Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for extracting malicious code behavior characteristic

A malicious code and feature extraction technology, applied in the field of network security, can solve the problems of low feature accuracy, huge feature library, and inability to extract, and achieve the effect of eliminating feature changes, enhancing anti-interference, and small size of the feature library

Inactive Publication Date: 2013-02-13
GRADUATE SCHOOL OF THE CHINESE ACAD OF SCI GSCAS
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0016] To sum up, the main problems of malicious code feature extraction at present are: the system that analyzes and tracks malicious code to extract features has the same authority as malicious code, and complex hiding techniques can bypass analysis so that features cannot be extracted; Data dependence and control rely on information representation features, and the accuracy of features is not high; the extraction is mostly aimed at a single malicious code sample, and the variants generated by obfuscation techniques cannot be detected, and the feature adaptability is not strong; variants produced by slight obfuscation techniques will generate new features , the feature library is huge, which brings storage and matching time complexity hidden dangers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for extracting malicious code behavior characteristic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] The technical scheme of the present invention is described in detail below in conjunction with accompanying drawing:

[0068] Such as figure 1 As shown, a malicious code feature extraction method based on control dependence and data dependence, including steps:

[0069] 1. Extract the execution instruction sequence and behavior sequence of the malicious code.

[0070] The malicious code is executed in the environment of the hardware simulator by adopting the method recorded in the translation layer of the hardware simulator. By adding a disassembly engine at the translation level, all instructions and register information executed by malicious code samples are recorded after the instructions are translated and before execution. For the extraction of the behavior sequence, it is necessary to obtain the API address and parameters. After the process is loaded and before the code is executed, the present invention reads the memory of the process through the virtual machin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for extracting a malicious code behavior characteristic, which belongs to the technical field of network security. The method comprises the following steps of: 1) running a malicious code and extracting executive information of the malicious code, wherein the executive information comprises an executive instruction sequence and a behavior sequence of the malicious code; 2) constructing a control dependence graph and a data dependence graph for executing the code according to the executive information; 3) comparing relevance of the control dependence graph and the data dependence graph and recording related relevance information; and 4) comparing the control dependence graphs and the data dependence graphs of different malicious codes and extracting characteristic dependency of each type of samples according to similarity clustering. Compared with the prior art, the method has the characteristics of complete information extraction, high anti-interference performance, certain applicability to varieties of a single sample characteristic, small-sized characteristic library and wide application range.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a malicious code behavior feature extraction method. Background technique [0002] With the increasing application of computers in various fields, malicious codes have become one of the main threats to the current Internet and computer security, and malicious code detection has become an important issue in software and system security. With the continuous development of computer technology, malicious code presents the characteristics of fast transmission speed, strong infection ability, and great destructive power, causing more and more serious security impacts and even economic losses. With the development of malicious code technology, it can generate a large number of variants in a short period of time by using obfuscation technology and concealment technology. Traditional feature extraction and matching methods based on code features cannot effectively pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 王蕊杨轶冯登国
Owner GRADUATE SCHOOL OF THE CHINESE ACAD OF SCI GSCAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com