CN116366377B - 恶意文件检测方法、装置、设备及存储介质 - Google Patents
恶意文件检测方法、装置、设备及存储介质 Download PDFInfo
- Publication number
- CN116366377B CN116366377B CN202310649312.4A CN202310649312A CN116366377B CN 116366377 B CN116366377 B CN 116366377B CN 202310649312 A CN202310649312 A CN 202310649312A CN 116366377 B CN116366377 B CN 116366377B
- Authority
- CN
- China
- Prior art keywords
- detection
- file
- subsystem
- detected
- path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 463
- 238000000034 method Methods 0.000 claims abstract description 51
- 238000013473 artificial intelligence Methods 0.000 claims description 47
- 238000004458 analytical method Methods 0.000 claims description 44
- 238000005516 engineering process Methods 0.000 claims description 35
- 230000003068 static effect Effects 0.000 claims description 30
- 230000006399 behavior Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 description 10
- 230000001360 synchronised effect Effects 0.000 description 9
- 241000700605 Viruses Species 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 4
- 238000000605 extraction Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 235000019800 disodium phosphate Nutrition 0.000 description 2
- 208000015181 infectious disease Diseases 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000002458 infectious effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000000513 principal component analysis Methods 0.000 description 1
- 238000004549 pulsed laser deposition Methods 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310649312.4A CN116366377B (zh) | 2023-06-02 | 2023-06-02 | 恶意文件检测方法、装置、设备及存储介质 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310649312.4A CN116366377B (zh) | 2023-06-02 | 2023-06-02 | 恶意文件检测方法、装置、设备及存储介质 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116366377A CN116366377A (zh) | 2023-06-30 |
CN116366377B true CN116366377B (zh) | 2023-11-07 |
Family
ID=86905533
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310649312.4A Active CN116366377B (zh) | 2023-06-02 | 2023-06-02 | 恶意文件检测方法、装置、设备及存储介质 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116366377B (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116910755A (zh) * | 2023-09-13 | 2023-10-20 | 北京安天网络安全技术有限公司 | 一种文件检测方法 |
CN116910756B (zh) * | 2023-09-13 | 2024-01-23 | 北京安天网络安全技术有限公司 | 一种恶意pe文件的检测方法 |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016188279A1 (zh) * | 2015-05-25 | 2016-12-01 | 阿里巴巴集团控股有限公司 | 一种故障谱的生成、基于故障谱的检测方法和装置 |
CN110287701A (zh) * | 2019-06-28 | 2019-09-27 | 深信服科技股份有限公司 | 一种恶意文件检测方法、装置、系统及相关组件 |
CN110928793A (zh) * | 2019-11-28 | 2020-03-27 | Oppo广东移动通信有限公司 | 一种正则表达式检测方法、装置及计算机可读存储介质 |
CN111914257A (zh) * | 2020-08-04 | 2020-11-10 | 中国信息安全测评中心 | 文档检测的方法、装置、设备、及计算机存储介质 |
CN113378161A (zh) * | 2021-06-23 | 2021-09-10 | 深信服科技股份有限公司 | 一种安全检测方法、装置、设备及存储介质 |
CN113672924A (zh) * | 2021-08-24 | 2021-11-19 | 李宇佳 | 分布式云计算系统的数据入侵检测方法及装置 |
CN113886814A (zh) * | 2021-09-29 | 2022-01-04 | 深信服科技股份有限公司 | 一种攻击检测方法及相关装置 |
US11522885B1 (en) * | 2022-02-08 | 2022-12-06 | Uab 360 It | System and method for information gain for malware detection |
CN115495740A (zh) * | 2022-09-20 | 2022-12-20 | 京东科技信息技术有限公司 | 一种病毒检测方法和装置 |
-
2023
- 2023-06-02 CN CN202310649312.4A patent/CN116366377B/zh active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016188279A1 (zh) * | 2015-05-25 | 2016-12-01 | 阿里巴巴集团控股有限公司 | 一种故障谱的生成、基于故障谱的检测方法和装置 |
CN110287701A (zh) * | 2019-06-28 | 2019-09-27 | 深信服科技股份有限公司 | 一种恶意文件检测方法、装置、系统及相关组件 |
CN110928793A (zh) * | 2019-11-28 | 2020-03-27 | Oppo广东移动通信有限公司 | 一种正则表达式检测方法、装置及计算机可读存储介质 |
CN111914257A (zh) * | 2020-08-04 | 2020-11-10 | 中国信息安全测评中心 | 文档检测的方法、装置、设备、及计算机存储介质 |
CN113378161A (zh) * | 2021-06-23 | 2021-09-10 | 深信服科技股份有限公司 | 一种安全检测方法、装置、设备及存储介质 |
CN113672924A (zh) * | 2021-08-24 | 2021-11-19 | 李宇佳 | 分布式云计算系统的数据入侵检测方法及装置 |
CN113886814A (zh) * | 2021-09-29 | 2022-01-04 | 深信服科技股份有限公司 | 一种攻击检测方法及相关装置 |
US11522885B1 (en) * | 2022-02-08 | 2022-12-06 | Uab 360 It | System and method for information gain for malware detection |
CN115495740A (zh) * | 2022-09-20 | 2022-12-20 | 京东科技信息技术有限公司 | 一种病毒检测方法和装置 |
Non-Patent Citations (1)
Title |
---|
基于机器学习优化策略的漏洞检测技术研究;宋雅楠;刘萍;;信息技术(02);第45-50页 * |
Also Published As
Publication number | Publication date |
---|---|
CN116366377A (zh) | 2023-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN116366377B (zh) | 恶意文件检测方法、装置、设备及存储介质 | |
US9990583B2 (en) | Match engine for detection of multi-pattern rules | |
RU2708356C1 (ru) | Система и способ двухэтапной классификации файлов | |
US10986103B2 (en) | Signal tokens indicative of malware | |
Varma et al. | Android mobile security by detecting and classification of malware based on permissions using machine learning algorithms | |
CN111159697B (zh) | 一种密钥检测方法、装置及电子设备 | |
CN109344611B (zh) | 应用的访问控制方法、终端设备及介质 | |
Zhu et al. | Android malware detection based on multi-head squeeze-and-excitation residual network | |
RU2587429C2 (ru) | Система и способ оценки надежности правила категоризации | |
CN113486350B (zh) | 恶意软件的识别方法、装置、设备及存储介质 | |
CN113918951A (zh) | 基于抽象语法树的恶意代码检测方法、装置及电子设备 | |
Niu et al. | Detecting malware on X86-based IoT devices in autonomous driving | |
CN112688966A (zh) | webshell检测方法、装置、介质和设备 | |
CN114386046A (zh) | 一种未知漏洞检测方法、装置、电子设备及存储介质 | |
CN113312620B (zh) | 一种程序安全检测方法及装置、处理器芯片、服务器 | |
KR20180133726A (ko) | 특징 벡터를 이용하여 데이터를 분류하는 장치 및 방법 | |
CN109145589B (zh) | 应用程序获取方法及装置 | |
Choi et al. | Detection of Cross Site Scripting Attack in Wireless Networks Using n‐Gram and SVM | |
CN115310087A (zh) | 一种基于抽象语法树的网站后门检测方法和系统 | |
Yan et al. | DitDetector: Bimodal learning based on deceptive image and text for macro malware detection | |
CN112995218A (zh) | 域名的异常检测方法、装置及设备 | |
Brindavathi et al. | An Analysis of AI-based SQL Injection (SQLi) Attack Detection | |
Guo et al. | A malware detection algorithm based on multi-view fusion | |
CN116738427B (zh) | 终端安全防护方法、装置、设备及存储介质 | |
CN113542202B (zh) | 一种域名识别方法、装置、设备及计算机可读存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Malicious file detection methods, devices, devices, and storage media Effective date of registration: 20231212 Granted publication date: 20231107 Pledgee: Shenzhen Branch of China Merchants Bank Co.,Ltd. Pledgor: SANGFOR TECHNOLOGIES Inc. Registration number: Y2023980070863 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20230630 Assignee: Shenzhen zhongyun Data Technology Co.,Ltd. Assignor: SANGFOR TECHNOLOGIES Inc. Contract record no.: X2024980006900 Denomination of invention: Malicious file detection methods, devices, devices, and storage media Granted publication date: 20231107 License type: Common License Record date: 20240607 |