CN105718795B - Linux下基于特征码的恶意代码取证方法及系统 - Google Patents
Linux下基于特征码的恶意代码取证方法及系统 Download PDFInfo
- Publication number
- CN105718795B CN105718795B CN201510540091.2A CN201510540091A CN105718795B CN 105718795 B CN105718795 B CN 105718795B CN 201510540091 A CN201510540091 A CN 201510540091A CN 105718795 B CN105718795 B CN 105718795B
- Authority
- CN
- China
- Prior art keywords
- file
- malicious
- feature database
- feature
- black
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000012512 characterization method Methods 0.000 claims abstract description 19
- 239000000284 extract Substances 0.000 claims abstract description 6
- 238000000605 extraction Methods 0.000 claims description 10
- 241000700605 Viruses Species 0.000 claims description 6
- 230000003542 behavioural effect Effects 0.000 claims description 6
- 239000000203 mixture Substances 0.000 claims description 6
- 230000000717 retained effect Effects 0.000 claims description 6
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000001514 detection method Methods 0.000 abstract description 11
- 238000004321 preservation Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510540091.2A CN105718795B (zh) | 2015-08-28 | 2015-08-28 | Linux下基于特征码的恶意代码取证方法及系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510540091.2A CN105718795B (zh) | 2015-08-28 | 2015-08-28 | Linux下基于特征码的恶意代码取证方法及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105718795A CN105718795A (zh) | 2016-06-29 |
CN105718795B true CN105718795B (zh) | 2019-05-07 |
Family
ID=56144816
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510540091.2A Active CN105718795B (zh) | 2015-08-28 | 2015-08-28 | Linux下基于特征码的恶意代码取证方法及系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105718795B (zh) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106845223B (zh) * | 2016-12-13 | 2020-08-04 | 北京三快在线科技有限公司 | 用于检测恶意代码的方法和装置 |
CN107145780B (zh) * | 2017-03-31 | 2021-07-27 | 腾讯科技(深圳)有限公司 | 恶意软件检测方法及装置 |
CN108804917B (zh) * | 2017-12-22 | 2022-03-18 | 安天科技集团股份有限公司 | 一种文件检测方法、装置、电子设备及存储介质 |
CN109254827B (zh) * | 2018-08-27 | 2022-04-22 | 电子科技大学成都学院 | 一种基于大数据与机器学习的虚拟机安全防护方法及系统 |
CN110414236B (zh) * | 2019-07-26 | 2021-04-16 | 北京神州绿盟信息安全科技股份有限公司 | 一种恶意进程的检测方法及装置 |
KR102491451B1 (ko) * | 2020-12-31 | 2023-01-27 | 주식회사 이스트시큐리티 | 심층 신경망 기반의 악성코드 탐지 분류체계의 유사도를 반영하는 시그니처 생성 장치, 이를 위한 방법 및 이 방법을 수행하기 위한 프로그램이 기록된 컴퓨터 판독 가능한 기록매체 |
CN115309785B (zh) * | 2022-08-08 | 2023-07-07 | 北京百度网讯科技有限公司 | 文件规则引擎库的生成、文件信息检测方法、装置及设备 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101458751A (zh) * | 2009-01-06 | 2009-06-17 | 华中科技大学 | 一种基于人工免疫的存储异常检测方法 |
CN102779249A (zh) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | 恶意程序检测方法及扫描引擎 |
CN104217160A (zh) * | 2014-09-19 | 2014-12-17 | 中国科学院深圳先进技术研究院 | 一种中文钓鱼网站检测方法及系统 |
CN104394158A (zh) * | 2014-12-01 | 2015-03-04 | 浪潮电子信息产业股份有限公司 | 一种信息安全过滤方法 |
-
2015
- 2015-08-28 CN CN201510540091.2A patent/CN105718795B/zh active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101458751A (zh) * | 2009-01-06 | 2009-06-17 | 华中科技大学 | 一种基于人工免疫的存储异常检测方法 |
CN102779249A (zh) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | 恶意程序检测方法及扫描引擎 |
CN104217160A (zh) * | 2014-09-19 | 2014-12-17 | 中国科学院深圳先进技术研究院 | 一种中文钓鱼网站检测方法及系统 |
CN104394158A (zh) * | 2014-12-01 | 2015-03-04 | 浪潮电子信息产业股份有限公司 | 一种信息安全过滤方法 |
Non-Patent Citations (1)
Title |
---|
基于特征聚类的海量恶意代码在线自动分析模型;徐小琳 等;《通信学报》;20130831;第34卷(第8期);146-153 |
Also Published As
Publication number | Publication date |
---|---|
CN105718795A (zh) | 2016-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105718795B (zh) | Linux下基于特征码的恶意代码取证方法及系统 | |
CN107437038B (zh) | 一种网页篡改的检测方法及装置 | |
CN109784056B (zh) | 一种基于深度学习的恶意软件检测方法 | |
US9621571B2 (en) | Apparatus and method for searching for similar malicious code based on malicious code feature information | |
US10679135B2 (en) | Periodicity analysis on heterogeneous logs | |
CN105956180B (zh) | 一种敏感词过滤方法 | |
KR20120070016A (ko) | 문자열 비교 기법을 이용한 악성코드 탐지 및 분류 시스템 및 그 방법 | |
WO2018159010A1 (ja) | 選択装置、選択方法及び選択プログラム | |
CN104700033A (zh) | 病毒检测的方法及装置 | |
CN109600382B (zh) | webshell检测方法及装置、HMM模型训练方法及装置 | |
CN111368289B (zh) | 一种恶意软件检测方法和装置 | |
CN107315956A (zh) | 一种用于快速准确检测零日恶意软件的图论方法 | |
JP2017142744A (ja) | 情報処理装置、ウィルス検出方法及びプログラム | |
KR20180079434A (ko) | 바이러스 데이터베이스 획득 방법 및 기기, 장비, 서버 그리고 시스템 | |
KR102246405B1 (ko) | Tf-idf 기반 벡터 변환 및 데이터 분석 장치 및 방법 | |
CN111654504A (zh) | 一种dga域名检测方法及装置 | |
CN107800673A (zh) | 一种白名单的维护方法及装置 | |
CN108171057B (zh) | 基于特征匹配的Android平台恶意软件检测方法 | |
CN110719278A (zh) | 一种网络入侵数据的检测方法、装置、设备及介质 | |
KR102031592B1 (ko) | 악성코드를 탐지하기 위한 방법 및 장치 | |
CN113688240A (zh) | 威胁要素提取方法、装置、设备及存储介质 | |
CN112953948A (zh) | 一种实时网络横向蠕虫攻击流量检测方法及装置 | |
CN112380537A (zh) | 一种检测恶意软件的方法、装置、存储介质和电子设备 | |
CN112464297A (zh) | 硬件木马检测方法、装置及存储介质 | |
CN112163217B (zh) | 恶意软件变种识别方法、装置、设备及计算机存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin Hi-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Malicious code evidence obtaining method and system on the basis of feature code under Linux Effective date of registration: 20190828 Granted publication date: 20190507 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: Y2019230000002 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
CP01 | Change in the name or title of a patent holder |
Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20190507 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: Y2019230000002 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right |