Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Heuristic type behavioral parameter analysis algorithm

A parameter analysis and heuristic technology, applied in the direction of computing, electrical digital data processing, special data processing applications, etc., can solve the problems of unsatisfactory requirements, high false positive rate of judgment, etc., so as to be suitable for large-scale promotion and application, improve sensitivity, The effect of highlighting substantive features

Inactive Publication Date: 2013-12-04
CHENGDU WANGAN TECH DEV
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide a heuristic behavior parameter analysis algorithm, which mainly solves the problem in the prior art that the static heuristic has a relatively high rate of false alarms in judging the danger and cannot meet people's needs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Heuristic type behavioral parameter analysis algorithm
  • Heuristic type behavioral parameter analysis algorithm
  • Heuristic type behavioral parameter analysis algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0028] The key factors that determine the static heuristic reporting and false alarm rate are the captured behavior, the weight of each behavior and the overall warning threshold. According to actual needs, the present invention designs a set of static heuristic behavior parameter analysis algorithms. The dual static heuristic analysis of PE structure and PE disassembly, combined with the knowledge of mathematical statistics, focuses on optimizing the weight calculation algorithm and threshold determination algorithm of each behavior, which is used to determine the weight of malicious behavior and solve the specific requirements. The optimal alarm threshold greatly reduces the false alarm rate.

[0029] Among them, the principle of static heuristic analysis based on PE structure is as follows:

[0030] The PE file is Windows mainstream under the system executable file format, all 32-bit or 64-bit executable files under Windows are PE file format ,like DLL , EXE , F...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a heuristic type behavioral parameter analysis algorithm, which mainly solves the problems that in the prior art, the false alarm rate of judging risk by a static heuristic method is relatively high, and the needs of people cannot be met. The heuristic type behavioral parameter analysis algorithm comprises the following steps of recurring a disk traversing file, and filtering a non-PE formatted file; establishing a rule base which is matched with a parsing engine, carrying out static heuristic analysis on all PE formatted files by using the parsing engine, and summarizing and calculating malicious weight numbers of all suspicious acts of the PE formatted files; calculating a heuristic alarm threshold value basing on a Liapunov central-limit theorem; judging whether the malicious weight numbers of the PE formatted file are higher than an alarm threshold value or not, carrying out alarm on the PE formatted files if so, and carrying out file traversing again until the file traversing is over if not. Through the technical scheme, according to the heuristic type behavioral parameter analysis algorithm disclosed by the invention, the purposes of flexibly adjusting scan sensitivity and reducing the false alarm rate are achieved, and the practical value and the promotion value are very high.

Description

technical field [0001] The invention relates to a heuristic behavior parameter analysis algorithm. Background technique [0002] At present, security vendors generally use signature-based virus detection and killing methods. Although this detection and killing method can accurately determine most of the prevalent viruses, it is necessary to collect virus samples for analysis, extract signatures, and upgrade the signature library to detect and kill viruses. The way to realize the detection and killing of new viruses. This method has a lag. In addition, the virus signature codes analyzed by various anti-virus software can be easily positioned and modified through the anti-virus technology, thereby bypassing the signature recognition of anti-virus software and realizing the detection of various anti-virus software. avoid killing. [0003] The heuristic antivirus technology is a scanning and killing method for unknown viruses and avoidance, which belongs to behavior-based scan...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30G06F19/00
Inventor 朱永强江雪
Owner CHENGDU WANGAN TECH DEV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com