Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for classifying malicious software

A malicious software and classification method technology, applied in computer security devices, special data processing applications, instruments, etc., can solve the problem of low accuracy and achieve the effect of improving accuracy and classification

Active Publication Date: 2014-03-19
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Embodiments of the present invention provide a malware classification method and device to solve the problem of low accuracy in classifying malware in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for classifying malicious software
  • Method and device for classifying malicious software
  • Method and device for classifying malicious software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] like image 3 As shown, the specific flow chart of the implementation of the malicious software classification method provided by the embodiment of the present invention mainly includes the following steps:

[0066] Step 31, determining the characteristic behavior of the obtained malicious software;

[0067] Among them, the characteristic behaviors of the acquired malware can include:

[0068] When it is detected that the specified registry file exists, the behavior of stopping the operation;

[0069] When it is detected that the specified registry file exists, the behavior of deleting the specified registry file;

[0070] When it is detected that the specified software disk file exists, the behavior of stopping the operation;

[0071] When it is detected that the specified software disk file exists, the act of deleting the specified software disk file;

[0072] When the specified process is detected, the behavior of stopping the operation;

[0073] When it is dete...

Embodiment 2

[0086] like Figure 4 As shown, the specific flow chart of the implementation of the malicious software classification method provided by the embodiment of the present invention mainly includes the following steps:

[0087] Step 41, determining the characteristic behavior of the obtained malicious software;

[0088] Among them, the characteristic behaviors of the acquired malware may include:

[0089] When it is detected that the specified registry file exists, the behavior of stopping the operation;

[0090] When it is detected that the specified registry file exists, the behavior of deleting the specified registry file;

[0091] When it is detected that the specified software disk file exists, the behavior of stopping the operation;

[0092] When it is detected that the specified software disk file exists, the act of deleting the specified software disk file;

[0093] When the specified process is detected, the behavior of stopping the operation;

[0094] When it is det...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for classifying malicious software to solve the problem that in the prior art, the accuracy is low when the malicious software is classified. The method includes the steps of setting up a virtual process corresponding to process information according to the process information which is generated in advance on the basis of feature behaviors of obtained malicious software; running malicious software to be classified, recording dynamic behaviors which are generated by the malicious software to be classified for set virtual installation records and the set virtual process; outputting the dynamic behaviors of the records to a malicious software classifying tool so that the malicious software classifying tool can classify the malicious software to be classified according to the recorded dynamic behaviors, wherein the virtual installation records are set up according to the software installation information which is generated in advance on the basis of the feature behaviors of the obtained malicious software.

Description

technical field [0001] The invention relates to the technical field of computer information security, in particular to a malware classification method and device. Background technique [0002] Malware is used to collectively refer to any variety of malicious programs including viruses, worms, Trojan horses, and spyware. In recent years, there has been less pure malware (such as malware that is purely for pranks or experiments) due to profit-driven relationships, and more malware with backdoors that allow attackers to remotely control malicious software. Malware of infected machines, machines infected by this kind of malware are often called "broilers", so this kind of malware is often called "broiler" type malware, and controlled networks composed of "broilers" are usually Known as "botnets", attackers usually use their own "botnets" to attack in distributed denial of service (Distributed Denial of Service, DDoS) attacks, bank card password theft, spam sending, and sensitiv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F17/30
CPCG06F21/566G06F2221/033
Inventor 刘亚周大
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com