Method and system for analyzing executable file to judge high-risk file

A technology for executing files and files, applied in the direction of platform integrity maintenance, etc., can solve the problems of large manpower occupation, single detection target, low enlightenment, etc., and achieve the effect of improving capabilities

Inactive Publication Date: 2016-10-05
WUHAN ANTIY MOBILE SECURITY
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are many problems with this method, for example: 1. The detection method needs to wait until the vulnerability is fully disclosed, and the vulnerability may be exploited widely after the detection capability is formed; In-depth analysis take

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for analyzing executable file to judge high-risk file
  • Method and system for analyzing executable file to judge high-risk file
  • Method and system for analyzing executable file to judge high-risk file

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention provides a method and system for analyzing executable files and judging high-risk files, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention It can be more obvious and understandable, and the technical solution in the present invention will be described in further detail below in conjunction with the accompanying drawings:

[0024] The present invention firstly provides an embodiment of detecting mmap system calls in a method for analyzing executable files to judge high-risk files, such as figure 1 shown, including:

[0025] S101 analyzing executable files or dynamic library files;

[0026] The executable file or dynamic library file is an ELF file, and the system is a Linux system;

[0027] S102 detects the mmap system call in the executable file or the dynamic library file; ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for analyzing an executable file to judge a high-risk file. According to the method, the executable file or a dynamic library file is analyzed in a Linux system; whether the executable file or the dynamic library file applies for a memory in a user space and modifies a default permission or not is judged by detecting mmap system call and mprotect system call in the executable file or the dynamic library file, namely, a PROT_EXEC permission is defined in Linux; and if yes, it is regarded that the executable file or the dynamic library file is the high-risk file. Through the method, the technical problems of low file detection efficiency and narrow range in a conventional bug environment are solved.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a method and system for analyzing executable files and judging high-risk files. Background technique [0002] The current detection method for various programs that exploit vulnerabilities usually waits for a vulnerability utilization method or an analysis report to appear, then analyzes it, and extracts its key steps as a detection method. However, there are many problems with this method, for example: 1. The detection method needs to wait until the vulnerability is fully disclosed, and the vulnerability may be exploited widely after the detection capability is formed; In-depth analysis takes up a lot of manpower; 3. The detection target is single, and the features extracted by the above method can only be used for a single vulnerability utilization method. Currently, the forms of vulnerabilities are various, and this method is not instructive. Contents of th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/56
Inventor 徐浩袁海涛潘宣辰
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap