Method and device for judging same origin of malicious files

A malicious file and judgment method technology, applied in the field of network security, can solve the problem of poor accuracy of the same-origin judgment result, and achieve the effects of improving the accuracy, improving the accuracy, and reducing the amount of calculation.

Active Publication Date: 2019-09-17
NSFOCUS INFORMATION TECHNOLOGY CO LTD +2
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present invention provides a method and device for judging the homology of malicious files, which is used to solve the problem of poor accuracy of judging results of homology of malicious files existing in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for judging same origin of malicious files
  • Method and device for judging same origin of malicious files
  • Method and device for judging same origin of malicious files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The following will clearly and completely describe the technical solutions in the embodiments of the present invention in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0030] In order to solve the problem in the prior art that the accuracy of the same-origin determination of malicious files is poor, in the embodiment of the present invention, four specified dimensions of process behavior, access behavior, domain name resolution behavior and registry behavior are used for each malicious file. According to the characteristic behavior data information below, determine the category to which each malicious file bel...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a homologous determination method and device for malicious files. The method and device are used for solving the problem of the lower accuracy of the homologous determination result in the prior art. The method comprises the steps that based on the characteristic behavior data information of each malicious file in the first class specified dimension, the category of each malicious file is obtained, and whether the malicious file in the corresponding category is the homologous malicious file or not is determined based on the characteristic behavior data information of each malicious file of each category in the second class specified dimension. Through the fusion analysis of the characteristic behavior data information in the multiple dimensions, the homologous malicious file is accurately judged and the accuracy of the homologous determination result is effectively improved. Moreover, after the determination of the category of the various malicious files, the homologous determination of the category of the various malicious files is conducted, so that the calculated amount of the homologous determination is decreased and the accuracy of the homologous determination result is further improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for judging the same origin of malicious files. Background technique [0002] With the continuous development of network information technology, hidden dangers of network security also follow. Among them, malicious files have become a major factor that endangers network security. Obviously, the analysis of malicious files has become an important basis for detecting and preventing malicious files. . By analyzing a large number of malicious files, it is found that many newly emerging malicious files are variants of existing malicious files. Based on this, in the prior art, the malicious file of the same source is mainly analyzed by analyzing the bit sequence of the malicious file, that is, the bit sequence of a large number of malicious file samples is first analyzed to obtain the bit sequence characteristics of the malicious file of the same source ,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 翟东旭周素华周振范敦球叶晓虎
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products