Malicious software identification method, system and device and readable storage medium

A malware and software technology, applied in the field of malicious identification, can solve the problems of difficult identification and low accuracy of malware identification, and achieve the effect of improving accuracy

Pending Publication Date: 2022-01-07
SANGFOR TECH INC
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, most of the existing malware identification methods use function as the granularity to perform similarity matching. If malware only reuses a small piece of code, it is difficult to identify it, resulting in low accuracy of malware identification.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software identification method, system and device and readable storage medium
  • Malicious software identification method, system and device and readable storage medium
  • Malicious software identification method, system and device and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The core of the present application is to provide a malware identification method, system, device and readable storage medium for improving the accuracy of malware identification.

[0056] In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0057]At present, malware detection based on binary instructions mainly includes the following parts:

[0058] (1) Control the flow of binary instructions and func...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious software identification method, which comprises the following steps: obtaining an executable file of software to be identified, and extracting binary instruction characteristics in the executable file; performing feature matching on the binary instruction features in a feature library to obtain corresponding same features and/or similar features; and judging whether the to-be-identified software is malicious software or not according to the properties of the same features and/or similar features. Because the control flow diagram is an abstract data structure of the minimum control logic in the program execution process, the binary instruction feature obtained by splicing and combining the binary instructions according to each control flow diagram has smaller granularity than the function, and the real-time execution process of the control flow of the function can be reflected; therefore, similarity matching is carried out by utilizing the binary instruction characteristics of the executable file, and the malicious software identification precision can be obviously improved. The invention also provides a malicious software identification system and device and a readable storage medium, which have the above beneficial effects.

Description

technical field [0001] The present application relates to the field of malicious identification, in particular to a method, system, device and readable storage medium for identifying malicious software. Background technique [0002] With the wide application of software in various fields of society, more and more people pay more and more attention to software security. Establishing a trusted software system has become an effective means of maintaining information security, and detection of malicious software has become the core research direction of software credibility analysis. [0003] However, most of the existing malware identification methods use function as the granularity to perform similarity matching. If malware only reuses a small piece of code, it is difficult to identify it, resulting in low accuracy of malware identification. [0004] Therefore, how to improve the accuracy of malware identification is a technical problem that those skilled in the art need to s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563G06F2221/033G06F21/56
Inventor 位凯志高智刘彦南姚俊
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap