Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Worm homologous analysis method and device

A technology of homology analysis and worms, which is applied in the field of network information security to achieve the effect of reducing scale, improving efficiency and improving accuracy

Active Publication Date: 2017-09-15
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF6 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the present invention provides a worm homology analysis method and device based on worm attack propagation characteristics, so as to solve the problem of homology analysis on worms

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Worm homologous analysis method and device
  • Worm homologous analysis method and device
  • Worm homologous analysis method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0050] figure 1 It is a flowchart of a worm homology analysis method provided by the embodiment of the present invention. like figure 1 As shown, the method includes:

[0051] Step S11, extracting static features and dynamic features from the worm sample.

[0052] Wherein, the static feature refers to the semantic structure feature of the worm, and this part of the feature is extracted from the disassembly file of the worm sample, and is composed of assembly instructions and executable file section names;

[0053] The dynamic features include: network behavior features and application programming interface API call sequences. Among them, the network behavior feature is to extract the protocol name, target port number and message le...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a worm homologous analysis method and device. The method comprises the following steps of: extracting static features and dynamic features in a worm sample, wherein the dynamic features comprise network behavior features and an application programming interface API calling sequence; preprocessing the static features by utilizing the network behavior features to obtain a worm feature set; constructing a sensitive behavior feature library according to the API calling sequence; processing the worm feature set by utilizing a first homologous analysis algorithm so as to output a first probability distribution matrix; processing the API calling sequence and the sensitive behavior feature library by utilizing a second homologous analysis algorithm so as to output a second probability distribution matrix; carrying out weight adjustment on the first probability distribution matrix and the second probability distribution matrix to obtain a third probability distribution matrix; and obtaining a homologous analysis result according to the third probability distribution matrix. According to the method and device disclosed by the invention, the efficiency and correctness of the worm homologous analysis are improved.

Description

technical field [0001] The invention relates to the technical field of network information security, in particular to a worm homology analysis method and device. Background technique [0002] With the popularization of the Internet and the development of network information technology, the number of netizens has rapidly expanded, making the spread of malicious code more convenient, which also further expands the negative impact of malicious code attacks. As a large family of malicious codes, worms are characterized by self-replication and rapid propagation capabilities, and can achieve rapid propagation through a large number of self-replications without human intervention, which brings great impact to network security and even national security. Almost every outbreak will bring huge economic losses. In addition, with the continuous exposure and upgrading of international APT (Advanced Persistent Threat) incidents, the homology analysis of malicious codes such as worms has ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/562G06F21/566
Inventor 薛静锋王勇王丽艳刘振岩张继
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com