Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting malicious software

A malware and software technology, applied in the field of communication networks, which can solve problems such as inability to effectively detect ransomware

Active Publication Date: 2020-05-01
成都亚信网络安全产业技术研究院有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Embodiments of the present invention provide a method and device for detecting malware, which are used to solve the problem that ransomware cannot be effectively detected due to the update lag of the sample signature database

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting malicious software
  • Method and device for detecting malicious software
  • Method and device for detecting malicious software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the drawings in the embodiments of the present invention.

[0026] The method for detecting malicious software provided by the embodiment of the present invention is applied to a terminal, and the schematic diagram of the logical structure of the terminal is as follows figure 1 As shown, the terminal includes: Bait File Operation Checker (Bait File Operation Checker, hereinafter referred to as BFOC), Trusted Process Checker (Trusted Process Checker, hereinafter referred to as TPC), File System Monitor (File System Monitor, hereinafter referred to as FSM) ) and the target software. Among them, the FSM can communicate with the target software, BFOC, and TPC respectively, and the BFOC can communicate with the target software.

[0027] In addition, corresponding files are stored in each directory of the terminal. By calculating each file...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for detecting malicious software, relates to the technical field of communication networks, and solves the problem that ransomware cannot be effectively detected due to the update lag of a sample feature database. The method includes: calculating the characteristic value of each decoy file operated by the target software in the target directory, where the decoy file is a file used to detect malicious software; combining the characteristic values ​​of each decoy file operated by the target software into a target Feature value sequence; compare the target feature value sequence with the original feature value sequence, the original feature value sequence is a feature value sequence composed of the feature values ​​of each unoperated decoy file; if the target feature value sequence and the original feature value sequence are determined If the sequences are consistent, it is determined that the target software is malicious software. The solution provided by the invention is suitable for use when detecting malicious software.

Description

technical field [0001] The invention relates to the technical field of communication networks, in particular to a method and device for detecting malicious software. Background technique [0002] Malware is becoming more and more prevalent in an open network environment, among which ransomware accounts for a large proportion of various malware. When a terminal is infected with ransomware, the ransomware will encrypt the files in the terminal, so that the user cannot use the encrypted files. [0003] At present, typical solutions for detecting and preventing ransomware are based on ransomware sample libraries. In this solution, antivirus software vendors need to analyze a large number of ransomware and its variant software, extract sample features of these software, and establish a sample feature library. When ransomware or its variants encrypt user files, the terminal will compare the encryption operation features of the ransomware or its variants with those in the sample ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/561
Inventor 徐业礼童宁吴湘宁
Owner 成都亚信网络安全产业技术研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com