A method and system for uniformly naming malicious code based on file fingerprints

A malicious code and file fingerprinting technology, applied in the field of information security, to improve notification and disposal efficiency and solve uniformity problems

Active Publication Date: 2018-03-02
THE FIRST RES INST OF MIN OF PUBLIC SECURITY +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] In order to overcome the deficiencies in the prior art, the present invention provides a malicious code naming method and its system that can be commonly used among various manufacturers. Using the method and its system, without affecting the internal naming rules of each manufacturer, It can solve the problem of the uniformity of malicious code names, so as to firstly analyze the overall situation objectively under the overall statistics of the virus epidemic situation; secondly, provide guidance for administrators to improve the notification rate and disposal efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for uniformly naming malicious code based on file fingerprints
  • A method and system for uniformly naming malicious code based on file fingerprints

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] The invention provides a method for uniformly naming malicious codes based on file fingerprints, comprising:

[0034] Step 1: Collecting file fingerprints for anti-virus software, calling when the anti-virus software checks and kills malicious codes, and providing the anti-virus software with the characteristic value of returning malicious codes;

[0035] Step 2: Name the malicious code, receive the malicious code with characteristic values ​​provided in step 1, and generate a unified name for the malicious code named according to the agreed rules:

[0036] Step 3: Establish a mapping relationship between the unified naming of the malicious code described in step 2 and the independent naming of the original factory, receive the preset parameters of the malicious code, and store the mapping relationship as a data row in the database implementing the mapper Above, provide the interface to view the corresponding relationship between the unified naming and the original fact...

Embodiment 2

[0038] Such as figure 2As shown, the present invention also provides a system for uniformly naming malicious codes based on file fingerprints. The system includes a file fingerprint collector 1 that collects file fingerprints for antivirus software. , providing the anti-virus software with the characteristic value of returning the malicious code; including a unified malicious code namer 2 receiving the characteristic value of the malicious code, and the unified malicious code namer 2 naming the malicious code according to the agreed rules; Also includes a malicious code unified naming mapper 3, the malicious code unified naming mapper 3 unifies the mapping relationship between naming and the original factory's independent naming, receives the preset parameters of the malicious code, and uses the mapping relationship as data The line is stored on the database implementing the mapper, and the corresponding relationship between the unified naming and the original factory naming ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to the field of information security technology, in particular to a method and system for uniformly naming malicious codes based on file fingerprints, which collects file fingerprints for antivirus software, and returns malicious codes to the antivirus software when the antivirus software finds malicious codes. The characteristic value of the malicious code; name the malicious code, receive the malicious code with the characteristic value, and generate a unified naming of the malicious code according to the agreed rules: establish a mapping relationship between the unified naming of the malicious code and the independent naming of the original factory, and receive The preset parameters of the malicious code store the mapping relationship as a data line on the database implementing the mapper, provide the interface to view the corresponding relationship between the unified naming and the original factory naming, and return the original factory naming of the manufacturer as the result output. The invention can be commonly used among various manufacturers without affecting the internal naming rules of the manufacturers, solves the uniformity of names of malicious codes, provides guidance for administrators to work, and improves notification and disposal efficiency.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for uniformly naming malicious codes based on file fingerprints. Background technique [0002] In the existing technology, the naming of malicious code is a relatively mature technology. Currently, the more common naming rules in the market are: <prefix>.<name>.<suffix>, where: prefix generally indicates the operation of the malicious code Platform or type, the operating platform generally includes: DOS, Win32, Win64, MacOS, Linux, etc., and the types generally include: infection type, macro virus, Trojan horse, backdoor program, worm, adware, etc.; the name generally indicates the family characteristics of malicious code , For example, the family names of the famous CIH viruses are all unified "CIH"; the suffix generally refers to the variant characteristics of a malicious code, and is used to distinguish a specific variant of a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 张涵戴晓苗管磊胡光俊黄长慧薛正王专李海威范博郝艳王奕钧陈晨李锁雷李恒训苏烈华张子瀚万江华蒋勇杨卫军孙论强
Owner THE FIRST RES INST OF MIN OF PUBLIC SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap