Generation method and device for malicious software network intrusion detection feature codes

A network intrusion detection and malware technology, applied in the field of communication, can solve the problems of low extraction efficiency, Internet security danger, and slowing down the response speed of emerging malware.

Inactive Publication Date: 2014-12-24
HUAWEI TECH CO LTD +1
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At this stage, the network intrusion of malicious software has caused serious danger to Internet security. At present, the malicious The network communication of the software is detected, but in the prior art, the NIDS feature code needs to be extracted by engineers manually or semi-manually by tracking the network behavior of the malware code sample on a single running device, the extraction efficiency is low, and the NIDS signature is reduced. and the response speed of the NIPS system to emerging malware, and the signatures obtained only from the running results of malware code samples in a single operating environment often have the parameters of the single operating environment, so the obtained signatures are not universal. sex

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Generation method and device for malicious software network intrusion detection feature codes
  • Generation method and device for malicious software network intrusion detection feature codes
  • Generation method and device for malicious software network intrusion detection feature codes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0065] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0066] see figure 1 , which is a schematic flowchart of a method for generating a malware network intrusion detection feature code provided in an embodiment of the present invention, and may include the following steps:

[0067] S101: Run malware program samples on at least two running devices with different running environments, and respectively intercept network packet capture files generated by running the malware program samples on each running device;

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a generation method and device for malicious software network intrusion detection feature codes. According to the generation method and device, malicious software network feature codes are automatically extracted under various running environments, and the network feature code extracting efficiency, universality and the speed of the response of an NIDS and an NIPS to newly-developing malicious software are improved. The method comprises the steps that malicious software program samples run on at least two running devices with different running environments, and a network packet capture file generated when each running device runs the corresponding malicious software program sample is intercepted; data flow reassembly, communication data classification, common substring extraction and feature code generation are carried out on each network packet capture file in sequence to obtain the malicious software network intrusion detection feature codes.

Description

technical field [0001] The invention relates to the communication field, in particular to a method and device for generating a feature code for network intrusion detection of malicious software. Background technique [0002] At this stage, the network intrusion of malicious software has caused serious danger to Internet security. At present, the malicious The network communication of the software is detected, but in the prior art, the NIDS feature code needs to be extracted by engineers manually or semi-manually by tracking the network behavior of the malware code sample on a single running device, the extraction efficiency is low, and the NIDS signature is reduced. and the response speed of the NIPS system to emerging malware, and the signatures obtained only from the running results of malware code samples in a single operating environment often have the parameters of the single operating environment, so the obtained signatures are not universal. sex. Contents of the in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 吴晓昕邹福泰
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap