CN104077527A - Method and device for generating virus detection machine and method and device for virus detection - Google Patents
Method and device for generating virus detection machine and method and device for virus detection Download PDFInfo
- Publication number
- CN104077527A CN104077527A CN201410281468.2A CN201410281468A CN104077527A CN 104077527 A CN104077527 A CN 104077527A CN 201410281468 A CN201410281468 A CN 201410281468A CN 104077527 A CN104077527 A CN 104077527A
- Authority
- CN
- China
- Prior art keywords
- virus
- virus sample
- sample
- infection
- detection machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
Abstract
The invention discloses a method and device for generating a virus detection machine and a method and device for virus detection. The method for generating the virus detection machine comprises the steps of obtaining a plurality of normal files, infecting the normal files through virus samples so as to generate a plurality of infected files; obtaining behavior characteristics during the virus sample running, obtaining classification results of the virus samples according to the behavior characteristics, the normal files and the infected files; obtaining virus type characteristics corresponding to the virus samples according to the classification results; and generating the virus detection machine according to the virus type characteristics. The method for generating the virus detection machine improves virus detection accuracy and reduces virus detection work complexity.
Description
Technical field
The present invention relates to network security technology field, particularly a kind of generation method of viral detection machine and generating apparatus and method for detecting virus and pick-up unit.
Background technology
Along with the development of computer technology, the kind of computer virus is also more and more.For infection type virus, generally all there are some versatility features, for example, section attribute such as can write at the feature.Therefore,, in the detection of infection type virus, can use these versatility features to judge the whether infected type virus infections of file destination.
Particularly, first, need to carry out the analysis of a large amount of infection type Virus Samples, to extract the versatility feature of these infection type Virus Samples, and utilize versatility feature to formulate the detection rule of computer virus according to tester's experience.Then, carry out the analysis of file destination, to extract the feature in this file destination.Finally, whether the feature that detects this file destination meets established detection rule, thereby judges that whether this file destination is infected.
But the problem that at present technology exists is, the required workload of the analysis of a large amount of infection type Virus Samples is larger, and the accuracy of the detection rule of formulating according to tester's experience is lower, to detect error larger.
Summary of the invention
The present invention is intended to solve at least to a certain extent one of above-mentioned technical matters of the prior art.For this reason, one object of the present invention is to propose the virus detection machine that a kind of accuracy in detection is higher, testing amount is less and generates method and apparatus and method for detecting virus and device.
The first aspect of the embodiment of the present invention proposes a kind of generation method of viral detection machine, comprising: obtain multiple normal files, and infect the plurality of normal file to generate multiple infected files by Virus Sample; Behavioural characteristic while obtaining the operation of this Virus Sample, and according to the behavior feature, the plurality of normal file and the classification results of the plurality of infected this Virus Sample of file acquisition; Obtain according to this classification results the Virus Type feature that this Virus Sample is corresponding; And generate viral detection machine according to this Virus Type feature.
In an embodiment of the present invention, behavioural characteristic while operation by obtaining Virus Sample, and according to the behavior feature Virus Sample is classified, and extract the Virus Type feature that this Virus Sample is corresponding and then generate final virus according to classification results and detect machine, the virus of having avoided rule of thumb laying down a regulation detects rule, and uses viral detection machine replacement manually to complete viral testing.Therefore, improve the accuracy of viral detection, and reduced the complexity of viral testing.
In a specific embodiment of the present invention, according to the behavior feature, the plurality of normal file and the classification results of the plurality of infected this Virus Sample of file acquisition specifically comprise: the plurality of normal file is contrasted with corresponding the plurality of infected file respectively, and obtains this comparing result; Behavior feature while obtaining this Virus Sample operation according to this comparing result; And according to the behavior feature of this Virus Sample, this Virus Sample is classified to obtain to the classification results of this Virus Sample.
In one embodiment of the invention, this is according to the behavior feature of this Virus Sample, the classification results of this Virus Sample being classified to obtain to this Virus Sample specifically comprises: according to the behavior feature of this Virus Sample, this Virus Sample is categorized as to infection type Virus Sample and non-infection type Virus Sample, wherein, if the importing function numbers of this non-infection type Virus Sample is less than default importing function numbers threshold value, this non-infection type Virus Sample is categorized as to non-infection and adds shell mould Virus Sample; If this importing function numbers of this non-infection type Virus Sample is more than or equal to this default importing function numbers threshold value, this non-infection type Virus Sample is categorized as to the non-shell mould Virus Sample that adds of non-infection; If the entrance of the entrance of this infected file that this infection type Virus Sample the is corresponding normal file corresponding from this infected file is different, this infection type Virus Sample is categorized as to the infection type Virus Sample of amendment entrance; And if the entrance of the entrance of this infected file corresponding to this infection type Virus Sample normal file corresponding with this infected file is identical, this infection type Virus Sample is categorized as to the infection type Virus Sample of not revising entrance.
In a specific embodiment of the present invention, this obtains according to this classification results the Virus Type feature that this Virus Sample is corresponding and specifically comprises: from default infection type characteristic set, extract this corresponding Virus Type feature according to this classification results.
In a specific embodiment of the present invention, this generates viral measuring tool body according to this Virus Type feature and comprises: use machine learning machine to load this Virus Type feature to generate initial viral detection machine; Use this initial viral detection machine to detect multiple infected sample files, and calculate the quantity of correct testing result, wherein, if the quantity of this correct testing result is greater than verification and measurement ratio threshold value, using this initial viral detection machine as final viral detection machine; And if the correct quantity of this testing result is less than or equal to this verification and measurement ratio threshold value, this initial viral detection machine is adjusted to generate final viral detection machine.
In a specific embodiment of the present invention, this initial viral detection machine is adjusted to generate final viral detection machine and is also comprised: increase the quantity of this Virus Type feature that this initial viral detection machine loads, until the correct quantity of this testing result is more than or equal to this verification and measurement ratio threshold value.
Preferably, in one embodiment of the invention, this machine learning machine is that support vector machine, neural network or Karma Ka-Ka compose algorithm.
The second aspect of the embodiment of the present invention proposes a kind of generating apparatus of viral detection machine, comprise: infected file generating module, this infected file generating module is used for obtaining multiple normal files, and infects the plurality of normal file to generate multiple infected files by Virus Sample; Classification results acquisition module, the behavioural characteristic of this classification results acquisition module when obtaining the operation of this Virus Sample, and according to the behavior feature, the plurality of normal file and the classification results of the plurality of infected this Virus Sample of file acquisition; Virus Type characteristic module, this Virus Type characteristic module is for obtaining according to this classification results the Virus Type feature that this Virus Sample is corresponding; And viral detection machine generation module, this virus detects machine generation module for generating viral detection machine according to this Virus Type feature.
In an embodiment of the present invention, behavioural characteristic while operation by obtaining Virus Sample, and according to the behavior feature Virus Sample is classified, and extract the Virus Type feature that this Virus Sample is corresponding and then generate final virus according to classification results and detect machine, the virus of having avoided rule of thumb laying down a regulation detects rule, and uses viral detection machine replacement manually to complete viral testing.Therefore, improve the accuracy of viral detection, and reduced the complexity of viral testing.
In a specific embodiment of the present invention, this classification results acquisition module specifically comprises: file contrast submodule, this file contrast submodule is used for the plurality of normal file to contrast with corresponding the plurality of infected file respectively, and obtains this comparing result; Behavioural characteristic is obtained submodule, the behavior feature obtain the behavior feature of submodule when obtain the operation of this Virus Sample according to this comparing result; And classification results obtains submodule, this classification results obtains submodule for according to the behavior feature of this Virus Sample, this Virus Sample is classified to obtain to the classification results of this Virus Sample.
In a specific embodiment of the present invention, this classification results obtains submodule and specifically comprises: preliminary classification submodule, this preliminary classification submodule, for according to the behavior feature of this Virus Sample, is categorized as infection type Virus Sample and non-infection type Virus Sample by this Virus Sample; Subclassificatio submodule, this subclassificatio submodule is used for according to the behavior feature of this Virus Sample, this infection type Virus Sample and this non-infection type Virus Sample are carried out to subclassificatio, wherein, this subclassificatio specifically comprises: if the importing function numbers of this non-infection type Virus Sample is less than default importing function numbers threshold value, this non-infection type Virus Sample is categorized as to non-infection and adds shell mould Virus Sample; If this importing function numbers of this non-infection type Virus Sample is more than or equal to this default importing function numbers threshold value, this non-infection type Virus Sample is categorized as to the non-shell mould Virus Sample that adds of non-infection; If the entrance of the entrance of this infected file that this infection type Virus Sample the is corresponding normal file corresponding from this infected file is different, this infection type Virus Sample is categorized as to the infection type Virus Sample of amendment entrance; And if the entrance of the entrance of this infected file corresponding to this infection type Virus Sample normal file corresponding with this infected file is identical, this infection type Virus Sample is categorized as to the infection type Virus Sample of not revising entrance.
In a specific embodiment of the present invention, this Virus Type characteristic module specifically comprises: infection type characteristic set is preset submodule, and the default submodule of this infection type characteristic set is for generating default infection type characteristic set according to multiple infection type features; And Virus Type feature extraction submodule, this Virus Type feature extraction submodule is for extracting this corresponding Virus Type feature according to this classification results from this default infection type characteristic set.
In a specific embodiment of the present invention, this virus detects machine generation module and specifically comprises: machine learning machine, and this machine learning machine is used for loading this Virus Type feature to generate initial viral detection machine; Testing result statistics submodule, this detection machine syndrome module is used for using this initial viral detection machine to detect multiple infected sample files, and calculates the quantity of correct testing result; And the machine of detection syndrome module, this detection machine syndrome module, for according to the correct quantity of this testing result and this verification and measurement ratio threshold value, adjusts to generate final viral detection machine to this initial viral detection machine.
In a preferred embodiment of the invention, this virus detect machine generation module specifically for the quantity of this Virus Type feature of increasing this initial viral detection machine and loading until the correct quantity of this testing result is more than or equal to this verification and measurement ratio threshold value.
Preferably, in one embodiment of the invention, this machine learning machine is that support vector machine, neural network or Karma Ka-Ka compose algorithm.
The third aspect of the embodiment of the present invention proposes a kind of method for detecting virus, comprising: obtain multiple normal files, and infect the plurality of normal file to generate multiple infected files by Virus Sample; Behavioural characteristic while obtaining the operation of this Virus Sample, and according to the behavior feature, the plurality of normal file and the classification results of the plurality of infected this Virus Sample of file acquisition; Obtain according to this classification results the Virus Type feature that this Virus Sample is corresponding; And according to this Virus Type feature, file destination is carried out to virus and detect.
The fourth aspect of the embodiment of the present invention proposes a kind of viral pick-up unit, comprise: infected file generating module, this infected file generating module is used for obtaining multiple normal files, and infects the plurality of normal file to generate multiple infected files by Virus Sample; Classification results acquisition module, the behavioural characteristic of this classification results acquisition module when obtaining the operation of this Virus Sample, and according to the behavior feature, the plurality of normal file and the classification results of the plurality of infected this Virus Sample of file acquisition; Virus Type characteristic module, this Virus Type characteristic module is for obtaining according to this classification results the Virus Type feature that this Virus Sample is corresponding; And viral detection module, this virus detects machine generation module and detects for carry out virus according to this Virus Type feature.
Brief description of the drawings
Fig. 1 is the process flow diagram that detects the generation method of machine according to the virus of the embodiment of the present invention;
Fig. 2 is the process flow diagram that detects the Virus Sample classification of the generation method of machine according to the virus of the embodiment of the present invention;
Fig. 3 is the schematic diagram that detects the Virus Sample classification of the generation method of machine according to the virus of the embodiment of the present invention;
Fig. 4 is the structural representation that detects the generating apparatus of machine according to the virus of the embodiment of the present invention;
Fig. 5 is the schematic flow sheet that extracts Virus Type feature according to the virus detection machine of the embodiment of the present invention; And
Fig. 6 is according to the process flow diagram of the method for detecting virus of the embodiment of the present invention.
Embodiment
Describe embodiments of the invention below in detail, the example of embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has the element of identical or similar functions from start to finish.Be exemplary below by the embodiment being described with reference to the drawings, be intended to for explaining the present invention, and can not be interpreted as limitation of the present invention.
In the application's description, the implication of " multiple " is two or more, unless otherwise expressly limited specifically.In addition, for the ordinary skill in the art, can understand as the case may be above-mentioned term concrete meaning in this application.
Generation method and generating apparatus and method for detecting virus and pick-up unit that the virus proposing according to the embodiment of the present application detects machine are described with reference to the accompanying drawings.
Fig. 1 is the process flow diagram that detects the generation method of machine according to the virus of the embodiment of the present invention.
As shown in Figure 1, in one embodiment of the invention, the generation method of viral detection machine comprises:
S101, obtains multiple normal files, and infects multiple normal files to generate multiple infected files by Virus Sample.In a specific embodiment of the present invention, by multiple normal files
S102, the behavioural characteristic while obtaining Virus Sample operation, and according to the classification results of behavioural characteristic, multiple normal file and multiple infected file acquisition Virus Samples.Particularly, behavioural characteristic when this Virus Sample operation comprises: readability, writability and the enforceability of the attribute of place, the entrance joint of amendment Portable executable file (Portable Executable file, abbreviation PE file); Place, the entrance joint of PE file is revised as to resource joint; Place, the entrance joint of PE file is revised as to last joint; The code of the entrance to PE file is obscured distortion; In the code of the porch of PE file, add across joint and jump; Between the gap of each joint of PE file, insert viral code; PE file is carried out to extra supernumerary segment; The section attribute of amendment PE file; And the resource joint of amendment PE file or readability, writability and the enforceability of data section.
Fig. 2 is the process flow diagram that detects the Virus Sample classification of the generation method of machine according to the virus of the embodiment of the present invention.Particularly, as shown in Figure 2, step S102 comprises:
S1021, contrasts the plurality of normal file respectively, and obtains this comparing result with corresponding the plurality of infected file.
S1022, the behavior feature while obtaining this Virus Sample operation according to this comparing result.
S1023, and according to the behavior feature of this Virus Sample, this Virus Sample is classified to obtain to the classification results of this Virus Sample.
Fig. 3 is the schematic diagram that detects the Virus Sample b classification of the generation method of machine according to the virus of the embodiment of the present invention.
As shown in Figure 3, step S1023 specifically comprises: according to the behavior feature e of this Virus Sample b, this Virus Sample b is categorized as to non-infection type Virus Sample b1 and infection type Virus Sample b2, wherein, if the importing function numbers m of this non-infection type Virus Sample b1 is less than default importing function numbers threshold value, this non-infection type Virus Sample b1 is categorized as to non-infection and adds shell mould Virus Sample b101; If this importing function numbers m of this non-infection type Virus Sample b1 is more than or equal to this default importing function numbers threshold value, this non-infection type Virus Sample b1 is categorized as to the non-shell mould Virus Sample b102 that adds of non-infection; If the entrance n of the normal file a that the entrance n of this infected file c that this infection type Virus Sample b2 is corresponding is corresponding from this infected file c is different, this infection type Virus Sample b2 is categorized as to the infection type Virus Sample b201 of amendment entrance; And if the entrance n of the entrance n of this infected file c corresponding to this infection type Virus Sample b2 normal file a corresponding with this infected file c is identical, this infection type Virus Sample b2 is categorized as to the infection type Virus Sample b202 that does not revise entrance.
S103, obtains according to classification results the Virus Type feature that Virus Sample is corresponding.In specific embodiments of the invention, Virus Type feature extracts from default infection type characteristic set according to classification results.
As shown in Figure 3, in a specific embodiment of the present invention, the code that obtains this virus text according to this Virus Type feature specifically comprises:
(1) the non-feature code obtain manner that adds shell mould Virus Sample of non-infection.Walk around compiler character string from non-infection is non-adding shell mould Virus Sample entrance, extract one or more snippets character string and record the positional information of this character string, using the positional information of this character string and this character string as the non-feature code that adds shell mould Virus Sample of non-infection.
(2) non-infection adds the feature code obtain manner of shell mould Virus Sample.Extract from the extracting position of setting one or more snippets character string that non-infection adds shell mould Virus Sample, this character string is carried out to hash calculating, add the feature code of shell mould Virus Sample using carrying out character string after hash calculating as non-infection.
(3) the feature code obtain manner of the infection type Virus Sample of amendment entrance.Obtain after the multiple infected file that infects of infection type Virus Sample of amendment entrance, contrast the character string behind the entrance of these infected files, and utilize Similarity algorithm to calculate the similarity of the character string of these infected files, extract the same section of character string that similarity is greater than default threshold value as common characters string.Be greater than the different piece of the character string of default threshold value by asterisk wildcard replacement similarity, using this common characters string and the feature code of this asterisk wildcard as the infection type Virus Sample of amendment entrance.
(4) do not revise the feature code obtain manner of the infection type virus of entrance.Contrast normal file and the corresponding metainfective infected file of the infection type Virus Sample of not revised entrance, utilize Similarity algorithm to calculate in this infected file the similarity of the character string increasing than normal file, and extract the same section of character string that similarity is greater than default threshold value as common characters string.Replace similarity with asterisk wildcard and be greater than the different piece of the character string of the threshold value of setting, and this common characters string and this asterisk wildcard are not revised to the condition code of the infection type Virus Sample of entrance as this.
S104, generates viral detection machine according to Virus Type feature.
Particularly, in an embodiment of the present invention, step S104 comprises: use machine learning machine to load this Virus Type feature to generate initial viral detection machine; Use this initial viral detection machine to detect multiple infected sample files, and calculate the quantity of correct testing result, wherein, if the quantity of this correct testing result is greater than verification and measurement ratio threshold value, using this initial viral detection machine as final viral detection machine; And if the correct quantity of this testing result is less than or equal to this verification and measurement ratio threshold value, this initial viral detection machine is adjusted to generate final viral detection machine.
In a specific embodiment of the present invention, first using support vector machine (is Support Vector Machine, be called for short SVM) (set of infection type virus characteristic and normal file characteristic set) in the characteristic set of known training carried out to statistical study, to obtain the difference between normal file characteristic set and infection type virus document characteristic set, and this difference is recorded in training file.In an embodiment of the present invention, support vector machine study black and white sample, i.e. infected paper sample and normal file sample, to obtain the difference situation between virus document and normal file.Then, use multiple normal files and corresponding infected file to predict test to the support vector machine that has loaded Virus Type feature, detect the wrong report of this support vector machine and fail to report situation, and the quantity of the testing result of statistical correction.Afterwards, according to default verification and measurement ratio threshold value, if the quantity of correct testing result is less than verification and measurement ratio threshold value, suitably adjust the Virus Type feature that this support vector machine loads, and the wrong report that again detects this support vector machine fails to report situation, until the quantity of correct testing result is more than or equal to default verification and measurement ratio threshold value.If Virus Type has too much affected the efficiency of viral detection, using Principal Component Analysis Algorithm (is Principal Component Analysis algorithm, be called for short PCA algorithm) simplify the quantity of Virus Type feature, and then improve the efficiency that virus detects.Particularly, delete the not high Virus Type feature of discrimination, increase the high Virus Type feature of discrimination, meet expected results until the testing result of support vector machine is failed to report the situation of wrong report, the quantity of correct testing result is more than or equal to default verification and measurement ratio threshold value.Finally, the support vector machine of adjusting is carried out to viral testing as final virus detection machine.
In an embodiment of the present invention, behavioural characteristic while operation by obtaining Virus Sample, and according to the behavior feature Virus Sample is classified, and extract the Virus Type feature that this Virus Sample is corresponding and then generate final virus according to classification results and detect machine, the virus of having avoided rule of thumb laying down a regulation detects rule, and uses viral detection machine replacement manually to complete viral testing.Therefore, improve the accuracy of viral detection, and reduced the complexity of viral testing.
Fig. 4 is the structural representation that detects the generating apparatus of machine according to the virus of the embodiment of the present invention.
As shown in Figure 4, in one embodiment of the invention, the generating apparatus of viral detection machine, comprising: infected file generating module 10, classification results acquisition module 20, Virus Type characteristic module 30 and viral detection machine generation module 40.Wherein, this infected file generating module 10 is for obtaining multiple normal file a, and infects the plurality of normal file a to generate multiple infected file c by Virus Sample b.This classification results acquisition module 20 is for obtaining this Virus Sample b behavioural characteristic e in when operation, and obtains the classification results f of this Virus Sample b according to behavior feature e, the plurality of normal file a and the plurality of infected file c.This Virus Type characteristic module 30 is for obtaining the Virus Type feature h that this Virus Sample b is corresponding according to this classification results f.This virus detects machine generation module 40 for generating viral detection machine l according to this Virus Type feature h.
In an embodiment of the present invention, behavioural characteristic while operation by obtaining Virus Sample, and according to the behavior feature Virus Sample is classified, and extract the Virus Type feature that this Virus Sample is corresponding and then generate final virus according to classification results and detect machine, the virus of having avoided rule of thumb laying down a regulation detects rule, and uses viral detection machine replacement manually to complete viral testing.Therefore, improve the accuracy of viral detection, and reduced the complexity of viral testing.
As shown in Figure 4, in a specific embodiment of the present invention, this classification results acquisition module 20 specifically comprises: file contrasts submodule 201, behavioural characteristic obtains submodule 202 and classification results obtains submodule 203.Wherein, this file contrasts submodule 201 for the plurality of normal file a is contrasted with corresponding the plurality of infected file c respectively, and obtains this comparing result d.The behavior, feature obtained submodule 202 for obtain this Virus Sample b behavior feature e in when operation according to this comparing result d.This classification results obtains submodule 203 for according to the behavior feature e of this Virus Sample b, this Virus Sample b is classified to obtain to the classification results f of this Virus Sample b.
In a specific embodiment of the present invention, this classification results obtains submodule 203 and specifically comprises: preliminary classification submodule 2031 and subclassificatio submodule 2032.Wherein, this preliminary classification submodule 2031, for according to the behavior feature e of this Virus Sample b, is categorized as non-infection type Virus Sample b1 and infection type Virus Sample b2 by this Virus Sample b.This subclassificatio submodule 2032, for according to the behavior feature e of this Virus Sample b, carries out subclassificatio by this non-infection type Virus Sample b1 and this infection type Virus Sample b2.Wherein, this subclassificatio specifically comprises: if the importing function numbers m of this non-infection type Virus Sample b1 is less than default importing function numbers threshold value, this non-infection type Virus Sample b1 is categorized as to non-infection and adds shell mould Virus Sample b101; If this importing function numbers m of this non-infection type Virus Sample b1 is more than or equal to this default importing function numbers threshold value, this non-infection type Virus Sample b1 is categorized as to the non-shell mould Virus Sample b102 that adds of non-infection; If the entrance n of the normal file a that the entrance n of this infected file c that this infection type Virus Sample b2 is corresponding is corresponding from this infected file c is different, this infection type Virus Sample b2 is categorized as to the infection type Virus Sample b201 of amendment entrance; And if the entrance n of the entrance n of this infected file c corresponding to this infection type Virus Sample b2 normal file a corresponding with this infected file c is identical, this infection type Virus Sample b2 is categorized as to the infection type Virus Sample b202 that does not revise entrance.
Particularly, in one embodiment of the invention, this Virus Type characteristic module 30 comprises: the default submodule 301 of infection type characteristic set and Virus Type feature extraction submodule 302.The default submodule 301 of this infection type characteristic set is for generating default infection type characteristic set g according to multiple infection type features.This Virus Type feature extraction submodule 302 is for extracting corresponding this Virus Type feature h according to this classification results f from this default infection type characteristic set g.
Fig. 5 is the schematic flow sheet that extracts Virus Type feature according to the virus detection machine of the embodiment of the present invention.
As shown in Figure 4 and Figure 5, particularly, in a specific embodiment of the present invention, this virus detection module 40 specifically comprises: machine learning machine 401, testing result statistics submodule 402 and detection machine are proofreaied and correct and module 403.Wherein, this machine learning machine 401 is for loading this Virus Type feature h to generate initial viral detection machine i.This detection machine syndrome module 402 is for using this initial viral detection machine i to detect multiple infected sample file j, and calculates the quantity of correct testing result.This detection machine syndrome module 403, for according to the correct quantity of this testing result and this verification and measurement ratio threshold value k, adjusts to generate final viral detection machine l to this initial viral detection machine i.Wherein, the quantity of this Virus Type feature h that this virus detection machine generation module 40 also loads for increasing this initial viral detection machine i is until the correct quantity of this testing result is more than or equal to this verification and measurement ratio threshold value k.
Preferably, in a specific embodiment of the present invention, this machine learning machine 401 is that support vector machine, neural network or Karma Ka-Ka compose algorithm.Certainly, machine learning machine 401 can be also other algorithms that can carry out machine learning.
Fig. 6 is according to the process flow diagram of the method for detecting virus of the embodiment of the present invention.
As shown in Figure 6, in a specific embodiment of the present invention, comprise according to the method for detecting virus of inventive embodiments:
S201, obtains multiple normal files, and infects the plurality of normal file to generate multiple infected files by Virus Sample.
S202, the behavioural characteristic while obtaining the operation of this Virus Sample, and according to the behavior feature, the plurality of normal file and the classification results of the plurality of infected this Virus Sample of file acquisition.
S203, obtains according to this classification results the Virus Type feature that this Virus Sample is corresponding.
S204, carries out virus according to this Virus Type feature to file destination and detects.
In addition comprise according to the viral pick-up unit of the embodiment of the present invention: infected file generating module 10, classification results acquisition module 20, Virus Type characteristic module 30 and viral detection module 40.Wherein, this infected file generating module 10 is for obtaining multiple normal file a, and infects the plurality of normal file a to generate multiple infected file c by Virus Sample b.This classification results acquisition module 20 is for obtaining this Virus Sample b behavioural characteristic e in when operation, and obtains the classification results f of this Virus Sample according to behavior feature e, the plurality of normal file a and the plurality of infected file c.This Virus Type characteristic module 30 is for obtaining the Virus Type feature h that this Virus Sample b is corresponding according to this classification results f.This virus detects machine generation module 40 and detects for carry out virus according to this Virus Type feature h.
In an embodiment of the present invention, behavioural characteristic while operation by obtaining Virus Sample, and according to the behavior feature Virus Sample is classified, and extract the Virus Type feature that this Virus Sample is corresponding and then generate final virus according to classification results and detect machine, the virus of having avoided rule of thumb laying down a regulation detects rule, and uses viral detection machine replacement manually to complete viral testing.Therefore, improve the accuracy of viral detection, and reduced the complexity of viral testing.
In the description of this instructions, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, to the schematic statement of above-mentioned term not must for be identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.In addition, those skilled in the art can engage the different embodiment that describe in this instructions or example and combine.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, and those of ordinary skill in the art can change above-described embodiment within the scope of the invention, amendment, replacement and modification.
Claims (28)
1. a generation method for viral detection machine, is characterized in that, comprising:
Obtain multiple normal files, and infect described multiple normal file to generate multiple infected files by Virus Sample;
Behavioural characteristic while obtaining described Virus Sample operation, and according to the classification results of Virus Sample described in described behavioural characteristic, described multiple normal files and described multiple infected file acquisition;
Obtain according to described classification results the Virus Type feature that described Virus Sample is corresponding; And
Generate viral detection machine according to described Virus Type feature.
2. the generation method of viral detection machine as claimed in claim 1, is characterized in that, the described classification results according to Virus Sample described in described behavioural characteristic, described multiple normal files and described multiple infected file acquisition specifically comprises:
Described multiple normal files are contrasted with corresponding described multiple infected files respectively, and obtain described comparing result;
Described behavioural characteristic while obtaining described Virus Sample operation according to described comparing result; And
According to the described behavioural characteristic of described Virus Sample, described Virus Sample is classified to obtain to the classification results of described Virus Sample.
3. the generation method of viral detection machine as claimed in claim 2, is characterized in that, described according to the described behavioural characteristic of described Virus Sample, and the classification results of described Virus Sample being classified to obtain to described Virus Sample specifically comprises:
According to the described behavioural characteristic of described Virus Sample, described Virus Sample is categorized as to infection type Virus Sample and non-infection type Virus Sample, wherein,
If the importing function numbers of described non-infection type Virus Sample is less than default importing function numbers threshold value, described non-infection type Virus Sample is categorized as to non-infection and adds shell mould Virus Sample;
If the described importing function numbers of described non-infection type Virus Sample is more than or equal to default described importing function numbers threshold value, described non-infection type Virus Sample is categorized as to the non-shell mould Virus Sample that adds of non-infection;
If the entrance of the entrance of the described infected file that described infection type Virus Sample the is corresponding normal file corresponding from described infected file is different, described infection type Virus Sample is categorized as to the infection type Virus Sample of amendment entrance; And
If the entrance of the entrance of the described infected file that described infection type Virus Sample the is corresponding normal file corresponding with described infected file is identical, described infection type Virus Sample is categorized as to the infection type Virus Sample of not revising entrance.
4. the generation method of viral detection machine as claimed in claim 1, is characterized in that, describedly obtains according to described classification results the Virus Type feature that described Virus Sample is corresponding and specifically comprises:
From default infection type characteristic set, extract corresponding described Virus Type feature according to described classification results.
5. the generation method of viral detection machine as claimed in claim 1, is characterized in that, describedly generates viral measuring tool body according to described Virus Type feature and comprises:
Use machine learning machine to load described Virus Type feature to generate initial viral detection machine;
Use described initial viral detection machine to detect multiple infected sample files, and calculate the quantity of correct testing result, wherein,
If the quantity of described correct testing result is greater than verification and measurement ratio threshold value, using described initial viral detection machine as final viral detection machine; And
If the quantity that described testing result is correct is less than or equal to described verification and measurement ratio threshold value, described initial viral detection machine is adjusted to generate final viral detection machine.
6. the generation method of viral detection machine as claimed in claim 5, is characterized in that, described initial viral detection machine is adjusted to generate final viral detection machine and also comprised:
Increase the quantity of the described Virus Type feature that described initial viral detection machine loads, until the correct quantity of described testing result is more than or equal to described verification and measurement ratio threshold value.
7. the generation method of viral detection machine as claimed in claim 5, is characterized in that, described machine learning machine is that support vector machine, neural network or Karma Ka-Ka compose algorithm.
8. a generating apparatus for viral detection machine, is characterized in that, comprising:
Infected file generating module, described infected file generating module is used for obtaining multiple normal files, and infects described multiple normal file to generate multiple infected files by Virus Sample;
Classification results acquisition module, behavioural characteristic when described classification results acquisition module moves for obtaining described Virus Sample, and according to the classification results of Virus Sample described in described behavioural characteristic, described multiple normal files and described multiple infected file acquisition;
Virus Type characteristic module, described Virus Type characteristic module is for obtaining according to described classification results the Virus Type feature that described Virus Sample is corresponding; And
Virus detection machine generation module, described viral detection machine generation module is for generating viral detection machine according to described Virus Type feature.
9. the generating apparatus of viral detection machine as claimed in claim 8, is characterized in that, described classification results acquisition module specifically comprises:
File contrast submodule, described file contrast submodule is used for described multiple normal files to contrast with corresponding described multiple infected files respectively, and obtains described comparing result;
Behavioural characteristic is obtained submodule, and described behavioural characteristic is obtained the described behavioural characteristic of submodule when obtain the operation of described Virus Sample according to described comparing result; And
Classification results obtains submodule, and described classification results obtains submodule for according to the described behavioural characteristic of described Virus Sample, described Virus Sample is classified to obtain to the classification results of described Virus Sample.
10. the generating apparatus of viral detection machine as claimed in claim 9, is characterized in that, described classification results obtains submodule and specifically comprises:
Preliminary classification submodule, described preliminary classification submodule, for according to the described behavioural characteristic of described Virus Sample, is categorized as infection type Virus Sample and non-infection type Virus Sample by described Virus Sample;
Subclassificatio submodule, described subclassificatio submodule, for according to the described behavioural characteristic of described Virus Sample, carries out subclassificatio by described infection type Virus Sample and described non-infection type Virus Sample, wherein,
Described subclassificatio specifically comprises:
If the importing function numbers of described non-infection type Virus Sample is less than default importing function numbers threshold value, described non-infection type Virus Sample is categorized as to non-infection and adds shell mould Virus Sample;
If the described importing function numbers of described non-infection type Virus Sample is more than or equal to default described importing function numbers threshold value, described non-infection type Virus Sample is categorized as to the non-shell mould Virus Sample that adds of non-infection;
If the entrance of the entrance of the described infected file that described infection type Virus Sample the is corresponding normal file corresponding from described infected file is different, described infection type Virus Sample is categorized as to the infection type Virus Sample of amendment entrance; And
If the entrance of the entrance of the described infected file that described infection type Virus Sample the is corresponding normal file corresponding with described infected file is identical, described infection type Virus Sample is categorized as to the infection type Virus Sample of not revising entrance.
The generating apparatus of 11. viral detection machines as claimed in claim 8, is characterized in that, described Virus Type characteristic module specifically comprises:
Infection type characteristic set is preset submodule, and the default submodule of described infection type characteristic set is for generating default infection type characteristic set according to multiple infection type features; And
Virus Type feature extraction submodule, described Virus Type feature extraction submodule is for extracting corresponding described Virus Type feature according to described classification results from described default infection type characteristic set.
The generating apparatus of 12. viral detection machines as claimed in claim 8, is characterized in that, described viral detection machine generation module specifically comprises:
Machine learning machine, described machine learning machine is used for loading described Virus Type feature to generate initial viral detection machine;
Testing result statistics submodule, described detection machine syndrome module is used for using described initial viral detection machine to detect multiple infected sample files, and calculates the quantity of correct testing result; And
Detection machine syndrome module, described detection machine syndrome module, for according to the correct quantity of described testing result and described verification and measurement ratio threshold value, adjusts to generate final viral detection machine to described initial viral detection machine.
The generating apparatus of 13. viral detection machines as claimed in claim 8, it is characterized in that, wherein, described viral detection machine generation module specifically for the quantity of the described Virus Type feature that increases described initial viral detection machine and load until the correct quantity of described testing result is more than or equal to described verification and measurement ratio threshold value.
The generating apparatus of 14. viral detection machines as claimed in claim 8, is characterized in that, described machine learning machine is that support vector machine, neural network or Karma Ka-Ka compose algorithm.
15. 1 kinds of method for detecting virus, is characterized in that, comprising:
Obtain multiple normal files, and infect described multiple normal file to generate multiple infected files by Virus Sample;
Behavioural characteristic while obtaining described Virus Sample operation, and according to the classification results of Virus Sample described in described behavioural characteristic, described multiple normal files and described multiple infected file acquisition;
Obtain according to described classification results the Virus Type feature that described Virus Sample is corresponding; And
According to described Virus Type feature, file destination being carried out to virus detects.
16. method for detecting virus as claimed in claim 15, it is characterized in that, described behavioural characteristic while obtaining the operation of described Virus Sample, and specifically comprise according to the classification results of Virus Sample described in described behavioural characteristic, described multiple normal files and described multiple infected file acquisition:
Described multiple normal files are contrasted with corresponding described multiple infected files respectively, and obtain described comparing result;
Described behavioural characteristic while obtaining described Virus Sample operation according to described comparing result; And
According to the described behavioural characteristic of described Virus Sample, described Virus Sample is classified to obtain to the classification results of described Virus Sample.
The generation method of 17. viral detection machines as claimed in claim 16, is characterized in that, described according to the described behavioural characteristic of described Virus Sample, and the classification results of described Virus Sample being classified to obtain to described Virus Sample specifically comprises:
According to the described behavioural characteristic of described Virus Sample, described Virus Sample is categorized as to infection type Virus Sample and non-infection type Virus Sample; Wherein,
If the importing function numbers of described non-infection type Virus Sample is less than default importing function numbers threshold value, described non-infection type Virus Sample is categorized as to non-infection and adds shell mould Virus Sample;
If the described importing function numbers of described non-infection type Virus Sample is more than or equal to default described importing function numbers threshold value, described non-infection type Virus Sample is categorized as to the non-shell mould Virus Sample that adds of non-infection;
If the entrance of the entrance of the described infected file that described infection type Virus Sample the is corresponding normal file corresponding from described infected file is different, described infection type Virus Sample is categorized as to the infection type Virus Sample of amendment entrance; And
If the entrance of the entrance of the described infected file that described infection type Virus Sample the is corresponding normal file corresponding with described infected file is identical, described infection type Virus Sample is categorized as to the infection type Virus Sample of not revising entrance.
18. method for detecting virus as claimed in claim 16, is characterized in that, describedly obtain according to described classification results the Virus Type feature that described Virus Sample is corresponding and specifically comprise:
From default infection type characteristic set, extract corresponding described Virus Type feature according to described classification results.
19. method for detecting virus as claimed in claim 16, is characterized in that, describedly generate viral measuring tool body according to described Virus Type feature and comprise:
Use machine learning machine to load described Virus Type feature to generate initial viral detection machine;
Use described initial viral detection machine to detect multiple infected sample files, and calculate the quantity of correct testing result;
If the quantity of described correct testing result is greater than verification and measurement ratio threshold value, using described initial viral detection machine as final viral detection machine; And
If the quantity that described testing result is correct is less than or equal to described verification and measurement ratio threshold value, described initial viral detection machine is adjusted to generate final viral detection machine.
20. method for detecting virus as claimed in claim 16, is characterized in that, if described verification and measurement ratio threshold value is greater than the quantity that described testing result is correct, described initial viral detection machine is adjusted to generate final viral detection machine and also comprise:
Increase the quantity of the described Virus Type feature that described initial viral detection machine loads until the correct quantity of described testing result is more than or equal to described verification and measurement ratio threshold value.
21. method for detecting virus as claimed in claim 16, is characterized in that, described machine learning machine is that support vector machine, neural network or Karma Ka-Ka compose algorithm.
22. 1 kinds of viral pick-up units, is characterized in that, comprising:
Infected file generating module, described infected file generating module is used for obtaining multiple normal files, and infects described multiple normal file to generate multiple infected files by Virus Sample;
Classification results acquisition module, behavioural characteristic when described classification results acquisition module moves for obtaining described Virus Sample, and according to the classification results of Virus Sample described in described behavioural characteristic, described multiple normal files and described multiple infected file acquisition;
Virus Type characteristic module, described Virus Type characteristic module is for obtaining according to described classification results the Virus Type feature that described Virus Sample is corresponding; And
Virus detection module, described viral detection machine generation module detects for carry out virus according to described Virus Type feature.
23. viral pick-up units as claimed in claim 22, is characterized in that, described classification results acquisition module specifically comprises:
File contrast submodule, described file contrast submodule is used for described multiple normal files to contrast with corresponding described multiple infected files respectively, and obtains described comparing result;
Behavioural characteristic is obtained submodule, and described behavioural characteristic is obtained the described behavioural characteristic of submodule when obtain the operation of described Virus Sample according to described comparing result; And
Classification results obtains submodule, and described classification results obtains submodule for according to the described behavioural characteristic of described Virus Sample, described Virus Sample is classified to obtain to the classification results of described Virus Sample.
24. viral pick-up units as claimed in claim 22, is characterized in that, described classification results obtains submodule and specifically comprises:
Preliminary classification submodule, described preliminary classification submodule, for according to the described behavioural characteristic of described Virus Sample, is categorized as infection type Virus Sample and non-infection type Virus Sample by described Virus Sample;
Subclassificatio submodule, described subclassificatio submodule, for according to the described behavioural characteristic of described Virus Sample, carries out subclassificatio by described infection type Virus Sample and described non-infection type Virus Sample, wherein,
Described subclassificatio specifically comprises:
If the importing function numbers of described non-infection type Virus Sample is less than default importing function numbers threshold value, described non-infection type Virus Sample is categorized as to non-infection and adds shell mould Virus Sample;
If the described importing function numbers of described non-infection type Virus Sample is more than or equal to default described importing function numbers threshold value, described non-infection type Virus Sample is categorized as to the non-shell mould Virus Sample that adds of non-infection;
If the entrance of the entrance of the described infected file that described infection type Virus Sample the is corresponding normal file corresponding from described infected file is different, described infection type Virus Sample is categorized as to the infection type Virus Sample of amendment entrance; And
If the entrance of the entrance of the described infected file that described infection type Virus Sample the is corresponding normal file corresponding with described infected file is identical, described infection type Virus Sample is categorized as to the infection type Virus Sample of not revising entrance.
25. viral pick-up units as claimed in claim 22, is characterized in that, described Virus Type characteristic module specifically comprises:
Infection type characteristic set is preset submodule, and the default submodule of described infection type characteristic set is for generating default infection type characteristic set according to multiple infection type features; And
Virus Type feature extraction submodule, described Virus Type feature extraction submodule is for extracting corresponding described Virus Type feature according to described classification results from described default infection type characteristic set.
26. viral pick-up units as claimed in claim 22, is characterized in that, described viral detection module specifically comprises:
Machine learning machine, described machine learning machine is used for loading described Virus Type feature to generate initial viral detection machine;
Testing result statistics submodule, described detection machine syndrome module is used for using described initial viral detection machine to detect multiple infected sample files, and calculates the quantity of correct testing result;
Detection machine syndrome module, described detection machine syndrome module, for according to the correct quantity of described testing result and described verification and measurement ratio threshold value, adjusts to generate final viral detection machine to described initial viral detection machine; And
Virus detection sub-module, described viral detection sub-module is used for using described final viral detection machine to carry out virus detection.
27. viral pick-up units as claimed in claim 22, it is characterized in that, wherein, described viral detection machine generation module specifically for the quantity of the described Virus Type feature that increases described initial viral detection machine and load until the correct quantity of described testing result is more than or equal to described verification and measurement ratio threshold value.
28. viral pick-up units as claimed in claim 22, is characterized in that, described machine learning machine is that support vector machine, neural network or Karma Ka-Ka compose algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410281468.2A CN104077527B (en) | 2014-06-20 | 2014-06-20 | The generation method and device and method for detecting virus and device of Viral diagnosis machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410281468.2A CN104077527B (en) | 2014-06-20 | 2014-06-20 | The generation method and device and method for detecting virus and device of Viral diagnosis machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104077527A true CN104077527A (en) | 2014-10-01 |
| CN104077527B CN104077527B (en) | 2017-12-19 |
Family
ID=51598777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410281468.2A Active CN104077527B (en) | 2014-06-20 | 2014-06-20 | The generation method and device and method for detecting virus and device of Viral diagnosis machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104077527B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104899510A (en) * | 2015-05-11 | 2015-09-09 | 国网甘肃省电力公司电力科学研究院 | Virus detecting and killing method for removable storage devices |
| CN106709350A (en) * | 2016-12-30 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Virus detection method and device |
| CN107315954A (en) * | 2016-04-27 | 2017-11-03 | 腾讯科技(深圳)有限公司 | A kind of file type identification method and server |
| CN112580037A (en) * | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for repairing virus file data |
| CN113434863A (en) * | 2021-06-25 | 2021-09-24 | 上海观安信息技术股份有限公司 | Method and device for realizing remote control of host based on PE file structure |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108804924A (en) * | 2018-06-15 | 2018-11-13 | 深信服科技股份有限公司 | A kind of method for detecting virus, system and relevant apparatus based on sandbox |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050132184A1 (en) * | 2003-12-12 | 2005-06-16 | International Business Machines Corporation | Apparatus, methods and computer programs for controlling performance of operations within a data processing system or network |
| CN102346830A (en) * | 2011-09-23 | 2012-02-08 | 重庆大学 | Gradient histogram-based virus detection method |
-
2014
- 2014-06-20 CN CN201410281468.2A patent/CN104077527B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050132184A1 (en) * | 2003-12-12 | 2005-06-16 | International Business Machines Corporation | Apparatus, methods and computer programs for controlling performance of operations within a data processing system or network |
| CN102346830A (en) * | 2011-09-23 | 2012-02-08 | 重庆大学 | Gradient histogram-based virus detection method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104899510A (en) * | 2015-05-11 | 2015-09-09 | 国网甘肃省电力公司电力科学研究院 | Virus detecting and killing method for removable storage devices |
| CN107315954A (en) * | 2016-04-27 | 2017-11-03 | 腾讯科技(深圳)有限公司 | A kind of file type identification method and server |
| CN107315954B (en) * | 2016-04-27 | 2020-06-12 | 腾讯科技(深圳)有限公司 | File type identification method and server |
| CN106709350A (en) * | 2016-12-30 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Virus detection method and device |
| CN112580037A (en) * | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for repairing virus file data |
| CN112580037B (en) * | 2019-09-30 | 2023-12-12 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for repairing virus file data |
| CN113434863A (en) * | 2021-06-25 | 2021-09-24 | 上海观安信息技术股份有限公司 | Method and device for realizing remote control of host based on PE file structure |
| CN113434863B (en) * | 2021-06-25 | 2023-11-24 | 上海观安信息技术股份有限公司 | Method and device for realizing remote control of host based on PE file structure |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104077527B (en) | 2017-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104077527A (en) | Method and device for generating virus detection machine and method and device for virus detection | |
| Li et al. | Libd: Scalable and precise third-party library detection in android markets | |
| KR101711882B1 (en) | Method, device and terminal device for detecting a malicious vulnerability file | |
| CN106796585B (en) | Conditional validation rules | |
| US9621571B2 (en) | Apparatus and method for searching for similar malicious code based on malicious code feature information | |
| TWI515598B (en) | Method of generating distillation malware program, method of detecting malware program and system thereof | |
| CN102243699B (en) | Malicious code detection method and system | |
| KR101337874B1 (en) | System and method for detecting malwares in a file based on genetic map of the file | |
| US20150229673A1 (en) | Apparatus and method for diagnosing malicious applications | |
| CN106716398B (en) | Visually distinguishing character strings for testing | |
| KR102317833B1 (en) | method for machine LEARNING of MALWARE DETECTING MODEL AND METHOD FOR detecting Malware USING THE SAME | |
| CN105072115B (en) | A kind of information system intrusion detection method based on Docker virtualizations | |
| CN110119620A (en) | System and method of the training for detecting the machine learning model of malice container | |
| JP2017045446A5 (en) | ||
| KR102030132B1 (en) | Malware detection system and method thereof | |
| CN102455971B (en) | Application-level random instruction testing method, system and device | |
| KR20140079786A (en) | Telemetry file hash and conflict detection | |
| US20150227364A1 (en) | Technique for plagiarism detection in program source code files based on design pattern | |
| Sanz et al. | Anomaly detection using string analysis for android malware detection | |
| US7036111B2 (en) | Code verification system and method | |
| WO2017128952A1 (en) | Stack protection method and device | |
| CN109635568A (en) | A kind of concurrent leak detection method combined based on static analysis and fuzz testing | |
| US20220004643A1 (en) | Automated mapping for identifying known vulnerabilities in software products | |
| KR102367859B1 (en) | Appratus and method for classifying data using feature vector | |
| US20170308391A1 (en) | Information processing apparatus, information processing method, and recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181214 Address after: 519030 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Patentee after: Zhuhai Seal Interest Technology Co., Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Patentee before: Zhuhai Juntian Electronic Technology Co.,Ltd. |