Behavior characteristic similarity-based malicious code homology analysis method

A technology of homology analysis and malicious code, which is applied in the field of homology analysis of malicious code based on the similarity of behavior characteristics, can solve the problems of poor versatility and inability to analyze malicious code samples, and achieve the effect of improving efficiency

Active Publication Date: 2015-08-26
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF7 Cites 58 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] Most of the current malicious code homology analysis research relies on manual analysis. In the existing automated analysis methods, only static features such as malicious code signatures and control flow graphs are used as the basis for malicious code analysis, and it is impossible to analyze packed files. Malicious code samples, poor versatility

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Behavior characteristic similarity-based malicious code homology analysis method
  • Behavior characteristic similarity-based malicious code homology analysis method
  • Behavior characteristic similarity-based malicious code homology analysis method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0046] Embodiment: A method for analyzing homology of malicious codes based on behavioral feature similarity, the specific steps are as follows:

[0047] First, the instruction and data recording module is based on the dynamic binary instrumentation platform, executes malicious code samples in a protected virtual environment, analyzes key instructions through instrumentation, and records program entry points, return points, memory read and write points and other key positions, combined with the API parameter format parsing library, to obtain the call sequence and parameter information of the key API defined in the library.

[0048] Then, the feature extraction module takes the API call sequence and its parameter information as input, combines with the behavior rule library, and extracts behavior features on the basis of building an API association tree.

[0049] Finally, the homology discrimination module takes the behavioral characteristics of two malicious codes as input, an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a behavior characteristic similarity-based malicious code homology analysis method, which comprises the steps of: firstly extracting and quantifying behavior characteristics representing malicious codes based on a dynamic binary pile platform, on this base, measuring the similarity of the behavior characteristics among different malicious codes, and reflecting a homology judgment result of the malicious codes with the similarity of the behavior characteristics. By using the invention, the malicious codes collected in a network can be subject to homology analysis, and a powerful support is provided for tracing of a subsequent attack source. The method can correctly reflects the homology among samples of the malicious codes, correctly differentiates the samples of the malicious codes without homology, and has important guidance and reference significances in analysis work of the homology of the malicious codes.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a malicious code homology analysis method based on behavior feature similarity. Background technique [0002] Malicious code refers to a set of instructions that run on a computer to make the system perform tasks according to the attacker's wishes. With the deep application of computer networks and the continuous development of malicious code technology, the harm caused by malicious code is becoming more and more serious, and it has become an important factor that threatens the security of computer systems. Malicious codes are executed on computers or other terminals without user authorization, achieving malicious purposes such as interfering with the normal operation of the host, destroying the integrity of stored data, and stealing users' personal privacy, seriously infringing on the legitimate rights and interests of the attacked. [0003] In recent years, with the e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 康绯舒辉熊小兵肖亚南葛雨玮
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap