Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Anti-interference environmental sensitive type malicious software behavior similarity evaluation method and device

A malicious software and environment-sensitive technology, applied in the field of system security, can solve problems such as uncertainty about whether environment-sensitive malware has released malicious behavior, detection methods that cannot be effectively dealt with, and insufficient confrontation detection mechanism, etc., to eliminate a large number of interference behaviors, Good usability and universality, the effect of improving anti-interference

Active Publication Date: 2018-06-22
INST OF INFORMATION ENG CAS
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

3) Browser hijacking: Refers to the behavior of modifying the user's browser or other related settings without the user's permission, forcing the user to visit a specific website or causing the user to be unable to access the Internet normally
[0006] In recent years, many detection methods have appeared in the research of environment-sensitive malware, but the current detection methods mainly have the following problems: 1) The adversarial detection mechanism is insufficient, and it is impossible to determine whether the environment-sensitive malware has released malicious behaviors, affecting Detection results; 2) If the environment-sensitive malware has a large number of random behaviors, the detection effect of the existing methods is not ideal, and the authors of such malware usually add a large number of random behaviors before the malware releases malicious behaviors, which will greatly interference detection and judgment, and the existing detection methods cannot effectively deal with

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anti-interference environmental sensitive type malicious software behavior similarity evaluation method and device
  • Anti-interference environmental sensitive type malicious software behavior similarity evaluation method and device
  • Anti-interference environmental sensitive type malicious software behavior similarity evaluation method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The technical solutions in the embodiments of the present invention will be described in detail below in combination with the schematic flow chart of the present invention. It should be understood that the described embodiments are only a part of the present invention, but not all embodiments. Based on the embodiments of the present invention, other embodiments obtained by those skilled in the art without creative work all belong to the protection scope of the present invention.

[0042] First, the suspicious software is executed in a variety of different operating environments, and the behavior sequence of the suspicious software is recorded. Among them, a variety of different operating environments include sandbox environment, virtual machine environment, Hypervisor environment and debugging environment. In this embodiment, Cuckoo is used to build a sandbox environment, VMware Workstation is used to deploy a virtual machine environment, Xen-4.4.0 is used to deploy a ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an anti-interference environmental sensitive type malicious software behavior similarity evaluation method and device. The method comprises the following steps that: 1) putting suspicious software in various different execution environments to record the behavior sequence of the suspicious software; 2) carrying out normalized processing on the behavior sequence of the suspicious software; 3) carrying out interference removal processing on the behavior sequence of the suspicious software; 4) calculating and comparing the similarity of behavior sequences subjected to theinterference removal processing; and 5) on the basis of the similarity of behavior sequences, judging whether the suspicious software is the environmental sensitive type malicious software or not. Byuse of the method, a great quantity of interference behaviors of the malicious software can be effectively eliminated, the similarity of behavior sequences can be accurately calculated, and therefore, the type of malicious software can be accurately detected. Meanwhile, the method can carry out normalized processing on the malicious software behavior sequence, a semantic bias among different systems is eliminated, the method exhibits good availability and universality, and detection cost is lowered.

Description

technical field [0001] The invention belongs to the technical field of system security, and relates to an environment-sensitive malicious software behavior similarity evaluation method, in particular to an anti-interference environment-sensitive malicious software behavior similarity evaluation method and device. Background technique [0002] With the rapid development of network information technology, malicious software has become one of the main threats to network public security. According to Rising 2013 Information Security Report (Rising. 2013 China Information Security Report [EB / OL] [2014-03-12]) pointed out that in 2013, a total of 1.145 billion people in China were infected by malware, and 23 million computers were attacked. From January to December 2013, more than 33.1 million new malware samples were added, and the total number increased by 163% compared with the same period in 2012. With the explosive growth of the number of malware, traditional malware analysi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 贾晓启黄庆佳台建玮周广哲杜海超唐静周梦婷解亚敏
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com