Efficient detection method for massive malicious codes

A detection method and malicious code technology, applied in the direction of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems affecting analysis efficiency, low efficiency of serial processing process, difficulty in making quick response, etc., to achieve improvement Efficiency, guarantee the effect of timely security protection of the network

Active Publication Date: 2018-05-11
BEIJING INSTITUTE OF TECHNOLOGYGY +1
View PDF2 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, many assembly instructions in the assembly instruction set cannot effectively reflect the characteristics of malicious code, so the method of constructing the feature set through the combination of assembly instructions will seriously affect the analysis efficiency
[0007] (2) Traditional serial processing is less efficient
However, when faced with a large amount of malicious codes to be analyzed, if the traditional serial processing method is still used, the malicious codes need to be analyzed one by one, and it will be difficult to complete the detection task of massive malicious codes in a short time
In this way, it will be difficult to respond quickly when faced with an APT attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Efficient detection method for massive malicious codes
  • Efficient detection method for massive malicious codes
  • Efficient detection method for massive malicious codes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0060] An embodiment of the present invention provides a method for efficiently detecting massive malicious codes. The detection method of the method detects malicious codes for assembler samples. The method uses multi-core computing resources to perform the assembler sample identification steps in parallel. The assembler sample identification steps are as follows: figure 1 As shown, specifically:

[0061] S1. Extracting an assembler slice, where the assembler slice is a statement or an expression that affects a specified variable in the assembler sample.

[0062] In the embodiment of the present invention, the specified variable may be a variable specified by the user, or may directly use a variable that affects the performance of the assembly program running subject. Specifically, through Fenix ​​(analysis), the statements that can affect the performanc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an efficient detection method for massive malicious codes, can realize efficient detection of massive malicious codes. According to assembler samples, malicious code detectionis conducted, the method adopts multi-core computing resources to execute steps of sample identification of assembler in parallel, the steps of sample identification of the assembler are as follows: assembler slices are extracted, the assembler slice is a statement or an expression that affects a specified variable in a assembler sample. Based on the preset assembler slice types, the number of occurrences of each type of assembler slice extracted from the assembler sample is counted, and is taken as a feature vector of the assembler sample. According to the feature vectors of the assembler samples, a classifier is obtained by pre-training, the malicious codes are identified by adopting the classifier.

Description

technical field [0001] The invention relates to the field of information technology, in particular to a method for efficiently detecting massive malicious codes. Background technique [0002] In today's cyberspace environment, with the rapid development of information technology and the increasingly widespread network applications, the situation of network security is becoming more and more severe. Network attacks are characterized by organization and industrialization. Fast, many types, a sharp increase in quantity, and a larger scale. [0003] According to statistics, nearly 2.05 million mobile Internet malicious programs were captured in 2016, and the number of malicious programs has maintained a rapid growth trend in the past seven years. [0004] In this context, how to quickly and accurately detect malicious code from a large number of applications has become a key problem that must be solved first to build a network security shield. [0005] At present, the research...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 韩伟杰薛静锋王勇刘振岩单纯
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap