Method, device and system for detecting distributed malicious codes on basis of textures

A malicious code, distributed technology, applied in the field of network security, can solve problems such as insufficient scalability, low detection performance, and inaccurate detection results

Active Publication Date: 2015-07-01
BEIJING VENUS INFORMATION SECURITY TECH +1
View PDF2 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] The technical problem to be solved by the present invention is how to avoid the problems of insufficient scalability, low detection performance and inaccurate detection results as far as possible in the face of a massive malicious sample environment, and how to detect unknown malicious codes and their types

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for detecting distributed malicious codes on basis of textures
  • Method, device and system for detecting distributed malicious codes on basis of textures
  • Method, device and system for detecting distributed malicious codes on basis of textures

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0098] Embodiment 1. A texture-based distributed malicious code detection device, such as figure 1 As shown, including: distributed variant detection unit;

[0099] The texture fingerprint extraction unit is used to generate a malicious code texture fingerprint vector set according to the malicious code PE (portable executable) file in the malicious code corpus, and extract the texture fingerprint vector of the sample to be detected;

[0100] A Bloom-Filter (Bloom filter) index structure establishment unit, configured to map the malicious code texture fingerprint vector set into the Bloom-Filter index structure;

[0101] A distributed LSH (Location Sensitive Hash) index structure building unit, used to calculate the location-sensitive hash value of each malicious code texture fingerprint vector, calculate the machine ID and hash bucket ID of each location-sensitive hash value, and establish a distribution Formula LSH index structure;

[0102] The accurate detection unit is u...

Embodiment 2

[0190] Embodiment 2. A texture-based distributed malicious code detection method, such as Figure 7 shown, including:

[0191] S201. Generate a malicious code texture fingerprint vector set according to the malicious code PE file in the malicious code corpus;

[0192] S202. Map the malicious code texture fingerprint vector set into a Bloom-Filter index structure;

[0193] S203. Calculate the location-sensitive hash value of each malicious code texture fingerprint vector, calculate the machine ID and hash bucket ID of each location-sensitive hash value, and establish a distributed LSH index structure;

[0194] S204. Extract the texture fingerprint vector of the sample to be detected;

[0195] S205. Based on the Bloom-Filter index structure, detect the texture fingerprint vector of the sample to be detected; if hit, use the information of the hit malicious code PE file as the detection result;

[0196] S206. If there is no hit, perform distributed variant detection, including...

Embodiment 3

[0251] Embodiment three, as Figure 10 As shown, a texture-based distributed malicious code detection system includes: an upload server, a malicious code corpus, a malicious code detection front-end server, an accurate detection server, a variant detection cluster, and a third-party detection voting cluster (optional). Among the above functional devices, the malicious code corpus, the precise detection server and the variant detection cluster share the texture fingerprint extraction component.

[0252] For the upload server, the upload user uploads the confirmed malicious code to be stored to the upload server (the voting result of the third-party detection software), and the upload server uses a message digest algorithm (such as MD5 algorithm, SHA-1 algorithm, etc.) to calculate the malicious code The message summary accesses the malicious code corpus, and judges whether the malicious code of the message summary already exists, and if so, abandons the processing of the malici...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a device and a method for detecting distributed malicious codes on the basis of textures. The device comprises a texture fingerprint extracting unit, a Bloom-Filter index structure building unit, a distributed LSH (locality sensitive hashing) index structure building unit and a distributed variant detecting unit. The texture fingerprint extracting unit is used for generating vector sets of texture fingerprints of the malicious codes according to PE (portable executable) files of the malicious codes and extracting vectors of texture fingerprints of to-be-detected samples; the Bloom-Filter index structure building unit is used for mapping the vector sets of the texture fingerprints of the malicious codes into Bloom-Filter index structures; the distributed LSH index structure building unit is used for building distributed LSH index structures; the distributed variant detecting unit is used for creating target query sets when a precision detecting unit is missed, computing locality sensitive hash values, machine identification and hash bucket identification of the target query sets, finding vectors of the texture fingerprints of the malicious codes in the distributed LSH index structures according to computation results and obtaining detection results by means of comparison. The device and the method have the advantage that unknown malicious codes and the types of the unknown malicious codes can be detected by the aid of the device and the method.

Description

technical field [0001] The invention relates to the field of network security, in particular to a texture-based distributed computer malicious code detection method, device and system. Background technique [0002] Malicious code is a code sequence with malicious intentions that threatens the confidentiality, integrity, and availability of computer systems or network systems when executed in a certain environment, including viruses, worms, Trojan horses, time and logic bombs, botnets, and spyware. . According to the scale of the malicious code corpus released by Symantec in 2010, it has reached 286 million, and it is growing rapidly. Only from Symantec's monitoring data, it can be seen that the number of malicious codes is increasing and the threat is becoming more and more serious. Due to technical limitations, there are still a large number of malicious codes that cannot be effectively detected. Moreover, malicious code variants emerge in an endless stream, which is the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 曲武王君鹤周涛叶润国
Owner BEIJING VENUS INFORMATION SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap