Supercharge Your Innovation With Domain-Expert AI Agents!

Dynamic Extraction Method of Software Genes in Memory Based on Markov Model

A Markov model and dynamic extraction technology, applied in the field of malicious code detection, can solve the problems of low extraction efficiency, achieve the effect of reducing the analysis scale, increasing the complexity of data processing, and improving work efficiency

Active Publication Date: 2020-09-29
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention aims at the problem of low extraction efficiency existing in current malicious code software gene extraction methods, and proposes a Markov model-based software gene dynamic extraction method in memory

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic Extraction Method of Software Genes in Memory Based on Markov Model
  • Dynamic Extraction Method of Software Genes in Memory Based on Markov Model
  • Dynamic Extraction Method of Software Genes in Memory Based on Markov Model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] like figure 1 As shown, a Markov model-based software gene dynamic extraction method in memory, including:

[0044] Step S101: establishing a memory capture system based on the QEMU virtual machine platform;

[0045] Step S102: Based on the memory capture system, the virtual machine-related memory dump is performed when the packed malicious code is executed;

[0046] Step S103: constructing a Markov model based on the malware gene extracted from the unpacked malicious code;

[0047] Step S104: constructing a first state transition matrix based on code fragments extracted from non-malicious codes;

[0048] Step S105: using the first state transition matrix to optimize the Markov model to obtain a packer software gene detection model;

[0049]Step S106: Using the packer software gene detection model to extract the packer malicious code software gene.

[0050] The invention dynamically runs samples in a virtual environment by constructing a memory capture system based ...

Embodiment 2

[0052] like figure 2 As shown, another Markov model-based in-memory software gene dynamic extraction method includes:

[0053] Step S201: Establish a memory capture system based on the QEMU virtual machine platform;

[0054] Specifically, a virtual machine is built on the QEMU virtual machine platform, and a control server and a file server are built on the periphery of the QEMU virtual machine platform to form a memory capture system; the control server communicates and controls the QEMU virtual machine platform to control the snapshot of the virtual machine Reply, run, suspend and memory dump; the file server transmits the files of the packed malicious code between the client and the virtual machine; the virtual machine unpacks the packed malicious code.

[0055] As a possible implementation, such as image 3 As shown, Qemu is selected as the virtual machine platform, a CNC real-time control server and an FTP file server are built around the virtual environment, and two v...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of malicious code detection, and discloses a Markov model-based dynamic extraction method for software genes in a memory, which comprises the following steps of: 1, establishing a memory capture system based on a QEMU virtual machine platform; 2, performing virtual machine related memory dump based on the memory capture system when the shelled maliciouscode is executed; 3, constructing a Markov model based on malicious code software genes extracted from unshelled malicious codes; 4, constructing a first state transition matrix based on code snippets extracted from the non-malicious codes; 5, optimizing the Markov model by using the first state transition matrix to obtain a shelled software gene detection model; 6, carrying out malicious code software gene extraction on the shelled malicious codes through the shelled software gene detection model. The method has a relatively high malicious code software gene detection rate and a relatively low false alarm rate.

Description

technical field [0001] The invention belongs to the technical field of malicious code detection, and in particular relates to a method for dynamically extracting software genes in memory based on a Markov model. Background technique [0002] At present, the Internet has brought great convenience to human life, but hackers all over the world wantonly write and spread malicious codes, destroying network security, and at the same time posing a huge threat to national security. According to the "2018 Internet Anti-Virus Research Report" released by Tencent Security Lab, as of the end of December 2018, a total of 1.486 billion viruses were intercepted, and a total of 350 million users were found to be attacked by Trojan horses (see Tencent United SecurityLaboratory.https: / / zhuanlan.zhihu.com / p / 55901201(2019)), how to effectively automate the analysis and detection of malicious code and maintain the security of the Internet directly affects the early warning and response capabili...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/53G06F9/455G06F8/53
CPCG06F8/53G06F9/45558G06F21/53G06F21/563G06F2009/45583G06F2009/45587G06F2221/033
Inventor 刘福东单征林成梁侯一凡陈奕杭郑杨杰刘子敬孙文杰
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com