Method and system for determining malicious code based on calling relation

A malicious code and call relationship technology, applied in the malicious code judgment method and system field based on the call relationship, can solve the problems of low detection efficiency, missing the best time to intercept viruses, and increasing the detection cost of malicious samples, so as to reduce the degree of distortion, The effect of improving accuracy and efficiency

Inactive Publication Date: 2018-05-22
WUHAN ANTIY MOBILE SECURITY
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This detection efficiency is low, which not only increases the cost of malicious sample detection, but also miss

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for determining malicious code based on calling relation
  • Method and system for determining malicious code based on calling relation
  • Method and system for determining malicious code based on calling relation

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0029] The present invention provides an embodiment of a method and system for judging malicious code based on a calling relationship, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to enable the above-mentioned objectives, features and The advantages can be more obvious and easy to understand. The technical solution of the present invention will be further described in detail below in conjunction with the accompanying drawings:

[0030] The present invention first provides a method for judging malicious code based on the calling relationship in Embodiment 1, such as figure 1 Shown, including:

[0031] S11: Decompile the program to be tested and obtain pseudo code.

[0032] S12: Parse the pseudo code and build a call structure tree.

[0033] Specifically, the pseudo code can be parsed to obtain information about each function, and a call structure tree can be constructed based on the information...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for determining malicious codes based on calling relations. The method comprises: decompiling a to-be-detected program and obtaining pseudocode; analyzingthe pseudocode and establishing a calling structure tree; traversing the calling structure tree, to obtaining behavior data of the to-be-detected program, when the obtained behavior data is matched with predefined malicious behavior data, determining that the to-be-detected program has malicious codes, wherein the malicious behavior data includes malicious behavior, and calling relations or calling positions of malicious behaviors. In the technical scheme, through converting the calling relations of programs to hierarchical relations of the calling structure tree, more detailed program information is provided to a machine, and finally accuracy of malicious code determination is improved.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for judging malicious codes based on calling relationships. Background technique [0002] As society moves towards the Internet era, the rapid development of the Internet has also improved people's lives, but it has also attracted many malicious application developers who attempt to make illegal profits from it. The number of malicious applications is growing at an unprecedented rate, and various new viruses and variant viruses are updated more and more frequently. These problems can no longer be solved by human judgment alone. How to use machines to identify viruses in a smarter and more accurate way has become the key to solving the problem. [0003] At present, the static detection technology for malicious code is mainly through decompilation, and malicious determination is made on the decompiled pseudo-code data. That is, the sensitive funct...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 徐荣力乐东乔伟
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap