Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection of malicious behaviour of computer program

A computer program and monitoring computer technology, applied in the field of computer science, can solve the problems of high storage and calculation requirements, difficult to overcome the code, limited public information, etc., to achieve the effect of low performance cost, increased real proportion, and improved detection accuracy

Pending Publication Date: 2021-07-30
HUAWEI TECH CO LTD +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, these two systems have disadvantages of static analysis, such as difficulty in overcoming code obfuscation techniques, native code, etc.
[0006] The inventor found that there is a real-time detection method based on third-party learning, but the public information on this is relatively limited
Furthermore, the inventors' analysis shows that these methods require limited statistical analysis of the monitoring units and have high storage and computational requirements due to the size of the monitoring unit sequences

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection of malicious behaviour of computer program
  • Detection of malicious behaviour of computer program
  • Detection of malicious behaviour of computer program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0113] The technical solutions of the embodiments will be described below in conjunction with the accompanying drawings. It can be understood that the embodiments described below are not all embodiments, but only some embodiments related to the present invention. It should be noted that other embodiments that can be obtained by those skilled in the art according to the embodiments described below are within the protection scope of the present invention without paying creative efforts.

[0114] The following combination figure 1 Describes ways to monitor computer programs on operating systems.

[0115] When the computer program runs, an API sequence is generated, and the API sequence increases continuously with the operation of the computer program, such as figure 1 Indicated by the arrow to the right of the API sequence in . Such as figure 1 The shown intercept API sequence 10, that is, the first number N1 monitoring units, includes an API sequence at a specific time t whe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Method for determining real-time malicious behavior of a computer program, such as on Android systems. A first sequence of APIs from a total sequence of intercepted APIs generated by the computer program are saved and converted into vector representation and comprise inputs, together with statistical information about API's in the first sequence and APIs in the total sequence, for determining whether the behavior of the computer program constitutes abnormal behavior of the computer program.Determining uses pre-trained dataset and model in various types of machine learning.

Description

technical field [0001] The invention relates to computer science, in particular to a real-time detection of whether the behavior of a computer program is abnormal. Judging based on the following inputs: 1. Selecting a recent subset of system class calls from a large set of intercepted system class calls of computer programs. 2. Statistics related to system class calls in subsets and large collections. The pre-trained judgment module uses machine learning to judge whether an input indicates anomalous behavior. In order to reduce the computation and storage requirements of devices such as mobile devices, the input is converted into a vector representation, only a recent subset is stored, and the statistics include information that is relatively old. Background technique [0002] According to a report by G Data, an information security company (C. Luek "8,400 New Android Malware Samples Every Day"), 8,400 Android malware were found every day in 2017, that is, a new Android ma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/55G06F21/52
CPCG06F21/52G06F21/552G06F21/566
Inventor 李迎九王代斌
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products