Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious code analysis method and system under Linux platform

A malicious code and analysis system technology, applied to the malicious code analysis method and system field under the Linux platform, can solve the problems of not being able to obtain information related to malicious code, poor robustness, and instruction trapping, so as to improve speed and avoid performance Loss, the effect of improving usability

Active Publication Date: 2014-10-15
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The premise of this method is that the application request needs to be trapped into the kernel through the INT 0x80 instruction, but for the SYSENTER or SYSCALL instruction, this method will fail
[0006] (2) For the method of intercepting the system call by reading the / dev / kmem device file to obtain the address of the system call table, there are potential security risks
[0007] (3) The interception of system calls involved in the traditional malicious code analysis method is at the system call layer, above the VFS layer, and more and more specific information related to malicious code cannot be obtained
[0008] (4) Modifying the system call table will cause security risks, and the robustness is not good in a multi-threaded environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code analysis method and system under Linux platform
  • Malicious code analysis method and system under Linux platform
  • Malicious code analysis method and system under Linux platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] figure 1 It is a flowchart of the malicious code analysis method under the Linux platform of the present invention. Such as figure 1 As shown, the method includes:

[0065] Step 1, set key file information to be monitored, and display it in an interface, wherein the key file information includes: file name, user UID to which the file belongs, user group GID, and file access rights;

[0066] Step 2, load and execute the malicious code that needs to be analyzed, and set the process to be monitored according to the content displayed on the interface;

[0067] Step 3, passing the key file information and monitoring process information to the monitoring module of the kernel space, and the monitoring module synchronously generates a key file list and a monitoring process information list according to the key file information and the monitoring process information;

[0068] Step 4, the monitoring module monitors the monitored process's access to the key file in real time, a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious code analysis method and system under a Linux platform. According to the method and the system provided by the invention, dynamic loading can be realized by using an LKM (Loadable Kernel Module) technology, a position of intercepting system call is positioned between a VFS (Virtual File system) layer and a detailed file system so as to acquire more information related to file operation and provide more accurate and useful monitoring information. The system call can be intercepted without the need of correcting a system call table, so that the potential safety hazards brought by the traditional method of correcting the system call table are avoided; a shared memory mechanism is adopted to increase the communication speed of a kernel module and a user progress, and the data volume of communication transmission; key files and progresses needing to be monitored are selected by a user so as to improve the usability, the flexibility and the high efficiency of the system, and the demands of the user on malicious code analysis are well met; the selected malicious code progresses and a plurality of important key files are monitored so as to avoid great performance loss of the system and improve the operation speed of the analysis system.

Description

technical field [0001] The invention relates to the field of malicious code analysis under the Linux platform, in particular to a malicious code analysis method and system under the Linux platform. Background technique [0002] While the Internet brings convenience and efficiency to people's lives, security threats are increasing year by year. A large number of viruses and Trojan horses on the network have caused serious harm to people's property, social production safety and national information security. Among various hazards, the loss and harm caused by executable malicious code is particularly prominent. The prevalence of malicious codes has awakened people's security awareness and prompted people to study malicious codes from various aspects. With the continuous development and progress of malicious codes, all kinds of malicious codes are endless and unpredictable. Traditional malicious code debugger debugging detection methods and sample analysis techniques have long...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 何振学田昕晖孙毓忠
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com