Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

APT detection method and system based on compiler recognition

A detection method and compiler technology, which is applied in the direction of instruments, electronic digital data processing, platform integrity maintenance, etc., can solve the problems that the detection ability depends on the virus database, the public features cannot be extracted, and unknown viruses are helpless, so as to fight against deformed viruses or the effect of polymorphic viruses

Active Publication Date: 2014-07-02
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Because the traditional virus detection method is based on the signature code, it is more effective for the detection of known viruses, but it is powerless for unknown viruses.
Moreover, the traditional virus detection method needs to carry a huge virus database, and the detection ability depends to a large extent on whether the update of the virus database is timely.
The emergence of new viruses, such as mutant viruses or polymorphic viruses, poses challenges to traditional virus detection, because traditional methods cannot extract public features

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT detection method and system based on compiler recognition
  • APT detection method and system based on compiler recognition

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention provides an APT detection method and system based on compiler identification, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to enable the above-mentioned purposes, features and advantages of the present invention to It is more obvious and easy to understand, and the technical solution in the present invention will be described in further detail below in conjunction with the accompanying drawings:

[0027] The present invention firstly provides an APT detection method based on compiler identification, such as figure 1 shown, including:

[0028] S101 acquires the PE file to be detected;

[0029] S102 detects whether there is a compiler feature code at a specific location of the PE file, and if so, determines that the PE file is a non-virus program, otherwise executes S103;

[0030] S103 detects whether the compiler feature code exists in the PE file in other...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an APT detection method and system based on compiler recognition. The method includes the steps that firstly, a PE file to be detected is obtained, whether the PE file has a compiler feature code at a specific position or not is detected, if the PE file has the compiler feature code at the specific position, it can be determined that the PE file is a non-virus program, otherwise whether the PE file has compiler feature codes at other positions except for the specific position or not is detected, if the PE file has the compiler feature codes at other positions except for the specific position, it can be determined that the PE file is a virus program, otherwise it can be determined that the PE file is a shell application, unshelling processing is performed on the PE file, and detection is continued. According to the method, known viruses and unknown viruses can be effectively detected without depending on a huge virus library.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to an APT detection method and system based on compiler identification. Background technique [0002] Traditional virus detection methods are usually based on signature detection, that is, according to the captured samples, a common code is extracted for the same virus or the same virus family as a signature, so as to avoid false positives for normal files and realize virus detection. the goal of. [0003] Because the traditional virus detection method is based on the signature code, it is more effective for the detection of known viruses, but it is powerless for unknown viruses. Moreover, the traditional virus detection method needs to carry a huge virus database, and the detection ability depends to a large extent on whether the update of the virus database is timely. The emergence of new viruses, such as mutant viruses or polymorphic viruses, poses challenges ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 童志明沈长伟张栗伟
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com