Software Behavior Analysis Method Based on Function Template

A function template and behavior analysis technology, applied in the field of information security, can solve the problems of insufficient detection of malicious software behavior, and achieve the effect of simple and easy method of software behavior detection

Inactive Publication Date: 2017-06-30
航天中认软件测评科技(北京)有限责任公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] At present, the method of hidden Markov chain is often used to establish the state transition diagram of software behavior, but the method of hidden Markov chain adopts a fuzzy concept for each state, not a definite value or state, so when detecting malware behavior deficiencies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software Behavior Analysis Method Based on Function Template
  • Software Behavior Analysis Method Based on Function Template
  • Software Behavior Analysis Method Based on Function Template

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] like figure 2 As shown, the detection of RSS reader software is taken as an example.

[0038] Step 1: Preprocessing.

[0039] Step 1.1: Insert the segmentation function int3 between each two functions of the RSS reader software source code, the segmentation function int3 simulates the operation of the software breakpoint, and use each segmentation function int3 as a mark, and the marked RSS reader software source code is called Tagged RSS Reader Source Code, and the corresponding software is called Tagged RSS Reader Software (see figure 2 (a)).

[0040]

[0041]

[0042] Step 2: Modeling.

[0043] Step 2.1: First define the concepts involved in the modeling:

[0044] Node: This method analyzes the function in the source code of the marked RSS reader as a unit. The definition of the node includes the function in the source code of the marked RSS reader, the source file name to which the function in the source code of the marked RSS reader belongs, and the mar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A software behavior analysis method based on a function template belongs to the field of information security. It includes three steps, namely preprocessing, modeling and detection, in which the preprocessing realizes the marking of the software source code by inserting a custom segmentation function, so as to obtain the marked software source code and the marked software; the modeling includes Mark the function call relationship in the source code to establish a software source code function transition graph, and monitor the APIs called by running the marked software, so as to obtain the minimum function block transfer graph of the software API; detection includes preprocessing the software source code to be tested, Modeling, obtaining the function transfer diagram of the source code of the software to be tested and the transfer diagram of the smallest function block of the API of the software to be tested, and comparing it with the function transfer diagram of the software source code and the transfer diagram of the smallest function block of the software API generated by modeling, Determine whether the behavior of the software under test is abnormal. The method of the invention is simple and easy, and can effectively realize the monitoring of software behavior.

Description

[0001] Technical field: [0002] The invention relates to a software behavior analysis technology, in particular to a software behavior analysis method, which belongs to the field of information security. Background technique [0003] Today, with the development of information technology, when people solve practical problems, the demand for software is also increasing, which also promotes the further development of the software industry. With the increase of people's demands, the function of software is becoming more and more complicated, and the scale is getting bigger and bigger. At the same time, the security of software is not only related to the details of our life, but also has an inseparable relationship with the security of society and the country. [0004] However, not all software can run normally according to the intention of the software writer. Some software has abnormal functions when it is attacked. s consequence. [0005] In the construction of information sy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 赖英旭赵轶文刘静高一为
Owner 航天中认软件测评科技(北京)有限责任公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap