Identification method and system of malicious sample type on the basis of characteristics

A type identification and sample technology, applied in the field of information security, can solve problems such as no specific classification of samples, no horizontal correlation, single data, etc.

Inactive Publication Date: 2016-04-13
中国信息安全认证中心 +1
View PDF6 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the rapid development of information technology, more and more computer malicious codes are captured, and there are more and more targeted and organized attacks. At present, all security vendors only use virus names to

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Identification method and system of malicious sample type on the basis of characteristics
  • Identification method and system of malicious sample type on the basis of characteristics
  • Identification method and system of malicious sample type on the basis of characteristics

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0028] This embodiment is an embodiment of a method for identifying malicious sample types based on characteristics.

[0029] The method for identifying the type of malicious samples based on characteristics of this embodiment, the flowchart is as follows: figure 1 Shown. The method includes the following steps:

[0030] S01. Identify sample format, identify PE sample, OFFICE document sample or EML mail sample;

[0031] S02: Extract the homologous features of the sample;

[0032] S03: Compare the homology feature with the homology feature library, if:

[0033] Feature matching, update the MD5 value of the sample to the homology feature library;

[0034] If the feature does not match, the feature of the sample and the MD5 value are filtered and whitelisted and added to the same-origin feature database.

[0035] The above-mentioned method for identifying the type of malicious samples based on features illustrates the case of feature matching in step S03.

[0036] The homology signature data...

specific Embodiment 2

[0046] This embodiment is an embodiment of a system for identifying malicious sample types based on characteristics.

[0047] The feature-based malicious sample type identification system of this embodiment, such as figure 2 Shown. The system includes the following modules:

[0048] Sample format identification module: used to identify sample format, identify PE sample, OFFICE document sample or EML mail sample;

[0049] Sample homology feature extraction module: used to extract the homology feature of the sample;

[0050] Homologous feature comparison module: Compare the homologous feature with the homologous feature library, if:

[0051] Feature matching, update the MD5 value of the sample to the homology feature library;

[0052] If the feature does not match, the feature of the sample and the MD5 value are filtered and whitelisted and added to the same-origin feature database.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of the information security technology, and particularly relates to an identification method and system of a malicious sample type on the basis of characteristics. The method comprises the following steps: firstly, identifying the format of a sample to identity a PE (Portable Executable) sample, an OFFICE document sample or an EML (Equal Matrix Language) mail sample; then, extracting the homology characteristics of the sample, comparing the homology characteristics with a homology characteristic library, and if characteristics are matched, updating the MD5 (Message Digest 5) value of the sample to the homology characteristic library; and if the characteristics are not matched, after the characteristics of the sample and the MD5 value are subjected to whitelist filtering, adding the characteristics and the MD5 value of the sample into the homology characteristic library. The method prevents the samples from being isolated, and the samples have the homology. In addition, after the samples have the homology, the common attack event of the samples with the homologous attribute can be conveniently found. Meanwhile, homology characteristic analysis assists in detecting unknown malicious codes.

Description

Technical field [0001] The invention belongs to the technical field of information security, and specifically relates to a method and system for identifying malicious sample types based on characteristics. Background technique [0002] With the rapid development of information technology, the amount of computer malicious code captured is increasing, and there are more and more targeted and organized attacks. At present, security vendors only use virus names to mark malicious code, but samples are all Without specific classification, it is impossible to judge the relationship between the samples, resulting in each sample being only a single data without forming a horizontal correlation. Summary of the invention [0003] In order to solve the above problems, the present invention discloses a method for identifying the type of malicious samples based on characteristics. The method makes the samples no longer isolated and has the same homology attribute. [0004] The purpose of the pre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 布宁贾雪飞白淳升李柏松
Owner 中国信息安全认证中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap