Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious program behavior capture method based on Qemu

A technology of malicious programs and emulators, applied in malicious program behavior analysis, computer security field, can solve incomplete, inaccurate, easy to be bypassed and other problems

Inactive Publication Date: 2014-07-16
XIDIAN NINGBO INFORMATION TECH INST
View PDF7 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0017] The technical problem to be solved by the present invention is to propose a method for capturing malicious program behavior of the Qemu emulator, which is difficult to be detected and inaccurate, aiming at the current sandbox that is easy to be bypassed, incomplete, and inaccurate in capturing malicious program behavior. bypass

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious program behavior capture method based on Qemu

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0079] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0080] Such as figure 1 As shown, the present invention provides a kind of malicious program behavior capture method based on Qemu emulator, this method directly inserts malicious program behavior capture module in the source code of Qemu simulator, is encapsulated with reading string function in the malicious program behavior capture module , here, the malicious program behavior capture module is also a series of software codes, the functions of the software code will be described in detail in the following schemes, the malicious program behavior capture module is preferably inserted into the instruction translation code part in the source code of the Qemu emulator , which can eliminate the semantic gap between the data of the Qemu simulator and the guest operating system when the malicious program sample is running; the Qemu simulator is a s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a malicious program behavior capture method based on the Qemu. The method is characterized in that a malicious program behavior capture module is directly inserted into a source code of the Qemu, a client operating system is installed on the Qemu, and then behavior capture is carried out on malicious program samples on the client operating system through the malicious program behavior capture module running in the Qemu. The method has the advantages that the malicious program behavior capture module is directly inserted into the source code of the Qemu, completely isolated from the samples running on the client operating system and located on the lower layer of the operating system, and in theory, the malicious program samples can not detect or escape the malicious program behavior capture module easily.

Description

technical field [0001] The invention belongs to the field of computer security, and further relates to the field of malicious program behavior analysis, in particular to a method for capturing malicious program behavior based on a Qemu simulator. Background technique [0002] In the field of malicious program analysis, the purpose of performing behavioral analysis on malicious programs is to obtain behavior reports of malicious programs to assist analysts in understanding the behavior of malicious programs or to detect malicious programs. At present, the detection of malicious programs mainly uses traditional security solutions based on sample signatures and abnormal attack behavior patterns, such as firewalls, intrusion protection systems, anti-virus software, network gateways, etc., which have the following problems: [0003] First, it cannot effectively respond to attacks that exploit 0day vulnerabilities. The 0day vulnerability is a new vulnerability. The static charact...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/56
Inventor 苗启广宋建锋刘志伟曹莹刘家辰张浩王维炜杨晔
Owner XIDIAN NINGBO INFORMATION TECH INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com