CN106909839A - 一种提取样本代码特征的方法及装置 - Google Patents
一种提取样本代码特征的方法及装置 Download PDFInfo
- Publication number
- CN106909839A CN106909839A CN201510969663.9A CN201510969663A CN106909839A CN 106909839 A CN106909839 A CN 106909839A CN 201510969663 A CN201510969663 A CN 201510969663A CN 106909839 A CN106909839 A CN 106909839A
- Authority
- CN
- China
- Prior art keywords
- sample
- sequence fragment
- segments
- decompiling
- command sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 239000012634 fragment Substances 0.000 claims abstract description 128
- 239000000284 extract Substances 0.000 claims abstract description 13
- 238000000605 extraction Methods 0.000 claims description 15
- 230000001343 mnemonic effect Effects 0.000 claims description 2
- 241000700605 Viruses Species 0.000 abstract description 21
- 230000002155 anti-virotic effect Effects 0.000 abstract description 10
- 230000000694 effects Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 67
- 238000003860 storage Methods 0.000 description 15
- 230000003612 virological effect Effects 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 241000353621 Eilat virus Species 0.000 description 7
- 238000004590 computer program Methods 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000000151 deposition Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003362 replicative effect Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Devices For Executing Special Programs (AREA)
- Stored Programmes (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510969663.9A CN106909839B (zh) | 2015-12-22 | 2015-12-22 | 一种提取样本代码特征的方法及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510969663.9A CN106909839B (zh) | 2015-12-22 | 2015-12-22 | 一种提取样本代码特征的方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106909839A true CN106909839A (zh) | 2017-06-30 |
CN106909839B CN106909839B (zh) | 2020-04-17 |
Family
ID=59199905
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510969663.9A Active CN106909839B (zh) | 2015-12-22 | 2015-12-22 | 一种提取样本代码特征的方法及装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106909839B (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107632901A (zh) * | 2017-09-25 | 2018-01-26 | 青岛海信移动通信技术股份有限公司 | 一种应用程序运行异常的自修复方法及装置 |
CN109725904A (zh) * | 2017-10-31 | 2019-05-07 | 中国科学院微电子研究所 | 一种低功耗程序指令编译方法及系统 |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101604364A (zh) * | 2009-07-10 | 2009-12-16 | 珠海金山软件股份有限公司 | 基于文件指令序列的计算机恶意程序分类系统和分类方法 |
CN101848092A (zh) * | 2009-03-25 | 2010-09-29 | 华为技术有限公司 | 恶意代码检测方法和装置 |
CN101923617A (zh) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | 一种基于云的样本数据库动态维护方法 |
CN102819697A (zh) * | 2011-12-26 | 2012-12-12 | 哈尔滨安天科技股份有限公司 | 一种基于线程反编译的多平台恶意代码检测方法和系统 |
CN103761476A (zh) * | 2013-12-30 | 2014-04-30 | 北京奇虎科技有限公司 | 特征提取的方法及装置 |
CN103761475A (zh) * | 2013-12-30 | 2014-04-30 | 北京奇虎科技有限公司 | 检测智能终端中恶意代码的方法及装置 |
CN103902911A (zh) * | 2014-04-16 | 2014-07-02 | 南京大学 | 一种基于程序结构特征的恶意程序检测方法 |
CN103902910A (zh) * | 2013-12-30 | 2014-07-02 | 北京奇虎科技有限公司 | 检测智能终端中恶意代码的方法及装置 |
CN104077528A (zh) * | 2014-06-25 | 2014-10-01 | 珠海市君天电子科技有限公司 | 病毒检测方法、装置以及终端 |
CN104318161A (zh) * | 2014-11-18 | 2015-01-28 | 北京奇虎科技有限公司 | 一种安卓样本的病毒检测方法及装置 |
CN104978526A (zh) * | 2015-06-30 | 2015-10-14 | 北京奇虎科技有限公司 | 病毒特征的提取方法及装置 |
-
2015
- 2015-12-22 CN CN201510969663.9A patent/CN106909839B/zh active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101848092A (zh) * | 2009-03-25 | 2010-09-29 | 华为技术有限公司 | 恶意代码检测方法和装置 |
CN101604364A (zh) * | 2009-07-10 | 2009-12-16 | 珠海金山软件股份有限公司 | 基于文件指令序列的计算机恶意程序分类系统和分类方法 |
CN101923617A (zh) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | 一种基于云的样本数据库动态维护方法 |
CN102819697A (zh) * | 2011-12-26 | 2012-12-12 | 哈尔滨安天科技股份有限公司 | 一种基于线程反编译的多平台恶意代码检测方法和系统 |
CN103761476A (zh) * | 2013-12-30 | 2014-04-30 | 北京奇虎科技有限公司 | 特征提取的方法及装置 |
CN103761475A (zh) * | 2013-12-30 | 2014-04-30 | 北京奇虎科技有限公司 | 检测智能终端中恶意代码的方法及装置 |
CN103902910A (zh) * | 2013-12-30 | 2014-07-02 | 北京奇虎科技有限公司 | 检测智能终端中恶意代码的方法及装置 |
CN103902911A (zh) * | 2014-04-16 | 2014-07-02 | 南京大学 | 一种基于程序结构特征的恶意程序检测方法 |
CN104077528A (zh) * | 2014-06-25 | 2014-10-01 | 珠海市君天电子科技有限公司 | 病毒检测方法、装置以及终端 |
CN104318161A (zh) * | 2014-11-18 | 2015-01-28 | 北京奇虎科技有限公司 | 一种安卓样本的病毒检测方法及装置 |
CN104978526A (zh) * | 2015-06-30 | 2015-10-14 | 北京奇虎科技有限公司 | 病毒特征的提取方法及装置 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107632901A (zh) * | 2017-09-25 | 2018-01-26 | 青岛海信移动通信技术股份有限公司 | 一种应用程序运行异常的自修复方法及装置 |
CN109725904A (zh) * | 2017-10-31 | 2019-05-07 | 中国科学院微电子研究所 | 一种低功耗程序指令编译方法及系统 |
CN109725904B (zh) * | 2017-10-31 | 2021-10-22 | 中国科学院微电子研究所 | 一种低功耗程序指令编译方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN106909839B (zh) | 2020-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10114946B2 (en) | Method and device for detecting malicious code in an intelligent terminal | |
CN103761475B (zh) | 检测智能终端中恶意代码的方法及装置 | |
Laskov et al. | Static detection of malicious JavaScript-bearing PDF documents | |
US10621349B2 (en) | Detection of malware using feature hashing | |
CN103902910B (zh) | 检测智能终端中恶意代码的方法及装置 | |
US20140082729A1 (en) | System and method for analyzing repackaged application through risk calculation | |
CN103761476B (zh) | 特征提取的方法及装置 | |
RU2614557C2 (ru) | Система и способ обнаружения вредоносных файлов на мобильных устройствах | |
US8850581B2 (en) | Identification of malware detection signature candidate code | |
US9135443B2 (en) | Identifying malicious threads | |
CN106803040B (zh) | 病毒特征码处理方法及装置 | |
CN108090360B (zh) | 一种基于行为特征的安卓恶意应用分类方法及系统 | |
US11916937B2 (en) | System and method for information gain for malware detection | |
US20150244737A1 (en) | Detecting malicious advertisements using source code analysis | |
US11580220B2 (en) | Methods and apparatus for unknown sample classification using agglomerative clustering | |
CN105653949B (zh) | 一种恶意程序检测方法及装置 | |
CN112148305B (zh) | 一种应用检测方法、装置、计算机设备和可读存储介质 | |
CN103473104A (zh) | 一种基于关键词上下文频率矩阵的应用重打包辨别方法 | |
CN106909841A (zh) | 一种判断病毒代码的方法及装置 | |
Fang et al. | Large language models for code analysis: Do llms really do their job? | |
Feichtner et al. | Obfuscation-resilient code recognition in Android apps | |
CN107085684B (zh) | 程序特征的检测方法和装置 | |
CN106909839A (zh) | 一种提取样本代码特征的方法及装置 | |
Ahmadi et al. | Intelliav: Building an effective on-device android malware detector | |
Liu et al. | ImageDroid: Using deep learning to efficiently detect Android malware and automatically mark malicious features |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20211201 Address after: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, high tech Zone, Binhai New Area, Tianjin Patentee after: 3600 Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230710 Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: Beijing Hongxiang Technical Service Co.,Ltd. Address before: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, high tech Zone, Binhai New Area, Tianjin Patentee before: 3600 Technology Group Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
CP03 | Change of name, title or address |
Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: Beijing 360 Zhiling Technology Co.,Ltd. Country or region after: China Address before: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee before: Beijing Hongxiang Technical Service Co.,Ltd. Country or region before: China |
|
CP03 | Change of name, title or address |