Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Computer malicious software detection novel method based on software control flow features

A software control and malicious software technology, applied in computing, special data processing applications, instruments, etc., can solve problems such as insufficient accuracy, unstable local features, and reduced detection effects, achieving good stability, maintaining stability, and good The effect of test results

Active Publication Date: 2013-06-26
STATE GRID SICHUAN ELECTRIC POWER CORP ELECTRIC POWER RES INST +1
View PDF3 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] First, the signature-based detection method needs to obtain the signature of the malware, and add the ever-increasing signature to the database of the client, and the maintenance of the increasingly large database becomes the price paid by the user
The biggest disadvantage of this detection method is that it is difficult to detect unknown malware, and users cannot deal with new security threats in a timely manner
[0007] Second, using heuristic analysis or software behavior-based detection methods is to classify software by obtaining special local information of the code, but for malware that uses fuzzy and polymorphic software, this local feature is often not fixed, so the detection method Insufficient accuracy in judging these malware
[0008] Third, using standard format information to distinguish software detection methods uses the external description information of the software. Most of this information does not directly involve the behavior of the software. For malware designers who are familiar with this method, they can use the special format information. processing to greatly reduce the detection effect of the method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Computer malicious software detection novel method based on software control flow features
  • Computer malicious software detection novel method based on software control flow features
  • Computer malicious software detection novel method based on software control flow features

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] see figure 1 , the present invention comprises following 4 steps: 1, carry out disassembly to PE format file; 2, select code basic block according to control flow; 3, software feature representation and screening; 4, judge malicious software and normal software by classification algorithm; Proceed as follows:

[0030] 1) Disassemble the PE format file:

[0031] The objects we deal with are files in PE format, and the main data are the codes obtained after these files are disassembled. Therefore, the quality of disassembly is related to the accuracy of the data. In this model, the recursive descent algorithm is used to process the files. The advantage is that it can effectively distinguish instructions from data and improve reliable results. Due to differences in function call instructions generated by different compilers, we use the x86 assembly instruction set to create instruction sequences.

[0032] 2) Select the basic block of code

[0033] The performance of so...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Provided is a computer malicious software detection novel method based on software control flow features. Static analysis is conducted on a control flow structure of a binary file, an operation code sequence is extracted automatically, a spatial vector model is utilized to convert the sequence to structuralized information, the structuralized information acts as a feature set of a file after being screened, a software classification rule is found from volume feature sets by using a data mining method, and the software classification rule is used for detecting malicious software. The computer malicious software detection novel method based on the software control flow features can not only effectively detect common zero-day malicious software, but also have a good detection result for malicious software utilizing a vague and polymorphic technology, and maintain good stability for calculated attack.

Description

technical field [0001] The invention relates to a malware detection method in computer information security, in particular to a malware detection method with good stability in detection results when malware designers use fuzzy and polymorphic techniques to hide code external information and local features . Background technique [0002] With the wide application of computer science in various fields of society, more and more people pay more and more attention to the security of computer software. Establishing a trusted software system has become an effective means to maintain computer information security, and the detection of malicious software has become the core research direction of software credibility analysis. [0003] The traditional signature-based detection method needs to be updated and maintained through a dedicated database to extract relevant signatures in advance, use the scanning engine to find the local information of the software, and use the string matchi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F17/30
Inventor 李琪林赵宗渠王俊峰肖杰苗长胜余明书冯军屈鸣白泰
Owner STATE GRID SICHUAN ELECTRIC POWER CORP ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com