Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious code detection and recognition method and device based on software genes

A malicious code detection and malicious code technology, which is applied in the field of malicious code detection and identification based on software genes, can solve the problems that the detection accuracy cannot be effectively guaranteed, and achieve good representation, low false alarm rate, and good detection accuracy Effect

Active Publication Date: 2018-06-15
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF2 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problem that the detection accuracy cannot be effectively guaranteed in the current malicious code detection process, the present invention proposes a malicious code detection and identification method and device based on software genes, providing support for gene matching in the malicious code analysis and detection process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection and recognition method and device based on software genes
  • Malicious code detection and recognition method and device based on software genes
  • Malicious code detection and recognition method and device based on software genes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] Such as figure 1 As shown, a kind of malicious code detection and identification method based on software gene of the present invention comprises the following steps:

[0061] Step S11: constructing a malicious code software gene library.

[0062] Step S12: Detect and identify the malicious code through the malicious code software gene library.

Embodiment 2

[0064] Such as figure 2 As shown, another malicious code detection and identification method based on software gene of the present invention comprises the following steps:

[0065] Step S21: performing static analysis on the malicious code, scanning the binary file of the malicious code, obtaining static information of the binary file, unpacking the target code, and performing obfuscation analysis.

[0066] Step S22: Disassemble the malicious code binary file to obtain the corresponding assembly code, and the assembly code takes a basic block as a basic unit.

[0067] Step S23: The binary calling relationship of the basic block is used as the software gene representation of the malicious code, and all the software gene representations of the malicious code constitute the software genome of the malicious code, including:

[0068] Step S231: scan the assembly code of the target code, and divide the assembly code according to the basic blocks;

[0069] Step S232: merging the s...

Embodiment 3

[0091] Such as image 3 As shown, a kind of malicious code detection and identification device based on software gene of the present invention comprises:

[0092] The gene library module 31 is used to construct a malicious code software gene library.

[0093] The detection and identification module 32 is configured to detect and identify malicious codes through the malicious code software gene library.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of malicious code analysis technology, in particular to a malicious code detection and recognition method and device based on software genes. According to the method, the software genes of malicious codes are defined and extracted, software genomes of the malicious codes are constructed, a gene mode based on graph structure expression is constructed for each malicious code according to software gene calling relations of different malicious codes, a malicious code software gene bank is established through learning of existing samples, and therefore a good detection accurate rate and a low false report rate are obtained. By coding different software genes, the software genes are combined into the software genomes, the software genomes are information sets of the malicious codes, the gene modes are expressed with a graph structure, overall characteristic information of the malicious codes can be represented, and the gene modes are material sets of the malicious codes. Through the malicious code detection and recognition method and device, the information property and the material property of the software genes are achieved at the same time, and genetic characteristics and mutation characteristics are well represented.

Description

technical field [0001] The invention relates to the technical field of malicious code analysis, in particular to a software gene-based malicious code detection and identification method and device. Background technique [0002] Today's society has entered the information network age of "everywhere online, everywhere interconnected". People's production and life, social politics, economy, national stability and security are all impossible to talk about without cyberspace security. Malicious code, as an important source of cyberspace security threats, is increasingly "generalized" and "multi-sourced". Its threat targets expand from hosts and servers to mobile terminals, industrial control systems, and even wearable devices, and the number is increasing rapidly The detection, identification and analysis of malicious code has always been one of the important research topics in the field of cyberspace security. [0003] Traditional malicious code detection and identification tec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 单征庞建民刘福东赵炳麟梁光辉陈奕杭赵荣彩张啸川桂海仁韩金孟曦孙文杰师炜周鑫李男王婧
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com