Demixing method and device, computer equipment and storage medium
A technology of computer programs and memory, applied in the field of computer equipment and storage media, de-obfuscation methods, and devices, can solve problems such as difficult expansion, low efficiency, and low degree of automation
Active Publication Date: 2020-02-04
杭州奇盾信息技术有限公司 +1
View PDF5 Cites 6 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0005] Based on this, it is necessary to provide a de-obfuscation method, device, computer equipment and storage medium for the technical problems that the existing de-obfuscation method requires a lot of manual analysis, low efficiency, low degree of automation, and difficult to expand
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0046] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, and are not intended to limit the present application.
[0047] see figure 1 , figure 1 It is a schematic diagram of a de-obfuscation method according to an embodiment of the present invention.
[0048] In this embodiment, the de-obfuscation method includes:
[0049] Step 100, extract subtrees to be detected from the original syntax tree corresponding to the original script, and each subtree to be detected corresponds to a script fragment to be detected.
[0050] The syntax tree is a graphical representation of the sentence structure, which represents the derivation result of the sentence, and is conducive to understanding th...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to a de-obfuscation method and device, computer equipment and a storage medium. The method comprises the steps of extracting a to-be-detected sub-tree from an original syntax tree corresponding to an original script; detecting the to-be-detected sub-tree by using the feature training model based on the multi-layer features of the to-be-detected sub-tree and / or the to-be-detected script fragment to obtain a confused sub-tree; inputting the script fragment corresponding to the obfuscation subtree into an interpreter to obtain a de-obfuscation script fragment; and de-obfuscating the original script based on the de-obfuscated script fragment to obtain a de-obfuscated script. The de-obfuscation method and device, the computer equipment and the storage medium are provided.Confusion detection is carried out on an original syntax tree corresponding to an original script based on multi-layer features. Automatic de-obfuscation is carried out to obtain the de-obfuscated script fragments, the original script is de-obfuscated based on the de-obfuscated script fragments, and the de-obfuscated script is obtained, so that the obfuscation detection and de-obfuscation can be automatically carried out, the automation degree is high, and the efficiency is relatively high.
Description
technical field [0001] The present application relates to the technical field of information security, in particular to a de-obfuscation method, device, computer equipment and storage medium. Background technique [0002] With the further advancement of informatization in our country, information technology and Internet technology have gradually entered all aspects of life. Cyberspace security is a complex and systematic discipline, and there is no way to protect it through a single technology. Attackers will find ways to find weak points in the system or where they can be exploited to attack. We generally refer to this attackable point as an "attack vector". [0003] PowerShell is an attack vector widely used by attackers. In 2016, Symantec, a top international information security company, released a white paper (“The Increase Use of PowerShell in Attacks.”) announcing that PowerShell is being widely used in network attacks. PowerShell is a powerful administrator tool ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F8/41
CPCG06F8/427G06F21/563
Inventor 李振源熊春林陈焰杨海
Owner 杭州奇盾信息技术有限公司