Method and device for safety judgment based on consistency of expanded name and file format

A file format and extension technology, applied in computer security devices, platform integrity maintenance, instruments, etc., can solve problems such as user loss and trigger loopholes, and achieve the effect of improving the detection rate and solving security threats

Inactive Publication Date: 2014-01-29
HARBIN ANTIY TECH
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Example 2: The MVB file format is a format that can be overflowed, and WMV is a format that cannot be overflowed. If an MVB file uses the WMV extension,

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for safety judgment based on consistency of expanded name and file format
  • Method and device for safety judgment based on consistency of expanded name and file format

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0027] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned objectives, features and advantages of the present invention more obvious and understandable, the technical solutions of the present invention will be further detailed in conjunction with the accompanying drawings. Description.

[0028] Such as figure 1 As shown, the method embodiment of the present invention includes:

[0029] S101 starts to detect.

[0030] S102 Obtain the extension of the object to be detected.

[0031] S103 extracts the features in the file of the object to be detected, matches the features in the file format library through the file grid library, and determines the file format of the object to be detected.

[0032] S104 compares the actual format of the object to be detected with the format in the executable and overflow knowledge base, and judges whether the object to be detected belongs to th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for safety judgment based on the consistency of an expanded name and a file format. The method for safety judgment based on the consistency of the expanded name and the file format comprises the following steps that a format of an expanded name of an object file to be detected is obtained; the characteristics of the object file to be detected are extracted, matching is conducted on the characteristics of the object file to be detected and characteristics in a file format base, and if matching is successful, an actual format of the object file to be detected is recorded; comparison is conducted on the actual format of the object file to be detected and executable formats of an overflowing knowledge base, if comparison is successful, whether the actual format and the format of the expanded name are consistent is judged, and if the actual format and the format of the expanded name are not consistent, it is determined that a threat to the object file to be detected exists. By the adoption of the method and device for safety judgment based on the consistency of the expanded name and the file format, the defect that traditional anti-virus software cannot cope with the situation that detection is eluded through change of an expanded name is overcome, the method for safety judgment based on the consistency of the expanded name and the file format is put forward innovatively, the problem of a safety threat caused by change of the expanded name is effectively solved, and the detection rate of the anti-virus software is improved.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method and a device for judging file security by using the consistency of file extension and file format. Background technique [0002] At present, malware is showing a trend of large-scale growth. Malware uses various means with high technical complexity to avoid the detection of anti-virus software, resulting in a decline in the detection rate of anti-virus software for malware. Among them, there are a large number of technical means to evade the detection of anti-virus software by modifying file extensions. The following examples are used to illustrate. [0003] Example 1: A virus downloads a file with the extension DAT, but it is actually in VBS executable format. After the virus is downloaded, it will be loaded and executed, but the anti-virus software does not judge the file format, and will consider it safe to download DAT format files. To avoid detection by a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/563G06F2221/033
Inventor 肖新光童志明董雷
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap