Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Family decision method and system based on code slicing, and storage medium

A slicing and family technology, applied in the field of network security, can solve problems such as the inability to establish a unified feature abstract family determination

Active Publication Date: 2018-05-25
HARBIN ANTIY TECH
View PDF10 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a result, different feature abstraction methods and family determination methods need to be established for malicious code in each type of file format, and it is impossible to establish a unified feature abstraction and family determination model to perform family determination for malicious code of all file types

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Family decision method and system based on code slicing, and storage medium
  • Family decision method and system based on code slicing, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0036] A family determination method based on code slicing, such as figure 1 shown, including:

[0037] S101: Obtain the file to be detected, and judge the file format;

[0038] S102: According to the file format, slice the file to be detected according to the structured data block with the smallest function; for example, an office document can be sliced ​​according to all data blocks with the smallest function such as the file header, sector table, directory structure, and file stream. operation to ensure the integrity and diversity of slice information;

[0039] S103: Ca...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a family decision method and system based on code slicing, and a storage medium. The method includes the steps of obtaining a file to be detected and judging a file format; according to the file format, performing file slicing on the file to be detected according to a structured data block having a minimum function; calculating the fuzzy hash of each slice separately; usinga similarity calculation method to perform association analysis on the fuzzy hash of each slice and a malicious code slice feature database, and obtaining a known sample similar to the file to be detected; determining a known sample with the highest similarity after the association analysis; and causing the file to be detected and the known sample with the highest similarity to belong to the samemalicious code family. According to the family decision method and system based on code slicing, and the storage medium, malicious code features and feature code extraction do not need to be understood, and the malicious code family can be determined by utilizing the similarity only through understanding the file structure.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a family determination method, system and storage medium based on code slicing. Background technique [0002] At present, the determination of malicious code families is mainly based on the extracted malicious code feature vectors, using clustering and classification methods to judge the similarity of vectors. The extracted vectors are mainly extracted based on the static and dynamic behavior of malicious codes, including code structure, Such as PE section name, PE import and export table function name, etc., code attributes, such as compiler name, shell name, etc., dynamic behaviors such as process operation, network operation, file operation, etc., use clustering after abstracting and digitizing the vector and classification method family determination. [0003] For malicious codes in different file formats, the types and numbers of features to be extracted ar...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/563G06F2221/033
Inventor 黄磊赵梓旭童志明何公道
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com