Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An anti-interference method and device for evaluating behavior similarity of environment-sensitive malware

A malicious software and environment-sensitive technology, applied in the field of system security, can solve problems such as uncertainty about whether environment-sensitive malware has released malicious behavior, detection methods that cannot be effectively dealt with, and insufficient confrontation detection mechanism, etc., to eliminate a large number of interference behaviors, Good usability and universality, the effect of improving anti-interference

Active Publication Date: 2021-12-28
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

3) Browser hijacking: Refers to the behavior of modifying the user's browser or other related settings without the user's permission, forcing the user to visit a specific website or causing the user to be unable to access the Internet normally
[0006] In recent years, many detection methods have appeared in the research of environment-sensitive malware, but the current detection methods mainly have the following problems: 1) The adversarial detection mechanism is insufficient, and it is impossible to determine whether the environment-sensitive malware has released malicious behaviors, affecting Detection results; 2) If the environment-sensitive malware has a large number of random behaviors, the detection effect of the existing methods is not ideal, and the authors of such malware usually add a large number of random behaviors before the malware releases malicious behaviors, which will greatly interference detection and judgment, and the existing detection methods cannot effectively deal with

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An anti-interference method and device for evaluating behavior similarity of environment-sensitive malware
  • An anti-interference method and device for evaluating behavior similarity of environment-sensitive malware
  • An anti-interference method and device for evaluating behavior similarity of environment-sensitive malware

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The technical solutions in the embodiments of the present invention will be described in detail below in combination with the schematic flow chart of the present invention. It should be understood that the described embodiments are only a part of the present invention, but not all embodiments. Based on the embodiments of the present invention, other embodiments obtained by those skilled in the art without creative work all belong to the protection scope of the present invention.

[0042] First, the suspicious software is executed in a variety of different operating environments, and the behavior sequence of the suspicious software is recorded. Among them, a variety of different operating environments include sandbox environment, virtual machine environment, Hypervisor environment and debugging environment. In this embodiment, Cuckoo is used to build a sandbox environment, VMware Workstation is used to deploy a virtual machine environment, Xen-4.4.0 is used to deploy a ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an anti-interference method and device for evaluating behavior similarity of environment-sensitive malicious software. The method comprises the following steps: 1) placing suspicious software in multiple different execution environments, and recording the behavior sequence of the suspicious software; 2) normalizing the behavior sequence of the suspicious software; 3) removing the behavior sequence of the suspicious software Interference processing; 4) Calculating and comparing the similarity of the behavior sequence after the interference removal processing; 5) Based on the similarity of the behavior sequence, judging whether the suspicious software is environment-sensitive malware. The present invention can effectively eliminate a large number of interference behaviors of malicious software, accurately calculate the similarity of behavior sequences, and make the detection of this type of malicious software more accurate; meanwhile, the method can standardize the processing of malicious software behavior sequences, eliminating the differences between different systems Semantic deviation, with good usability and universality, reduces the detection cost.

Description

technical field [0001] The invention belongs to the technical field of system security, and relates to an environment-sensitive malicious software behavior similarity evaluation method, in particular to an anti-interference environment-sensitive malicious software behavior similarity evaluation method and device. Background technique [0002] With the rapid development of network information technology, malicious software has become one of the main threats to network public security. According to Rising 2013 Information Security Report (Rising. 2013 China Information Security Report [EB / OL] [2014-03-12]) pointed out that in 2013, a total of 1.145 billion people in China were infected by malware, and 23 million computers were attacked. From January to December 2013, more than 33.1 million new malware samples were added, and the total number increased by 163% compared with the same period in 2012. With the explosive growth of the number of malware, traditional malware analysi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 贾晓启黄庆佳台建玮周广哲杜海超唐静周梦婷解亚敏
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com