Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for constructing homology analysis knowledge base, method and device for homology analysis

A construction method and knowledge base technology, applied in the direction of file access structure, file/folder operation, platform integrity maintenance, etc., can solve problems such as large manpower constraints, inability to analyze network data, and existence of network threats

Active Publication Date: 2022-03-29
北京微步在线科技有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in practice, it is found that this method still cannot analyze network data in a timely and efficient manner, resulting in the existence of network threats; at the same time, this method has relatively large manpower constraints, which is not conducive to efficient and accurate network security. protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for constructing homology analysis knowledge base, method and device for homology analysis
  • Method for constructing homology analysis knowledge base, method and device for homology analysis
  • Method for constructing homology analysis knowledge base, method and device for homology analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] Please see figure 1 , figure 1 A schematic flowchart of a method for constructing a homology analysis knowledge base is provided for the embodiment of the present application. Wherein, the construction method of the homology analysis knowledge base includes:

[0062] S101. Collect seed sample files.

[0063] In this embodiment, the seed sample file is used to form a homology analysis knowledge base.

[0064] As an optional implementation manner, step S101 includes:

[0065] Collect original sample files;

[0066] The original samples are sorted to obtain seed sample files; wherein, the seed sample files include one or more of white sample files, Trojan horse family sample files, and APT organization sample files.

[0067] In this embodiment, the method can classify the collected original sample files, so that the original sample files are divided into white sample files, Trojan horse family sample files and APT organization sample files.

[0068] In this embodimen...

Embodiment 2

[0109] Please see figure 2 , figure 2 A schematic flowchart of a homology analysis method is provided for the embodiment of the present application. Wherein, the homology analysis method includes:

[0110] S201. Collect sample files to be analyzed.

[0111] In this embodiment, the method may accept a sample file input by a user for homology analysis.

[0112] S202. Collect intermediate files generated when the sample files to be analyzed are run in the sandbox.

[0113] In this embodiment, the method uses a sandbox to analyze the above-mentioned sample files to be analyzed to obtain intermediate files.

[0114] In this embodiment, this method can perform sample expansion on a sample file to be analyzed, so that the method can perform homologous analysis on two files, and obtain two homologous analysis results, so that it can finally be based on two homologous analysis results. The source analysis results determine the exact homology analysis results of the sample to be ...

Embodiment 3

[0138] Please see image 3 , image 3 It is a schematic structural diagram of an apparatus for constructing a homology analysis knowledge base provided in an embodiment of the present application. Such as image 3 As shown, the construction device of the homology analysis knowledge base includes:

[0139] A first collection unit 310, configured to collect seed sample files;

[0140] The first collecting unit 310 is also used to collect intermediate files generated when the seed sample files are running in the sandbox;

[0141] The first recognition unit 320 is configured to perform format recognition on the seed sample file and the intermediate file to obtain a format recognition result;

[0142] The first analysis unit 330 is configured to analyze the seed sample file and the intermediate file to obtain a fuzzy hash and / or a globally unique identifier matching the format recognition result;

[0143] The first acquiring unit 340 is configured to match the background infor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application provides a homology analysis knowledge base construction method, homology analysis method and device. The homology analysis knowledge base construction method includes: collecting seed sample files and intermediate files generated when running in a sandbox; Perform format recognition on the above two files to obtain the format recognition result; analyze the above two files to obtain the fuzzy hash that matches the format recognition result; obtain the background information that matches the fuzzy hash; according to the background information, calculate Homology weight corresponding to fuzzy hash; build homology analysis knowledge base according to fuzzy hash, homology weight and background information. It can be seen that this method can automatically extract fuzzy hashes and globally unique identifiers of various sample files and form a homologous knowledge base, so that various devices can perform automated homologous analysis based on the homologous knowledge base, thereby avoiding The reliance on manual analysis is conducive to improving the efficiency and accuracy of homology analysis.

Description

technical field [0001] The present application relates to the field of network security, in particular, to a method for constructing a homology analysis knowledge base, a homology analysis method and a device. Background technique [0002] Cyber ​​attacks refer to attacks against computer information systems, infrastructure, computer networks, or personal computer equipment. Cyber ​​attacks specifically include acts such as destroying, modifying, and making software or services unavailable. [0003] In recent years, network security issues have become increasingly prominent, and network attacks have shown a trend of high incidence and complexity. In order to solve the problem of this type of network attack, each enterprise or manufacturer will hire some professionals to analyze network data, so that it can deal with different network threats. However, in practice, it is found that this method still cannot analyze network data in a timely and efficient manner, resulting in t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53G06F16/13G06F16/16
CPCG06F21/53G06F16/137G06F16/16
Inventor 康吉金曹剑锐樊兴华薛锋
Owner 北京微步在线科技有限公司