Structural characteristics-based malicious code heuristic detection method and system

A technology of malicious code and structural characteristics, applied in the field of information security, to achieve high accuracy, fast detection speed, and slow overcoming speed

Inactive Publication Date: 2017-04-19
HARBIN ANTIY TECH
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the above problems, the present invention provides a malicious code heuristic detection method based on structural characteristics. By identifying the structural characteristics of different specific structural files, the detection position of the sample to be detected can be quickly located, and the traditional detection method can only be solved by Detect malicious code, detect import table and other limitations, and can effectively improve the detection rate and accuracy of PE files in non-traditional formats, and improve the detection speed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Structural characteristics-based malicious code heuristic detection method and system
  • Structural characteristics-based malicious code heuristic detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0024] A heuristic detection method for malicious code based on structural features, such as figure 1 shown, including:

[0025] S101 acquire and analyze the sample to be tested;

[0026] S102, if the sample to be detected is an executable file with a specific structure, continue to determine whether it contains a suspicious character string structure;

[0027] S103, if it is included, it will be matched with the known malicious sample library, if it is matched, it will be determined as a malicious sample, if it does not match, the suspicious string structure will be locate...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a structural characteristics-based malicious code heuristic detection method, which comprises the steps of obtaining and analyzing a to-be-detected sample; if the to-be-detected sample is an executable file of a specific structure, further judging whether the to-be-detected sample comprises a suspicious string structure or not; if so, matching the to-be-detected sample with a known malicious sample library, if the to-be-detected sample is matched with the known malicious sample library, judging the to-be-detected sample as a malicious sample; if not, locating the suspicious string structure; judging whether the suspicious string structure comprises a suspicious string or not, and if so, judging the to-be-detected sample as the malicious sample and adding the suspicious string to the known malicious sample library. According to the structural characteristics-based malicious code heuristic detection method, the problem of a limitation that an import table can only be detected through detecting a malicious code in a traditional detection method is solved; and meanwhile, the detection rate and the accuracy of a non-traditional format PE file can be effectively improved and the detection speed is improved.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a heuristic detection method and system for malicious codes based on structural characteristics. Background technique [0002] The structure of executable files is not static, such as from early LE, NE, to today's PE, and MSIL files improved on the basis of PE. The change of the executable file structure means that the existing detection technology for executable files may be less effective or even invalid when encountering the new file structure. [0003] Take MSIL (Microsoft Intermediate Language) as an example. It is an intermediate process of converting .Net code into machine language. It is a pseudo-assembly language between high-level language and Intel-based assembly language. When the compiler compiles the .Net code, in addition to generating MSIL code, it also generates metadata. Metadata is used to describe types in code, including the definition of each ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 王天博童志明肖新光
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap