Malicious-software characteristic clustering analysis method and system based on behavior segment sharing

A malicious software and clustering analysis technology, applied in the direction of platform integrity maintenance, etc., can solve problems such as inability to support intelligent automatic analysis, alleviate centralized system computing bottlenecks, computing and communication bottlenecks, etc.

Active Publication Date: 2013-03-13
NAT UNIV OF DEFENSE TECH
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Such a huge malware sample poses a huge challenge to the malware detection system to correctly identify, classify, and describe malware
2) The behavior of malware shows a stronger diversity. Through technologies such as message encryption, changing transmission channels, and polymorphism, different samples of the same malware show different behaviors, and it is difficult to correctly identify the observed malware samples. effective analysis
3) Malware samples are widely distributed in space and have high concealment, so the number of samples of the same malware that can be observed in a single LAN or enterprise network is very limited
However, the method of reducing the attribute d

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious-software characteristic clustering analysis method and system based on behavior segment sharing
  • Malicious-software characteristic clustering analysis method and system based on behavior segment sharing
  • Malicious-software characteristic clustering analysis method and system based on behavior segment sharing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0089] Such as figure 1 As shown, the implementation steps of the malware feature cluster analysis method based on behavior segment sharing in this embodiment are as follows:

[0090] 1) Arrange geographically dispersed collection and analysis nodes in the network. Each collection and analysis node is responsible for the collection and analysis of malware samples in a network area. A distributed hash table for building a distributed hash table is established in the collection and analysis nodes. Hashtable module;

[0091] 2) The collection and analysis node divides the behavior of the collected malware samples into multiple behavior fragments;

[0092] 3) The collection and analysis nodes obtain the local statistical characteristics of the behavior fragments, share the behavior fragments and their local statistical characteristics with the distributed hash table module, and store the behavior fragments and their local statistical characteristics in the distributed hash table ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious-software characteristic clustering analysis method and system based on behavior segment sharing. The malicious-software characteristic clustering analysis method comprises the following steps of: distributing acquisition and analysis nodes, establishing a distribution type hash table module, segmenting behaviors of an acquired malicious software sample into behavior segments, and storing the behavior segments to a hash table; and carrying out statistics on the global characteristics of the segments, returning the global characteristics to the acquisition and analysis nodes which construct a characteristic vector of the malicious software sample, carrying out clustering, and extracting the characteristics and the attributes of the clustering as a comprehensive analysis result and inputting the result. The system comprises a plurality of acquisition and analysis nodes which comprise a behavior-segment segmenting module, the distribution type hash table module, a behavior-segment synergy sharing module, a malicious-software sample representation module, a malicious-software sample local clustering module and a malicious-software sample local analysis module. The invention has the advantages of high analysis accuracy, strong analysis performance and good expandability.

Description

technical field [0001] The present invention relates to the technical field of computer network security, in particular to a malware feature clustering method based on behavior segment sharing for how to realize efficient interactive information for collection and analysis nodes distributed in various parts of the network so as to accurately cluster and analyze local malware samples. Class analysis method and system. Background technique [0002] According to the definition of terms in the Internet Security Threat Report of the National Internet Emergency Center, malware refers to programs that are installed and executed in information systems without authorization to achieve improper purposes. Malicious software mainly includes: 1) Trojan horse (Trojan Horse), malicious software with the main goal of stealing user's personal information, and even remote control of user's computer. 2) Bots, malicious software used to build large-scale attack platforms. According to the com...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 王小峰陆华彪吴纯青胡晓峰王勇军赵峰虞万荣孙浩王雯周寰
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products