Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for extracting message format

A message format and message technology, applied in the field of information security, can solve the problems of lack of comprehensive analysis, a large number of human resources, and low analysis efficiency, so as to reduce the dependence on human experience and labor costs, improve the extraction efficiency, and improve the degree of automation. Effect

Active Publication Date: 2016-08-17
TENCENT TECH (SHENZHEN) CO LTD +1
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The above two methods have the following technical problems: a large amount of human resources are required; the analysis efficiency is low and the analysis time is long; because of the lack of comprehensiveness of the analysis, the false negative rate is high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for extracting message format
  • Method and device for extracting message format
  • Method and device for extracting message format

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, rather than all embodiments . Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0025] The embodiment of the present invention provides a method for extracting a message format, such as figure 1 shown, including:

[0026] 101: Capture the execution track of the malicious program client;

[0027] Optionally, capturing the execution track of the malicious program client includes: monitoring the execution process of the malicious program in real time through a binary code analysis platform, and capturing its execution t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present invention discloses a message format extraction method and device. Taking the implementation of the method as an example, it includes: capturing the execution trace of the malicious program client; analyzing the input message processing process in the execution trace to extract the malicious The input message format for the program communication protocol. The above method, based on the analysis of the execution track of the malicious program client, can realize the automatic extraction of the input message format of the malicious program communication protocol, so it no longer depends on human manual operation, so it can improve the degree of automation and reduce the dependence on human experience and The labor cost improves the extraction efficiency; analyzing the execution track of the malicious program client can provide system-level semantic information and realize fine-grained malicious code analysis, so the analysis and positioning are accurate and the false positive rate is reduced.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and device for extracting message formats. Background technique [0002] The malicious program referred to in the embodiment of the present invention refers to a malicious program implanted into a device (for example, a computer) so that the device can be controlled by a remote input message. Such malicious programs usually define a communication protocol, and when the malicious program client receives a message from the control terminal, it will respond accordingly. Its typical representative is the client program of the botnet. A botnet refers to a network composed of user computers controlled by attackers through bot programs, and its basic feature is to use a one-to-many command and control mechanism. Since IRC (Internet Relay Chat Protocol, Internet Relay Chat Protocol) provides a simple, low-latency, anonymous real-time communication method, and is a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56H04L9/36
CPCG06F21/566G06F21/567G06F2221/033
Inventor 邹赞张晓康王志贾春福刘露
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com