Malicious code detection method and system

A malicious code detection and malicious code technology, applied in the direction of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve the problems of poor detection effect and achieve the effect of reliable analysis and recognition ability

Inactive Publication Date: 2017-05-31
广东省信息安全测评中心 +1
View PDF5 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Based on this, it is necessary to provide a malicious code detection method and system with a go

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method and system
  • Malicious code detection method and system
  • Malicious code detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] like figure 1 As shown, a malicious code detection method includes steps:

[0022] S200: Analyze the structure of the sample object to be analyzed, the structure includes a PE executable text structure and a document structure.

[0023] Obtain the sample to be analyzed, identify the sample object to be analyzed, and further analyze the structure of the sample object to be analyzed, wherein the structure of the sample object to be analyzed includes a PE (Windows Preinstallation Environment, Windows Preinstallation Environment) executable text structure and document structure. PE is the pre-installed data of Windows, a computer system. For the structure of different sample objects to be analyzed, different detection and analysis methods are required for further processing.

[0024] S400: When the sample object to be analyzed is a PE executable style structure, perform static analysis, antivirus software interface analysis, virtual environment sandbox dynamic analysis, a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious code detection method and system. The malicious code detection method comprises the following steps: analyzing a structure of a to-be-analyzed sample object; when the to-be-analyzed sample object is of a PE executable stylistic structure, performing static analysis, antivirus software interface analysis, dynamic virtual environment sandbox analysis and network data analysis on the to-be-analyzed sample object and obtaining a first analysis result; when the to-be-analyzed sample object is of a text structure, performing static analysis on the to-be-analyzed sample object and obtaining a second analysis result; detecting whether a malicious code exists or not by adopting a malicious code classifier according to the first analysis result or the second analysis result. In the whole process, data structures of different sample object types are analyzed; static analysis, antivirus software interface analysis, dynamic virtual environment sandbox analysis and network data analysis are adopted; the analysis and identification abilities are reliable, and a source of a network attack incident can be traced.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a malicious code detection method and system. Background technique [0002] In the context of the big data era, traditional anti-malware software vendors use a single technology. With the development of malicious code technology, APT (Advanced Persistent Threat, Advanced Persistent Threat) organizations are able to carry out continuous hacker penetration activities. , The form of malicious code tools has also undergone major changes, and the products of traditional anti-virus vendors have been unable to meet and deal with the existing threats of malicious code attacks. [0003] As the network environment becomes more and more complex, it faces more and more security threats from uncertain factors. The penetration method that advanced malware mainly considers and the very active attack method is the organized spear phishing attack target network through email malicious p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 叶志朋刘华林
Owner 广东省信息安全测评中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap