Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting pe file abnormal behavior, medium and equipment

A file and abnormal technology, applied in the field of information security, can solve the problems of being unable to deal with hacker attacks, not being time-sensitive, and being unable to solve zero-day attacks, etc.

Inactive Publication Date: 2018-11-30
SHENZHEN LEAGSOFT TECH
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the existing technology, rules or dynamic sandbox methods are mainly used to detect whether the PE file is abnormal. The traditional detection method has a lag. This detection method is not time-sensitive, cannot cope with the ever-changing hacker attacks, and cannot solve zero-day attacks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting pe file abnormal behavior, medium and equipment
  • Method and device for detecting pe file abnormal behavior, medium and equipment
  • Method and device for detecting pe file abnormal behavior, medium and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Embodiments of the technical solutions of the present invention will be described in detail below in conjunction with the accompanying drawings. The following examples are only used to illustrate the technical solution of the present invention more clearly, so they are only examples, and should not be used to limit the protection scope of the present invention.

[0036] It should be noted that, unless otherwise specified, the technical terms or scientific terms used in this application shall have the usual meanings understood by those skilled in the art to which the present invention belongs.

[0037] The invention provides a method, device, medium and equipment for detecting abnormal behavior of PE files. Embodiments of the present invention will be described below in conjunction with the accompanying drawings.

[0038] Please refer to figure 1 , figure 1 A flow chart of a method for detecting abnormal behavior of a pe file provided by a specific embodiment of the p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a device for detecting pe file abnormal behavior, a medium and equipment. The method comprises the following steps: receiving a file to be detected; extracting thefeature data of the file to be detected; processing the feature data to obtain valid data; predicting whether the file to be detected is an abnormal file or not on the basis of a prediction model trained by a support vector machine ONECLASS model according to the valid data to obtain a prediction result; outputting the prediction result to a user. By adopting the prediction model trained by the support vector machine ONECLASS model, 0-day attacks can be recognized accurately. The method has the advantages of automation, timeliness, effectiveness and the like which are incomparable with the traditional method.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method, device, medium and equipment for detecting abnormal behaviors of PE files. Background technique [0002] With the rapid development of the Internet, network security issues have become increasingly prominent, and the continuous upgrading of virus technology has brought great challenges to the existing anti-virus technology. In the existing technology, rules or dynamic sandbox methods are mainly used to detect whether the pe file is abnormal. The traditional detection method has a lag. This detection method is not time-sensitive, cannot cope with the ever-changing hacker attacks, and cannot solve zero-day attacks. . Contents of the invention [0003] Aiming at the defects in the prior art, the present invention provides a method for detecting abnormal behavior of pe files, which can accurately identify 0-day attacks, and has good advantages such as automa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N99/00
CPCG06F21/562
Inventor 郭景楠王建磊何华荣王志
Owner SHENZHEN LEAGSOFT TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com