Malicious code evidence obtaining method and system on the basis of feature code under Linux

A malicious code and feature code technology, applied in the fields of instruments, digital data processing, platform integrity maintenance, etc., can solve the problems of low detection efficiency and too large signature database, and achieve the effect of reducing the number of invalid comparisons

Active Publication Date: 2016-06-29
HARBIN ANTIY TECH
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Based on the above problems, the present invention proposes a malicious code forensics method and system based on feature codes under Linux, which sol

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code evidence obtaining method and system on the basis of feature code under Linux
  • Malicious code evidence obtaining method and system on the basis of feature code under Linux

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0040] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned objectives, features and advantages of the present invention more obvious and understandable, the technical solutions of the present invention will be further detailed below in conjunction with the accompanying drawings. Description.

[0041] Based on the above problems, the present invention proposes a signature-based malicious code forensics method and system under Linux, which solves the problem of malicious code forensics under Linux and at the same time solves the problem of too large signature database and low detection efficiency.

[0042] A malicious code forensics method based on signature codes under Linux, such as figure 1 Shown, including:

[0043] S101: Obtain the attribute feature of the file running under the Linux system and the string information in the memory; if it is an attribute feature, execu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious code evidence obtaining method and system on the basis of a feature code under the Linux. The method extracts an accurate feature code through known malicious files and non-malicious files, carries out multi-mode matching on an unknown file and a WM (Wu-Manber) feature rule library after the features of the file under a Linux system is subjected to whitelist detection, carries out detection to obtain a detailed and accurate result, and gives a detection evidence obtaining report. The method also utilizes the characteristics that information including a registry, a starting item and the like in the Linux can be stored in a file form to extract starting item information, memory information, process information and the like, and can detect the information so as to detect the malicious files in the system.

Description

technical field [0001] The invention relates to the field of network security, in particular to a malicious code evidence collection method and system based on feature codes under Linux. Background technique [0002] With the rapid development of network and computer technology, Linux system is gradually used by more and more network users. At the same time, the development of malicious codes in the Linux environment is becoming more and more extensive and diverse. However, the corresponding detection methods and detection tools cannot develop so rapidly like those in the Windows system environment, and most of them still rely on malicious code signatures for detection. [0003] The characteristic code of the malicious code is a series of bytes extracted from the sample of the malicious code that does not exceed 64Byte and can accurately represent a certain type of malicious code. Signature-based detection is to first collect many signatures into a database, and then use t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/552G06F21/563
Inventor 康学斌董建武何公道
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap