CN103679034B - A kind of computer virus analytic system based on body and feature extracting method thereof - Google Patents
A kind of computer virus analytic system based on body and feature extracting method thereof Download PDFInfo
- Publication number
- CN103679034B CN103679034B CN201310750929.1A CN201310750929A CN103679034B CN 103679034 B CN103679034 B CN 103679034B CN 201310750929 A CN201310750929 A CN 201310750929A CN 103679034 B CN103679034 B CN 103679034B
- Authority
- CN
- China
- Prior art keywords
- virus
- sample
- rule
- computer virus
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
Abstract
A kind of computer virus analytic system based on body and virus characteristic extracting method are provided, it obtains Critical system call and memory information on Pin platform, extract data dependence relation according to existing knowledge and control dependence, structure behavior dependency graph represents the behavioural characteristic describing virus semanteme, set up computer virus main body system with this, realize adaptive feature learning and ontological construction when Virus Sample increases.The present invention finds the relation between virus behavior and instruction by the feature and ontological construction extracting computer virus with making fine granularity, describes computer virus, thus reaches accurate analysis and the object judging computer virus.
Description
Technical field
The invention belongs to computer virus analysis field, be specifically related to a kind of computer virus analytic system based on body and feature extracting method thereof.
Background technology
Computer virus (ComputerVirus) is the destruction computer function that inserts in computer program of organizer or destroys data, affect computing machine use and can one group of computer instruction of self-replacation or program code.Different from " virus " medically, computer virus is not naturally occurring, be some people utilize computer software and hardware intrinsic fragility establishment one group of instruction set or program code.It hides inner at the storage medium (or program) of computing machine by certain approach, be activated when reaching certain condition, by the method for revising other programs, the exact copies of oneself or the form that may develop are put into other programs, thus infect other programs, computer resource is destroyed.
At present, conventional method for detecting virus is feature code method.Feature code method detects the simplest, the method that expense is minimum of known viruse.Its realization gathers known viruse sample, sets up virus database.When Viral diagnosis starts, open detected file, search for hereof, whether check in file containing the virus pattern code in virus database.If find to there is virus pattern code in detected file, due to feature code and viral one_to_one corresponding, just can conclude, be looked in file and suffer from which kind of virus.
Now, computer virus analysis and testing tool are practical, especially by the analysis to Virus Sample, the Computer parallel processing instrument extracting condition code and Virus Sample character.These Computer parallel processing instruments are Using statistics analysis, fuzzy diagnosis and machine learning method, find the eigenwert of sample, combined with virtual machine technology and trigger-initiated scanning technology, detect the existence of condition code.The methods such as the similar and/or secondary detection of these Computer parallel processing tool applications figures, namely with characteristic similarity, family classification is carried out to virus according to similarity between program, wherein there is its obvious characteristic code due to parts of traditional virus and change less, people understand more deep to some morphology of virus, so when condition code obviously or eigenwert can comparatively complete descriptions viral and virus mutation character, virus detection tool is respond well.
But along with intellectual technology development, virus establishment and Viral diagnosis are all two aspects of affairs forever, along with new virus and virus mutation constantly occur, in addition the use of viral deformation technology, not obvious in condition code, or eigenwert can not complete description virus and virus mutation character when, active computer Viral diagnosis easily causes and detects unsuccessfully.
Summary of the invention
In order to solve the problem, the present inventor is for the deficiencies in the prior art, through repeatedly design and researchp, the invention provides a kind of computer virus analytic system based on body and feature extracting method thereof, this invention can reach adapt to virus mutation and comparatively accurate analysis with judge the object of computer virus.
According to a first aspect of the present invention, a kind of computer virus analytic system based on body is provided, it obtains Critical system call and memory information on Pin platform, extract data dependence relation according to existing knowledge and control dependence, structure behavior dependency graph represents the behavioural characteristic describing virus semanteme, set up computer virus main body system with this, realize adaptive feature learning and ontological construction when Virus Sample increases.
Preferably, Pin platform runs the trail file containing Critical system call and memory information that process obtains sample to be detected, according to set up the content of rule base describing typical behaviour, analyze trail file and extract data dependence relation and control dependence.
Further, build digraph and represent the behavioural characteristic describing virus semanteme, and and rule match, draw the performance degree of each rule.
More preferably, with the performance degree of each rule obtained to set up computer virus body, to sample to be tested by Similarity Measure, determine the position of setting in viral ontology knowledge, provide the result of systematic analysis.
Particularly, the computer virus analytic system based on body comprises as lower module:
(1) Pin platform processes module, it uses the program that Pin platform is write to process to computer virus sample, and export as trail file, trail file comprises Critical system call flow process and the memory information of Virus Sample;
(2) have the function rule base module automatically upgraded, its use experience knowledge, by the programming realization means of research computer virus typical behaviour, extraction data dependence relation represents the typical behaviour of known computer virus with controlling dependence;
(3) rule match module, rule match module is analyzed line by line to the sample trace file exported after Pin platform processes, draw whole function of this sample trace file and the order of data and dependence, mate with the rule in rule base, output matching concrete outcome, uses ontology knowledge carry out processing to coupling concrete outcome and classify;
(4) ontology management module, it has structure and query function, and the body set up exists with the form of OWL formatted file; The body set up has the versatility of general body, utilizes known features to known viruse, uses ontology knowledge by prot é g é api manual construction body;
(5) adaptive learning modules of body, for ever-increasing Virus Sample, uses clustering algorithm, adds emerging virus characteristic and viral species in viral ontology knowledge tree;
(6) body similarity computing module, to the Virus Sample providing rule match result, carries out the Similarity Measure of attribute, provides position in viral ontology knowledge tree, draws the net result of virus analysis.
Preferably, ontology management module achieves manual classification, attribute, the interpolation of example or deletion or amendment, and can realize the function of virus inquiry;
According to a second aspect of the present invention, provide a kind of computer virus feature extracting method based on above computer virus analysis system, described computer virus feature extracting method comprises the following steps:
1) rule in rule base module is the description of crucial various typical virus behavior write method, rule in rule base module is coordination between Critical system call and combination, adopts sequence description to represent the logical relation of the appearance order of api function and cause and effect equal with the parameter between each api function;
2) API using Pin to provide writes Pintool to extract operating code characteristic, and export as sample trace file, sample trace file contains the Critical system call arranged chronologically and the memory information of sample;
3) rule match module is lined by line scan to the sample trace file exported after Pin platform processes, neighbouring relations in rule base are expressed as matrix, by the relation in matrix with or without appearance, the digraph in usage data structure represents order and the dependence of critical system function and the data obtained in sample;
4) digraph mates with the rule in rule base, draw with each rule mate form, with represent behavior appearance order and degree, the matching result of all behaviors is recorded in tag file.
Preferably, the API that described use Pin provides writes Pintool to extract operating code characteristic, for using Pin platform processes module to unknown file sample process.
Computer virus analytic system based on body provided by the present invention and virus characteristic extracting method thereof obtain Critical system call, memory information on Pin platform, extract data dependence relation according to existing knowledge and control dependence, structure behavior dependency graph represents the behavioural characteristic describing virus semanteme, set up computer virus main body system with this, realize adaptive feature learning and ontological construction when Virus Sample increases.Thus achieve adaptive feature learning and Ontology Clustering developing algorithm when Virus Sample increases, thus reach adaptation virus mutation, comparatively accurate analysis and the object judging computer virus.
Embodiment
Below in conjunction with the modules in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only a part of embodiment of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.Additionally, protection scope of the present invention only should be limited to following concrete module or design parameter.
Computer virus analytic system based on body comprises as lower module: (1) Pin platform processes module, it uses the program that Pin platform is write to process to computer virus sample, export as trail file, trail file comprises Critical system call flow process, the memory information of Virus Sample.(2) have the function rule base module automatically upgraded, use experience knowledge, by the programming realization means of research computer virus typical behaviour, use extraction data dependence relation represents the typical behaviour of known computer virus with controlling dependence.(3) rule match module, rule match module is analyzed line by line to the sample trace file exported after Pin platform processes, draw whole function of this file and the order of data and dependence, mate with the rule in rule base, output matching concrete outcome, coupling concrete outcome uses ontology knowledge to carry out processing and classifies, and comprises follow-up three modules relevant to body.(4) ontology management module, have structure and query function, the body set up exists with the form of OWL formatted file, and it has the versatility of general body, known features is utilized to known viruse, uses ontology knowledge by prot é g é api manual construction body.Achieve manual classification, attribute, the interpolation of example, delete, the operations such as amendment, realize the function of virus inquiry on this basis.(5) adaptive learning modules of body, for ever-increasing Virus Sample, uses clustering algorithm, adds emerging virus characteristic and viral species in viral ontology knowledge tree.(6) body similarity computing module, to the Virus Sample providing rule match result, carries out the Similarity Measure of attribute, provides position in viral ontology knowledge tree, draws the net result of virus analysis.
Computer virus analytic system virus characteristic extracting method based on body comprises the following steps:
1) rule in rule base module is the description of crucial various typical virus behavior write method, be the coordination between Critical system call and combination, adopt sequence description to represent the logical relation of the appearance order of api function and cause and effect equal with some parameter between each api function.
2) API using Pin to provide writes Pintool to extract operating code characteristic, namely uses Pin platform processes module to unknown file sample process, exports as trail file, contain the Critical system call arranged chronologically, the memory information of sample.
3) rule match module is lined by line scan to the sample trace file exported after Pin platform processes, neighbouring relations in rule base are expressed as matrix, by the relation in matrix with or without appearance, the digraph in usage data structure represents order and the dependence of critical system function and the data obtained in sample.
4) digraph mates with the rule in rule base, draw with each rule mate form, with represent behavior appearance order and degree, the matching result of all behaviors is recorded in tag file.
For making the object, technical solutions and advantages of the present invention clearly, below embodiment of the present invention is described further in detail.
New virus and virus mutation is adapted in order to reach, comparatively accurate analysis and the object judging computer virus, not obvious in condition code, or eigenwert can not complete description virus and virus mutation character when, improve and detect accuracy, embodiments provide a kind of computer virus analytic system based on body and computer virus feature extracting method, described below:
1, Pin platform processes module in this programme, its committed step realized have collected the relevant WinAPI function of virus behavior, writes plug-in mounting function, make Pin can search the efficient function object relevant with virus analysis according to number of parameters and type in its prototype.
Pin is the program inserting platform tools that Intel Company provides, and support Linux and the Windows executable program on IA-32, Intel (R) 64 and IA64 framework, network address is pintool.org/.Pin, by the arbitrary code write at C or C++ of insertion Anywhere of executable program, makes it possible to Pin to be attached in process.Pin is performed concrete plug-in mounting task and need be realized by definition Pintool.
This module uses the API that provides of Pin to write Pintool to realize and extract operating viral code feature, comprises writing step below:
1) initialization: first call PIN_InitSymbols, calls PIN_Init initialization Pin system afterwards.Open output file stream, export in order to subsequent result.
2) registered callbacks function: use IMG_AddInstrumentFunction to register self-defined call back function, to by the function list relevant with virus behavior collected in this method, search and obtain efficient function object, carry out instrumentation operations, plug-in mounting function is for writing according to number of parameters and type in WinAPI function prototype.
3) use Pin_StartProgram () to start by the code of plug-in mounting, output to destination file.
Pin instrument itself provides service manual, and its conventional using method is that those skilled in the art user is known, and the embodiment of the present invention does not repeat them here.
2, have the function rule base module automatically upgraded, use experience knowledge, by the programming realization means of research computer virus typical behaviour, use extraction data dependence relation represents the typical behaviour of known computer virus with controlling dependence.Rule is the description of crucial various typical virus behavior write method, is the coordination between Critical system call and combination, adopts sequence description to represent the logical relation of the appearance order of api function and cause and effect equal with some parameter between each api function.
If a fairly large number of sample is in the processing procedure of following step 3, repeatedly occur new API combination, according to its well-regulated significance level of distance and distance, setting threshold value, makes new behavior be increased in rule base.
3, rule match module is lined by line scan to the sample trace file exported after Pin platform processes, neighbouring relations in rule base are expressed as matrix, by the relation in matrix with or without appearance, the digraph in usage data structure represents order and the dependence of critical system function and the data obtained in sample.Digraph mates with the rule in rule base, expression sequence namely in (2), draw with each rule mate form, to represent appearance order and the degree of behavior, the matching result of all behaviors is recorded in tag file, export as tag file, Output rusults re-uses ontology knowledge to carry out processing and classifies, and comprises follow-up three modules relevant to body.
Three modules relevant to body are ontology management module respectively, body adaptive learning modules and body similarity computing module.These modules are all under netbeans platform, adopt java language to write, devise following algorithm to the calculating carrying out similarity degree, carry out the manipulation to body, realize the structure of body by prot é g é api, inquiry and management.
4, ontology management module, has structure and query function, and the body set up exists with the form of OWL formatted file, and it has the versatility of general body, utilizes known features to known viruse, uses ontology knowledge by prot é g é api manual construction body.Achieve manual classification, attribute, the interpolation of example, delete, the operations such as amendment, realize the function of viral knowledge query on this basis.
Virus inquiry inquiry inquire about for certain concrete viral knowledge, mainly through keyword query, use key word kind for name keys and function key word.
1) when key word is Virus Name, compare with the Virus Name of the key word obtained and viral knowledge tree, the virus needed for acquisition, and the father node of display virus, the details such as child node and attribute.
2) when key word is function title, compare by the object properties in the key word obtained and viral ontology knowledge tree and data attribute, the display Property Name that inquires to obtain, and enrich query contents by showing itself domain and range.
By above-mentioned steps, can inquire about the viral knowledge existed in body according to demand.
5, the adaptive learning modules of body, for ever-increasing Virus Sample, use clustering algorithm, emerging virus characteristic and viral species is added in viral ontology knowledge tree, make viral body more perfect, mainly contain two kinds of disposal routes below: in class, example produces obvious cluster phenomenon, and the generation of new class is described; The distance of the example that different classes (between brother) comprises diminishes, then cluster again, may produce new class.The adaptive learning algorithm key step of designed viral body is as follows:
Setting threshold value s, a, b.
2) when the example in a certain class reaches certain quantity s, cluster is carried out to these examples, calculate the distance of cluster centre, when being greater than a in the presence of distance, then these examples are divided, and add new virus taxis in tree.
3) similarity degree between example that adjacent two classes (between the brotgher of node) comprise is calculated, if similarity degree is greater than threshold value b, and the similarity degree between the example being greater than original place class, then readjust the position of example, produce new class.
6, body similarity computing module, to the Viral diagnosis sample providing rule match result, carries out the Similarity Measure of attribute, provides position in viral ontology knowledge tree, draws the net result of virus analysis.
Wherein use the similarity calculating method of sample and viral attribute.First virus have thickness granularity behavioural characteristic, and next has had the API sequence that its needs of current behavioural characteristic call.According to existing knowledge, typical case's virus is set up to the behavioural characteristic tree of the content such as API comprising level between behavior, logic, sequential relationship and behavior.The upper layer node of characteristics tree is coarsegrain behavior, child node be composition father node small grain size behavior, leaf node is the API method called for completing this behavior, have between leaf node and between child node with or relation, call the sequential relationships such as order.By the rule match result of unknown sample, according to regular sequential relationship and API information, set up sample characteristics tree, the level of coverage of comparative sample characteristics tree in virus characteristic tree, calculate the similarity degree that sample characteristics tree is set with virus characteristic, described concrete steps are as follows:
Setting integer m and n, represents same node point number and different node number respectively.
Begin from root node, adopt depth-first traversal algorithm, two nodes at every turn compared are on the same position of tree, and only have one tree to exist for a certain node, be then considered as different node, n adds 1.Namely the value of father node is identical, and the degree of depth is identical, compares the value of two nodes, and difference then n adds 1.If identical, then turn (3).
To the child node of two nodes, inspection nodal value equal, compare sequential relationship, checking computations with or relation, if all identical, then m adds 1; Otherwise, n+1.
Show that both similarities are Sim (V
1, V
2)=m/ (m+n) (V
1for sample to be tested, V
2for virus).
Complete comparing all virus in viral ontology knowledge tree and new samples by above-mentioned steps, obtain one group of similarity, determine the position that maximum similarity is set at viral body, provide classification results and determine feature.
In sum, embodiments provide a kind of computer virus analytic system based on body and computer virus feature extracting method, the present invention runs the trail file containing Critical system call and memory information that process obtains sample to be detected on Pin platform, according to set up the content of rule base describing typical behaviour, analyze trail file extract data dependence relation and control dependence, build digraph and represent the behavioural characteristic describing virus semanteme, and and rule match, draw the performance degree of each rule, computer virus body is set up equally with this, Similarity Measure is passed through to sample to be tested, determine the position of setting in viral ontology knowledge, provide the result of systematic analysis.Achieve adaptive feature learning and Ontology Clustering developing algorithm when Virus Sample increases, thus reach adaptation virus mutation, comparatively accurate analysis and the object judging computer virus.
The above; be only the present invention's preferably embodiment, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.This area those skilled in the art are appreciated that when not deviating from the spirit and scope of the present invention of claims definition, can make various amendment in form and details.
Claims (7)
1. the computer virus analytic system based on body, it is characterized in that, Pin platform obtains Critical system call and memory information, extract data dependence relation according to existing knowledge and control dependence, structure behavior dependency graph represents the behavioural characteristic describing virus semanteme, set up computer virus main body system with this, realize adaptive feature learning and ontological construction when Virus Sample increases;
Computer virus analytic system based on body comprises as lower module:
(1) Pin platform processes module, it uses the program that Pin platform is write to process to computer virus sample, and export as trail file, trail file comprises Critical system call flow process and the memory information of Virus Sample;
(2) there is the function rule base module automatically upgraded, its use experience knowledge, by the programming realization means of research computer virus typical behaviour, extraction data dependence relation is used to represent the typical behaviour of known computer virus with control dependence;
(3) rule match module, rule match module is analyzed line by line to the sample trace file exported after Pin platform processes, draw whole function of this sample trace file and the order of data and dependence, mate with the rule in rule base, output matching concrete outcome, uses ontology knowledge carry out processing to coupling concrete outcome and classify;
(4) ontology management module, it has structure and query function, and the body set up exists with the form of OWL formatted file; The body set up has the versatility of general body, utilizes known features to known viruse, uses ontology knowledge by prot é g é api manual construction body;
(5) adaptive learning modules of body, for ever-increasing Virus Sample, uses clustering algorithm, adds emerging virus characteristic and viral species in viral ontology knowledge tree;
(6) body similarity computing module, to the Virus Sample providing rule match result, carries out the Similarity Measure of attribute, provides position in viral ontology knowledge tree, draws the net result of virus analysis.
2. the computer virus analytic system based on body according to claim 1, it is characterized in that, Pin platform runs the trail file containing Critical system call and memory information that process obtains sample to be detected, according to set up the content of rule base describing typical behaviour, analyze trail file and extract data dependence relation and control dependence.
3. the computer virus analytic system based on body according to claim 1 and 2, is characterized in that, builds digraph and represents the behavioural characteristic describing virus semanteme, and and rule match, draw the performance degree of each rule.
4. the computer virus analytic system based on body according to claim 3, it is characterized in that, with the performance degree of each rule obtained to set up computer virus body, Similarity Measure is passed through to sample to be tested, determine the position of setting in viral ontology knowledge, provide the result of systematic analysis.
5. the computer virus analytic system based on body according to claim 4, is characterized in that, ontology management module achieves manual classification, attribute, the interpolation of example or deletion or amendment, and can realize the function of virus inquiry.
6., based on a computer virus feature extracting method for the computer virus analytic system described in claim 1-5 any one, described computer virus feature extracting method comprises the following steps:
1) rule in rule base module is the description of crucial various typical virus behavior write method, rule in rule base module is coordination between Critical system call and combination, adopts sequence description to represent the logical relation of the appearance order of api function and cause and effect equal with the parameter between each api function;
2) API using Pin to provide writes Pintool to extract operating code characteristic, and export as sample trace file, sample trace file contains the Critical system call arranged chronologically and the memory information of sample;
3) rule match module is lined by line scan to the sample trace file exported after Pin platform processes, neighbouring relations in rule base are expressed as matrix, by the relation in matrix with or without appearance, the digraph in usage data structure represents order and the dependence of critical system function and the data obtained in sample;
4) digraph mates with the rule in rule base, draw with each rule mate form, to represent appearance and the degree of behavior, the matching result of all behaviors is recorded in tag file.
7. computer virus feature extracting method according to claim 6, is characterized in that, the API that described use Pin provides writes Pintool to extract operating code characteristic, for using Pin Platform Analysis module to unknown file sample process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310750929.1A CN103679034B (en) | 2013-12-26 | 2013-12-26 | A kind of computer virus analytic system based on body and feature extracting method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310750929.1A CN103679034B (en) | 2013-12-26 | 2013-12-26 | A kind of computer virus analytic system based on body and feature extracting method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103679034A CN103679034A (en) | 2014-03-26 |
CN103679034B true CN103679034B (en) | 2016-04-13 |
Family
ID=50316544
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310750929.1A Expired - Fee Related CN103679034B (en) | 2013-12-26 | 2013-12-26 | A kind of computer virus analytic system based on body and feature extracting method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103679034B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6201792B2 (en) * | 2014-02-06 | 2017-09-27 | 富士ゼロックス株式会社 | Information processing apparatus and information processing program |
CN105740711B (en) * | 2016-01-29 | 2018-08-31 | 哈尔滨工业大学深圳研究生院 | A kind of malicious code detecting method and system based on kernel objects behavior ontology |
CN107038380B (en) * | 2017-04-14 | 2019-07-05 | 华中科技大学 | A kind of leak detection method and system based on performance of program tree |
US10333961B2 (en) * | 2017-06-27 | 2019-06-25 | Intel Corporation | Malware detection system attack prevention |
CN111143848A (en) * | 2019-12-31 | 2020-05-12 | 成都科来软件有限公司 | System for recording sample behaviors and formulating virus rules |
CN112767135B (en) * | 2021-01-26 | 2024-02-27 | 北京水滴科技集团有限公司 | Configuration method and device of rule engine, storage medium and computer equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101162485A (en) * | 2006-10-11 | 2008-04-16 | 飞塔信息科技(北京)有限公司 | Method and system for processing computer malicious code |
CN101853200A (en) * | 2010-05-07 | 2010-10-06 | 北京大学 | High-efficiency dynamic software vulnerability exploiting method |
CN103440201A (en) * | 2013-09-05 | 2013-12-11 | 北京邮电大学 | Dynamic taint analysis device and application thereof to document format reverse analysis |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103078864B (en) * | 2010-08-18 | 2015-11-25 | 北京奇虎科技有限公司 | A kind of Initiative Defense Ile repair method based on cloud security |
US8782791B2 (en) * | 2010-12-01 | 2014-07-15 | Symantec Corporation | Computer virus detection systems and methods |
-
2013
- 2013-12-26 CN CN201310750929.1A patent/CN103679034B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101162485A (en) * | 2006-10-11 | 2008-04-16 | 飞塔信息科技(北京)有限公司 | Method and system for processing computer malicious code |
CN101853200A (en) * | 2010-05-07 | 2010-10-06 | 北京大学 | High-efficiency dynamic software vulnerability exploiting method |
CN103440201A (en) * | 2013-09-05 | 2013-12-11 | 北京邮电大学 | Dynamic taint analysis device and application thereof to document format reverse analysis |
Also Published As
Publication number | Publication date |
---|---|
CN103679034A (en) | 2014-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jia et al. | A practical approach to constructing a knowledge graph for cybersecurity | |
CN109697162B (en) | Software defect automatic detection method based on open source code library | |
Bedi et al. | Community detection in social networks | |
Ren et al. | Label noise reduction in entity typing by heterogeneous partial-label embedding | |
CN103679034B (en) | A kind of computer virus analytic system based on body and feature extracting method thereof | |
US20230195728A1 (en) | Column lineage and metadata propagation | |
Carlin et al. | The effects of traditional anti-virus labels on malware detection using dynamic runtime opcodes | |
Wisse et al. | Scripting dna: Identifying the javascript programmer | |
CN108491228A (en) | A kind of binary vulnerability Code Clones detection method and system | |
Ranu et al. | Mining discriminative subgraphs from global-state networks | |
Wang et al. | Chinese hypernym-hyponym extraction from user generated categories | |
Cao et al. | FTCLNet: Convolutional LSTM with Fourier transform for vulnerability detection | |
Keim et al. | Trace link recovery for software architecture documentation | |
Shang et al. | A framework to construct knowledge base for cyber security | |
Liu et al. | Functions-based CFG embedding for malware homology analysis | |
Tian et al. | Enhancing vulnerability detection via AST decomposition and neural sub-tree encoding | |
Sirsat et al. | Mining knowledge from text repositories using information extraction: A review | |
Zou et al. | SCVD: A new semantics-based approach for cloned vulnerable code detection | |
Sánchez-Charles et al. | Process model comparison based on cophenetic distance | |
CN110502669A (en) | The unsupervised chart dendrography learning method of lightweight and device based on the side N DFS subgraph | |
Zhao et al. | Missing RDF triples detection and correction in knowledge graphs | |
Shemirani et al. | Selecting Clustering Algorithms for IBD Mapping | |
Song et al. | New trending events detection based on the multi-representation index tree clustering | |
Punyamurthula | Dynamic model generation and semantic search for open source projects using big data analytics | |
Boerstra et al. | Stronger Together: On Combining Relationships in Architectural Recovery Approaches |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160413 |