Method and device for automatically identifying malicious codes during software running

A malicious code and automatic identification technology, which is applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems of low recognition ability and false alarms in identifying malicious codes, and achieve high recognition rate and low false alarm rate.

Inactive Publication Date: 2020-07-24
安芯网盾(北京)科技有限公司
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to solve the above-mentioned technical problems, the present invention proposes a method and device for automatically identifying malicious codes when the software is running, to solve the problem that the security software in the prior art has a low recognition ability for identifying malicious codes due to the inability to effectively monitor the program behavior. , technical problems with many false positives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for automatically identifying malicious codes during software running
  • Method and device for automatically identifying malicious codes during software running

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the purpose, technical solution and advantages of the present invention clearer, the technical solution of the present invention will be clearly and completely described below in conjunction with specific embodiments of the present invention and corresponding drawings. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0036] combine first figure 1 A flowchart illustrating a method for automatically identifying malicious codes when software is running according to an embodiment of the present invention. Such as figure 1 As shown, the method includes the following steps:

[0037] Opening and replacing step, described opening and replacing step comprise: CPU opens hardware virt...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for automatically identifying malicious codes during software running. The method comprises the steps: starting and replacing, and enabling a CPU to start ahardware virtualization function, and enabling a current operating system to run in a Guest mode; replacing the value of the specific register in the Guest mode with a first monitoring function; or, initializing the value of the specific register of the CPU in the Guest mode as a first monitoring function; the CPU starts a hardware virtualization function, and the current operating system is set to run in a Guest mode; a first collection step, wherein the first monitoring function collects a behavior set of the to-be-detected software when the to-be-detected software runs in the Guest mode; and a detection step: detecting the behavior set by utilizing a pre-constructed malicious code behavior detection model, and automatically identifying whether the to-be-detected software contains malicious codes or not. According to the scheme of the invention, the running behavior of the software can be comprehensively monitored, and the malicious code can be automatically identified based on the running behavior of the software.

Description

technical field [0001] The invention relates to the field of computer information security, in particular to a method and device for automatically identifying malicious codes when software is running. Background technique [0002] Current methods for identifying malicious code generally include methods such as file static detection, heuristic detection, and AI learning. Although the technology has a certain effect on identifying malicious codes, there are many false alarms. Since the active defense technology cannot accurately identify malicious codes, it can only blindly report suspicious behaviors to the police, which will increase user distress. [0003] The existing active defense technology mainly monitors the behavior of the program through the standard interface provided by the system or through the hook (Hook). However, more and more operating systems pay more and more attention to their own security, and Patch kernel code is no longer allowed. , which makes it imp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 姚纪卫姜向前
Owner 安芯网盾(北京)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap