Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Automatic analysis method and system of malicious codes based on API (application program interface) HOOK

A malicious code, automatic analysis technology, applied in the field of malicious code, can solve the problem of slow analysis and detection

Inactive Publication Date: 2012-01-11
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 64 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If this method is used to identify a large number of malicious code samples, the speed of analysis and detection will be very slow

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic analysis method and system of malicious codes based on API (application program interface) HOOK
  • Automatic analysis method and system of malicious codes based on API (application program interface) HOOK
  • Automatic analysis method and system of malicious codes based on API (application program interface) HOOK

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The technical scheme of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0027] figure 1 Show the step diagram of concrete implementation of the present invention, in order to describe the present invention clearly, describe a specific embodiment below, detailed figure 1 The steps are as follows:

[0028] S101 Enumerate system processes, find sample processes, start the malicious code monitoring system by means of remote thread injection, register and load each module

[0029] S102 When a sample is finished running, the log report is analyzed, and after the system is restored, check whether there are still samples in the sample set directory, and end if not

[0030] S103 Start the sample process in the suspend state. At this time, the sample process has been created, but it is not running

[0031] S104 Inject the file monitoring module, network monitoring module, registry monitoring module, and process monitorin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an automatic analysis method and system of malicious codes based on an API (application program interface) HOOK. An API HOOK technology and a remote thread implantation technology are utilized to monitor samples; influences of the malicious codes on the whole system in an operation process are recorded, and a dynamic analysis report is automatically generated; influences of malicious code samples on a file, a network, and a registry and a key process are recorded, and when the operation of the samples ends, the system recovers the state before the samples are executed; the whole monitoring, recording and reduction process ends automatically without manual intervention; monitoring software can only run a sample each time, the monitoring software is used for monitoring the host process of the samples and process threads created by the host process of the samples, and when the monitoring software finishes the monitoring, the system recovers the state before the samples are operated; behaviors such as creation, deletion, modification and the like of the malicious code samples on the file are detected, operation behaviors of the malicious code samples on the network are detected, behaviors such as addition, deletion, modification and the like of the malicious code samples on the registry are detected, and operation behaviors of the malicious code samples on the create process are detected; and finally the dynamic monitoring report on the malicious code samples is submitted, and when the monitoring is finished, the monitoring software carries out inversion operation to restore the system to the state before the samples are operated according to the operations and influences of the samples on an operating system. The intelligent analysis technology of the malicious codes is suitable for analyzing a great deal of samples without the manual intervention, and is quicker in analysis speed and less in garbage in the analysis report.

Description

technical field [0001] The present invention relates to malicious code. Background technique [0002] The present invention monitors samples by utilizing API hook technology and remote thread injection technology. The invention records the influence of the malicious code on the entire system during the running process, and automatically generates a dynamic analysis report to record the influence of the malicious code sample on the file, network, registry, and process. After the sample runs, the system is restored to the sample state before execution. It not only has an automatic analysis function (the whole process of monitoring, recording and restoration does not require manual intervention), but also is suitable for the analysis of a large number of samples without manual intervention, the analysis speed is relatively fast, and the useless information in the analysis report is relatively small. [0003] At present, there are also some related patents, as follows: [000...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00H04L12/26G06F21/56
Inventor 周世杰秦志光余圣周佩颖陈陪陈晋福
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com