Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for dynamic multilevel behavioral analysis of malicious code

A malicious code and behavior analysis technology, applied in the field of network security, can solve problems such as weak organization and utilization of tainted information, lack of upper-level information, and limited instruction-level data, and achieve the effect of improving behavior analysis capabilities

Inactive Publication Date: 2015-08-19
INST OF INFORMATION ENG CAS
View PDF2 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the current malicious code dynamic taint analysis, which has weak taint information organization and utilization capabilities, and is limited to instruction-level data and lacks upper-level information, the purpose of the present invention is to provide a dynamic multi-layer malicious code behavior analysis method and system. By proposing a taint data propagation graph combining instruction level and function level, recording and integrating instructions and upper-level function operations during the dynamic execution of malicious code, so as to realize the extraction and analysis of instruction and function-level behavior sequences during malicious code execution, While the fine-grained instruction information is sufficient, it also provides function information with semantic information, thereby improving the ability to analyze malicious code behavior mechanisms and providing sufficient support for detection and prevention

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for dynamic multilevel behavioral analysis of malicious code
  • Method and system for dynamic multilevel behavioral analysis of malicious code
  • Method and system for dynamic multilevel behavioral analysis of malicious code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The present invention will be further described below through specific embodiments and accompanying drawings.

[0029] Such as figure 1 Shown, the dynamic multi-level malicious code behavior analysis method of the present invention, its step comprises:

[0030] 1. Extract instruction information for malicious code execution.

[0031] The invention monitors and extracts instruction information executed by the malicious code by running the malicious code in the virtualized operation of the hardware simulator. In order to realize high-transparency monitoring, the present invention implements instruction monitoring and extraction at an instruction translation layer of a hardware simulator.

[0032] Specifically, modify the instruction translation module in the hardware simulator to realize instruction translation one by one, and then add a disassembly engine to disassemble each instruction in the instruction translation module, realizing the instruction type and The iden...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and a system for dynamic multilevel behavioral analysis of malicious code. The method comprises the following steps of running the malicious code in a hardware simulator, and extracting command information executed by the malicious code in a running process; intercepting a key function executed by the malicious code in a simulation memory of the hardware simulator in the running process of the malicious code; constructing a multilevel malicious code behavior diagram according to the obtained command information and the key function information of the malicious code; and utilizing the multilevel malicious code behavior diagram to carry out forward or adverse behavioral analysis from any node according to the analysis requirement. The system comprises the hardware simulator, a command information extraction module, a function information extraction module, a behavior diagram construction module and a behavioral analysis module. According to the method and the system, the analytical ability of a behavior mechanism of the malicious code is improved to provide a sufficient support for detection and prevention of the malicious code.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a dynamic multi-level malicious code behavior analysis method and system. Background technique [0002] Computers and the Internet have gradually become an important part of society and life. At the same time, the potential harm of malicious code, one of the main threats, is becoming increasingly serious, and has become one of the important issues that need to be faced to ensure computer and Internet security. The technology of malicious code is constantly developing, and it is constantly updated with the advancement of computer and Internet technology, making the security problems it faces increasingly severe. Malicious codes continue to produce new variants and even new types, so malicious code analysis has become an enduring research topic that cannot be ignored. How to analyze the malicious code behavior most effectively and fully analyze the malicious c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
Inventor 王蕊李盟张道娟
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products