Malicious code detection method and system based on kernel object behavior body

A malicious code detection and kernel object technology, which is applied in the computer field, can solve the problems of inability to reflect object manipulation, malicious code detection is not accurate enough, and cannot reflect operation conditions, etc. It achieves good detection and classification effects, and is easy to implement and expand , The method is simple and reliable

Active Publication Date: 2016-07-06
HARBIN INST OF TECH SHENZHEN GRADUATE SCHOOL
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Problems and defects in this method: Most of the harmful behaviors caused by malicious code are done by manipulating kernel objects, and kernel objects can only be used by the system kernel, and simple system call attacks cannot affect the kernel. object
Existing technical problems and defects: The average deceleration factor of Taintcheck is 24, and the performance is not very good
[0005] (3) Based on the system call graph or the traditional kernel object behavior graph: the system ca

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method and system based on kernel object behavior body
  • Malicious code detection method and system based on kernel object behavior body
  • Malicious code detection method and system based on kernel object behavior body

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0067] The present invention will be further described in detail below in conjunction with the drawings and embodiments.

[0068] Such as figure 1 As shown, the malicious code detection method based on kernel object behavior ontology of the present invention includes the following steps:

[0069] S1: Steps to construct the public behavior ontology of malicious families;

[0070] S2: The steps of constructing the behavior ontology of the suspicious individual;

[0071] S3: After importing the individual behavior ontology of the suspicious sample into the malicious family public behavior ontology, the malicious code domain ontology is formed;

[0072] S4: Inference on the individual behavior ontology to determine whether it is malicious code,

[0073] Wherein, the step S1 of constructing the public behavior ontology of the malicious family includes:

[0074] A1: Construct a malicious family sample set from several malicious code samples;

[0075] A2: Perform dynamic taint analysis on the mal...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a malicious code detection method and system based on a kernel object behavior body, and belongs to the technical field of a computer. The method comprises the following steps of building a malicious family public behavior body; building a suspicious sample individual behavior body; importing the suspicious sample individual behavior body into the malicious family public behavior body to form a malicious code field body; reasoning the individual behavior body; and judging whether the individual behavior body is malicious code or not. The method and the system have the advantages that the method is simple and reliable; a suspicious sample can be detected and classified through building the body; the relationship between two objects and the operation condition of the two objects can be directly seen from a kernel object behavior graph; and the detection and classification effect on the malicious code is good.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a malicious code detection method and system based on kernel object behavior ontology. Background technique [0002] In the prior art, there are mainly the following methods for malicious code detection: [0003] (1) System call-based method: this method uses the system call API as a feature, and performs various processing on the system call API to detect malicious code. Problems and defects in this method: Most of the harmful behaviors caused by malicious code are done by manipulating kernel objects, and kernel objects can only be used by the system kernel, and simple system call attacks cannot affect the kernel. object. Consider all system calls, and most of these system calls are used by malicious code to confuse detection, making detection more imprecise. And many malicious code writers have added a large number of system call execution sequences to hide the attack of m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 丁宇新肖杨陈晟朱思怡蒋景智
Owner HARBIN INST OF TECH SHENZHEN GRADUATE SCHOOL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products