Escape behavior detection method based on multiple environments

A detection method and multi-environmental technology, applied in the field of information security, can solve problems such as fast recovery of difficult systems and improvement of analysis efficiency, and achieve the effects of low detection rate, high detection efficiency, and high reliability
CN111460439AActive Publication Date: 2020-07-28CENT SOUTH UNIV
4 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CENT SOUTH UNIV
Publication Date
2020-07-28

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses an escape behavior detection method based on multiple environments. The method comprises the steps of obtaining a to-be-analyzed program; analyzing the to-be-analyzed program by adopting a multi-environment virtualization sandbox; extracting an API call sequence of each sample in the behavior analysis report of each sandbox; converting the API calling sequence into an API character sequence; carrying out comparison detection on API character sequences of the same sample in different sandboxes based on a Smith-waterman algorithm; extracting a difference subsequence in the comparison detection result; and calculating the Levenshtein distance of the difference subsequence and comparing the API character sequences of the same sample in multiple environments in pairs soas to judge whether the to-be-analyzed program has an escape detection behavior or not. The method is high in reliability, good in practicability and high in detection efficiency.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the technical field of information security, and in particular relates to a multi-environment-based evasion behavior detection method. Background technique

[0002] With the development of economy and technology and the advent of the intelligent age, the importance of data security has received more and more attention.

[0003] In modern malicious code detection, dynamic behavior detection is a relatively common method, that is, to determine whether there is malicious behavior by detecting the execution process of the code in the sandbox. In order to prolong the life cycle of malicious programs, malicious code providers will add environment detection codes to malicious programs, and stop executing malicious behaviors when the detected operating environment is a sandbox, thus avoiding malicious behavior detection. The behavior of evading detection leads to the wrong judgment of the dynamic analysis tool of malicious code, and t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More