Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for checking files in executable and linkable formats and storage medium

A format file and inspection method technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems of ELF file detection, ELF file false positives, and malicious ELF file false positives, etc.

Pending Publication Date: 2021-09-10
SANGFOR TECH INC
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The current ELF file detection technology has huge differences in the detection capabilities of ELF files of different platform types. It does not detect ELF files under different types of subdivisions, and adopts the same detection method for all types of ELF files, which often easily leads to Normal ELF files in some customers’ systems cause false positives, while malicious ELF files cause false negatives, resulting in low accuracy of ELF file inspection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for checking files in executable and linkable formats and storage medium
  • Method and device for checking files in executable and linkable formats and storage medium
  • Method and device for checking files in executable and linkable formats and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0041] The invention provides a checking method for executable and linkable format files, which improves the accuracy of checking ELF files.

[0042] Such as figure 1 as shown, figure 1 It is a schematic diagram of the hardware operating environment of the embodiment terminal involved in the embodiment solution of the present invention;

[0043] In this embodiment of the present invention, the terminal may be a checking device for executable and linkable format files, and the checking device for executable and linkable format files may specifically be a computer device.

[0044] Such as figure 1 As shown, the terminal may include: a processor 1001 , such as a CPU central processing unit (central processing unit), a memory 1002 , and a communication bus 1003 . Wherein, the communication bus 1003 is used to realize ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for checking files in executable and linkable formats, which comprises the following steps of: according to file attributes of ELF files in executable and linkable formats, recognizing the category to which the ELF files belong, the file attributes comprising file types and / or source platform types corresponding to the ELF files, wherein the file type comprises a relocatable file, an executable file and a sharable file; extracting file features of the ELF file, wherein the file features comprise at least one of a static feature, a dynamic feature and a certificate information feature; according to the category and the file feature, the ELF file is checked to obtain a check result, and the check result is that the ELF file belongs to a malicious ELF file or a normal ELF file. The invention further discloses a device for checking files in executable and linkable formats and a computer readable storage medium. According to the method and the device, the accuracy of checking ELF files is improved.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a checking method for executable and linkable format files, a checking device for executable and linkable format files and a computer-readable storage medium. Background technique [0002] In computer science, an ELF (Executable and Linking Format) file is a format file for binary files, executable files, object code, shared libraries, and core dumps. Since the ELF file is the most important executable file format in the Linux operating system, many malicious software will use malicious ELF files to attack the Linux operating system. Therefore, in the process of detecting malicious software, the ELF file under the software is essentially Identify to determine whether it is a malicious ELF file or a normal ELF file. [0003] The current ELF file detection technology has huge differences in the detection capabilities of ELF files of different platform types. It does not ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 刘彦南李朝竟郭开
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com