Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious software feature fusion analytical method and system based on shared behavior segments

A malware and feature fusion technology, applied in transmission systems, digital transmission systems, electrical components, etc., to solve problems such as computing and communication bottlenecks, difficult malware sample analysis, and limited number of samples

Active Publication Date: 2013-03-20
NAT UNIV OF DEFENSE TECH
View PDF3 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Such a huge malware sample poses a huge challenge to the malware detection system to correctly identify, classify, and describe malware
2) The behavior of malware shows a stronger diversity. Through technologies such as message encryption, changing transmission channels, and polymorphism, different samples of the same malware show different behaviors, and it is difficult to correctly identify the observed malware samples. effective analysis
3) Malware samples are widely distributed in space and have high concealment, so the number of samples of the same malware that can be observed in a single LAN or enterprise network is very limited
Therefore, it is difficult for existing fully distributed analysis techniques to mine signatures from polymorphic malware behaviors.
[0007] To sum up, in order to integrate malware network behaviors to extract signatures, there are computing and communication bottlenecks in centralized servers or centralized management nodes in existing centralized and hierarchical malware analysis systems, while existing fully distributed Malware analysis technology can only detect and extract monomorphic malware whose behavior does not change during the propagation process, and cannot deal with malware that uses complex technologies such as message encryption, changing propagation channels, and polymorphism

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software feature fusion analytical method and system based on shared behavior segments
  • Malicious software feature fusion analytical method and system based on shared behavior segments
  • Malicious software feature fusion analytical method and system based on shared behavior segments

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0085] Such as figure 1 As shown, the implementation steps of the malware feature fusion analysis method based on behavior fragment sharing in this embodiment are as follows:

[0086] 1) Deploy geographically dispersed nodes in the network, each node is responsible for the collection and analysis of malware samples in a network area, and establish a distributed hash table module for building a distributed hash table in the node;

[0087] 2) Each node collects malware samples and divides them into fixed-length behavior segment sets, and counts the number of local malware samples with behaviors of each behavior segment in the behavior segment set to obtain the local statistical characteristics of the behavior segment set;

[0088] 3) Each node publishes and shares the set of behavior fragments and their local statistical characteristics to the distributed hash table, and gathers the same behavior fragments from different nodes through the nodes of the distributed hash table, and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious software feature fusion analytical method and a system based on shared behavior segments. The method includes deploying, collecting and analyzing nodes of malicious software, and constructing a distributed hash table (DHT) module; collecting samples of the malicious software and segmented into segment sets, and calculating local statistical properties; sharing to the DHT, gathering global features of the behavior segments, and returning to source nodes; the source nodes calculating candidate neighbor node sets and performing similar calculation of behavior characteristics through remote nodes of the candidate neighbor node sets to construct an adjacency relation diagram of the behavior characteristics; and generating an aggregation three for aggregation based on the adjacency relation diagram of the behavior characteristics, and outputting root behavior characteristics. The system comprises a plurality of nodes, each node comprises a characteristic segmenting module, the DHT module, a behavior segment synergy sharing module, a neighbor behavior characteristic discovering module and a behavior characteristic gradual aggregation module. The method and the system have the advantages of being high in analytical accuracy and performances and good in expandability.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a malware feature fusion analysis method and system based on behavior segment sharing. Background technique [0002] According to the definition of terms in the Internet Security Threat Report of the National Internet Emergency Center, malware refers to programs that are installed and executed in information systems without authorization to achieve improper purposes. Malicious software mainly includes: 1) Trojan horse (Trojan Horse), malicious software with the main goal of stealing user's personal information, and even remote control of user's computer. 2) Bots, malicious software used to build large-scale attack platforms. According to the communication protocol used, bots can be further divided into: IRC (Internet Relay Chat) bots, HTTP (Hypertext Transfer Protocol) bots, P2P (peer-to-peer) bots, etc. 3) Worms refer to malicious software that can self-repli...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/741H04L45/74
Inventor 王小峰胡晓峰王勇军吴纯青陆华彪赵峰虞万荣孙浩王雯周寰
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com