Malware family identification method and device and electronic equipment

A technology of malicious software, identification method, applied in the direction of computer security device, file system, electrical digital data processing, etc.

Active Publication Date: 2019-09-10
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF6 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] When the existing static antivirus software detects malware, it usually only detects a certain software as malware, pr

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware family identification method and device and electronic equipment
  • Malware family identification method and device and electronic equipment
  • Malware family identification method and device and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] The technical solutions of the present invention will be clearly and completely described below in conjunction with the embodiments. Obviously, the described embodiments are part of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0040] An embodiment of the present invention provides a malware family identification method, see figure 1 As shown, the method is applied to the ES (ElasticSearch) search server, and specifically includes the following steps:

[0041] Step S102, acquiring the binary program to be identified.

[0042] During specific implementation, the ES search server first obtains the binary program to be identified.

[0043] Step S104, perform perceptual hash processing on the binary program to obtain multiple perceptible hash str...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malware family identification method and device and electronic equipment, and the method comprises the steps: carrying out the perception Hash processing of a binary program to be identified, and obtaining a plurality of perceptible Hash character strings, wherein the perceptual hash processing comprises dynamic sandbox operation, gray level image conversion and discrete cosine transformation; searching and matching each malicious software family in the malicious software database by taking each perceptible Hash character string as a search word to obtain a matching degree between each malicious software family and the binary program, wherein each malicious software family comprises a plurality of perceptible hash word string sequences obtained through perceptive hash processing; and taking the name of the malware family corresponding to the maximum matching degree in the matching degrees exceeding the preset matching degree threshold value as an identificationresult corresponding to the binary program. According to the invention, when the dynamic malware detection engine detects malware, the accurate name of the malware family to which the malware belongscan be given.

Description

technical field [0001] The present invention relates to the technical field of malware identification, in particular to a malware family identification method, device and electronic equipment. Background technique [0002] When the existing static antivirus software detects malware, it usually only detects a certain software as malware, prompts that there is a risk of virus intrusion or deletes it directly. Virus Scanner gives real accurate malware family names. Contents of the invention [0003] The object of the present invention is to provide a malware family identification method, device and electronic equipment, which can enable the dynamic malware detection engine to give the accurate name of the malware family to which the malware belongs when detecting malware. [0004] The present invention provides a kind of malicious software family identification method, and described method is applied to ES search server, and described method comprises: [0005] Obtain the b...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F16/14
CPCG06F21/566G06F16/152
Inventor 吴栋范渊吴卓群
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap