Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious program behavior feature library construction method and device

A technology for malicious programs and construction methods, applied in computer security devices, instruments, electronic digital data processing, etc., can solve the problems of inability to detect new malicious programs, low efficiency, and low frequency of false positives.

Active Publication Date: 2017-01-11
科来网络技术股份有限公司
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method runs fast and has low false alarm frequency, but it needs to continuously update and expand the feature words
At the same time, new malicious programs cannot be detected, and old malicious program variants can also avoid matching-based detection by adjusting instruction sequences and other methods.
As the mutation ability of malicious programs is increasing day by day, the generation of new malicious programs is accelerating, and the method of constructing the behavioral feature library of malicious programs by manual analysis is very inefficient.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious program behavior feature library construction method and device
  • Malicious program behavior feature library construction method and device
  • Malicious program behavior feature library construction method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] Embodiment 1: For example, 3 samples are collected, sample A and sample B are both malicious files, and sample C is a normal file. Put the sample set in the sandbox and run it to get the behavior operation list of each sample as follows:

[0052]Sample A Behavior Operation List 1:

[0053]

[0054] Sample B behavior operation list 2:

[0055]

[0056] Sample C Behavior Action List 3:

[0057]

[0058] Merge similar operation behaviors to get all operation behavior list 4 as follows:

[0059]

[0060] Count the sum of the total number of occurrences of all behavioral operations m=5

[0061] Calculate the maliciousness value for each behavioral action

[0062]

[0063] Sort according to the malicious degree value to get the following list of malicious behavior characteristics

[0064]

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of computer security, and particularly relates to a malicious program behavior feature library construction method and device. Aiming at the problems in the prior art, the invention provides a malicious program behavior feature library construction method and device. According to the malicious program behavior feature library construction method and device provided by the invention, behaviors are automatically extracted by a machine, and according to a malicious value sequence of the behaviors, a malicious program behavior feature library is automatically constructed, so that behavior extraction efficiency of a malicious program can be greatly improved, and a manual participation degree is reduced. According to the malicious program behavior feature library construction method and device provided by the invention, behavior operations of n sample files in a sample file set are acquired; then the behavior operations of all the sample files are subjected to merging of similar behavior operations; a malicious value of each behavior, i.e. the malicious value is equal to tf*ldf*vf, is calculated, wherein tf represents a occurrence frequency of each behavior, ldf represents a reverse sample frequency of each behavior, and vf represents a malicious frequency number of the calculated behaviors; sorting is carried out according to the malicious values of the behaviors; malicious behavior features are determined; and the malicious program behavior feature library is constructed.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method and device for constructing a malicious program behavior feature library. Background technique [0002] With the widespread use of personal computers and mobile phones, information security has increasingly become an important research direction in modern society. The detection method of malicious programs has also developed from the simple detection of static characteristic values ​​to the detection of dynamic behaviors of malicious programs. Malicious program dynamic detection mainly extracts the behavior of the program and compares it with the known malicious behavior signature database. At present, the construction of malicious behavior signature database mainly relies on manual analysis of malicious programs, mainly using feature string or feature keyword matching technology, by extracting key feature words to form a feature font library, and scanning the detected ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 罗鹰赵劲松林康
Owner 科来网络技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com