Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for constructing homology analysis knowledge base, method and device for homology analysis

A construction method and technology of knowledge base, applied in knowledge expression, computer security device, other database retrieval, etc.

Active Publication Date: 2022-04-12
北京微步在线科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, with the increasing number and complexity of malicious codes, traditional analysis methods are competent for the analysis work in the current environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for constructing homology analysis knowledge base, method and device for homology analysis
  • Method for constructing homology analysis knowledge base, method and device for homology analysis
  • Method for constructing homology analysis knowledge base, method and device for homology analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] Please see figure 1 , figure 1 A schematic flowchart of a method for constructing a homology analysis knowledge base is provided for the embodiment of the present application. Wherein, the construction method of the homology analysis knowledge base includes:

[0064] S101. Collect seed sample files.

[0065] In this embodiment, the method can collect various sample files and use them as seed sample files for homologous analysis knowledge base construction.

[0066] As an optional implementation manner, the step of collecting seed sample files includes:

[0067] Collect original sample files;

[0068] The original samples are sorted to obtain the seed sample files; wherein, the seed sample files include one or more of class library related files, shell related files, and application programs.

[0069] In this embodiment, the method can classify and organize the collected seed sample files to obtain three specific categories of files. Among them, the first category ...

Embodiment 2

[0099] Please see figure 2 , figure 2 A schematic flowchart of a homology analysis method is provided for the embodiment of the present application. Wherein, the homology analysis method includes:

[0100] S201. Obtain a sample file to be analyzed.

[0101] In this embodiment, the method receives a sample file to be analyzed for homologous analysis.

[0102] S202. Collect intermediate files generated when the sample files to be analyzed are run in the sandbox.

[0103] In this embodiment, the method uses the sandbox to analyze the input sample file to be analyzed to obtain the intermediate file.

[0104] S203. Perform format recognition on the sample file to be analyzed and the intermediate file, and obtain a format recognition result.

[0105] S204. Based on the format recognition result, extract the file character string contained in the sample file to be analyzed and the intermediate file.

[0106] In this embodiment, the method can statically analyze the sample fil...

Embodiment 3

[0123] Please see image 3 , image 3 It is a schematic structural diagram of an apparatus for constructing a homology analysis knowledge base provided in an embodiment of the present application. Such as image 3 As shown, the construction device of the homology analysis knowledge base includes:

[0124] A first collection unit 310, configured to collect seed sample files;

[0125] The first collecting unit 310 is also used to collect intermediate files generated when the seed sample files are running in the sandbox;

[0126] The first recognition unit 320 is configured to perform format recognition on the seed sample file and the intermediate file to obtain a format recognition result;

[0127] The first extracting unit 330 is used to extract the file string contained in the seed sample file and the intermediate file based on the format recognition result;

[0128] The first filtering unit 340 is configured to filter and classify file strings to obtain meaningful string...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application provides a homology analysis knowledge base construction method, homology analysis method and device, the method comprising: collecting seed sample files; collecting intermediate files generated when the seed sample files are running in a sandbox; Perform format recognition on the intermediate file to obtain the format recognition result; based on the format recognition result, extract the file string contained in the seed sample file and the intermediate file; filter and classify the file string to obtain a meaningful string; obtain and meaningful characters The background information corresponding to strings; according to the meaningful strings and background information, a homology analysis knowledge base is constructed. It can be seen that implementing this embodiment can create a homologous analysis knowledge base for analyzing malicious strings, so that the homologous analysis database can be used to quickly classify malicious codes, so as to efficiently determine the source of malicious codes, and trace the effects of the family or organization to which it belongs.

Description

technical field [0001] The present application relates to the field of network security rights, in particular, to a method for constructing a homology analysis knowledge base, a homology analysis method and a device. Background technique [0002] Traditionally, in order to deal with network attacks based on malicious codes, the industry has developed security products such as anti-virus software. However, with the increasing number and complexity of malicious codes, traditional analysis methods are competent for the analysis work in the current environment. Therefore, how to quickly classify malicious codes, determine the source of malicious codes, and trace the families or organizations they belong to has become one of the problems that need to be solved urgently. Contents of the invention [0003] The purpose of the embodiment of the present application is to provide a homology analysis knowledge base construction method, homology analysis method and device, which can c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F16/903G06N5/02
CPCG06F21/561G06F16/90344G06N5/022G06F2221/033
Inventor 康吉金温杰辉曹剑锐樊兴华薛锋
Owner 北京微步在线科技有限公司