Malicious file threat analysis platform and malicious file threat analysis method

Abstract

The invention relates to a malicious file threat analysis platform and a malicious file threat analysis method. The method comprises the following steps: acquiring a to-be-detected file by an input and output module, performing comprehensive multi-dimensional processing on the to-be-detected file by a comprehensive multi-dimensional processing module, establishing a threat library by a threat intelligence perception module, performing threat analysis based on comprehensive multi-dimensional processing information, and finally generating and outputting a threat analysis report by the input andoutput module. According to the malicious file threat analysis platform based on a B / S architecture, systematic localization of malicious file threats is performed, known or unknown risks can be quickly identified, the analysis time is saved, a large amount of complicated work is automated, the threats are accurately and efficiently identified, analysis results are comprehensively evaluated, an analysis report is automatically generated, the ability of quickly analyzing file threats can be provided for non-professionals, threat information of all dimensions is provided for analysts as much aspossible, and the analysis process is simplified.

Description

technical field [0001] The invention relates to the technical field of electronic digital data processing, in particular to a malicious file threat analysis platform and a malicious file threat analysis method. Background technique [0002] With the development of the Internet, threats on the Internet emerge in an endless stream, and are developing towards a trend of stronger concealment and wider scope. There are countless new unknown malicious samples, and the threat identification of a large number of samples is becoming more and more complicated. The analysis methods of malicious files mainly include: [0003] Static analysis, extracting, identifying and analyzing the static structure, character string, static association information, code, etc. of malicious files; [0004] Dynamic sandbox analysis, putting malicious files into the sandbox to run, recording information during the running process, extracting related information for analysis and identification; [0005] ...

AI Technical Summary

Problems solved by technology

[0009] (1) It is impossible to analyze a large number of related IOC information; when performing static analysis and dynamic sandbox analysis on malicious files, a large number of static and dynamic related information is often difficult to further identify threats, such as when there is a dynamic link back to the malicious program When using a domain name, the threat level of the associated domain name is actually an important clue to distinguish malicious files;

[0010] (2) The generation of comprehensive threat analysis results requires comprehensive and unified judgments from multiple dimensions; traditional multi-dimensional separate analysis is difficult to conduct comprehensive assessments, and it is often impossible to analyze all dimensions and generate a comprehensive threat report;

[0011] (3) Analysis of each dimension often consumes a lot of labor costs

Images