Unlock instant, AI-driven research and patent intelligence for your innovation.

A Visual Analysis Method of Malicious Code Based on Shannon Information Entropy

A malicious code and analysis method technology, applied in the direction of instruments, electronic digital data processing, platform integrity maintenance, etc., can solve the problems of automation degree restriction, unfavorable comprehensive understanding of the characteristics of the analyzed files, etc., to improve work efficiency and similarity comparison High efficiency and reduced analysis difficulty

Inactive Publication Date: 2017-06-30
DONGHUA UNIV
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, in terms of analyzing file similarity for classification research, the method of Gregory Conti, Erik Dean, Matthew Sinda and Benjamin Sangster.Visual Reverse Engineering of Binary and DataFiles[C].VizSec 2008Symposium on Visualization for Cyber ​​Security(VizSEC2008) makes the calculation amount and The size of the file is proportional to the size of the file, and the degree of automation of the analysis is restricted by the performance of the computer hardware. At the same time, in terms of presenting the internal characteristics of the file, the pixel value of the c area corresponding to the byte is separated from the b area reflecting the existence of the ASCII code value. Facilitates a comprehensive understanding of the characteristics of the analyzed files

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Visual Analysis Method of Malicious Code Based on Shannon Information Entropy
  • A Visual Analysis Method of Malicious Code Based on Shannon Information Entropy
  • A Visual Analysis Method of Malicious Code Based on Shannon Information Entropy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0036] A method for visual analysis of malicious code based on Shannon information entropy, specifically:

[0037] Step 1: Convert the binary bytes of the malicious file (Trojan.Regrun.rk) into the yellow shade value of the pixel in the "pixel map", and use the green channel 0x50 (the display effect may have slight differences due to different hardware devices) Mark points with pixel values ​​0x20-0x7E (that is, printable characters in ASCII code); such as figure 2 As shown, the black part is the background color, that is, the binary byte is 0 value.

[0038] Step 2: Calculate the local entropy of the pixel values ​​in each 256-byte block in the "pixel map" based on the pixel values ​​of the "pixel map", and the local entropy is calculated according to the following Shannon information entropy formula:

[0039]

[0040] Among them, p i Represents the probability of occurrence of byte (pixel) value i, the value range of i is 0x00-0xFF, Entropy is local entropy;

[0041] ...

Embodiment 2

[0047] The malicious code visual analysis method based on Shannon information entropy described in Embodiment 1 is used to analyze the "entropy map" generated by malicious samples Email-Worm.joleee.av, Email-Worm.joleee.aw and Email-Worm.joleee.ba as follows Figure 6-8 As shown, the present invention can find potential differences relatively easily when analyzing malicious codes of the same family, and provides a basis for grasping the evolution law of the variants of the same family.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious code visualized analyzing method based on the Shannon information entropy. The method includes the steps that firstly, the binary bytes of a malicious file are converted into yellow brightness values of pixel points of a pixel map, and the points with the pixel value being Ox20-Ox7E are marked through a green channel Ox50; secondly, the local entropy of the pixel value in each 256-byte block in the pixel map is calculated based on the pixel value of the pixel map, and the local entropy is calculated according to the following Shannon information entropy formula: Entropy=- *log2pi, wherein the pi represents the occurrence probability the byte (pixel) value i, the value of the i ranges from Ox00 to OxFF, and the Entropy is the local entropy. The f (Entropy) value of the local entropy value Entropy is calculated according to the formula: f (Entropy) = 2<Entropy>-1, and the entropy diagram is generated through the calculation result of the f (Entropy); thirdly, normalization processing is conducted on the calculation result of the f (Entropy), and an entropy normalization diagram is generated. By means of the malicious code visualized analyzing method based on the Shannon information entropy, samples of various groups can be effectively distinguished, when the malicious codes of the same group are analyzed, the potential distinctions can be found much easier, and a basis is provided for mastering the variant evolution law of the group.

Description

technical field [0001] The invention relates to a malicious code visualization analysis method based on Shannon information entropy. Background technique [0002] Malware (Malicious Software) is a software used to destroy computer operating systems, steal sensitive information, or illegally access private systems, usually in the form of code, scripts, dynamic text, or other software. Due to the complex and time-consuming traditional malware analysis process, it is difficult for even experienced security analysts to discover potential attack modes. In order to reduce the cognitive burden and improve interactivity, introducing information visualization technology into the field of malicious code analysis, that is, Malware security visualization, is the frontier hotspot in network security research in recent years. [0003] In 2008, Gregory Conti of the United States Military Academy West Point et al. designed a visual analysis system (such as figure 1 ) for the first time pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/561G06F2221/033
Inventor 任卓君孔德凤刘同洋乔国娟冯琪陈光
Owner DONGHUA UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com