Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Homologous determination method and device for the malicious files

A malicious file and judgment method technology, which is applied in the field of network security, can solve the problems of poor accuracy of the same-origin judgment results, and achieve the effect of improving accuracy, reducing calculation amount, and improving accuracy

Active Publication Date: 2017-06-06
NSFOCUS INFORMATION TECHNOLOGY CO LTD +2
View PDF5 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present invention provides a method and device for judging the homology of malicious files, which is used to solve the problem of poor accuracy of judging results of homology of malicious files existing in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Homologous determination method and device for the malicious files
  • Homologous determination method and device for the malicious files
  • Homologous determination method and device for the malicious files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The technical solutions in the embodiments of the present invention will be described clearly and completely in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.

[0030] In order to solve the problem of poor accuracy of malicious file homology determination results in the prior art, in the embodiment of the present invention, each malicious file is used in four designated dimensions: process behavior, access behavior, domain name resolution behavior, and registry behavior. Under the characteristic behavior data information, determine the category to which each malicious file belongs. For each malicious file b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a homologous determination method and device for malicious files. The method and device are used for solving the problem of the lower accuracy of the homologous determination result in the prior art. The method comprises the steps that based on the characteristic behavior data information of each malicious file in the first class specified dimension, the category of each malicious file is obtained, and whether the malicious file in the corresponding category is the homologous malicious file or not is determined based on the characteristic behavior data information of each malicious file of each category in the second class specified dimension. Through the fusion analysis of the characteristic behavior data information in the multiple dimensions, the homologous malicious file is accurately judged and the accuracy of the homologous determination result is effectively improved. Moreover, after the determination of the category of the various malicious files, the homologous determination of the category of the various malicious files is conducted, so that the calculated amount of the homologous determination is decreased and the accuracy of the homologous determination result is further improved.

Description

Technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for judging malicious files from the same origin. Background technique [0002] With the continuous development of network information technology, hidden dangers of network security also follow. Among them, malicious files have become a major factor that endangers network security. Obviously, the analysis of malicious files has become an important basis for detecting and preventing malicious files. . Through analyzing a large number of malicious files, it is found that many new malicious files are variants of existing malicious files. Based on this, the prior art mainly analyzes the bit sequence of the malicious file to determine the homologous malicious file, that is, first analyzes the bit sequence of a large number of malicious file samples to obtain the bit sequence characteristics of the homologous malicious file , And then use this as a basis to de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 翟东旭周素华周振范敦球叶晓虎
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com