Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Script virus detection method and system based on program keyword calling sequence

A technology of calling sequence and script virus, applied in the field of network security, can solve problems such as the difficulty of static code detection method, the reduction of detection rate, the increase of detection module feature quantity, etc. The effect of the ability to unify

Inactive Publication Date: 2016-04-13
HARBIN ANTIY TECH
View PDF4 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, most malicious scripts use complex polymorphic deformation technology in order to fight against antivirus software. For example, part of the script deformation uses useless characters such as adding spaces and newlines, or the variable names used in the script program are defined by random strings. Equivalent transformation, etc., which brings great difficulties to the method of static code detection, resulting in a sharp increase in the feature quantity of the detection module, and a continuous decrease in the detection rate, which gave birth to the detection method after virtual execution. The advantage of the method is that through virtual execution, the deformed code of the malicious code is decrypted, and the real malicious function part is obtained, and then the static pattern matching method is used for matching. This method does improve the detection ability of malicious scripts, but due to the The efficiency is very low, and it is difficult to find a consistent method to decrypt all malicious scripts. Usually, each malicious transformation technology needs to implement a set of script virtual execution decryption modules, which is difficult to develop and high in daily maintenance costs. Not widely used in virus software

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Script virus detection method and system based on program keyword calling sequence
  • Script virus detection method and system based on program keyword calling sequence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0033] Based on the above-mentioned problems, the present invention proposes a script virus detection method and system based on program keyword call sequences, and more string replacements are used for malicious script programs, and deformation encryption technologies such as adding meaningless blank lines are added, but the deformed code It has the same calling method and jump structure of instruction execution flow, and the API name called by the main function code is basically the same. By calling the keyword call and the context call and jump relationship in the semantics...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a script virus detection method and system based on a program keyword calling sequence. A program to be detected is subjected to lexical analysis and syntax and semantic analysis, called script program keyword information and a semantic type mnemonic symbol are marked, the keyword information and the mnemonic symbol are stored in a data stream to be detected, the data stream to be detected is matched with a feature string extracted from a malicious script in advance, and the program to be detected is judged to be malicious if the data stream to be detected can be successfully matched with the feature string. The method disclosed by the invention abandons a variable name and the like in the program, carries out mode matching through the code program keyword calling sequence, can effectively confront the polymorphic deformation of the malicious script and can effectively reduce a feature amount in a feature library and reduce disk usage through a mode matching way.

Description

technical field [0001] The invention relates to the field of network security, in particular to a script virus detection method and system based on program keyword call sequences. Background technique [0002] Scripting language is a computer programming language created to shorten the traditional writing-compiling-linking-running process. It is interpreted and executed sentence by sentence by the corresponding interpreter. It is simple, easy to learn and use, and is currently widely used in Internet web page development The more popular scripting languages ​​are javascript and vbscript. Malicious script programs are script programs aimed at damaging system functions and spreading maliciously. This part of the program is embedded in normal web page programs and is difficult to be detected. When users browse web pages infected by malicious scripts, other malicious codes are automatically downloaded to Other script code that resides on the user's computer or infects the user'...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F17/27G06F17/30
Inventor 苏培旺童志明张栗伟何公道
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com