CN105740706B - 基于api名称和立即数的启发式样本检测方法及系统 - Google Patents
基于api名称和立即数的启发式样本检测方法及系统 Download PDFInfo
- Publication number
- CN105740706B CN105740706B CN201510985230.2A CN201510985230A CN105740706B CN 105740706 B CN105740706 B CN 105740706B CN 201510985230 A CN201510985230 A CN 201510985230A CN 105740706 B CN105740706 B CN 105740706B
- Authority
- CN
- China
- Prior art keywords
- immediate
- sample
- hash
- detected
- api
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 11
- 238000001514 detection method Methods 0.000 claims description 10
- 238000011156 evaluation Methods 0.000 claims description 4
- 241000239290 Araneae Species 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (2)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510985230.2A CN105740706B (zh) | 2015-12-25 | 2015-12-25 | 基于api名称和立即数的启发式样本检测方法及系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510985230.2A CN105740706B (zh) | 2015-12-25 | 2015-12-25 | 基于api名称和立即数的启发式样本检测方法及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105740706A CN105740706A (zh) | 2016-07-06 |
CN105740706B true CN105740706B (zh) | 2019-05-07 |
Family
ID=56296041
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510985230.2A Active CN105740706B (zh) | 2015-12-25 | 2015-12-25 | 基于api名称和立即数的启发式样本检测方法及系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105740706B (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107819783A (zh) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | 一种基于威胁情报的网络安全检测方法及系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101976319A (zh) * | 2010-11-22 | 2011-02-16 | 张平 | 基于行为特征的BIOS固件Rootkit检测方法 |
CN102938040A (zh) * | 2012-09-29 | 2013-02-20 | 中兴通讯股份有限公司 | Android恶意应用程序检测方法、系统及设备 |
CN102945347A (zh) * | 2012-09-29 | 2013-02-27 | 中兴通讯股份有限公司 | 一种检测Android恶意软件的方法、系统及设备 |
CN103186746A (zh) * | 2013-03-26 | 2013-07-03 | 北京深思数盾科技有限公司 | 一种可执行文件的保护方法及系统 |
CN104657662A (zh) * | 2015-01-26 | 2015-05-27 | 安一恒通(北京)科技有限公司 | 用于检测感染型病毒的方法及装置 |
-
2015
- 2015-12-25 CN CN201510985230.2A patent/CN105740706B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101976319A (zh) * | 2010-11-22 | 2011-02-16 | 张平 | 基于行为特征的BIOS固件Rootkit检测方法 |
CN102938040A (zh) * | 2012-09-29 | 2013-02-20 | 中兴通讯股份有限公司 | Android恶意应用程序检测方法、系统及设备 |
CN102945347A (zh) * | 2012-09-29 | 2013-02-27 | 中兴通讯股份有限公司 | 一种检测Android恶意软件的方法、系统及设备 |
CN103186746A (zh) * | 2013-03-26 | 2013-07-03 | 北京深思数盾科技有限公司 | 一种可执行文件的保护方法及系统 |
CN104657662A (zh) * | 2015-01-26 | 2015-05-27 | 安一恒通(北京)科技有限公司 | 用于检测感染型病毒的方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN105740706A (zh) | 2016-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021127660A3 (en) | Machine and deep learning process modeling of performance and behavioral data | |
EP2560120A3 (en) | Systems and methods for identifying associations between malware samples | |
ATE555430T1 (de) | Systeme und verfahren für computersicherheit | |
WO2015191731A8 (en) | Systems and methods for software analytics | |
GB2494337A (en) | Systems and methods for determining whether data includes strings that correspond to sensitive information | |
WO2015127472A3 (en) | Systems and methods for malware detection and mitigation | |
WO2013074774A4 (en) | Data clustering based on variant token networks | |
JP2012521598A5 (zh) | ||
GB2502715A (en) | Malware Detection | |
CN102801709A (zh) | 一种钓鱼网站识别系统及方法 | |
JP2015508549A5 (ja) | モバイル環境用のトロイの木馬化されたアプリケーション(アプリ)を特定するためのコンピュータ実装方法、非一時コンピュータ読み取り可能な媒体およびコンピュータシステム | |
WO2015067964A3 (en) | Identifying media components | |
MX2016010454A (es) | Metodo para evaluar automaticamente una ausencia de electroencefalograma (eeg), programa de ordenador y dispositivo de evaluacion del mismo. | |
WO2013073999A3 (ru) | Способ автоматизированного анализа текстовых документов | |
RU2012156446A (ru) | Система и способ формирования сценариев модели поведения приложений | |
CN108985065A (zh) | 应用改进的马氏距离计算方法进行固件漏洞检测的方法及系统 | |
CN105446757B (zh) | 一种数据包的处理方法和设备 | |
CN105740706B (zh) | 基于api名称和立即数的启发式样本检测方法及系统 | |
DE602006013666D1 (de) | Verfahren und vorrichtung zum automatischen erstellung einer abspielliste durch segmentweisen merkmalsvergleich | |
CN103324888A (zh) | 基于家族样本的病毒特征自动提取方法及系统 | |
EP3073398A3 (en) | A method of modelling at least a part of a gas turbine engine | |
CN105488414A (zh) | 一种防止恶意代码探测虚拟环境的方法及系统 | |
EP2816518A3 (en) | Methods and apparatuses to identify user dissatisfaction from early cancelation | |
CN106326746B (zh) | 一种恶意程序行为特征库构建方法及装置 | |
RU2017123182A (ru) | Способ и система управления регенерацией фильтра твердых частиц |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin Hi-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: Room 506, 162 Hongqi Street, Nangang Concentrated District, Harbin Development Zone, Heilongjiang Province, 150028 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
CP03 | Change of name, title or address | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: API name and immediate value-based heuristic sample detection method and system Effective date of registration: 20190828 Granted publication date: 20190507 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: Y2019230000002 |
|
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20190507 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: Y2019230000002 |