Homologous analysis method and device for malicious codes and readable storage medium

A malicious code and analysis method technology, applied in the field of homologous analysis method, device and readable storage medium of malicious code, can solve the problem of different input lengths and the like

Pending Publication Date: 2022-01-14
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Embodiments of the present invention provide a method, device, and readable storage medium for homologous analysis of malicious codes, which can be applied to homologous analysis of malicious codes of different lengths, and solve the problem of input lengths caused by different numbers of instructions in codes in the prior art Inconsistency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Homologous analysis method and device for malicious codes and readable storage medium
  • Homologous analysis method and device for malicious codes and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0015] It should be understood that various modifications may be made to the embodiments applied for herein. Accordingly, the above description should not be viewed as limiting, but only as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of the disclosure.

[0016] The accompanying drawings, which are incorporated in and constitute a part of this specification...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a homologous analysis method and device for malicious codes and a readable storage medium, and the method comprises the steps of obtaining malicious code samples which comprise different types of malicious codes; disassembling the malicious code sample to determine a corresponding assembly instruction sequence, where the assembly instruction sequence comprises a plurality of instructions, and the lengths of the plurality of instructions can be different; inputting a feature extraction model for prediction training on the basis of vectors corresponding to an instruction with a preceding sub-sequence and an instruction with a following sub-sequence and a vector corresponding to the malicious code sample; and extracting semantic features of unknown malicious code data by using the trained feature extraction model so as to carry out homologous analysis on malicious codes. The method can be suitable for homologous analysis of malicious codes with different lengths, and the problem that in the prior art, the input lengths are inconsistent due to the fact that the number of instructions in the codes is different is solved.

Description

technical field [0001] The invention relates to the field of information security, in particular to a malicious code homologous analysis method, device and readable storage medium. Background technique [0002] Malicious code homology analysis (Homology Analysis) is to analyze the correlation between malicious codes through the internal and external characteristics of malicious codes, as well as the rules of generation and propagation. There are various types of malicious code, including computer viruses, worms, Trojan horse programs, backdoor programs, logic bombs, etc. Each type of malicious code tends to have similarities in the following aspects: (1) functional code, in order to achieve the same malicious function, the key code fragments may be similar, and these similar code fragments are also called genetic codes, such as Duqu With Stuxnet, their DLL injection, RPC service and other key function codes are highly similar; (2) system function calls, the operation of mal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62G06N20/10
CPCG06F21/563G06N20/10G06F18/23213G06F18/214G06F18/241
Inventor 黄娜
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap