Unlock instant, AI-driven research and patent intelligence for your innovation.

PE file processing method and apparatus

A processing method and file technology, applied in the field of information security, can solve the problems of inability to effectively detect malicious documents and low accuracy, and achieve the effect of improving clustering accuracy and realizing detection

Active Publication Date: 2017-02-22
BEIJING QIHOO TECH CO LTD +1
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing clustering methods for implementing PE files have a relatively low accuracy rate, and thus cannot effectively detect PE-type malicious documents.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • PE file processing method and apparatus
  • PE file processing method and apparatus
  • PE file processing method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0069] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0070] Those skilled in the art will understand that unless otherwise stated, the singular forms "a", "an", "said" and "the" used herein may also include plural forms. It should be further understood that the word "comprising" used in the description of the present invention refers to the presence of said features, integers, steps, operations, elements and / or components, but does not exclude the presence or addition of one or more o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a PE file processing method and apparatus. The method comprises the steps of performing disassembly processing on PE files to obtain function hashes of the PE files; loading a sample library and performing similarity matching on the function hashes of the PE files according to function hashes of samples in the sample library; and clustering the PE files according to a function hash similarity matching result. According to the method and the apparatus, the PE files are clustered through a matching result obtained by performing similarity matching on the function hashes of the PE files according to the function hashes of the samples in the sample library, so that clustering processing based on the function hashes of the PE files is realized, the clustering accuracy of the PE files can be effectively improved, and the PE type malicious document detection is effectively realized.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a PE file processing method and device. Background technique [0002] PE (Portable Execute) files are program files on the Microsoft Windows operating system. Common PE files include EXE, DLL, OCX, SYS, COM and other formats. In addition, PE files can also be indirectly Executable files, such as DLL format files. [0003] At present, the detection of PE-type malicious documents requires classification and clustering of PE files, that is, PE files with the same malicious program characteristics are divided together, and PE files without malicious program characteristics are divided together. At present, it is mainly based on feature extraction of PE headers, and clustering based on machine learning similar to PE file icons. However, the existing clustering methods for implementing PE files have relatively low accuracy, and thus cannot effectively detect mali...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/554G06F21/562
Inventor 计东韩鹏
Owner BEIJING QIHOO TECH CO LTD