Malicious network behavior identification method and device based on network gene technology

A technology of network genes and identification methods, applied in the field of Internet of Things network communication security, can solve the problems of little effect, increased killing time, unable to meet the security requirements of the Internet of Things, etc., and achieve the effect of low missed judgment rate.

Active Publication Date: 2018-05-22
河南信息安全研究院有限公司
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, the existing solutions all equate the Internet of Things with the Internet, and directly apply traditional Internet security methods to the Internet of Things. However, traditional security technology methods, such as malicious code binary features and malicious code behavior characteristics, have several obvious defects. Unable to meet IoT security requirements
[0004] 1. Traditional technical means include two categories: static technology based on malicious code binary features as the basis for identification and dynamic technology based on malicious code behavior characteristics as the basis for identification. The disadvantage of static technology is that it can only identify existing features in the feature library Malicious code, as the types of malicious code increase sharply, the signature database will become larger and larger, and the detection and killing efficiency will drop sharply. However, due to the large number of IoT terminals, the detection and killing time will increase exponentially
The disadvantage of dynamic technology is that it needs a virtual environment to execute malicious code, so it can only run on user terminals, and it is difficult to use it in the protection of high-speed links. However, most IoT terminals are micro-terminal systems, or even without systems, dynamic technology cannot run at all
[0005] 2. Regardless of the "dynamic" or "static" malicious code identification technology, it is necessary to analyze the malicious code. However, most people in the security industry still use semi-manual and semi-automatic dynamic debugging technology to analyze malicious code. "Behavior" and "symptoms" are distinguished. For increasingly large and professional malicious codes, semi-automatic analysis and detection are inefficient and have little effect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious network behavior identification method and device based on network gene technology
  • Malicious network behavior identification method and device based on network gene technology
  • Malicious network behavior identification method and device based on network gene technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] Such as figure 1 As shown, a method for identifying malicious network behavior based on network gene technology of the present invention comprises the following steps:

[0050] Step S101: Construct the network gene bank of the terminal and the cloud.

[0051] Step S102: Identify malicious network behaviors based on the network gene pool.

Embodiment 2

[0053] Such as figure 2 As shown, another network malicious behavior identification method based on network gene technology of the present invention comprises the following steps:

[0054] Step S201: constructing a terminal and cloud network gene bank, including:

[0055] Step S2011: Collect a large number of malicious code samples, analyze the malicious code samples through reverse engineering, express the malicious code in an intermediate language, use the concept of network genes to define the gene fragments of the samples, and extract all the gene fragments of the samples from the binary files to form a gene Sequence; as an implementable mode, the intermediate language is rtl;

[0056]Step S2012: Form a sample behavior sequence set, and establish a mapping relationship between the sample gene sequence and the behavior sequence;

[0057] Step S2013: Store the gene sequence, behavior sequence, and mapping relationship in the cloud gene bank at the same time;

[0058] Ste...

Embodiment 3

[0066] Such as image 3 As shown, a network malicious behavior identification device based on network gene technology of the present invention includes:

[0067] The terminal and cloud network gene bank construction module 301 is used to construct the terminal and cloud network gene bank.

[0068] The malicious network behavior identification module 302 is configured to identify malicious network behaviors based on the network gene database.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of network communication security of the Internet of Things (IoT), and particularly relates to a malicious network behavior identification method and device based on the software gene technology. The malicious network behavior identification method based on the software gene technology comprises the following steps: constructing a network gene bank forterminals and the cloud; and carrying out malicious network behavior identification based on the network gene bank. The malicious network behavior identification device based on the software gene technology comprises a terminal and cloud network gene bank construction module, and a malicious network behavior identification module, wherein the terminal and cloud network gene bank construction module is used for constructing the network gene bank for the terminals and the cloud; and the malicious network behavior identification module is used for carrying out the malicious network behavior identification based on the network gene bank. The malicious network behavior identification method and device based on the software gene technology provided by the invention has the advantages that the gene detection efficiency is improved, and high IoT security is guaranteed.

Description

technical field [0001] The invention belongs to the technical field of network communication security of the Internet of Things, and in particular relates to a network malicious behavior identification method and device based on network gene technology. Background technique [0002] Today's society has entered the information network era of "everywhere online, everywhere interconnected", and the Internet of Things, as an important part of the communication network, plays an important role in the construction of national key infrastructure, industrial control systems, smart home, etc. How to ensure the information security of the Internet of Things has become the core content of national network security. [0003] However, the existing solutions all equate the Internet of Things with the Internet, and directly apply traditional Internet security methods to the Internet of Things. However, traditional security technology methods, such as malicious code binary features and mali...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F21/56
CPCG06F21/563G06F2221/033H04L63/0236H04L63/1408H04L63/1441H04L63/30
Inventor 戴青贾俊亮崔平非
Owner 河南信息安全研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap