Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for analyzing suspicious codes

A code analysis and code technology, which is applied in the direction of program control devices, computer security devices, instruments, etc., can solve problems such as inappropriate, virtual machines cannot fully provide virtualization, and interference without detailed description, so as to avoid the effect of impact

Active Publication Date: 2010-06-09
CHENGDU HUAWEI TECH
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In the process of realizing the present invention, the inventors found that there are at least the following problems in the prior art: since the operating system-level virtual machine is dependent on the operating system, most of the operating system kernel cannot be modified, and some of the system Programs or components are closely dependent on these kernel structures, so the operating system-level virtual machine cannot fully provide virtualization; because it cannot fully provide virtualization, the existing operating system-level virtual machine can be directly used to analyze the behavior of suspicious code It is inappropriate; most of the systems implemented using this theory only mentioned how to limit VM APP (referring to the process running in the virtual machine) to the VM, but did not elaborate on how to prevent VM APP from interfering with the host system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for analyzing suspicious codes
  • Method and device for analyzing suspicious codes
  • Method and device for analyzing suspicious codes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, and are not intended to limit the present invention.

[0027] Please refer to figure 1 , which is a schematic flowchart of a suspicious code analysis method according to an embodiment of the present invention, the steps of which include:

[0028] Step S10: Create a code virtual execution environment, and the code virtual execution environment creates common processes of the host system.

[0029] First, start the suspicious code behavior collection and analysis environment program (MCVEE.EXE), and initialize the suspicious code behavior collection and analysis environment. The initialization process includes: loading each functiona...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a method for analyzing suspicious codes. A virtual executing environment of codes is created and is used for creating a common process of a host system; the operation of the common process of the suspicious codes to the host system is redirected to the process created by the virtual executing environment of the codes; the operation of the suspicious codes to a file system or a registration table of the host system is redirected to a virtual file system or a virtual registration table created by the virtual executing environment of the codes; the behavior characteristics of the suspicious codes in operation are recorded and stored as a log file; and the log file is transmitted to the host system by a named pipe for analysis, wherein the named pipe is invisible to the suspicious codes in the virtual executing environment of the codes. The embodiment of the invention also provides a device for analyzing the suspicious codes. The embodiment prevents the suspicious codes from influencing the process of the host system.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a suspicious code analysis method and device. Background technique [0002] The suspicious code behavior analysis environment is theoretically a virtual execution environment, and the theoretical basis for establishing this virtual execution environment is the virtual machine (virtual machine, VM) technology. [0003] The traditional virtual machine technology is the so-called hardware-level virtual machine. Its theoretical principle is to virtualize the hardware and provide an interface to the VM running on it. Each VM runs an independent GuestOS. Each GuestOS thinks that It runs independently on the hardware itself. The design and implementation of hardware-level virtual machines are very complicated, and the specific implementation schemes of each virtual machine are different, such as: VmWare, Microsoft Virtual PC, but their general idea is the same, which is to vi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/455G06F21/22G06F21/55
Inventor 张小松陈厅顾凌志杨玉奇杜欢白皓文
Owner CHENGDU HUAWEI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com