Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Sandbox-based malicious program behavior analysis processing method and system

A technology for behavior analysis and malicious programs, applied in electrical digital data processing, instruments, computing, etc., can solve problems such as inability to ensure equipment security, lack of security design defects, etc., to improve compatibility, avoid interference problems, and strengthen analysis. performance effect

Pending Publication Date: 2022-05-13
UNIV OF JINAN
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, the inventors found that the previous malicious codes were often designed for the x86 or x64 architecture, but now with the wide application of personal mobile terminals, the Internet of Things and embedded devices, the hardware platforms of these devices are often not the above two Architecture, but multi-architecture implementations such as MIPS and ARM architectures. This series of changes, coupled with the lack of security design flaws and many other factors, have led to a variety of malicious codes spreading on the Internet today.
In addition, for different hardware architectures and systems, it may be recognized by it so that it cannot expose the running behavior as fully as possible
Moreover, the current malicious samples will communicate with the real network when running. If the traffic generated by the malicious code is directly allowed to go to the real Internet when analyzing the malicious code, the security of other devices on the network cannot be guaranteed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sandbox-based malicious program behavior analysis processing method and system
  • Sandbox-based malicious program behavior analysis processing method and system
  • Sandbox-based malicious program behavior analysis processing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] The purpose of this embodiment is to provide a sandbox-based malicious program behavior analysis and processing method.

[0055] A sandbox-based malicious program behavior analysis and processing method, which is executed in a network programming virtual execution environment, the method includes:

[0056] The daemon receives user instructions or according to configuration information, loads and starts the main components of the sandbox program;

[0057] Monitor the communication interface through the task management component, build a local task list and connect to the malicious sample database;

[0058] Run tasks from the malicious sample database according to the sandbox configuration file;

[0059] Use the task scheduling component to deploy relevant environments for the acquired tasks and generate configuration files, register and start the sandbox instance control component;

[0060] receiving the configuration file of the task scheduling component through the s...

Embodiment 2

[0295] The purpose of this embodiment is to provide a sandbox-based malicious program behavior analysis and processing system.

[0296] A sandbox-based malicious program behavior analysis and processing system, including:

[0297] The preprocessing module is used for the daemon program to receive user instructions or according to configuration information, load and start the main components of the sandbox program; monitor the communication interface through the task management component, build a local task list and connect to the malicious sample database;

[0298] Task malicious behavior analysis and processing module, which is used to run tasks from the malicious sample database according to the sandbox configuration file; through the task scheduling component, perform relevant environment deployment and generate configuration files for the acquired tasks, register and start the sandbox instance control component; Receive the configuration file of the task scheduling compone...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a sandbox-based malicious program behavior analysis processing method and system, the method is executed in a network programming virtual execution environment, and the method comprises the following steps: starting a sandbox daemon, loading configuration information and loading a sandbox program main component; the task management component performs all necessary initialization operations and monitors a communication interface; the task management component starts to run tasks and generates a working environment for each task; the task instance control component enters a working directory and prepares to start a task; the sandbox virtual machine agent component cooperates with the task instance control component to start a task; the task control instance controls and reports a task state; and the task scheduling component collects the completed tasks, and calls each functional component to process and file the tasks.

Description

technical field [0001] The disclosure belongs to the technical field of malicious program behavior interconnection, and in particular relates to a sandbox-based malicious program behavior analysis and processing method and system. Background technique [0002] The statements in this section merely provide background information related to the present disclosure and do not necessarily constitute prior art. [0003] In recent years, with the rapid development of the Internet, many new devices connected to the Internet have emerged, which has led to a rapid increase in the number of devices connected to the Internet worldwide. The resulting new business models and the need for closer interaction between humans and the world are also Gradually developing, the degree of connection between people and hardware, machines and the Internet continues to increase. It is no exaggeration to say that today's Internet of Things and embedded devices are widely distributed in every corner of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/53G06F21/55G06F21/56
CPCG06F21/53G06F21/552G06F21/562
Inventor 陈贞翔李恩龙朱宇辉荆山杨波彭立志赵川
Owner UNIV OF JINAN
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com