Unlock instant, AI-driven research and patent intelligence for your innovation.

Sandbox analysis method, device, electronic equipment and storage medium

An analysis method and sandbox technology, applied in the field of information security, can solve problems affecting the detection ability of the sandbox, achieve the effect of improving the detection ability of the sandbox and reducing the probability of samples evading detection

Active Publication Date: 2020-04-24
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the inventors found that some program samples will actively restart the operating system through direct or indirect methods during operation, and continue to perform some malicious behaviors after restarting, but at this time the sandbox system still thinks that the program samples have been The analysis is complete and there is no risk, resulting in many dangerous program samples not being detected, which greatly affects the detection ability of the sandbox

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sandbox analysis method, device, electronic equipment and storage medium
  • Sandbox analysis method, device, electronic equipment and storage medium
  • Sandbox analysis method, device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0025] It should be clear that the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0026] In the first aspect, the embodiment of the present invention provides a sandbox analysis method, which can save the running scene before the virtual shutdown and continue to collect data on the program sample after restarting, so as to detect some malicious operations performed by the program sample after restarting, It greatly reduces the probability of samples evading detection and effectively improves the sandbox detection capability.

[0027] figure 1 A flow chart of the sandbox analysis method provided b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the invention disclose a sandbox analysis method and device, electronic equipment and a storage medium, and relate to the technical field of information security. The sandbox analysis method and device can greatly reduce the detection evasion probability of samples, and effectively improve the sandbox detection capability. The method comprises the steps of monitoring target operation related to system restarting and input in a program sample of a sandbox, and performing corresponding recording; when a virtual machine of the sandbox is shut down, storing a running field of the virtual machine; determining whether the target operation exists in the running of the program sample or not according to recorded data; and under the condition that the target operation exists in the running of the program sample, restarting the virtual machine to continuously perform data acquisition on the program sample. The sandbox analysis method and device can be applied to the sandbox analysis.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a sandbox analysis method, device, electronic equipment and storage medium. Background technique [0002] In the analysis of malware, dynamic sandbox is usually used for analysis, and the operating environment of software is simulated by virtual machine, so that malware can be executed normally in the sandbox and its malicious behavior can be found. [0003] Generally, the maximum analysis time of the sandbox is fixed, such as ten minutes. If the sample has not finished running after ten minutes, the virtual machine in the sandbox will be forced to shut down, and then the collected behavior will be analyzed. If the sample finishes running within ten minutes, it is considered that the behavior collection is completed, and the virtual machine will automatically shut down at this time. [0004] However, the inventors found that some program samples will activel...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/53
CPCG06F21/53G06F21/566
Inventor 关墨辰李林哲王永亮王小丰肖新光
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More