Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Family determination method, system and storage medium based on code slicing

A slicing and family technology, applied in the field of network security, can solve problems such as the inability to establish a unified feature abstract family determination

Active Publication Date: 2022-02-15
HARBIN ANTIY TECH
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a result, different feature abstraction methods and family determination methods need to be established for malicious code in each type of file format, and it is impossible to establish a unified feature abstraction and family determination model to perform family determination for malicious code of all file types

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Family determination method, system and storage medium based on code slicing
  • Family determination method, system and storage medium based on code slicing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0036] A family determination method based on code slicing, such as figure 1 shown, including:

[0037] S101: Obtain the file to be detected, and judge the file format;

[0038] S102: According to the file format, slice the file to be detected according to the structured data block with the smallest function; for example, an office document can be sliced ​​according to all data blocks with the smallest function such as the file header, sector table, directory structure, and file stream. operation to ensure the integrity and diversity of slice information;

[0039] S103: Ca...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention proposes a family judgment method, system and storage medium based on code slicing. The method includes: acquiring the file to be detected, and judging the file format; Slice; calculate the fuzzy hash of each slice separately; use the similarity calculation method to perform correlation analysis between the fuzzy hash of each slice and the malicious code slice feature library, and obtain known samples similar to the files to be detected; determine the similarity after correlation analysis The known sample with the highest degree of similarity; then the file to be detected and the known sample with the highest degree of similarity belong to the same malicious code family. The present invention does not need to know the characteristics of malicious codes and the extraction of feature codes, and can determine the family of malicious codes by using the similarity only by knowing the file structure.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a family determination method, system and storage medium based on code slicing. Background technique [0002] At present, the determination of malicious code families is mainly based on the extracted malicious code feature vectors, using clustering and classification methods to judge the similarity of vectors. The extracted vectors are mainly extracted based on the static and dynamic behavior of malicious codes, including code structure, Such as PE section name, PE import and export table function name, etc., code attributes, such as compiler name, shell name, etc., dynamic behaviors such as process operation, network operation, file operation, etc., use clustering after abstracting and digitizing the vector and classification method family determination. [0003] For malicious codes in different file formats, the types and numbers of features to be extracted ar...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/563G06F2221/033
Inventor 黄磊赵梓旭童志明何公道
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com