Supercharge Your Innovation With Domain-Expert AI Agents!

Method and device for recognizing circle logic of API log (Application Program Interface)

An identification method and log technology, applied in computer security devices, redundant operations in data error detection, response error generation, etc., can solve the problems of API log information redundancy, poor readability, etc. The effect of redundant information and poor readability

Active Publication Date: 2013-11-06
KINGSOFT +2
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is to provide a method and device for identifying the circular logic of API logs, which can solve the problems of API log information redundancy and poor readability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for recognizing circle logic of API log (Application Program Interface)
  • Method and device for recognizing circle logic of API log (Application Program Interface)
  • Method and device for recognizing circle logic of API log (Application Program Interface)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] In order to make the technical problems, technical solutions and advantages to be solved by the present invention clearer, the following will describe in detail with reference to the drawings and specific embodiments.

[0053] Such as figure 1 As shown, the embodiment of the present invention provides a method for identifying the circular logic of the API log, including:

[0054] Step 11, analyze the API log to obtain a node sequence composed of multiple nodes; each of the nodes includes: the memory address REIP of the system interface function called during the execution of the portable executable PE file and the system A combination of the name of the interface function API;

[0055] Step 12, obtaining the verification value of the combination of the REIP and the name of the API, and using the verification value as the key value of the node;

[0056] Step 13, according to the key value of the node, in the node sequence, identify a node subsequence, and use the node ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and device for recognizing the circle logic of an API log (Application Program Interface). The method comprises the following steps: analyzing the API log so as to acquire a node sequence composed by a plurality of nodes, wherein each node comprises the memory address REIP of a system interface function called during the execution process of a PE (portable executable ) file and the name combination of the system interface function API; acquiring the proof test value of the REIP and the name combination of the API, and taking the proof test values as the key value of the node; according to the key value of the node, recognizing one node subsequence in the node sequence, and taking the node subsequence as an inner loop body; according to the recognized inner loop body, recognizing all the loop bodies in the node sequence; according to all the recognized loop bodies, performing dynamic analysis to virus behaviors. According to the scheme of the invention, the problems of information redundancy and poor readability of the API log can be solved.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method and device for identifying circular logic of API logs. Background technique [0002] In the field of anti-virus, with the accumulation of virus technology and anti-virus technology, encryption and anti-virus technology are changing with each passing day, it is becoming more and more difficult to identify unknown viruses simply by static features. [0003] Therefore, dynamic automatic analysis technology has become a popular technology in recent years. As the current Windows system almost monopolizes the personal computer market, malicious software targeting Windows, such as hacking Trojan horses, etc., occupy the vast majority of the virus field. [0004] With the continuous advancement of cloud security technology, security vendors can use a powerful cloud background system to dynamically analyze samples, and dynamic automatic analysis technology is still in ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F11/14
Inventor 邹义鹏刘欢白彦庚张楠陈勇
Owner KINGSOFT
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com