Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious code detection method and system based on kernel object behavior body

A malicious code detection and kernel object technology, which is applied in the computer field, can solve the problems of inability to reflect object manipulation, malicious code detection is not accurate enough, and cannot reflect operation conditions, etc. It achieves good detection and classification effects, and is easy to implement and expand , The method is simple and reliable

Active Publication Date: 2016-07-06
HARBIN INST OF TECH SHENZHEN GRADUATE SCHOOL
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Problems and defects in this method: Most of the harmful behaviors caused by malicious code are done by manipulating kernel objects, and kernel objects can only be used by the system kernel, and simple system call attacks cannot affect the kernel. object
Existing technical problems and defects: The average deceleration factor of Taintcheck is 24, and the performance is not very good
[0005] (3) Based on the system call graph or the traditional kernel object behavior graph: the system call graph reflects the call relationship between the system call API, that is, the call relationship between function operations. The traditional kernel object behavior graph is the kernel object The existing problems and defects are: the system call diagram cannot reflect the operation situation between which two objects, and the traditional kernel object behavior diagram cannot reflect the operation situation of the object, making the malicious code Detection is not accurate enough

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method and system based on kernel object behavior body
  • Malicious code detection method and system based on kernel object behavior body
  • Malicious code detection method and system based on kernel object behavior body

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

[0068] Such as figure 1 As shown, the malicious code detection method based on kernel object behavior ontology of the present invention comprises the following steps:

[0069] S1: Steps for constructing malicious family public behavior ontology;

[0070] S2: Steps of constructing suspicious sample individual behavior ontology;

[0071] S3: After importing the individual behavior ontology of suspicious samples into the malicious family public behavior ontology, the malicious code domain ontology is formed;

[0072] S4: Reasoning on the individual behavior ontology to determine whether it is malicious code,

[0073] Wherein, the malicious family public behavior ontology construction step S1 includes:

[0074] A1: Construct a malicious family sample set from several malicious code samples;

[0075] A2: Perform dynamic taint analysis on malic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a malicious code detection method and system based on a kernel object behavior body, and belongs to the technical field of a computer. The method comprises the following steps of building a malicious family public behavior body; building a suspicious sample individual behavior body; importing the suspicious sample individual behavior body into the malicious family public behavior body to form a malicious code field body; reasoning the individual behavior body; and judging whether the individual behavior body is malicious code or not. The method and the system have the advantages that the method is simple and reliable; a suspicious sample can be detected and classified through building the body; the relationship between two objects and the operation condition of the two objects can be directly seen from a kernel object behavior graph; and the detection and classification effect on the malicious code is good.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a malicious code detection method and system based on kernel object behavior ontology. Background technique [0002] In the prior art, there are mainly the following methods for malicious code detection: [0003] (1) System call-based method: this method uses the system call API as a feature, and performs various processing on the system call API to detect malicious code. Problems and defects in this method: Most of the harmful behaviors caused by malicious code are done by manipulating kernel objects, and kernel objects can only be used by the system kernel, and simple system call attacks cannot affect the kernel. object. Consider all system calls, and most of these system calls are used by malicious code to confuse detection, making detection more imprecise. And many malicious code writers have added a large number of system call execution sequences to hide the attack of m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 丁宇新肖杨陈晟朱思怡蒋景智
Owner HARBIN INST OF TECH SHENZHEN GRADUATE SCHOOL
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com