Unlock instant, AI-driven research and patent intelligence for your innovation.

Security process identification method and system based on machine instruction structure

A technology of process identification and machine instructions, applied in instruction analysis, neural learning methods, machine execution devices, etc., can solve problems such as lack of generalization ability, failure to operate normally, increase the difficulty and danger of system management, and achieve feature generalization strong ability, improve recognition accuracy, and improve the effect of recognition ability

Pending Publication Date: 2021-08-20
SHENZHEN LEAGSOFT TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In reality, executable files (such as applications) on the whitelist will continue to apply security patches and software upgrades, so these behaviors will cause the MD5 code of the executable file to change, so that the upgraded executable file Failed to pass security checks and cannot function properly
[0003] Therefore, using MD5 code as the security judgment feature of executable files does not have any generalization ability, which will definitely increase the manual intervention workload of the system administrator, and increase the difficulty and danger of system management.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security process identification method and system based on machine instruction structure
  • Security process identification method and system based on machine instruction structure

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] A security process identification method based on machine instruction structure, see figure 1 , including the following steps:

[0057] S1: Train all executable files on the preset whitelist to build a feature vector classifier;

[0058] S2: Obtain the executable file to be identified;

[0059] S3: Compare the executable file to be identified with the feature vector classifier, and determine whether the executable file to be identified is an executable file on the white list according to the comparison result.

[0060]Specifically, all executable files on the whitelist are considered safe files. For example, the computer systems of enterprises or government agencies have high security requirements, and generally only run certified executable files, so such computer systems must have executable file comparison technology with high accuracy and strong generalization ability as basic. However, the traditional byte-level comparison is very easy to change and is not suit...

Embodiment 2

[0087] A secure process identification system based on machine instruction structure, see figure 2 ,include:

[0088] Training unit: used to train all executable files on the preset whitelist to build a feature vector classifier;

[0089] Identification unit: used to obtain the executable file to be identified; compare the executable file to be identified with the feature vector classifier, and determine whether the executable file to be identified is an executable file on the white list according to the comparison result.

[0090] Preferably, the training unit is specifically used for:

[0091] Disassemble executable files on the preset whitelist into advanced instruction sets;

[0092] Divide the advanced instruction set into blocks to obtain multiple basic execution blocks, and each basic execution block is provided with a sequence block code;

[0093] Encode each sequence block as a feature vector to build a feature library;

[0094] An artificial neural network is co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a security process identification method and system based on a machine instruction structure. The method comprises the following steps: training all executable files on a preset white list, and constructing a feature vector classifier; obtaining a to-be-identified executable file; and comparing the to-be-identified executable file with the feature vector classifier, and determining whether the to-be-identified executable file is an executable file on the white list or not according to a comparison result. According to the method, machine codes at a byte level are disassembled, and semantic features are analyzed through an instruction sequence to form a feature library. The feature library is used for comparing the executable files, the generalization ability is high, the method is suitable for various complex conditions such as continuous upgrading of the working software and continuous change of security patches of the working software, and the recognition accuracy is high.

Description

technical field [0001] The invention belongs to the technical field of computer desktop security, and in particular relates to a security process identification method and system based on a machine instruction structure. Background technique [0002] In the prior art, the judgment of the security of the executable file is mainly based on the MD5 code of the executable file. But as long as two executables differ by one byte, MD5 is completely different. In reality, executable files (such as applications) on the whitelist will continue to apply security patches and software upgrades, so these behaviors will cause the MD5 code of the executable file to change, so that the upgraded executable file Failed security checks and cannot function properly. [0003] Therefore, using MD5 code as the security judgment feature of an executable file does not have any generalization ability, which will definitely increase the workload of manual intervention of the system administrator and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/54G06F9/30G06K9/62G06N3/04G06N3/08
CPCG06F21/54G06F9/30003G06F9/30145G06N3/04G06N3/084G06F18/24G06F18/214
Inventor 李琢王志黄杰祝青柳
Owner SHENZHEN LEAGSOFT TECH