CN102930210B - Rogue program behavior automated analysis, detection and classification system and method - Google Patents
Rogue program behavior automated analysis, detection and classification system and method Download PDFInfo
- Publication number
- CN102930210B CN102930210B CN201210408358.9A CN201210408358A CN102930210B CN 102930210 B CN102930210 B CN 102930210B CN 201210408358 A CN201210408358 A CN 201210408358A CN 102930210 B CN102930210 B CN 102930210B
- Authority
- CN
- China
- Prior art keywords
- behavior
- sample
- sandbox
- api
- rogue program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210408358.9A CN102930210B (en) | 2012-10-14 | 2012-10-14 | Rogue program behavior automated analysis, detection and classification system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210408358.9A CN102930210B (en) | 2012-10-14 | 2012-10-14 | Rogue program behavior automated analysis, detection and classification system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102930210A CN102930210A (en) | 2013-02-13 |
CN102930210B true CN102930210B (en) | 2015-11-25 |
Family
ID=47645007
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210408358.9A Active CN102930210B (en) | 2012-10-14 | 2012-10-14 | Rogue program behavior automated analysis, detection and classification system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102930210B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106960154A (en) * | 2017-03-30 | 2017-07-18 | 兴华永恒(北京)科技有限责任公司 | A kind of rogue program dynamic identifying method based on decision-tree model |
Families Citing this family (73)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103150509B (en) * | 2013-03-15 | 2015-10-28 | 长沙文盾信息技术有限公司 | A kind of virus detection system based on virtual execution |
CN103152224B (en) * | 2013-03-21 | 2015-12-02 | 中国科学院信息工程研究所 | A kind of method and system of real-time dynamic monitoring analog network |
CN104252594B (en) * | 2013-06-27 | 2019-04-02 | 贝壳网际(北京)安全技术有限公司 | virus detection method and device |
CN104252447A (en) * | 2013-06-27 | 2014-12-31 | 贝壳网际(北京)安全技术有限公司 | File behavior analysis method and device |
CN103368965B (en) * | 2013-07-18 | 2018-04-17 | 北京随方信息技术有限公司 | A kind of method of work that network security specification is mapped as to the attribute specification corresponding to network |
CN103902903A (en) * | 2013-11-12 | 2014-07-02 | 国家计算机网络与信息安全管理中心 | Malicious code analyzing method and system based on dynamic sandbox environment |
CN103679032B (en) * | 2013-12-13 | 2017-05-17 | 北京奇虎科技有限公司 | Method and device for preventing malicious software |
CN103942491A (en) * | 2013-12-25 | 2014-07-23 | 国家计算机网络与信息安全管理中心 | Internet malicious code disposal method |
US9769189B2 (en) | 2014-02-21 | 2017-09-19 | Verisign, Inc. | Systems and methods for behavior-based automated malware analysis and classification |
CN103927484B (en) * | 2014-04-21 | 2017-03-08 | 西安电子科技大学宁波信息技术研究院 | Rogue program behavior catching method based on Qemu simulator |
US9411959B2 (en) | 2014-09-30 | 2016-08-09 | Juniper Networks, Inc. | Identifying an evasive malicious object based on a behavior delta |
CN105678164B (en) | 2014-11-20 | 2018-08-14 | 华为技术有限公司 | Detect the method and device of Malware |
CN104715190B (en) * | 2015-02-03 | 2018-02-06 | 中国科学院计算技术研究所 | A kind of monitoring method and system of the program execution path based on deep learning |
CN105989283B (en) | 2015-02-06 | 2019-08-09 | 阿里巴巴集团控股有限公司 | A kind of method and device identifying virus mutation |
WO2016127037A1 (en) * | 2015-02-06 | 2016-08-11 | Alibaba Group Holding Limited | Method and device for identifying computer virus variants |
CN105488414A (en) * | 2015-09-25 | 2016-04-13 | 深圳市安之天信息技术有限公司 | Method and system for preventing malicious codes from detecting virtual environments |
CN105468977A (en) * | 2015-12-14 | 2016-04-06 | 厦门安胜网络科技有限公司 | Method and device for Android malicious software classification based on Naive Bayes |
CN105631321B (en) * | 2015-12-24 | 2019-05-21 | 北京奇虎科技有限公司 | A kind of detection method and device of virtual machine process information |
CN106921608B (en) * | 2015-12-24 | 2019-11-22 | 华为技术有限公司 | A kind of detection terminal security situation method, apparatus and system |
CN105427096B (en) * | 2015-12-25 | 2020-02-07 | 北京奇虎科技有限公司 | Payment security sandbox implementation method and system and application program monitoring method and system |
CN107229866B (en) * | 2016-03-23 | 2021-02-26 | 全球能源互联网研究院 | Method for checking and monitoring mobile application security in BYOD environment |
CN105893848A (en) * | 2016-04-27 | 2016-08-24 | 南京邮电大学 | Precaution method for Android malicious application program based on code behavior similarity matching |
CN107786413B (en) * | 2016-08-24 | 2022-03-22 | 中兴通讯股份有限公司 | Method for browsing e-mail and user terminal |
CN106384047B (en) * | 2016-08-26 | 2019-11-15 | 青岛天龙安全科技有限公司 | APP detects unknown behavior acquisition and judgment method |
US10015180B1 (en) * | 2016-09-23 | 2018-07-03 | EMC IP Holding Company LLC | Asynchronous domain name server resolution with automated classification of domain type |
CN106529293B (en) * | 2016-11-09 | 2019-11-05 | 东巽科技(北京)有限公司 | A kind of sample class determination method for malware detection |
CN106778241B (en) * | 2016-11-28 | 2020-12-25 | 东软集团股份有限公司 | Malicious file identification method and device |
CN106709349B (en) * | 2016-12-15 | 2019-10-29 | 中国人民解放军国防科学技术大学 | A kind of malicious code classification method based on various dimensions behavioural characteristic |
CN106874760A (en) * | 2016-12-23 | 2017-06-20 | 浙江工业大学 | A kind of Android malicious code sorting techniques based on hierarchy type SimHash |
CN106874763B (en) * | 2017-01-16 | 2020-09-25 | 西安电子科技大学 | Android software malicious behavior triggering system and method for simulating user behavior |
US10885189B2 (en) * | 2017-05-22 | 2021-01-05 | Microsoft Technology Licensing, Llc | Isolated container event monitoring |
CN107330332A (en) * | 2017-05-23 | 2017-11-07 | 成都联宇云安科技有限公司 | A kind of leak detection method for Android mobile phone APP |
CN107330329A (en) * | 2017-06-30 | 2017-11-07 | 北京金山安全管理系统技术有限公司 | The authentication method and device of application file |
CN107742079B (en) * | 2017-10-18 | 2020-02-21 | 杭州安恒信息技术股份有限公司 | Malicious software identification method and system |
CN108133139B (en) * | 2017-11-28 | 2020-06-26 | 西安交通大学 | Android malicious application detection system based on multi-operation environment behavior comparison |
CN109840417B (en) * | 2017-11-28 | 2020-12-01 | 清华大学 | Malicious software detection method and device |
CN108134784B (en) * | 2017-12-19 | 2021-08-31 | 东软集团股份有限公司 | Webpage classification method and device, storage medium and electronic equipment |
CN108038375A (en) * | 2017-12-21 | 2018-05-15 | 北京星河星云信息技术有限公司 | A kind of malicious file detection method and device |
CN109472143A (en) * | 2017-12-29 | 2019-03-15 | 北京安天网络安全技术有限公司 | It is a kind of to the method and system extorting software and being automatically analyzed |
CN108121914B (en) * | 2018-01-17 | 2021-04-13 | 四川神琥科技有限公司 | Document divulgence protection tracking system |
CN108337153B (en) * | 2018-01-19 | 2020-10-23 | 论客科技(广州)有限公司 | Method, system and device for monitoring mails |
CN108628615B (en) * | 2018-03-22 | 2022-03-04 | 创新先进技术有限公司 | Method, device and equipment for detecting abandoned codes |
CN108959919A (en) * | 2018-05-25 | 2018-12-07 | 合肥利元杰信息科技有限公司 | A kind of technological service program downloading system |
CN108881192B (en) * | 2018-06-04 | 2021-10-22 | 上海交通大学 | Encryption type botnet detection system and method based on deep learning |
WO2020000335A1 (en) * | 2018-06-29 | 2020-01-02 | Intel Corporation | Systems and methods of restricting access to kernel memory |
CN108985060A (en) * | 2018-07-04 | 2018-12-11 | 中共中央办公厅电子科技学院 | A kind of extensive Android Malware automated detection system and method |
CN110941826B (en) * | 2018-09-21 | 2022-08-09 | 武汉安天信息技术有限责任公司 | Malicious android software detection method and device |
CN110765457A (en) * | 2018-12-24 | 2020-02-07 | 哈尔滨安天科技集团股份有限公司 | Method and device for identifying homologous attack based on program logic and storage device |
CN109684040B (en) * | 2018-12-26 | 2019-11-19 | 广州市品高软件股份有限公司 | A kind of cloud function execution system and method suitable for LINUX operating system |
CN109784053B (en) * | 2018-12-29 | 2021-04-27 | 360企业安全技术(珠海)有限公司 | Method and device for generating filter rule, storage medium and electronic device |
CN110351259A (en) * | 2019-06-28 | 2019-10-18 | 深圳数位传媒科技有限公司 | A kind of method and device obtaining APP authentication information based on network packet capturing |
CN110688196B (en) * | 2019-08-22 | 2022-03-01 | 曲阜师范大学 | Message processing method of virtual machine under multi-man intelligent cloud service |
CN110580408B (en) * | 2019-09-19 | 2022-03-11 | 北京天融信网络安全技术有限公司 | Data processing method and electronic equipment |
CN110781081B (en) * | 2019-10-12 | 2024-04-09 | 南京信息职业技术学院 | Mobile application callback forced triggering method, system and storage medium |
CN110837641A (en) * | 2019-11-13 | 2020-02-25 | 电子科技大学广东电子信息工程研究院 | Malicious software detection method and detection system based on memory analysis |
CN111190813B (en) * | 2019-12-17 | 2022-09-20 | 南京理工大学 | Android application network behavior information extraction system and method based on automatic testing |
CN111143839A (en) * | 2019-12-30 | 2020-05-12 | 厦门服云信息科技有限公司 | Malicious code detection method and device based on virtualization behavior analysis technology |
CN111259379A (en) * | 2020-01-13 | 2020-06-09 | 中孚安全技术有限公司 | Method for analyzing malicious program by sandbox |
CN111414616B (en) * | 2020-03-03 | 2023-03-28 | 清华大学深圳国际研究生院 | SGX malicious software detection method and system |
CN112087452B (en) * | 2020-09-09 | 2022-11-15 | 北京元心科技有限公司 | Abnormal behavior detection method and device, electronic equipment and computer storage medium |
CN112765604A (en) * | 2020-12-30 | 2021-05-07 | 上海磐御网络科技有限公司 | Network safety system based on artificial intelligence |
CN112699369A (en) * | 2021-01-12 | 2021-04-23 | 安芯网盾(北京)科技有限公司 | Method and device for detecting abnormal login through stack backtracking |
US11930019B2 (en) | 2021-04-21 | 2024-03-12 | Saudi Arabian Oil Company | Methods and systems for fast-paced dynamic malware analysis |
CN113268734B (en) * | 2021-04-27 | 2023-11-24 | 中国科学院信息工程研究所 | Key host event identification method based on information flow analysis |
CN113438273B (en) * | 2021-05-21 | 2022-08-16 | 中国科学院信息工程研究所 | User-level simulation method and device for application program in Internet of things equipment |
CN113672918A (en) * | 2021-08-04 | 2021-11-19 | 安天科技集团股份有限公司 | Malicious code detection method and device, storage medium and electronic equipment |
CN113468075A (en) * | 2021-08-14 | 2021-10-01 | 康剑萍 | Security testing method and system for server-side software |
CN114077741B (en) * | 2021-11-01 | 2022-12-09 | 清华大学 | Software supply chain safety detection method and device, electronic equipment and storage medium |
CN113918950A (en) * | 2021-12-14 | 2022-01-11 | 成都无糖信息技术有限公司 | Sandbox construction method based on simulation execution |
CN114491509B (en) * | 2022-01-28 | 2024-07-30 | 济南大学 | Malicious program behavior analysis processing method and system based on sandbox |
CN115344834A (en) * | 2022-10-19 | 2022-11-15 | 北京网藤科技有限公司 | Application safe operation method and device, electronic equipment and computer readable medium |
CN116089955B (en) * | 2022-12-01 | 2023-09-26 | 之江实验室 | System call denoising method and device based on windows operating system |
CN117235686B (en) * | 2023-10-30 | 2024-01-30 | 杭州海康威视数字技术股份有限公司 | Data protection method, device and equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101226570A (en) * | 2007-09-05 | 2008-07-23 | 江启煜 | Method for monitoring and eliminating generalized unknown virus |
CN101458630A (en) * | 2008-12-30 | 2009-06-17 | 中国科学院软件研究所 | Self-modifying code identification method based on hardware emulator |
CN101782954A (en) * | 2009-01-20 | 2010-07-21 | 联想(北京)有限公司 | Computer and abnormal progress detection method |
CN102254111A (en) * | 2010-05-17 | 2011-11-23 | 北京知道创宇信息技术有限公司 | Malicious site detection method and device |
CN102521206A (en) * | 2011-12-16 | 2012-06-27 | 天津大学 | Lead optimization method for SVM-RFE (support vector machine-recursive feature elimination) based on ensemble learning thought |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1495616B1 (en) * | 2002-04-17 | 2010-05-05 | Computer Associates Think, Inc. | Detecting and countering malicious code in enterprise networks |
-
2012
- 2012-10-14 CN CN201210408358.9A patent/CN102930210B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101226570A (en) * | 2007-09-05 | 2008-07-23 | 江启煜 | Method for monitoring and eliminating generalized unknown virus |
CN101458630A (en) * | 2008-12-30 | 2009-06-17 | 中国科学院软件研究所 | Self-modifying code identification method based on hardware emulator |
CN101782954A (en) * | 2009-01-20 | 2010-07-21 | 联想(北京)有限公司 | Computer and abnormal progress detection method |
CN102254111A (en) * | 2010-05-17 | 2011-11-23 | 北京知道创宇信息技术有限公司 | Malicious site detection method and device |
CN102521206A (en) * | 2011-12-16 | 2012-06-27 | 天津大学 | Lead optimization method for SVM-RFE (support vector machine-recursive feature elimination) based on ensemble learning thought |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106960154A (en) * | 2017-03-30 | 2017-07-18 | 兴华永恒(北京)科技有限责任公司 | A kind of rogue program dynamic identifying method based on decision-tree model |
Also Published As
Publication number | Publication date |
---|---|
CN102930210A (en) | 2013-02-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102930210B (en) | Rogue program behavior automated analysis, detection and classification system and method | |
Harang et al. | SOREL-20M: A large scale benchmark dataset for malicious PE detection | |
US11481492B2 (en) | Method and system for static behavior-predictive malware detection | |
US9417859B2 (en) | Purity analysis using white list/black list analysis | |
JP6860070B2 (en) | Analytical equipment, log analysis method and analysis program | |
CN103608765B (en) | Virtual machine snapshotting and analysis | |
US20130067445A1 (en) | Determination of Function Purity for Memoization | |
RU91213U1 (en) | SYSTEM OF AUTOMATIC COMPOSITION OF DESCRIPTION AND CLUSTERING OF VARIOUS, INCLUDING AND MALIMENTAL OBJECTS | |
CN101923617A (en) | Cloud-based sample database dynamic maintaining method | |
CN111931179A (en) | Cloud malicious program detection system and method based on deep learning | |
CN113076538B (en) | Method for extracting embedded privacy policy of mobile application APK file | |
CN112688966A (en) | Webshell detection method, device, medium and equipment | |
An et al. | An empirical study of crash-inducing commits in mozilla firefox | |
Vadrevu et al. | Maxs: Scaling malware execution with sequential multi-hypothesis testing | |
CN102446167B (en) | A kind of logic-based template is to the method and apparatus of complex characters string logical process | |
CN114626069A (en) | Threat modeling method and device | |
CN103646213B (en) | The sorting technique of a kind of malice software and device | |
CN111309589A (en) | Code security scanning system and method based on code dynamic analysis | |
CN107885489A (en) | A kind of method and system of quick detection real name registration data index | |
Sali et al. | Ram forensics: The analysis and extraction of malicious processes from memory image using gui based memory forensic toolkit | |
CN113360397A (en) | Regression testing method, device, equipment and storage medium of system function | |
Al-Sharif et al. | Towards the memory forensics of oop execution behavior | |
CN105095047B (en) | A kind of operating system monitoring method and device for extracting first floor system behavioural characteristic | |
CN115203057B (en) | Low code test automation method, device, equipment and storage medium | |
de Silva et al. | Anomaly Detection in Microservice Systems Using Autoencoders |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C53 | Correction of patent for invention or patent application | ||
CB02 | Change of applicant information |
Address after: 210008 No. 12, Yunnan Road, Nanjing, Jiangsu Applicant after: JIANGSU JINLING SCI&TECH GROUP CO., LTD. Address before: 210008 No. 12, Yunnan Road, Nanjing, Jiangsu Applicant before: Jiangsu Jinling Technology Group Corp. |
|
CB03 | Change of inventor or designer information |
Inventor after: Zou Yan Inventor after: Liu Jiangang Inventor after: Miao Qiguang Inventor after: Song Jianfeng Inventor after: Xie Guosheng Inventor after: Cao Ying Inventor after: Huang Youcheng Inventor after: Liu Jiachen Inventor after: Zheng Chunyang Inventor before: Zou Yan Inventor before: Liu Jiangang Inventor before: Miao Qiguang Inventor before: Cao Ying Inventor before: Xie Guosheng Inventor before: Huang Youcheng Inventor before: Liu Jiachen Inventor before: Zheng Chunyang |
|
COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: JIANGSU JINLING SCIENCE + TECHNOLOGY GROUP CORPORATION TO: JIANGSU JINLING SCIENCE + TECHNOLOGY GROUP CO., LTD. Free format text: CORRECT: INVENTOR; FROM: ZOU YAN LIU JIANGANG MIAO QIGUANG CAO YING XIE GUOSHENG HUANG YOUCHENG LIUJIACHEN ZHENG CHUNYANG TO: ZOU YAN LIU JIANGANG MIAO QIGUANG SONG JIANFENG XIE GUOSHENG CAO YING HUANG YOUCHENG LIU JIACHEN ZHENG CHUNYANG |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |