Similarity match based rapid detection method for malicious shellcode

Abstract

The invention relates to a similarity match based rapid detection method for a malicious shellcode, and advantages of traditional dynamic and static detection technologies are combined in the rapid detection method. The rapid detection method comprises that data to be detected is determined; a decoder is called to implement simulated execution detection; simulatied detection is carried out on the data to be detected and a sample library via a Shingle algorithm; and when the similarity coefficient is greater than a threshold 40%, it can be determined that attack behavior of the malicious shellcode exists in the data to be detected, and early warning is made. According to the rapid detection method, a simulator which implements deep simulated execution and system function Hook is not needed, the detection consumption of the dynamic simulated detection technology is further reduced, the throughput of detection data is improved, the detection speed for multi-state malicious codes is improved, and influence on the network speed is reduced.

Description

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

AI Technical Summary

Benefits of technology

In this new method described in this patents, an advanced technique called Simulation Programming (SP) has been developed that uses both hardware-based techniques for detecting attacks against computer networks or other systems with unknown security threats. It improves upon existing methods such as Fuzzy Log Analysis (FLA), XOR logic analysis, etc., which only work well when they have known suspiciest behavioral patterns within their dataset. Additionally, SP also includes various technical means like machine learning models and statistical modeling tools, along with efficient software implementations and programmable processors. Overall, these improvements enhance the effectiveness and efficiency of defense measures implemented across different types of computers and applications.

Problems solved by technology

This patented technical solution described in the patents describes how hackers pose serious risks when accessing sensitive networks such as servers from internet access points like web browsers. These harmful acts aim at stealing valuable resources without being identified during their own activities. To prevent unauthorized entry attempts, various methods were developed over time. One approach involves analyzing the content of certain files called shipping documents (SF) containing hidden bytecodes embedded within themselves. By comparing different versions of SF codes against each other, if they match, indicating potential compromise between the original program design and its executable components. Another technique uses statistical analysis techniques to identify suspended patterns caused by specific parts of the file's functionality. Finally, Dynamic Analysis Techniques are applied to find weaknesses in SFTS encodings.

Images