CN105488406A - Similar malicious sample file matching method and system based on feature vector - Google Patents
Similar malicious sample file matching method and system based on feature vector Download PDFInfo
- Publication number
- CN105488406A CN105488406A CN201410827237.7A CN201410827237A CN105488406A CN 105488406 A CN105488406 A CN 105488406A CN 201410827237 A CN201410827237 A CN 201410827237A CN 105488406 A CN105488406 A CN 105488406A
- Authority
- CN
- China
- Prior art keywords
- sample file
- behavioural characteristic
- behavior
- vector
- malice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 239000013598 vector Substances 0.000 title claims abstract description 163
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000001914 filtration Methods 0.000 claims abstract description 16
- 230000003542 behavioural effect Effects 0.000 claims description 131
- 230000008878 coupling Effects 0.000 claims description 27
- 238000010168 coupling process Methods 0.000 claims description 27
- 238000005859 coupling reaction Methods 0.000 claims description 27
- 230000001186 cumulative effect Effects 0.000 claims description 7
- 239000000284 extract Substances 0.000 claims description 5
- 101100457838 Caenorhabditis elegans mod-1 gene Proteins 0.000 description 2
- 101150110972 ME1 gene Proteins 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Landscapes
- Sampling And Sample Adjustment (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410827237.7A CN105488406B (en) | 2014-12-29 | 2014-12-29 | A kind of similar malice sample matches method and system based on feature vector |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410827237.7A CN105488406B (en) | 2014-12-29 | 2014-12-29 | A kind of similar malice sample matches method and system based on feature vector |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105488406A true CN105488406A (en) | 2016-04-13 |
CN105488406B CN105488406B (en) | 2019-02-26 |
Family
ID=55675380
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410827237.7A Active CN105488406B (en) | 2014-12-29 | 2014-12-29 | A kind of similar malice sample matches method and system based on feature vector |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105488406B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106326746A (en) * | 2016-08-26 | 2017-01-11 | 成都科来软件有限公司 | Malicious program behavior feature library construction method and device |
CN106788962A (en) * | 2016-12-13 | 2017-05-31 | 电子科技大学 | Vector similitude determination methods under secret protection |
CN109284610A (en) * | 2018-09-11 | 2019-01-29 | 腾讯科技(深圳)有限公司 | A kind of Research of Malicious Executables Detection Method, device and detection service device |
CN110210213A (en) * | 2019-04-26 | 2019-09-06 | 北京奇安信科技有限公司 | The method and device of filtering fallacious sample, storage medium, electronic device |
CN111027994A (en) * | 2018-10-09 | 2020-04-17 | 百度在线网络技术(北京)有限公司 | Similar object determination method, device, equipment and medium |
CN111444961A (en) * | 2020-03-26 | 2020-07-24 | 国家计算机网络与信息安全管理中心黑龙江分中心 | Method for judging internet website affiliation through clustering algorithm |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
CN103226583A (en) * | 2013-04-08 | 2013-07-31 | 北京奇虎科技有限公司 | Method and device for recognizing advertisement plugin |
CN103324888A (en) * | 2012-03-19 | 2013-09-25 | 哈尔滨安天科技股份有限公司 | Method and system for automatically extracting virus characteristics based on family samples |
CN103679019A (en) * | 2012-09-10 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Malicious file identifying method and device |
-
2014
- 2014-12-29 CN CN201410827237.7A patent/CN105488406B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
CN103324888A (en) * | 2012-03-19 | 2013-09-25 | 哈尔滨安天科技股份有限公司 | Method and system for automatically extracting virus characteristics based on family samples |
CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
CN103679019A (en) * | 2012-09-10 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Malicious file identifying method and device |
CN103226583A (en) * | 2013-04-08 | 2013-07-31 | 北京奇虎科技有限公司 | Method and device for recognizing advertisement plugin |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106326746A (en) * | 2016-08-26 | 2017-01-11 | 成都科来软件有限公司 | Malicious program behavior feature library construction method and device |
CN106326746B (en) * | 2016-08-26 | 2019-02-19 | 成都科来软件有限公司 | A kind of rogue program behavioural characteristic base construction method and device |
CN106788962A (en) * | 2016-12-13 | 2017-05-31 | 电子科技大学 | Vector similitude determination methods under secret protection |
CN106788962B (en) * | 2016-12-13 | 2020-04-14 | 电子科技大学 | Vector similarity judgment method under privacy protection |
CN109284610A (en) * | 2018-09-11 | 2019-01-29 | 腾讯科技(深圳)有限公司 | A kind of Research of Malicious Executables Detection Method, device and detection service device |
CN109284610B (en) * | 2018-09-11 | 2023-02-28 | 腾讯科技(深圳)有限公司 | Virus program detection method and device and detection server |
CN111027994A (en) * | 2018-10-09 | 2020-04-17 | 百度在线网络技术(北京)有限公司 | Similar object determination method, device, equipment and medium |
CN110210213A (en) * | 2019-04-26 | 2019-09-06 | 北京奇安信科技有限公司 | The method and device of filtering fallacious sample, storage medium, electronic device |
CN110210213B (en) * | 2019-04-26 | 2021-04-27 | 奇安信科技集团股份有限公司 | Method and device for filtering malicious sample, storage medium and electronic device |
CN111444961A (en) * | 2020-03-26 | 2020-07-24 | 国家计算机网络与信息安全管理中心黑龙江分中心 | Method for judging internet website affiliation through clustering algorithm |
CN111444961B (en) * | 2020-03-26 | 2023-08-18 | 国家计算机网络与信息安全管理中心黑龙江分中心 | Method for judging attribution of Internet website through clustering algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN105488406B (en) | 2019-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105488406A (en) | Similar malicious sample file matching method and system based on feature vector | |
Davis et al. | Exploring power and parameter estimation of the BiSSE method for analyzing species diversification | |
Yeo et al. | Flow-based malware detection using convolutional neural network | |
Chen et al. | Automatic mobile application traffic identification by convolutional neural networks | |
CN105205397A (en) | Rogue program sample classification method and device | |
CN107368592B (en) | Text feature model modeling method and device for network security report | |
CN106254321A (en) | A kind of whole network abnormal data stream sorting technique | |
CN110414238A (en) | The search method and device of homologous binary code | |
CN110414236A (en) | A kind of detection method and device of malicious process | |
CN104036187A (en) | Method and system for determining computer virus types | |
CN102446254A (en) | Similar loophole inquiry method based on text mining | |
CN105354228B (en) | Similar diagram searching method and device | |
Kim et al. | Behavior-based anomaly detection on big data | |
CN106572486B (en) | Handheld terminal flow identification method and system based on machine learning | |
Krenn et al. | Predicting the Future of AI with AI: High-quality link prediction in an exponentially growing knowledge network | |
IT201600091521A1 (en) | METHOD FOR THE EXPLORATION OF PASSIVE TRAFFIC TRACKS AND GROUPING OF SIMILAR URLS. | |
CN115604032B (en) | Method and system for detecting complex multi-step attack of power system | |
WO2015074493A1 (en) | Method and apparatus for filtering out low-frequency click, computer program, and computer readable medium | |
Bui et al. | A clustering-based shrink autoencoder for detecting anomalies in intrusion detection systems | |
CN114511330B (en) | Ether house Pompe fraudster detection method and system based on improved CNN-RF | |
CN106101086A (en) | The cloud detection method of optic of program file and system, client, cloud server | |
CN104331507A (en) | Method and device for automatically finding and classifying machine data categories | |
US20210192296A1 (en) | Data de-identification method and apparatus | |
Sun et al. | Automatically identifying apps in mobile traffic | |
CN103986606A (en) | Method for parallel recognition and statistics of webpage URLs based on MapReduce algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Similar malicious sample file matching method and system based on feature vector Effective date of registration: 20190828 Granted publication date: 20190226 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: Y2019230000002 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
CP01 | Change in the name or title of a patent holder |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20190226 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: Y2019230000002 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right |