavior, can solve the problems of difficulty in feature code extraction, difficult to deal with packing, behavior abstraction and unclear detection and classification methods, etc., to improve the detection rate and classification. The effect of accuracy

Active Publication Date: 2013-02-13
JIANGSU JINLING TECH GRP CORP
View PDF7 Cites 115 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention realizes automatic analysis and accurate classification of malicious programs through a complete set of systematic methods of sandbox monitoring realized by virtualization technology, obtaining static information of malicious programs and capturing malicious program behavior characteristics, malicious program detection and classification based on behavior characteristics, In order to solve the shortcomings of the existing technology, such as the difficulty of feature code extraction, difficulty in dealing with complex malicious programs of packing, polymorphism and deformation technologies, incomplete capture of malicious program behavior, and unclear behavior abstraction and detection and classification methods, etc., the malicious program has been improved. The detection rate and classification accuracy of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for automatically analyzing, detecting and classifying malicious program behavior
  • System and method for automatically analyzing, detecting and classifying malicious program behavior
  • System and method for automatically analyzing, detecting and classifying malicious program behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention will be described in detail below in conjunction with specific embodiments.

[0030] refer to figure 1 , step 1, the static analysis module first statically analyzes the structure of the executable sample file to obtain the compiler version of the sample, build time, multi-language information, section information of the PE file, import table of the PE file, whether the PE file is packed And packing type, etc., the static analysis module will obtain information related to malicious programs, combined with the dynamic analysis information of malicious programs obtained by the sandbox monitoring module, to provide richer data for the classification of the final integrated classification algorithm.

[0031] Step 2, after the static analysis is completed, the sample file will enter the dynamic analysis automation process. The dynamic analysis process of sample files will be automatically managed by the sandbox scheduling management module. The sandbo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a system and a method for automatically analyzing, detecting and classifying a malicious program behavior. The system comprises a static analysis module, a sandbox dispatching management module, a sandbox monitoring module, a behavior abstraction module and a detection and classification module. Compared with the prior art, the system has the advantages that 1, the system is based on a behavior monitoring technology in an instruction set simulation environment; and 2, a virtual Internet is established in a sandbox through means of environment configuration, server program modification and the like, and a common network service is simulated, so that operations such as domain name server (DNS) resolution, http access, file download, Email login and mailing initiated by a malicious program can be successfully executed, the malicious program is inveigled to generate a malicious network behavior, the network behaviors are prevented from damaging a host machine and a real network, and the defects that the malicious program network behavior cannot be fully expressed during dynamic behavior analysis of a malicious program and the like are overcome.

Description

technical field [0001] The invention belongs to the related fields of system security and network security, and further relates to a method for automatic analysis of dynamic behavior of malicious programs. The invention is used for establishing dynamic behavior rules of known malicious programs and high-accuracy judgment of dynamic behaviors of unknown malicious programs. Background technique [0002] In the field of malicious program analysis, in order to obtain the behavioral characteristics of malicious programs more accurately, comprehensively and quickly, the dynamic behavior automatic analysis method is adopted. [0003] The University of Electronic Science and Technology of China's patent application "Automated Analysis System and Method for Dynamic Behavior of Malicious Programs" (publication number: CN101154258, application date: 2007.08.14) discloses a method for dynamic analysis of malicious programs. The specific steps of this dynamic analysis include: (1) the i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F17/30
Inventor 邹艳刘建港苗启广曹莹谢国胜黄有成刘家辰郑春阳
Owner JIANGSU JINLING TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com