Malicious-code family determination method and device

A malicious code and judgment method technology, applied in the field of information security, can solve the problems of inaccurate classification, incomplete triggering, and few behavior scalars, and achieve the effect of simplifying calculation and improving processing speed.

Active Publication Date: 2018-10-23
WUHAN ANTIY MOBILE SECURITY
View PDF4 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the characterization of families mainly depends on the experience of virus analysis engineers, which is very labor-intensive. At the same time, due to the differences in individual experience, differences in the identification of malicious code families are prone to occur.
In addition, the academic community currently judges family clustering mainly based on Android behavior. For example, using behavior to perform family clustering requires automatic triggering of applications, which is incomplete. On the other hand, dynamic triggering requires It consumes a lot of computing resources, and its own behavioral scalars are relatively small, which will lead to inaccurate classification

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious-code family determination method and device
  • Malicious-code family determination method and device
  • Malicious-code family determination method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0028] Although the steps in the present invention are arranged with labels, they are not used to limit the order of the steps. Unless the order of the steps is clearly stated or the execution of a step requires other steps as a basis, the relative order of the steps can be adjusted.

[0029] In some embodiments, such as figure 1 As shown, the method for judging malicious code family includes the following steps:

[0030] S01: Extract and merge the characteristics of each malicious code family to generate a malicious code family feature database.

[0031] Malicious code wants to complete its malicious behavior, and has obvious appearance characteristics in code writing, behavior, etc.; and malicious code of the same family (that is, the same behavior pattern or the sa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious-code family determination method and device. According to the method, features of all malicious-code families are extracted and merged on the basis of analysis on all the existing malicious code families to generate a malicious-code family feature library, all extracted features of a to-be-tested sample are used to generate a feature vector according to a structure of the malicious-code family feature library, similarity calculation is carried out on the feature vector of the to-be-tested sample and all preset malicious-code family feature vectors, and whensimilarity meets a preset value, it is judged that the to-be-tested sample belongs to a corresponding malicious-code family. According to the method, various feature scalars are quantificationally combined into the feature vector, the sample is represented through the feature vector, operations of going deep into specific code layers and methods are not needed, computational resources are greatlysaved, and judgment accuracy is high; and calculation on the sample features is streamlined through calculation on the feature vector, and a processing rate is greatly improved.

Description

Technical field [0001] The present invention relates to the technical field of information security, in particular to a method and device for judging malicious code families. Background technique [0002] The rapid development of the mobile Internet in recent years has brought about increasing platform security problems. The Android platform is the most prominent. Under the appearance of the prosperity of its ecosystem, there is a hidden black industry chain driven by huge profits. The entire Android ecosystem is becoming more and more prosperous, and the black industry chain related to Android is becoming more and more rampant. There are more and more viruses on the Android platform, and the number has grown almost exponentially, but the number of malicious code families has grown very slowly. Under normal circumstances, a family often corresponds to a large number of samples. [0003] At present, the characterization of families mainly relies on the experience of virus analysis ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 高坤严丽芳刘宇豪邰靖宇
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap