Malicious code behavior feature extraction method

A malicious code and feature extraction technology, applied in the field of malicious code behavior feature extraction, can solve problems such as increasing the difficulty of malicious code detection, and achieve accurate representation, accurate analysis and detection

Inactive Publication Date: 2018-02-09
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF2 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to improve the survivability of malicious code, its creators usually use malicious code obfuscation tech

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code behavior feature extraction method
  • Malicious code behavior feature extraction method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] All features disclosed in this specification, or steps in all methods or processes disclosed, may be combined in any manner, except for mutually exclusive features and / or steps.

[0026] Any feature disclosed in this specification (including any appended claims, abstract and drawings), unless expressly stated otherwise, may be replaced by alternative features which are equivalent or serve a similar purpose. That is, unless expressly stated otherwise, each feature is one example only of a series of equivalent or similar features.

[0027] The specific implementation manners of the present invention will be described in detail below in conjunction with the drawings and embodiments.

[0028] In the following detailed description, numerous specific descriptions are set forth for purposes of explanation in order to provide a thorough understanding of the disclosed embodiments, however, it can be evident that one or more embodiments can be practiced without these specific des...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious code behavior feature extraction method. The method comprises the following steps of 1, performing disassembling analysis on a malicious code sample by using a disassembling tool through adopting a static analysis method to obtain a function call graph and a control flow graph; 2, performing optimization processing on the function call graph and the control flowgraph, generating an executable path set, and allocating a dynamic analysis node to each path; 3, through a dynamic analysis tool, performing dynamic analysis by using an automatic single-step debugging method, enabling a program to be executed according to a control flow sequence of executable paths obtained by static analysis, and obtaining an API call correlation of a malicious code; and 4, according to API call correlation analysis, obtaining a behavior feature value of the malicious code. A behavior feature of the code can be represented more accurately, so that the analysis and detection of the malicious code are more accurate.

Description

technical field [0001] The invention relates to the technical field of information security and the field of file systems, in particular to a method for extracting malicious code behavior characteristics. Background technique [0002] With the rapid development of the Internet, the number of terminal devices connected to the network and Internet applications have exploded. The popularity of the Internet has also accelerated the spread of malicious codes. Malicious codes have become an important issue in the field of software security. In order to improve the survivability of malicious code, its creators usually use malicious code obfuscation technology, so that new variants appear every time it is spread, making it more difficult to detect malicious code. [0003] Malicious code detection methods can be divided into two categories: heuristic-based detection and feature-based detection. The heuristic-based detection method judges the possibility of malicious code according to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F11/36
CPCG06F11/3608G06F21/563
Inventor 常清雪龙昌伟
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap