CN102779249B - 恶意程序检测方法及扫描引擎 - Google Patents
恶意程序检测方法及扫描引擎 Download PDFInfo
- Publication number
- CN102779249B CN102779249B CN201210222414.XA CN201210222414A CN102779249B CN 102779249 B CN102779249 B CN 102779249B CN 201210222414 A CN201210222414 A CN 201210222414A CN 102779249 B CN102779249 B CN 102779249B
- Authority
- CN
- China
- Prior art keywords
- fileinfo
- rogue program
- characteristic
- chi
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active - Reinstated
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 44
- 238000000034 method Methods 0.000 claims abstract description 70
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 48
- 238000000605 extraction Methods 0.000 claims abstract description 36
- 238000010801 machine learning Methods 0.000 claims abstract description 16
- 238000000546 chi-square test Methods 0.000 claims description 40
- 230000008569 process Effects 0.000 claims description 13
- 238000007477 logistic regression Methods 0.000 claims description 9
- 239000000284 extract Substances 0.000 claims description 8
- 238000012706 support-vector machine Methods 0.000 claims description 6
- 241000700605 Viruses Species 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000012360 testing method Methods 0.000 description 6
- 230000002155 anti-virotic effect Effects 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 4
- 230000000295 complement effect Effects 0.000 description 3
- 239000000470 constituent Substances 0.000 description 3
- 238000010219 correlation analysis Methods 0.000 description 3
- 239000000047 product Substances 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000003612 virological effect Effects 0.000 description 2
- 206010021703 Indifference Diseases 0.000 description 1
- 230000019552 anatomical structure morphogenesis Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000002574 poison Substances 0.000 description 1
- 231100000614 poison Toxicity 0.000 description 1
- 238000011002 quantification Methods 0.000 description 1
- 238000004659 sterilization and disinfection Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210222414.XA CN102779249B (zh) | 2012-06-28 | 2012-06-28 | 恶意程序检测方法及扫描引擎 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210222414.XA CN102779249B (zh) | 2012-06-28 | 2012-06-28 | 恶意程序检测方法及扫描引擎 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102779249A CN102779249A (zh) | 2012-11-14 |
CN102779249B true CN102779249B (zh) | 2015-07-29 |
Family
ID=47124159
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210222414.XA Active - Reinstated CN102779249B (zh) | 2012-06-28 | 2012-06-28 | 恶意程序检测方法及扫描引擎 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102779249B (zh) |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103095714A (zh) * | 2013-01-25 | 2013-05-08 | 四川神琥科技有限公司 | 一种基于木马病毒种类分类建模的木马检测方法 |
CN103235753A (zh) * | 2013-04-09 | 2013-08-07 | 国家电网公司 | 一种信息服务器监测方法及装置 |
CN104424435B (zh) | 2013-08-22 | 2018-12-04 | 腾讯科技(深圳)有限公司 | 一种获取病毒特征码的方法及装置 |
CN104915596B (zh) * | 2014-03-10 | 2018-01-26 | 可牛网络技术(北京)有限公司 | apk病毒特征库构建方法、装置及apk病毒检测系统 |
CN104091122A (zh) * | 2014-06-17 | 2014-10-08 | 北京邮电大学 | 一种移动互联网恶意数据的检测系统 |
CN105574408B (zh) * | 2014-10-11 | 2018-04-17 | 安一恒通(北京)科技有限公司 | 用于文件病毒检测的特征获取方法及文件病毒检测的方法 |
CN104598820A (zh) * | 2015-01-14 | 2015-05-06 | 国家电网公司 | 一种基于特征行为分析的木马病检测方法 |
US9477837B1 (en) * | 2015-03-31 | 2016-10-25 | Juniper Networks, Inc. | Configuring a sandbox environment for malware testing |
CN104794398A (zh) * | 2015-04-17 | 2015-07-22 | 天津大学 | 基于机器学习的安卓平台恶意软件检测方法 |
CN106294529A (zh) * | 2015-06-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | 一种识别用户异常操作方法和设备 |
CN105718795B (zh) * | 2015-08-28 | 2019-05-07 | 哈尔滨安天科技股份有限公司 | Linux下基于特征码的恶意代码取证方法及系统 |
CN105608382B (zh) * | 2015-12-22 | 2019-07-02 | 北京奇虎科技有限公司 | 软件维护方法与软件问题判定方法以及其相应的装置 |
CN106997367B (zh) | 2016-01-26 | 2020-05-08 | 华为技术有限公司 | 程序文件的分类方法、分类装置和分类系统 |
CN105763334A (zh) * | 2016-03-31 | 2016-07-13 | 北京匡恩网络科技有限责任公司 | 一种动态生成和部署签名的方法 |
CN105975860B (zh) * | 2016-04-26 | 2019-04-05 | 珠海豹趣科技有限公司 | 一种信任文件管理方法、装置及设备 |
CN106685964B (zh) * | 2016-12-29 | 2020-10-30 | 济南大学 | 基于恶意网络流量词库的恶意软件检测方法及系统 |
CN106685963B (zh) * | 2016-12-29 | 2020-10-30 | 济南大学 | 一种恶意网络流量词库的建立方法及建立系统 |
CN107659570B (zh) * | 2017-09-29 | 2020-09-15 | 杭州安恒信息技术股份有限公司 | 基于机器学习与动静态分析的Webshell检测方法及系统 |
CN109726554B (zh) * | 2017-10-30 | 2021-05-18 | 武汉安天信息技术有限责任公司 | 一种恶意程序的检测方法、装置 |
CN108021806B (zh) * | 2017-11-24 | 2021-10-22 | 北京奇虎科技有限公司 | 一种恶意安装包的识别方法和装置 |
CN107992750A (zh) * | 2017-12-19 | 2018-05-04 | 深圳豪客互联网有限公司 | 病毒文件识别方法和装置 |
CN109992969B (zh) * | 2019-03-25 | 2023-03-21 | 腾讯科技(深圳)有限公司 | 一种恶意文件检测方法、装置及检测平台 |
CN111797239B (zh) * | 2020-09-08 | 2021-01-15 | 中山大学深圳研究院 | 应用程序的分类方法、装置及终端设备 |
CN112948829B (zh) * | 2021-03-03 | 2023-11-03 | 深信服科技股份有限公司 | 文件查杀方法、系统、设备及存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101639880A (zh) * | 2008-07-31 | 2010-02-03 | 华为技术有限公司 | 一种文件检测方法和装置 |
CN101950336A (zh) * | 2010-08-18 | 2011-01-19 | 奇智软件(北京)有限公司 | 一种清除恶意程序的方法和装置 |
CN102034043A (zh) * | 2010-12-13 | 2011-04-27 | 四川大学 | 基于文件静态结构属性的恶意软件检测新方法 |
CN102142068A (zh) * | 2011-03-29 | 2011-08-03 | 华北电力大学 | 一种未知恶意代码的检测方法 |
CN102479298A (zh) * | 2010-11-29 | 2012-05-30 | 北京奇虎科技有限公司 | 基于机器学习的程序识别方法及装置 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IL181041A0 (en) * | 2007-01-29 | 2007-07-04 | Deutsche Telekom Ag | Improved method and system for detecting malicious behavioral patterns in a computer, using machine learning |
US8719939B2 (en) * | 2009-12-31 | 2014-05-06 | Mcafee, Inc. | Malware detection via reputation system |
-
2012
- 2012-06-28 CN CN201210222414.XA patent/CN102779249B/zh active Active - Reinstated
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101639880A (zh) * | 2008-07-31 | 2010-02-03 | 华为技术有限公司 | 一种文件检测方法和装置 |
CN101950336A (zh) * | 2010-08-18 | 2011-01-19 | 奇智软件(北京)有限公司 | 一种清除恶意程序的方法和装置 |
CN102479298A (zh) * | 2010-11-29 | 2012-05-30 | 北京奇虎科技有限公司 | 基于机器学习的程序识别方法及装置 |
CN102034043A (zh) * | 2010-12-13 | 2011-04-27 | 四川大学 | 基于文件静态结构属性的恶意软件检测新方法 |
CN102142068A (zh) * | 2011-03-29 | 2011-08-03 | 华北电力大学 | 一种未知恶意代码的检测方法 |
Non-Patent Citations (2)
Title |
---|
基于数据挖掘和机器学习的恶意代码检测技术研究;张小康;《中国优秀硕士学位论文全文库》;20100715;第11页第1章第1.3节、第24-25页第2章第2.4节、第37-42页第4章第4.1-4.3节,图4.1 * |
张福勇等.基于IRP的未知恶意代码检测方法.《华南理工大学学报(自然科学版)》.2011,第39卷(第4期),第15-20页. * |
Also Published As
Publication number | Publication date |
---|---|
CN102779249A (zh) | 2012-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102779249B (zh) | 恶意程序检测方法及扫描引擎 | |
CN110826059B (zh) | 面向恶意软件图像格式检测模型的黑盒攻击的防御方法及其装置 | |
CN105205397B (zh) | 恶意程序样本分类方法及装置 | |
CN102004764A (zh) | 互联网不良信息检测方法以及系统 | |
CN103577755A (zh) | 一种基于支持向量机的恶意脚本静态检测方法 | |
CN111259219B (zh) | 恶意网页识别模型建立方法、识别方法及系统 | |
CN109462575A (zh) | 一种webshell检测方法及装置 | |
CN103177215A (zh) | 基于软件控制流特征的计算机恶意软件检测新方法 | |
CN102170447A (zh) | 一种基于最近邻及相似度测量检测钓鱼网页的方法 | |
CN107066262A (zh) | 源代码文件克隆邻接表合并检测方法 | |
CN110363003B (zh) | 一种基于深度学习的Android病毒静态检测方法 | |
CN104317891B (zh) | 一种对页面标注标签的方法及装置 | |
CN111723371B (zh) | 构建恶意文件的检测模型以及检测恶意文件的方法 | |
CN103366120A (zh) | 基于脚本的漏洞攻击图生成方法 | |
CN104123501A (zh) | 一种基于多鉴定器集合的病毒在线检测方法 | |
CN104268289B (zh) | 链接url的失效检测方法和装置 | |
Jiang et al. | A feature selection method for malware detection | |
Walenstein et al. | Header information in malware families and impact on automated classifiers | |
Mahmoudi et al. | Web spam detection based on discriminative content and link features | |
CN106874762A (zh) | 基于api依赖关系图的安卓恶意代码检测方法 | |
CN106330861A (zh) | 一种网址检测方法及装置 | |
CN110334510A (zh) | 一种基于随机森林算法的恶意文件检测技术 | |
Yue et al. | Fine-grained mining and classification of malicious Web pages | |
CN110472416A (zh) | 一种网页恶意代码检测方法及相关装置 | |
CN108287831A (zh) | 一种url分类方法和系统、数据处理方法和系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
ASS | Succession or assignment of patent right |
Owner name: BEIJING QIHU TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20121107 Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20121107 |
|
C41 | Transfer of patent application or patent right or utility model | ||
COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100016 CHAOYANG, BEIJING TO: 100088 XICHENG, BEIJING |
|
TA01 | Transfer of patent application right |
Effective date of registration: 20121107 Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant after: Qizhi software (Beijing) Co.,Ltd. Address before: The 4 layer 100016 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150729 Termination date: 20190628 |
|
RR01 | Reinstatement of patent right | ||
RR01 | Reinstatement of patent right |
Former decision: Patent right to terminate Former decision publication date: 20200623 |
|
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee after: Beijing Qizhi Business Consulting Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220325 Address after: 100020 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Beijing Qizhi Business Consulting Co.,Ltd. |