Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Function template based software behavior analysis method

A function template and behavior analysis technology, applied in the field of information security, can solve the problem of insufficient detection of malicious software behavior, and achieve the effect of simple and easy method of software behavior detection

Inactive Publication Date: 2015-07-01
航天中认软件测评科技(北京)有限责任公司
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] At present, the method of hidden Markov chain is often used to establish the state transition diagram of software behavior, but the method of hidden Markov chain adopts a fuzzy concept for each state, not a definite value or state, so when detecting malware behavior deficiencies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Function template based software behavior analysis method
  • Function template based software behavior analysis method
  • Function template based software behavior analysis method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] Such as figure 2 As shown, the detection of RSS reader software is taken as an example.

[0037] Step 1: Preprocessing.

[0038] Step 1.1: Insert the segmentation function int3 between each two functions of the RSS reader software source code, the segmentation function int3 simulates the operation of the software breakpoint, and use each segmentation function int3 as a mark, and the marked RSS reader software source code is called Tagged RSS Reader Source Code, and the corresponding software is called Tagged RSS Reader Software (see figure 2 (a)).

[0039]

[0040]

[0041] Step 2: Modeling.

[0042] Step 2.1: First define the concepts involved in the modeling:

[0043] Node: This method analyzes the function in the source code of the marked RSS reader as a unit. The definition of the node includes the function in the source code of the marked RSS reader, the source file name to which the function in the source code of the marked RSS reader belongs, and the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a function template based software behavior analysis method and belongs to the field of information safety. The method comprises three steps of pretreatment, modeling and detection. Pretreatment comprises inserting a self-defined partition function to achieve software source code marking to obtain marked software source codes and marked software; modeling comprises setting a software source code function transform diagram according to the function calling relation in the marked source codes, and monitoring the called API by running the marked software to obtain a software API minimum function block transfer diagram; detection comprises performing pretreatment and modeling on to-be-tested software source codes to obtain a to-be-tested software source code function transfer diagram and a to-be-tested software API minimum function block transfer diagram, and comparing the to-be-tested software source code function transfer diagram and the to-be-tested software API minimum function block transfer diagram with the software source code function transfer diagram and the software API minimum function block transfer diagram to determine whether to-be-tested software behaviors are abnormal. The method is simple and easy to implement, and the software behaviors can be monitored effectively.

Description

Technical field: [0001] The invention relates to a software behavior analysis technology, in particular to a software behavior analysis method, which belongs to the field of information security. Background technique [0002] Today, with the development of information technology, when people solve practical problems, the demand for software is also increasing, which also promotes the further development of the software industry. With the increase of people's demands, the function of software is becoming more and more complicated, and the scale is getting bigger and bigger. At the same time, the security of software is not only related to the details of our life, but also has an inseparable relationship with the security of society and the country. [0003] However, not all software can run normally according to the intention of the software writer. Some software has abnormal functions when it is attacked. s consequence. [0004] In the construction of information systems s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
Inventor 赖英旭赵轶文刘静高一为
Owner 航天中认软件测评科技(北京)有限责任公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products