Method and device for detecting malicious software, computer device and readable storage medium

A malware and detection method technology, applied in the field of network security, can solve the problems of low accuracy of detection methods, achieve high accuracy, strong generalization ability, and accurate clustering results

Active Publication Date: 2017-09-29
SANGFOR TECH INC
View PDF7 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention provides a malicious software detection method and device, a computer device and a readable storage medium, which are used to solve the problem of low accuracy of the malicious software detection method provided by the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting malicious software, computer device and readable storage medium
  • Method and device for detecting malicious software, computer device and readable storage medium
  • Method and device for detecting malicious software, computer device and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0084] exist figure 1 In the corresponding embodiment, step 104 is used to generate a signature for each type of malware, and the signature should reflect the common characteristics of the network traffic of this type of malware or the family of malware, so as to be used to detect malware in this family of network traffic. There are many ways to generate signatures for each class of malware that reflect common characteristics of network traffic for that class of malware, see image 3 , the present invention provides a method for generating signatures for the same type of malware, which can be used as a specific implementation of step 104, an implementation of the method for generating signatures for each type of malware in the second clustering result of the present invention Examples include:

[0085] 301. Group the network traffic generated by each type of malicious software in the second clustering result according to similarity;

[0086] Assuming that the malware is clu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiments of the invention disclose a method and a device for detecting malicious software, a computer device and a readable storage medium, which relate to the field of network security and are used to improve the accuracy of malicious software detection. The method provided by one embodiment of the invention comprises the following steps: acquiring network traffic generated by multiple pieces of malicious software; clustering the multiple pieces of malicious software in a coarse-grained manner based on the statistical characteristics of the network traffic to get a first clustering result; clustering each type of malicious software in the first clustering result in a fine-grained manner based on the content characteristics of the network traffic to get a second clustering result; and generating a signature for each type of malicious software in the second clustering result so as to detect malicious software according to the signatures.

Description

technical field [0001] The invention relates to the field of network security, in particular to a malicious software detection method and device, a computer device and a readable storage medium. Background technique [0002] Malware refers to viruses, worms, and Trojan horse programs that perform malicious tasks on computer systems, exercising control by disrupting software processes. At present, malicious software is rampant, and these malicious software contain various malicious behaviors, which cause security problems such as privacy disclosure and economic loss of users. [0003] To keep your network safe, you need to find reliable ways to detect malware. The current detection method for malware is to detect the HTTP communication traffic of malware. Specifically, it is based on the URI and domain name detection method. It actively collects malicious URI and domain names to form a blacklist, or extracts traffic through automated analysis of malware. The URIs in constit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/145
Inventor 梁玉余文毅赵振洋
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap