Multi-dimensional feature-code-free rogue program detecting method
A malicious program and featureless technology, which is applied in the field of multi-dimensional signatureless malicious program detection, can solve the problems affecting the running speed of files, and achieve the effect of fast detection speed and accelerated detection speed
Active Publication Date: 2015-07-15
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF3 Cites 4 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
File integrity verification methods can detect known and unknown malicious programs, but have the same disadvantage as behavior-based detection methods, there is a large number of false positives, because file content changes are not the only reason that files are infected by malicious programs, file content The change may be caused by a normal program, and this method will also affect the running speed of the file
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0021] In order to make the purpose, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the implementation methods and accompanying drawings.
[0022] Such as figure 1 As shown, a kind of multi-dimensional non-signature code malicious program detection method of the present invention comprises the following steps:
[0023] Step S1: Collect the normal program training set in the computer And malicious program training set EP (usually select typical normal program and malicious program), based on training set BPa and EP, build normal program string collection library of different lengths;
[0024] Step S2: Based on the normal program string collection library of different lengths constructed, the normal program training set BP b Extract its multi-dimensional features from each normal program in , and calculate the feature vector and generalization value of the normal program, ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a multi-dimensional feature-code-free rogue program detecting method, and belongs to the field of computer anti-virus. The method comprises the following steps that normal program and rogue program training sets are built, character strings in certain length are sequentially extracted from the normal program training set, and a corresponding character string set is generated according to the relationship between the number of file appearing times and the number of appearing times of character strings in the rogue program training set; a multi-dimensional normal program different-length character string set library is generated according to extracted different character string lengths; the multi-dimensional feature vector and the generalization value of each normal program in the corresponding normal program training set are calculated on the basis of the character string set library, so that a normal program model is built; then, a detector for covering the computer rogue program space is detected; a program to be detected is firstly subjected to feature vector calculation, and then, the feature vector and the detector are subjected to calculation, so that whether the program is a rogue program or not is judged. The multi-dimensional feature-code-free rogue program detecting method has the beneficial effects that the detection speed is high, and the known or unknown rogue programs can be effectively detected.
Description
technical field [0001] The invention belongs to the field of computer anti-virus, and in particular relates to a method for detecting a multi-dimensional malicious program without signature codes. Background technique [0002] With the deepening of informatization application in all walks of life, more and more attention has been paid to computer security issues. Among computer security issues, malicious codes such as computer viruses are the most important security threats. At present, different scholars have different understandings of the definition of computer viruses. On February 18, 1994, my country officially promulgated and implemented the "Regulations of the People's Republic of China on the Protection of Computer Information System Security", which clearly stated in Article 28: " Computer virus refers to a set of computer instructions or program codes that are compiled or inserted into computer programs to destroy computer functions or data, affect computer use, an...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): G06F21/56
Inventor 曾金全
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA