Unlock instant, AI-driven research and patent intelligence for your innovation.

A Linux platform malicious software detection method

A malware and detection method technology, applied in platform integrity maintenance, dynamic search technology, intuitive inference, etc., can solve problems such as the size of the signature database and the exponentially increasing signature matching time, and the inability to detect new or unknown ones. Achieve the effect of increased detection time, fast training speed, and fast speed

Active Publication Date: 2017-02-15
SICHUAN UNIV +1
View PDF7 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is to provide a Linux platform malware detection method, which solves the problem that the detection method based on code features cannot detect new or unknown malware, the size of the feature library and the matching time index of the feature increase and the need to continue in time The updated problem of applying machine learning methods to detect malware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Linux platform malicious software detection method
  • A Linux platform malicious software detection method
  • A Linux platform malicious software detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. Such as figure 1 As shown, a kind of Linux platform malicious software detection method provided by the present invention comprises the following steps:

[0031] Step 1: In the Linux operating system, gcc is the standard compiler. The objdump command is a powerful binary analysis tool provided by gcc. Use the objdump-D command to disassemble benign software and malware in ELF (Executable and Linking Format) format Sample, generate assembly file.

[0032] Step 2: Traverse the generated assembly files one by one, read the section ".text", that is, the code segment of the ELF file, and at the same time identify whether the code segment contains the main function and the instruction set used by the assembly file.

[0033] Step 3: Analyze the code read in step 2. If there is a main function in the code segment, start from the entry address...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a Linux platform malicious software detection method. The method comprises the steps of disassembling benign software and malicious software samples of the ELF format by using an objdump-D command and generating assembling files; traversing the generated assembling files one by one, reading code segments in the ELF files and at the same time identifying whether the code segments contain main functions; analyzing the read code segments and performing division of basic blocks each of which is marked by using the lowermost address therein, adding peaks in a control flow diagram to adjacent linked lists, establishing the connection between the basic blocks, and adding edges of the control flow diagram to the adjacent linked lists to generate a basic control flow diagram; extracting the features of the control flow diagram and writing the features into an arff file; using the generated arff file as a machine learning tool weka data set, performing data mining and constructing a classifier; classifying the to-be-tested ELF samples by using the classifier. The method does not need to compare bulky feature libraries directly, is higher in speed and can detect unknown malicious software.

Description

technical field [0001] The invention relates to the technical field of computer malicious software detection, in particular to a malicious software detection method applicable to the ELF format of a Linux operating system. Background technique [0002] Malicious software refers to software that damages the user's computer and infringes the user's legitimate rights and interests without the user's permission, including viruses, worms, and Trojan horses. In recent years, malicious software has been rampant, seriously affecting the work and life of users. According to the research report of domestic security vendor 360, in 2014, a total of 324 million malicious program samples were added, with an average of 888,000 new malicious program samples per day, 57.27 billion malicious program attacks were intercepted, and an average of about 157 million malicious program attacks were intercepted per day Second-rate. [0003] The Linux operating system is a completely open operating s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N20/00
CPCG06F21/563G06F2221/033G06N20/00G06N5/01G06N7/01G06F21/566
Inventor 王俊峰刘留徐宝新
Owner SICHUAN UNIV