Environmental reconstruction based malicious-code integrity analysis method

A malicious code and analysis method technology, applied in the field of malicious code integrity analysis based on environment refactoring, can solve problems such as low analysis efficiency, program crash, memory leak, etc., to improve analysis efficiency, reasonably trigger, and reduce time overhead. Effect

Active Publication Date: 2015-08-19
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF5 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0013] Aiming at the problems of path explosion, memory leak, low analysis efficiency and program crash caused by forced modification of branch paths in the existing malicious code multi-path analysis methods, the present invention pro

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Environmental reconstruction based malicious-code integrity analysis method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0036]Embodiment: The present invention proposes a malicious code integrity analysis method based on environmental reconstruction, and its analysis idea is: use the dynamic binary analysis platform Pin and the decompilation tool IDA to obtain the environmental information that is perceived and sought during the malicious code execution process, and use Based on the obtained environmental information, the best execution environment for malicious code is constructed, and finally the malicious code is put into the dynamically constructed environment to run to achieve integrity analysis. Under the guidance of the above general idea, the analysis process is as follows: figure 1 shown.

[0037] In the process of analyzing the integrity of malicious codes, the present invention adopts a combination of coarse-grained environmental data extraction and fine-grained sensitive environment identification to jointly determine the execution environment required for triggering malicious code...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an environmental reconstruction based malicious-code integrity analysis method. The method includes: extracting environmental data required during executing process in extracting malicious codes by using reasonable analytical strategies; performing dynamic reconstruction of the execution environment of the malicious codes on the basis of the environmental data; merging the malicious codes into the environment subjected to the dynamic reconstruction for analysis to acquire behavior information which is relatively integral. The problem existing in multipath analysis can be effectively solved, and analysis in integrity of the malicious codes is realized. Compared with a traditional analysis method, the integrity analysis method has the advantages that more reasonable triggering on the key paths can be realized, and accurate behavior characteristics are acquired.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a malicious code integrity analysis method based on environment reconstruction. Background technique [0002] With the rapid development of the Internet, the types and quantities of malicious codes are constantly increasing. The so-called malicious code is a general term for malicious software that realizes the bad intentions of attackers, including viruses, worms, Trojan horses, backdoors, zombies, spyware, adware, etc., and its harm is mainly manifested in stealing user privacy, confidential files, and account information. , destroy data, consume memory and hard disk space, etc. According to a survey report by Symantec in 2014, the number of malicious codes is increasing, and the threat is becoming more and more serious. Its writing, dissemination and utilization present a trend of profit, commercialization and organization. [0003] In the evolution process of malic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 舒辉康绯光焱张骞彭小详
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap