A network protocol analysis method for malicious code

A malicious code and analysis method technology, applied in the direction of electrical components, transmission systems, etc., can solve the problem of weak semantic understanding of protocol fields, etc., and achieve the effect of clear syntax division process, accurate division results, and clear and accurate division results

Inactive Publication Date: 2016-08-03
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the above-mentioned solutions can divide the network data more accurately and have better anti-interference ability, they are still insufficient in the completeness and accuracy of identifying grammatical elements, especially the semantic understanding of protocol fields is relatively weak

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network protocol analysis method for malicious code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The technical scheme of the present invention is described in detail below in conjunction with accompanying drawing:

[0018] As shown in the figure, a malicious code network protocol analysis method based on dynamic taint analysis is implemented as follows:

[0019]1. Deploy the malicious code to be analyzed in the monitoring server, monitor its network operation, and use the received network data as the original taint source data; use the taint analysis engine to track and record all the taint operation instructions it has executed, and use The row organization of the "instruction-level taint propagation flow graph" is recorded. Each node in the graph corresponds to a taint instruction. The present invention records the stain information record of each stain byte in the stain operand. What is recorded in the taint record is one or more unsigned integers, which (they) are addresses of certain (certain) bytes in the original taint source. The taint information record...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network protocol analysis method of a malicious code and belongs to the network security technical field. The network protocol analysis method of the malicious code comprises the following steps: (1), deploying the to-be-analyzed malicious code in a monitoring server, marking data which are received from a network by a malicious process as original stain source data; (2), recording all of operational orders of the malicious process to the stain data in a tracking mode; and recording application program interface (API) which is called in the process of implementing the malicious process and is relative to the security of an operational system; (3) starting grammatical division to the network protocol data of the malicious code based on the recorded operational orders and the operational characteristics of the malicious process; and (4), as to a grammatical character field which is regarded as API function parameters, and acquiring the final semanteme of the grammatical field based on the corresponding API function. The network protocol analysis method of the malicious code has generality and anti-interference performance on a protocol element recognition aspect, and enables a division result of a protocol element to be clear and accurate.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a malicious code network protocol analysis method based on dynamic stain analysis technology. Background technique [0002] Malicious codes emerging in an endless stream are increasingly becoming a serious threat to information security. As the role of network applications in economic and social life continues to deepen, worms (Worm), botnets (Botnet), Trojan horses (Trojan) and other network-based malicious codes have caused catastrophic effects and caused heavy losses. In order to limit the spread of network malicious codes, identify and defend against their attacks, and further analyze the working mechanism of network malicious codes, a key technical link is to reverse analyze the communication protocols used by network malicious codes. [0003] So far, the reverse analysis of malicious code network protocols mainly relies on manual static analysis. The ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 王明华聂眉宁杨轶苏璞睿应凌云
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap