CN108090353A - A kind of shell adding code of knowledge based driving returns detection method and system - Google Patents

A kind of shell adding code of knowledge based driving returns detection method and system Download PDF

Info

Publication number
CN108090353A
CN108090353A CN201711067476.7A CN201711067476A CN108090353A CN 108090353 A CN108090353 A CN 108090353A CN 201711067476 A CN201711067476 A CN 201711067476A CN 108090353 A CN108090353 A CN 108090353A
Authority
CN
China
Prior art keywords
feature
shell adding
detected
adding sample
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711067476.7A
Other languages
Chinese (zh)
Other versions
CN108090353B (en
Inventor
许梦磊
童志明
何公道
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Antiy Technology Co Ltd
Original Assignee
Harbin Antiy Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Antiy Technology Co Ltd filed Critical Harbin Antiy Technology Co Ltd
Priority to CN201711067476.7A priority Critical patent/CN108090353B/en
Publication of CN108090353A publication Critical patent/CN108090353A/en
Application granted granted Critical
Publication of CN108090353B publication Critical patent/CN108090353B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection

Abstract

The present invention proposes that a kind of shell adding code of knowledge based driving returns detection method and system, the described method includes:Characteristic synthetic database is established, obtains shell adding sample to be detected;The decompression code of shell adding sample to be detected is put into sample interpreter and carries out short characteristic matching, if successful match, according to short feature in inference machine corresponding decipherment algorithm, shell adding sample to be detected is decrypted, and the data after decryption are extracted into short feature, typing plaintext knowledge base;Otherwise, by inference machine directly to shell adding sample extraction feature to be detected, typing ciphertext knowledge base.The present invention also accordingly provides the system, storage medium and program product of this method.The integrated database that the method for the present invention is made up of plaintext knowledge base and ciphertext knowledge base carries out shell adding code cooperation detection, and constantly updates knowledge base using recurrence mode, can adapt to the continuous variation of detection code and detection mode.

Description

A kind of shell adding code of knowledge based driving returns detection method and system
Technical field
The present invention relates to computer network security field, more particularly to a kind of shell adding code of knowledge based driving returns inspection Survey method and system.
Background technology
With the popularization of development and the application of computer technology, computer network also develops rapidly therewith, malicious code number Exponentially grade is measured to increase.The malicious code of early stage is there is no excessive self-protective mechanism is used, all with fixed condition code. Therefore anti-viral software can utilize virus signature to match, it is easy to detect hide Virus in systems, but With the development of technology, malicious code is one after another using the detection of self-protective technique confrontation Anti- Virus Engine, such as to malicious code Shell adding(Encrypt), traditional detection mode accuracy rate is made to decline to a great extent.
Use unification detection mode for the detection of shell adding code at present, such as more:Normalizing directly is extracted to encrypted cipher text Change feature detection, but testing result is not accurate;Decompression detection is carried out for the code of known compression algorithms, but testing result is not complete Face;Key instruction detection is chosen using dynamic virtual machine executive mode, but detection efficiency is not high.
The content of the invention
Based on the above problem, the present invention proposes a kind of shell adding code of knowledge based driving and returns detection method and be System by the cooperation detection of ciphertext and plaintext knowledge base, has reached the balance of accurate, comprehensive, efficient three, finally using recurrence Mode constantly update detection knowledge base, to adapt to detection code and detection mode continuous variation.
First, the present invention proposes that a kind of shell adding code of knowledge based driving returns detection method, including:
Characteristic synthetic database is established, obtains shell adding sample to be detected;
The decompression code of shell adding sample to be detected is put into sample interpreter and carries out short characteristic matching, if successful match, According to short feature in inference machine corresponding decipherment algorithm, shell adding sample to be detected is decrypted, and by the data after decryption Extract short feature, typing plaintext knowledge base;
Otherwise, by inference machine directly to shell adding sample extraction feature to be detected, typing ciphertext knowledge base.
In the method, the characteristic synthetic database is made of plaintext knowledge base and ciphertext knowledge base.
In the method, the short feature includes feature and algorithm key position information.
In the method, it is described according to short feature in inference machine corresponding decipherment algorithm, to shell adding sample to be detected It is decrypted, specifically, feature and algorithm key position information in short feature, match corresponding decipherment algorithm and carry out Decryption.
In the method, by inference machine directly to shell adding sample extraction feature to be detected, it is specially:
According to known behavioral characteristics and static nature, in shell adding sample acquisition corresponding data to be detected, and point of each feature is set Value;
According to entropy weight information law, the TOP SCORES of behavioral characteristics and static nature is calculated respectively;
Using the complex analysis method measured based on poicare, comprehensive assessment is carried out to the TOP SCORES of behavioral characteristics and static nature, It determines to choose behavioral characteristics or static nature;
Using the behavioral characteristics of selection or static nature as the feature of shell adding sample to be detected, typing ciphertext knowledge base.
In the method, after shell adding sample to be detected is obtained, further include:Extract the code of shell adding sample to be detected Duan Tezheng matches the cryptographic Hash of the feature with existing feature in characteristic synthetic database, if successful match Directly output judges result.
The invention also provides a kind of knowledge based driving shell adding code return detecting system, including:
Database module establishes characteristic synthetic database;
Acquisition module obtains shell adding sample to be detected;
Sample interpreter module carries out short feature for the decompression code of shell adding sample to be detected to be put into sample interpreter Match somebody with somebody, if successful match, into inference engine module;
Inference engine module, for according to short feature in inference machine corresponding decipherment algorithm, shell adding sample to be detected is solved It is close, and the data after decryption are extracted into short feature, typing plaintext knowledge base;Otherwise, inference machine is directly to shell adding sample to be detected Extract feature, typing ciphertext knowledge base.
In the system, the characteristic synthetic database is made of plaintext knowledge base and ciphertext knowledge base.
In the system, the short feature includes feature and algorithm key position information.
In the system, it is described according to short feature in inference machine corresponding decipherment algorithm, to shell adding sample to be detected It is decrypted, specifically, feature and algorithm key position information in short feature, match corresponding decipherment algorithm and carry out Decryption.
In the system, by inference machine directly to shell adding sample extraction feature to be detected, it is specially:
According to known behavioral characteristics and static nature, in shell adding sample acquisition corresponding data to be detected, and point of each feature is set Value;
According to entropy weight information law, the TOP SCORES of behavioral characteristics and static nature is calculated respectively;
Using the complex analysis method measured based on poicare, comprehensive assessment is carried out to the TOP SCORES of behavioral characteristics and static nature, It determines to choose behavioral characteristics or static nature;
Using the behavioral characteristics of selection or static nature as the feature of shell adding sample to be detected, typing ciphertext knowledge base.
In the system, after shell adding sample to be detected is obtained, further include:Extract the code of shell adding sample to be detected Duan Tezheng matches the cryptographic Hash of the feature with existing feature in characteristic synthetic database, if successful match Directly output judges result.
Correspondingly, the present invention proposes a kind of non-transitorycomputer readable storage medium, computer program is stored thereon with, Realize that the shell adding code as described in any in claim 1-6 returns detection method when the program is executed by processor.
Correspondingly, the present invention proposes a kind of computer program product, the electronic equipment includes:Housing, processor, storage Device, circuit board and power supply, wherein, circuit board is placed in the interior volume that housing surrounds, and processor and memory are arranged on circuit On plate;Power circuit, for powering for each circuit or device of above-mentioned electronic equipment;Memory is used to store executable program Code;Processor runs journey corresponding with executable program code by reading the executable program code stored in memory Sequence performs above method flow.
The advantage of technical solution of the present invention is that it is possible to comprehensive Through Several Survey Measure, by plaintext knowledge base and ciphertext knowledge Storehouse composition characteristic integrated database by ciphertext and the cooperation detection of plaintext, has reached accurate, comprehensive, has efficiently been detected, Finally by the way of returning, more new knowledge base carries out certain journey for the sample for using current unknown compression algorithm institute shell adding The feature extraction of degree, to adapt to the continuous variation of detection code and detection mode.
Description of the drawings
It, below will be to embodiment or the prior art in order to illustrate more clearly of technical solution of the invention or of the prior art Attached drawing is briefly described needed in description, it should be apparent that, the accompanying drawings in the following description is only in the present invention Some embodiments recorded, for those of ordinary skill in the art, without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Fig. 1 is that a kind of shell adding code of knowledge based driving of the present invention returns detection method embodiment flow chart;
Fig. 2 is that a kind of shell adding code of knowledge based driving of the present invention returns detecting system structure diagram;
Fig. 3 is the structure diagram of one embodiment of electronic equipment of the present invention.
Specific embodiment
In order to which those skilled in the art is made to more fully understand the technical solution in the embodiment of the present invention, and make the present invention's Above-mentioned purpose, feature and advantage can be more obvious understandable, technical solution in the present invention made below in conjunction with the accompanying drawings further detailed Thin explanation.
First, the present invention proposes that a kind of shell adding code of knowledge based driving returns detection method, as shown in Figure 1, including:
S101:Characteristic synthetic database is established, obtains shell adding sample to be detected;
S102:The decompression code of shell adding sample to be detected is put into sample interpreter and carries out short characteristic matching, if matching into Work(then performs S103, otherwise performs S104;The decompression code of shell adding sample, usually after second section of shell adding sample Half part code;
S103:According to short feature in inference machine corresponding decipherment algorithm, shell adding sample to be detected is decrypted, and will decryption Data afterwards extract short feature, typing plaintext knowledge base;
S104:By inference machine directly to shell adding sample extraction feature to be detected, typing ciphertext knowledge base.
In the method, the characteristic synthetic database is made of plaintext knowledge base and ciphertext knowledge base.
In the method, the short feature includes feature and algorithm key position information.
Short feature includes algorithm key position information, be due in ciphering process, when identical code is encrypted, The position and offset of its first time appearance may be employed to complete, so in decryption, we can be with the scope of this offset It as feature, that is, can guarantee accuracy, and can guarantee that characteristic length is relatively short.It is and because crucial comprising algorithm in short feature Location information, so short feature can form mapping relations with Encryption Algorithm.
In the method, it is described according to short feature in inference machine corresponding decipherment algorithm, to shell adding sample to be detected It is decrypted, specifically, feature and algorithm key position information in short feature, match corresponding decipherment algorithm and carry out Decryption.
In the method, by inference machine directly to shell adding sample extraction feature to be detected, it is specially:
According to known behavioral characteristics and static nature, in shell adding sample acquisition corresponding data to be detected, and point of each feature is set Value;Since the threat degree of feature is different, it is therefore desirable to each feature-set score value,
According to entropy weight information law, the TOP SCORES of behavioral characteristics and static nature is calculated respectively;Such as:For behavioral characteristics, I Only consider equipment threaten (modification disk sector), system threaten (modification registration table), file I/O threaten (reading and writing of files), more than The threat degree difference of three just necessarily has different subitem scorings;For static nature, the head 4K features of code section, file Icon characteristics etc..Here the feature given according to threat degree and the mapping relations of scoring are based on substantial amounts of analysis experience It obtains.
Here both behavioral characteristics and static nature are linear independences, so the two can be as plane rectangular coordinates Two orthogonal vectors under system, therefore can subsequent analysis be carried out by complex function.
Using the complex analysis method measured based on poicare, the TOP SCORES of behavioral characteristics and static nature is integrated Assessment determines to choose behavioral characteristics or static nature;
Using the behavioral characteristics of selection or static nature as the feature of shell adding sample to be detected, typing ciphertext knowledge base.
It is using the reason for above method, the ciphertext to be extracted is characterized in what is be not present in knowledge base, and calculation is compressed to it Method is not known about, and goes for certain detection result, it is necessary to be carried out feature extraction and detection by non-precision mode, be adopted The mode being combined with behavioral characteristics with static nature can find corresponding data in the sample.
In the method, after shell adding sample to be detected is obtained, further include:Extract the code of shell adding sample to be detected Duan Tezheng matches the cryptographic Hash of the feature with existing feature in characteristic synthetic database, if successful match Directly output judges result.
The invention also provides a kind of shell adding code recurrence detecting system of knowledge based driving, as shown in Fig. 2, including:
Database module 201 establishes characteristic synthetic database;
Acquisition module 202 obtains shell adding sample to be detected;
Sample interpreter module 203 carries out short spy for the decompression code of shell adding sample to be detected to be put into sample interpreter Sign matching, if successful match, into inference engine module;
Inference engine module 204, for according to short feature in inference machine corresponding decipherment algorithm, to shell adding sample to be detected carry out Decryption, and the data after decryption are extracted into short feature, typing plaintext knowledge base;If short characteristic matching failure, inference machine are direct To shell adding sample extraction feature to be detected, typing ciphertext knowledge base.
In the system, the characteristic synthetic database is made of plaintext knowledge base and ciphertext knowledge base.
In the system, the short feature includes feature and algorithm key position information.
In the system, it is described according to short feature in inference machine corresponding decipherment algorithm, to shell adding sample to be detected It is decrypted, specifically, feature and algorithm key position information in short feature, match corresponding decipherment algorithm and carry out Decryption.
In the system, by inference machine directly to shell adding sample extraction feature to be detected, it is specially:
According to known behavioral characteristics and static nature, in shell adding sample acquisition corresponding data to be detected, and point of each feature is set Value;
According to entropy weight information law, the TOP SCORES of behavioral characteristics and static nature is calculated respectively;
Using the complex analysis method measured based on poicare, comprehensive assessment is carried out to the TOP SCORES of behavioral characteristics and static nature, It determines to choose behavioral characteristics or static nature;
Using the behavioral characteristics of selection or static nature as the feature of shell adding sample to be detected, typing ciphertext knowledge base.
In the system, after shell adding sample to be detected is obtained, further include:Extract the code of shell adding sample to be detected Duan Tezheng matches the cryptographic Hash of the feature with existing feature in characteristic synthetic database, if successful match Directly output judges result.
Correspondingly, the present invention proposes a kind of non-transitorycomputer readable storage medium, computer program is stored thereon with, Realize that the shell adding code as described in any in claim 1-6 returns detection method when the program is executed by processor.
Correspondingly, the present invention proposes a kind of computer program product, as shown in figure 3, the electronic equipment includes:Housing 301st, processor 302, memory 303, circuit board 304 and power supply 305, wherein, circuit board is placed in the space that housing surrounds Portion, processor and memory are set on circuit boards;Power circuit, for being supplied for each circuit or device of above-mentioned electronic equipment Electricity;Memory is used to store executable program code;Processor by read the executable program code stored in memory come Operation program corresponding with executable program code, performs above method flow.
The advantage of technical solution of the present invention is that it is possible to comprehensive Through Several Survey Measure, by plaintext knowledge base and ciphertext knowledge Storehouse composition characteristic integrated database by ciphertext and the cooperation detection of plaintext, has reached accurate, comprehensive, has efficiently been detected, Finally by the way of returning, more new knowledge base carries out certain journey for the sample for using current unknown compression algorithm institute shell adding The feature extraction of degree, to adapt to the continuous variation of detection code and detection mode.
Although depicting the present invention by embodiment, it will be appreciated by the skilled addressee that the present invention there are many deformation and Change the spirit without departing from the present invention, it is desirable to which appended claim includes these deformations and changes without departing from the present invention's Spirit.

Claims (14)

1. a kind of shell adding code of knowledge based driving returns detection method, which is characterized in that including:
Characteristic synthetic database is established, obtains shell adding sample to be detected;
The decompression code of shell adding sample to be detected is put into sample interpreter and carries out short characteristic matching, if successful match, According to short feature in inference machine corresponding decipherment algorithm, shell adding sample to be detected is decrypted, and by the data after decryption Extract short feature, typing plaintext knowledge base;
Otherwise, by inference machine directly to shell adding sample extraction feature to be detected, typing ciphertext knowledge base.
2. the method as described in claim 1, which is characterized in that the characteristic synthetic database is known by plaintext knowledge base and ciphertext Know storehouse composition.
3. the method as described in claim 1, which is characterized in that the short feature includes feature and algorithm key position is believed Breath.
4. method as claimed in claim 3, which is characterized in that described corresponding decryption is calculated in inference machine according to short feature Shell adding sample to be detected is decrypted in method, specifically, feature and algorithm key position information in short feature, The corresponding decipherment algorithm of matching is decrypted.
5. the method as described in claim 1, which is characterized in that special directly to shell adding sample extraction to be detected by inference machine Sign, specially:
According to known behavioral characteristics and static nature, in shell adding sample acquisition corresponding data to be detected, and point of each feature is set Value;
According to entropy weight information law, the TOP SCORES of behavioral characteristics and static nature is calculated respectively;
Using the complex analysis method measured based on poicare, comprehensive assessment is carried out to the TOP SCORES of behavioral characteristics and static nature, It determines to choose behavioral characteristics or static nature;
Using the behavioral characteristics of selection or static nature as the feature of shell adding sample to be detected, typing ciphertext knowledge base.
6. the method as described in claim 1, which is characterized in that after shell adding sample to be detected is obtained, further include:Extraction is treated The code segment feature of shell adding sample is detected, by existing feature progress in the cryptographic Hash of the feature and characteristic synthetic database Match somebody with somebody, directly output judges result if successful match.
7. a kind of shell adding code of knowledge based driving returns detecting system, which is characterized in that including:
Database module establishes characteristic synthetic database;
Acquisition module obtains shell adding sample to be detected;
Sample interpreter module carries out short feature for the decompression code of shell adding sample to be detected to be put into sample interpreter Match somebody with somebody, if successful match, into inference engine module;
Inference engine module, for according to short feature in inference machine corresponding decipherment algorithm, shell adding sample to be detected is solved It is close, and the data after decryption are extracted into short feature, typing plaintext knowledge base;Otherwise, inference machine is directly to shell adding sample to be detected Extract feature, typing ciphertext knowledge base.
8. system as claimed in claim 7, which is characterized in that the characteristic synthetic database is known by plaintext knowledge base and ciphertext Know storehouse composition.
9. system as claimed in claim 7, which is characterized in that the short feature includes feature and algorithm key position is believed Breath.
10. system as claimed in claim 9, which is characterized in that described corresponding decryption is calculated in inference machine according to short feature Shell adding sample to be detected is decrypted in method, specifically, feature and algorithm key position information in short feature, The corresponding decipherment algorithm of matching is decrypted.
11. system as claimed in claim 7, which is characterized in that special directly to shell adding sample extraction to be detected by inference machine Sign, specially:
According to known behavioral characteristics and static nature, in shell adding sample acquisition corresponding data to be detected, and point of each feature is set Value;
According to entropy weight information law, the TOP SCORES of behavioral characteristics and static nature is calculated respectively;
Using the complex analysis method measured based on poicare, comprehensive assessment is carried out to the TOP SCORES of behavioral characteristics and static nature, It determines to choose behavioral characteristics or static nature;
Using the behavioral characteristics of selection or static nature as the feature of shell adding sample to be detected, typing ciphertext knowledge base.
12. system as claimed in claim 7, which is characterized in that after shell adding sample to be detected is obtained, further include:Extraction The code segment feature of shell adding sample to be detected carries out existing feature in the cryptographic Hash of the feature and characteristic synthetic database Matching, directly output judges result if successful match.
13. a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is characterized in that the program Realize that the shell adding code as described in any in claim 1-6 returns detection method when being executed by processor.
14. a kind of computer program product, which is characterized in that the electronic equipment includes:Housing, processor, memory, circuit Plate and power supply, wherein, circuit board is placed in the interior volume that housing surrounds, and processor and memory are set on circuit boards;Electricity Source circuit, for powering for each circuit or device of above-mentioned electronic equipment;Memory is used to store executable program code;Place Reason device runs program corresponding with executable program code by reading the executable program code stored in memory, performs Shell adding code as described in any in claim 1-6 returns detection method.
CN201711067476.7A 2017-11-03 2017-11-03 Knowledge-driven regression detection method and system for shell-added codes Active CN108090353B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711067476.7A CN108090353B (en) 2017-11-03 2017-11-03 Knowledge-driven regression detection method and system for shell-added codes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711067476.7A CN108090353B (en) 2017-11-03 2017-11-03 Knowledge-driven regression detection method and system for shell-added codes

Publications (2)

Publication Number Publication Date
CN108090353A true CN108090353A (en) 2018-05-29
CN108090353B CN108090353B (en) 2021-09-03

Family

ID=62172014

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711067476.7A Active CN108090353B (en) 2017-11-03 2017-11-03 Knowledge-driven regression detection method and system for shell-added codes

Country Status (1)

Country Link
CN (1) CN108090353B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992969A (en) * 2019-03-25 2019-07-09 腾讯科技(深圳)有限公司 A kind of malicious file detection method, device and detection platform

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101547126A (en) * 2008-03-27 2009-09-30 北京启明星辰信息技术股份有限公司 Network virus detecting method based on network data streams and device thereof
CN102184363A (en) * 2011-05-21 2011-09-14 电子科技大学 Automatic software packer shelling method based on comprehensive processing
US20130084560A1 (en) * 2010-06-22 2013-04-04 The Government of the United States of America as by the Secretary of the Dept., of Health and Human Analysis of a microneutralization assay using curve-fitting constraints
US20140007222A1 (en) * 2011-10-11 2014-01-02 Zenprise, Inc. Secure execution of enterprise applications on mobile devices
CN105205398A (en) * 2015-11-04 2015-12-30 北京鼎源科技有限公司 Shell checking method based on dynamic behaviors of APK (android package) packing software
CN105989252A (en) * 2015-12-12 2016-10-05 武汉安天信息技术有限责任公司 Function level packing-oriented unpacking method and system
CN107169352A (en) * 2017-03-22 2017-09-15 国家计算机网络与信息安全管理中心 A kind of malware detection method and system based on shell adding file verification sum
CN107273741A (en) * 2017-05-18 2017-10-20 努比亚技术有限公司 A kind of system operation method and terminal

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101547126A (en) * 2008-03-27 2009-09-30 北京启明星辰信息技术股份有限公司 Network virus detecting method based on network data streams and device thereof
US20130084560A1 (en) * 2010-06-22 2013-04-04 The Government of the United States of America as by the Secretary of the Dept., of Health and Human Analysis of a microneutralization assay using curve-fitting constraints
CN102184363A (en) * 2011-05-21 2011-09-14 电子科技大学 Automatic software packer shelling method based on comprehensive processing
US20140007222A1 (en) * 2011-10-11 2014-01-02 Zenprise, Inc. Secure execution of enterprise applications on mobile devices
CN105205398A (en) * 2015-11-04 2015-12-30 北京鼎源科技有限公司 Shell checking method based on dynamic behaviors of APK (android package) packing software
CN105989252A (en) * 2015-12-12 2016-10-05 武汉安天信息技术有限责任公司 Function level packing-oriented unpacking method and system
CN107169352A (en) * 2017-03-22 2017-09-15 国家计算机网络与信息安全管理中心 A kind of malware detection method and system based on shell adding file verification sum
CN107273741A (en) * 2017-05-18 2017-10-20 努比亚技术有限公司 A kind of system operation method and terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992969A (en) * 2019-03-25 2019-07-09 腾讯科技(深圳)有限公司 A kind of malicious file detection method, device and detection platform
CN109992969B (en) * 2019-03-25 2023-03-21 腾讯科技(深圳)有限公司 Malicious file detection method and device and detection platform

Also Published As

Publication number Publication date
CN108090353B (en) 2021-09-03

Similar Documents

Publication Publication Date Title
US10489604B2 (en) Searchable encryption processing system and searchable encryption processing method
CN104751055B (en) A kind of distributed malicious code detecting method, apparatus and system based on texture
JP5412414B2 (en) Searchable cryptographic processing system
WO2018177201A1 (en) Method and device for embedding and extracting digital watermark, digital watermarking system
Sklavos et al. Hardware security and trust
CN103988467A (en) Cryptographic system and methodology for securing software cryptography
Choudary et al. Efficient stochastic methods: Profiled attacks beyond 8 bits
Msgna et al. Verifying software integrity in embedded systems: A side channel approach
CN104715194A (en) Malicious software detection method and device
CN109117643B (en) System processing method and related equipment
CN112613051A (en) Data encryption storage method and device, computer equipment and storage medium
US20210034740A1 (en) Threat analysis system, threat analysis method, and threat analysis program
Bauspieß et al. Privacy-preserving preselection for protected biometric identification using public-key encryption with keyword search
Camacho et al. A cloud-oriented integrity verification system for audio forensics
CN108090353A (en) A kind of shell adding code of knowledge based driving returns detection method and system
Bucerzan et al. Testing methods for the efficiency of modern steganography solutions for mobile platforms
US20190121968A1 (en) Key generation source identification device, key generation source identification method, and computer readable medium
JP2013222422A (en) Program, information processing device, and information processing method
KR102375973B1 (en) Security server using case based reasoning engine and storage medium for installing security function
Lapworth Parallel encryption of input and output data for HPC applications
Sayadi et al. Towards ai-enabled hardware security: Challenges and opportunities
Nakano et al. Memory access pattern protection for resource-constrained devices
US20210240956A1 (en) Systems and methods for encoding executable code in barcodes
Naveenkumar et al. Review on Hardware Trojan Detection Techniques
Abdellatif et al. New partitioning approach for hardware Trojan detection using side-channel measurements

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin Hi-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road)

Applicant after: Harbin antiy Technology Group Limited by Share Ltd

Address before: 150090 Room 506, No. 162 Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang Province

Applicant before: Harbin Antiy Technology Co., Ltd.

CB02 Change of applicant information
CB02 Change of applicant information

Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road)

Applicant after: Antan Technology Group Co.,Ltd.

Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road)

Applicant before: Harbin Antian Science and Technology Group Co.,Ltd.

GR01 Patent grant
GR01 Patent grant