Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for determining malicious code based on calling relation

A malicious code and call relationship technology, applied in the malicious code judgment method and system field based on the call relationship, can solve the problems of low detection efficiency, missing the best time to intercept viruses, and increasing the detection cost of malicious samples, so as to reduce the degree of distortion, The effect of improving accuracy and efficiency

Inactive Publication Date: 2018-05-22
WUHAN ANTIY MOBILE SECURITY
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This detection efficiency is low, which not only increases the cost of malicious sample detection, but also misses the best time to intercept viruses, which may poison more common user devices (mobile phones, computers, etc.)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for determining malicious code based on calling relation
  • Method and system for determining malicious code based on calling relation
  • Method and system for determining malicious code based on calling relation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention provides a method for judging malicious code based on calling relationships and system embodiments, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and characteristics of the present invention The advantages can be more obvious and easy to understand, and the technical solution in the present invention will be further described in detail below in conjunction with the accompanying drawings:

[0030] The present invention firstly provides Embodiment 1 of a method for judging malicious code based on calling relationship, as figure 1 shown, including:

[0031] S11, decompile the program to be detected and obtain pseudocode.

[0032] S12, parsing the pseudocode and building a call structure tree.

[0033] Specifically, the pseudocode may be parsed to obtain information about each function, and a call structure tree m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for determining malicious codes based on calling relations. The method comprises: decompiling a to-be-detected program and obtaining pseudocode; analyzingthe pseudocode and establishing a calling structure tree; traversing the calling structure tree, to obtaining behavior data of the to-be-detected program, when the obtained behavior data is matched with predefined malicious behavior data, determining that the to-be-detected program has malicious codes, wherein the malicious behavior data includes malicious behavior, and calling relations or calling positions of malicious behaviors. In the technical scheme, through converting the calling relations of programs to hierarchical relations of the calling structure tree, more detailed program information is provided to a machine, and finally accuracy of malicious code determination is improved.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for judging malicious codes based on calling relationships. Background technique [0002] As society moves towards the Internet era, the rapid development of the Internet has also improved people's lives, but it has also attracted many malicious application developers who attempt to make illegal profits from it. The number of malicious applications is growing at an unprecedented rate, and various new viruses and variant viruses are updated more and more frequently. These problems can no longer be solved by human judgment alone. How to use machines to identify viruses in a smarter and more accurate way has become the key to solving the problem. [0003] At present, the static detection technology for malicious code is mainly through decompilation, and malicious determination is made on the decompiled pseudo-code data. That is, the sensitive funct...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 徐荣力乐东乔伟
Owner WUHAN ANTIY MOBILE SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com