Malicious file detection method and device

A malicious file and detection method technology, applied in computer security devices, instruments, calculations, etc., can solve the problems of low virus analysis efficiency and low detection accuracy, and achieve the effect of improving efficiency and detection accuracy

Active Publication Date: 2014-06-04
TENCENT TECH (SHENZHEN) CO LTD
View PDF7 Cites 66 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] Therefore, the existing virus sample analysis technology has a relatively high risk of virus detection, and i

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious file detection method and device
  • Malicious file detection method and device
  • Malicious file detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The solution of the embodiment of the present invention is mainly: by running the sample file in the virtual machine, and then running the monitoring program in the virtual machine, recording the running behavior of the sample file, including reading and writing related to the sample file, registry, network, and process 1. Modify information records to generate log files, and then match these log files through the extracted feature rules. If matched, it indicates that the sample file is a malicious sample, thereby realizing automatic virus behavior analysis.

[0028] Such as figure 1 As shown, a preferred embodiment of the present invention proposes a malicious file detection method, including:

[0029] Step S101, obtaining a sample file to be detected;

[0030] The source of the sample file to be detected may not be limited, for example, it may be downloaded from a specified location.

[0031] The obtained sample files to be tested will be input into the automatic mo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious file detection method and device. The method includes the steps of obtaining a sample file to be detected; operating the sample file, monitoring operation behaviors of the sample file and generating a log file; analyzing the log file, and carrying out malicious file detection based on a preset matching rule. The sample file is operated in a virtual machine, a monitoring program is operated in the virtual machine, the operation behaviors of the sample file are recorded to generate the log file, then the log file is matched according to an extracted feature rule, and finally malicious file detection of the sample file is achieved. By means of the method, virus analysis efficiency can be greatly improved, new samples which can not be detected by anti-virus programs in the prior art or a certain type of samples of a specific behavior type can be found timely, and accordingly detection accuracy of virus samples is improved.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a malicious file detection method and device based on analysis of running behavior logs. Background technique [0002] At present, with the rampant spread of viruses and malware, virus sample analysis technology has also been continuously improved. Through virus sample analysis, virus analysts can quickly identify viruses and understand their behavior, so as to formulate corresponding anti-virus strategies and carry out anti-virus operations. Effective interception to protect user systems from damage. [0003] At present, the cloud-based anti-virus system can obtain the latest samples in a timely and effective manner, and also brings a massive sample library. Since manual virus analysis is time-consuming and labor-intensive, manual analysis alone cannot cope with the current rapid growth of a large number of viruses. Therefore, it is necessary to combine various automa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 李萌萌
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap