A malicious program identification method and electronic device

Abstract

The invention provides a malicious program identification method and an electronic device, which are used for solving the problems in the prior art of how to realize malicious program detection underthe condition of reducing resource consumption, improving the detection efficiency of the malicious program, and improving the accuracy of identifying an organization that writes the malicious program. The method includes parsing the received first program to determine the first compiled path information, wherein the first compiled path information comprises a directory string; determining a firsteigenvalue of the first program according to the first compiled path information; matching the first eigenvalue with an eigenvalue in a feature library; in response to a successful match, determiningthe first program to be a malicious program.

Description

technical field [0001] The invention relates to the technical field of computers, in particular to a malicious program identification method and electronic equipment. Background technique [0002] With the development of Internet technology, it has brought great convenience to users' lives, but due to the emergence of malicious programs, it has also brought troubles and infringements to users, for example, the recently popular ransomware, Internet worms, And malicious mining programs, resulting in loss of user property. [0003] The malicious program detection engine identifies malicious programs to protect the security of users, but malicious programs have appeared endlessly, and the malicious program detection engine cannot detect the latest malicious programs in time, and the malicious program detection engine can identify and compare the families (organizations) of malicious programs Difficulties, especially when malicious program source files are frequently traded unde...

AI Technical Summary

Problems solved by technology

[0002] With the development of Internet technology, it has brought great convenience to users' lives, but due to the emergence of malicious programs, it has also brought troubles and infringements to users, for example, the recently popular ransomware, Internet worms, and malicious mining programs, resulting in loss of user property

[0003] The malicious program detection engine identifies malicious programs to protect the security of users, but malicious programs have appeared endlessly, and the malicious program detection engine cannot detect the latest malicious programs in time, and the malicious program detection engine can identify and compare the families (organizations) of malicious programs Difficulties, especially when malicious program source files are frequently traded underground, it will be difficult for associated organizations and difficult to monitor. In the event of an Advanced Persistent Threat (APT) attack, the similarity of the organization is of great importance to Malicious program traceability plays a very important role

In the prior art, the most widely spread malicious program for the Internet is the Portable Executable (PE) / Executable and Linking Format (ELF) file format. The program performs similarity clustering to detect malicious programs and at the same time organizes and classifies them. However, in the face of massive data, similarity clustering consumes a lot of resources, and when malicious program source files are traded underground, they will be identified incorrectly and cannot be accurately determined. Organizations that write malicious programs

Images