Malicious code matching method and apparatus based on multi-mode

A malicious code and matching method technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems of algorithm matching speed impact, unfavorable hardware implementation, etc., to reduce memory pressure, shorten the time required for matching, The effect of reducing the matching time

Inactive Publication Date: 2016-06-08
HARBIN ANTIY TECH
View PDF2 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, when there are too many feature codes in the feature library, the traditional AC algorithm is not only not conducive to hardware implementation, but also affects the matching speed of the algorithm.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code matching method and apparatus based on multi-mode
  • Malicious code matching method and apparatus based on multi-mode
  • Malicious code matching method and apparatus based on multi-mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention provides a multi-pattern-based malicious code matching method and device embodiments, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and characteristics of the present invention The advantages can be more obvious and easy to understand, and the technical solution in the present invention will be further described in detail below in conjunction with the accompanying drawings:

[0027] The present invention firstly provides an embodiment of a method for matching malicious codes based on multiple patterns, such as figure 1 shown, including:

[0028] S101 Screening the samples to be detected based on the semantic features of the feature codes in the feature database, shortening the length of the samples to be detected;

[0029] S102 Determine whether there is an update in the feature database, if so, re-build a tree...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious code matching method based on multi-mode. The method comprises steps of screening a to-be-detected sample based on semantic features of feature codes in a feature base, shortening the length of the to-be-detected sample, determining whether update is required for the feature base, building a tree-like finite-state machine based on each feature code prefix if update is required, following an existing finite code prefix if update is not required, compressing and storing the generated finite code prefix, and matching the to-be-detected sample from back to front via the compressed and stored finite state machine based on a bad character skip principle. Meanwhile, the invention discloses a malicious code matching apparatus based on the multi-mode. By the use of the technical scheme, even with more feature codes in the feature base, feature codes can be matched in quick matching speed and system resource occupation can be reduced.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a multi-pattern-based malicious code matching method and device. Background technique [0002] The AC algorithm is a classic multi-pattern matching algorithm proposed by AlfredV.Aho and MargaretJ.Corasick in 1974, which can guarantee that for a given text of length n, and a pattern set P{p1,p2,...pm}, In O(n) time complexity, find all target patterns in the text, regardless of the size m of the pattern collection. In essence, the AC algorithm is a finite state automaton algorithm. Before string matching and operation, the pattern set is preprocessed to build an automaton. When processing a string, you only need to scan the text once to match the pattern string. [0003] At present, the AC algorithm, as a linear complexity multi-pattern matching algorithm, has a wide range of applications in IDS (Intrusion Detection System) and malicious code feature matchin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 张家兴李柏松
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap