A Visual Analysis Method of Malicious Code Based on Shannon Information Entropy
A malicious code and analysis method technology, applied in the direction of instruments, electronic digital data processing, platform integrity maintenance, etc., can solve the problems of automation degree restriction, unfavorable comprehensive understanding of the characteristics of the analyzed files, etc., to improve work efficiency and similarity comparison High efficiency and reduced analysis difficulty
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment
[0036] A method for visual analysis of malicious code based on Shannon information entropy, specifically:
[0037] Step 1: Convert the binary bytes of the malicious file (Trojan.Regrun.rk) into the yellow shade value of the pixel in the "pixel map", and use the green channel 0x50 (the display effect may have slight differences due to different hardware devices) Mark points with pixel values 0x20-0x7E (that is, printable characters in ASCII code); such as figure 2 As shown, the black part is the background color, that is, the binary byte is 0 value.
[0038] Step 2: Calculate the local entropy of the pixel values in each 256-byte block in the "pixel map" based on the pixel values of the "pixel map", and the local entropy is calculated according to the following Shannon information entropy formula:
[0039]
[0040] Among them, p i Represents the probability of occurrence of byte (pixel) value i, the value range of i is 0x00-0xFF, Entropy is local entropy;
[0041] ...
Embodiment 2
[0047] The malicious code visual analysis method based on Shannon information entropy described in Embodiment 1 is used to analyze the "entropy map" generated by malicious samples Email-Worm.joleee.av, Email-Worm.joleee.aw and Email-Worm.joleee.ba as follows Figure 6-8 As shown, the present invention can find potential differences relatively easily when analyzing malicious codes of the same family, and provides a basis for grasping the evolution law of the variants of the same family.
PUM
Login to View More Abstract
Description
Claims
Application Information
Login to View More - R&D
- Intellectual Property
- Life Sciences
- Materials
- Tech Scout
- Unparalleled Data Quality
- Higher Quality Content
- 60% Fewer Hallucinations
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com



