Honeypot and sandbox mutually enhanced malicious program behavior processing method and system

A processing method and technology for malicious programs, applied in transmission systems, digital transmission systems, secure communication devices, etc., can solve problems such as no technical implementation, and achieve the effect of improving comprehensive performance, identification and compatibility capabilities.

Pending Publication Date: 2022-06-14
UNIV OF JINAN +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the above considerations have not yet been realized by relevant technologies.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Honeypot and sandbox mutually enhanced malicious program behavior processing method and system
  • Honeypot and sandbox mutually enhanced malicious program behavior processing method and system
  • Honeypot and sandbox mutually enhanced malicious program behavior processing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] This embodiment provides a method for processing malicious program behaviors in which honeypots and sandboxes reinforce each other;

[0047] like figure 1 As shown, the honeypot and sandbox mutually enhance the malicious program behavior processing methods, including:

[0048] S101: establish a communication connection between the honeypot system and the sandbox system;

[0049] S102: the honeypot system induces and captures malicious codes;

[0050] S103: The honeypot system sends the captured malicious code, the information on the interaction between the honeypot system and the malicious code, and the information generated during the capture process to the sandbox system; the sandbox system generates the execution of the malicious code based on the information passed by the honeypot system. Environment configuration file;

[0051] S104: The sandbox system generates a malicious code running environment according to the malicious code running environment configuratio...

Embodiment 2

[0153] Embodiment 2 This embodiment provides a malicious program behavior processing system in which honeypots and sandboxes reinforce each other;

[0154] A malicious program behavior processing system in which honeypots and sandboxes reinforce each other, including:

[0155] A communication connection module configured to: establish a communication connection between the honeypot system and the sandbox system;

[0156] The induction and capture module is configured to: induce and capture the malicious code by the honeypot system;

[0157] The configuration file generation module is configured as follows: the honeypot system sends the captured malicious code, the information on the interaction between the honeypot system and the malicious code, and the information generated during the capture process to the sandbox system; the sandbox system transmits it according to the honeypot system information to generate the operating environment configuration file for malicious code; ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious program behavior processing method and system based on mutual enhancement of a honeypot and a sandbox. The honeypot induces and captures malicious codes; the captured malicious codes and generated information are sent to a sandbox; the sandbox generates a code running environment configuration file; the sandbox generates a malicious code running environment according to the malicious code running environment configuration file; in the malicious code operation environment, the sandbox triggers the operation of the malicious code to analyze the operation process of the malicious code; the sandbox analyzes network communication behaviors in the operation process and sends the network communication behaviors to the honeypot and the virtual network; after receiving the network communication behaviors, the honeypot interacts with known network communication behaviors, and learns unknown network communication behaviors by recording the interaction process of the sandbox and the virtual network to improve the capture capability; and the malicious codes are induced and captured again through the learned honeypot. The honeypot can capture malicious samples more efficiently, and the sandbox can analyze the malicious samples more efficiently and safely.

Description

technical field [0001] The invention relates to the technical field of malicious program processing, in particular to a malicious program behavior processing method and system in which honeypots and sandboxes reinforce each other. Background technique [0002] The statements in this section merely mention the background technology related to the present invention and do not necessarily constitute the prior art. [0003] In the traditional concept, a honeypot is a device acquisition program used to capture malicious samples, while a sandbox can perform various detailed analyzes on malicious samples. These two concepts are isolated from each other in principle. However, judging from the current deployment of honeypots and sandboxes, the two are often working in isolation from each other with only a small amount of interaction. For the honeypot, after the honeypot captures the malicious code, it will send it to the sandbox subroutine for analysis, but in the process, the honey...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40H04L67/30
CPCH04L63/1491H04L63/1416H04L67/30Y02D30/50
Inventor 陈贞翔李恩龙朱宇辉荆山赵煜安茂波杨波彭立志潘泉波
Owner UNIV OF JINAN
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap