Malicious code detection and recognition method and device based on software genes
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A malicious code detection and malicious code technology, which is applied in the field of malicious code detection and identification based on software genes, can solve the problems that the detection accuracy cannot be effectively guaranteed, and achieve good representation, low false alarm rate, and good detection accuracy Effect
Active Publication Date: 2018-06-15
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF2 Cites 15 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0005] Aiming at the problem that the detection accuracy cannot be effectively guaranteed in the current malicious code detection process, the present invention proposes a m
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0060] Such as figure 1 As shown, a kind of malicious code detection and identification method based on software gene of the present invention comprises the following steps:
[0061] Step S11: constructing a malicious code software gene library.
[0062] Step S12: Detect and identify the malicious code through the malicious code software gene library.
Embodiment 2
[0064] Such as figure 2 As shown, another malicious code detection and identification method based on software gene of the present invention comprises the following steps:
[0065] Step S21: performing static analysis on the malicious code, scanning the binary file of the malicious code, obtaining static information of the binary file, unpacking the target code, and performing obfuscation analysis.
[0066] Step S22: Disassemble the malicious code binary file to obtain the corresponding assembly code, and the assembly code takes a basic block as a basic unit.
[0067] Step S23: The binary calling relationship of the basic block is used as the software gene representation of the malicious code, and all the software gene representations of the malicious code constitute the software genome of the malicious code, including:
[0068] Step S231: scan the assembly code of the target code, and divide the assembly code according to the basic blocks;
[0069] Step S232: merging the s...
Embodiment 3
[0091] Such as image 3 As shown, a kind of malicious code detection and identification device based on software gene of the present invention comprises:
[0092] The gene library module 31 is used to construct a malicious code software gene library.
[0093] The detection and identification module 32 is configured to detect and identify malicious codes through the malicious code software gene library.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention relates to the field of malicious code analysis technology, in particular to a malicious code detection and recognition method and device based on software genes. According to the method, the software genes of malicious codes are defined and extracted, software genomes of the malicious codes are constructed, a gene mode based on graph structure expression is constructed for each malicious code according to software gene calling relations of different malicious codes, a malicious code software gene bank is established through learning of existing samples, and therefore a good detection accurate rate and a low false report rate are obtained. By coding different software genes, the software genes are combined into the software genomes, the software genomes are information sets of the malicious codes, the gene modes are expressed with a graph structure, overall characteristic information of the malicious codes can be represented, and the gene modes are material sets of the malicious codes. Through the malicious code detection and recognition method and device, the information property and the material property of the software genes are achieved at the same time, and genetic characteristics and mutation characteristics are well represented.
Description
technical field [0001] The invention relates to the technical field of malicious code analysis, in particular to a software gene-based malicious code detection and identification method and device. Background technique [0002] Today's society has entered the information network age of "everywhere online, everywhere interconnected". People's production and life, social politics, economy, national stability and security are all impossible to talk about without cyberspace security. Malicious code, as an important source of cyberspace security threats, is increasingly "generalized" and "multi-sourced". Its threat targets expand from hosts and servers to mobile terminals, industrial control systems, and even wearable devices, and the number is increasing rapidly The detection, identification and analysis of malicious code has always been one of the important research topics in the field of cyberspace security. [0003] Traditional malicious code detection and identification tec...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more