CN103455753A - Sample file analysis method and device - Google Patents
Sample file analysis method and device Download PDFInfo
- Publication number
- CN103455753A CN103455753A CN2012101748858A CN201210174885A CN103455753A CN 103455753 A CN103455753 A CN 103455753A CN 2012101748858 A CN2012101748858 A CN 2012101748858A CN 201210174885 A CN201210174885 A CN 201210174885A CN 103455753 A CN103455753 A CN 103455753A
- Authority
- CN
- China
- Prior art keywords
- sample file
- string
- binary format
- character string
- unsuccessful
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a sample file analysis method and a sample file analysis device, wherein the method comprises the following steps: obtaining a sample file in a binary format; mapping the sample file in the binary format to a memory; carrying out full-text character string filtering analysis on the binary format sample file mapped to the memory to obtain a filtered binary format sample file; and outputting the filtered sample file in the binary format. The scheme of the invention can extract the visible character string from the sample file in the binary format to be used as a basis for judging whether the file is a virus or not, and the validity of the visible character string is filtered, so that the analysis result set of the sample file is effectively reduced, and the virus searching and killing efficiency is greatly improved.
Description
Technical field
The present invention relates to the computer security technique field, refer to especially a kind of sample file analytical approach and device.
Background technology
In the anti-virus field, every day, the sample increment was all magnanimity, by manual type, identified and will waste the plenty of time, and therefore, the automatic analysis of sample file has become a key problem in anti-virus field.
Current existing sample file automatic analysis technology can be divided into two classes:
(1) static automatic analysis, qualitative to recently giving file by dis-assembling code analysis, the comparison of file static content and a series of heuristic rule; The advantage of this way is: fast, handling capacity is high, can tackle the mass file of every day, and provide analysis result; But shortcoming is: precision is general, can't provide the malicious act of sample, and there is more wrong report in the sample of encryption and fails to report.
(2) dynamic auto analysis, by the Dynamic Execution sample and record operational process, carry out the dynamic behaviour analysis, utilizes analysis result to carry out qualitative to sample file; The advantage of this way is: precision is very high, and can explicitly point out the sample malicious act also can be accurately qualitative to it; But shortcoming is: low speed, handling capacity is low, tackles the sample file of magnanimity if want, needs great amount of hardware resources to drop into.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of sample file analytical approach and device, extract the character visible string from the sample file of binary format, as judging whether file is viral foundation, and the validity of character visible string is filtered, effectively reduce the analysis result set of sample file, greatly promote checking and killing virus efficiency.
For solving the problems of the technologies described above, embodiments of the invention provide a kind of sample file analytical approach, comprising:
Obtain the sample file of binary format;
The sample file of described binary format is mapped to internal memory;
Sample file to the described binary format that is mapped to internal memory carries out full text character string filter analysis, the sample file of the binary format after being filtered;
Export the sample file of the binary format after described filtration.
Wherein, the described sample file to the described binary format that is mapped to internal memory carries out full text character string filter analysis, and the step of the sample file of the binary format after being filtered comprises:
According to the feature string in character set and virus family storehouse, the sample file of the described binary format that is mapped to internal memory is carried out to the full text string matching, obtain the unsuccessful character string of coupling;
Filter out the unsuccessful character string of described coupling, the sample file of the binary format after being filtered.
Wherein, the described feature string according to character set and virus family storehouse, the step of the sample file of the described binary format that is mapped to internal memory being carried out to string matching in full comprises:
The sample file of the described binary format that is mapped to internal memory and the concentrated character string of described character code are complementary, obtain the unsuccessful insignificant character string of coupling and sample file corresponding to character string that the match is successful;
To the described character string that the match is successful, corresponding sample file and the feature string in described virus family storehouse are mated, and obtain the unsuccessful string to be filtered of coupling.
Wherein, the sample file that the described character string that the match is successful is formed and the feature string in described virus family storehouse are mated, and the step that obtains the unsuccessful string to be filtered of coupling comprises:
Calculate the cryptographic hash of the character string in sample file corresponding to the described character string that the match is successful;
Calculate the cryptographic hash of the feature string in described virus family storehouse;
The cryptographic hash of the feature string in the cryptographic hash of the character string in the sample file of described binary format and described virus family storehouse is compared, if unequal, think that two string matchings of comparing are unsuccessful, and obtain the unsuccessful string to be filtered of coupling, otherwise think that the match is successful.
Wherein, the step cryptographic hash of the feature string in the cryptographic hash of the character string in the sample file of described binary format and described virus family storehouse compared comprises:
Adopt a processor instruction that the cryptographic hash of the feature string in the cryptographic hash of the character string in the sample file of described binary format and described virus family storehouse is compared.
Wherein, the described unsuccessful character string of described coupling that filters out, the step of the sample file of the binary format after being filtered comprises:
Filter out the unsuccessful insignificant character string of described coupling and the unsuccessful string to be filtered of described coupling, the sample file of the binary format after being filtered.
Wherein, described character set comprises: UNICODE, UFT-8, GBK, GB2312 and/or MBCS character code.
Embodiments of the invention also provide a kind of sample file analytical equipment, comprising:
Obtain module, for obtaining the sample file of binary format;
Mapping block, be mapped to internal memory for the sample file by described binary format;
Analysis module, carry out full text character string filter analysis, the sample file of the binary format after being filtered for the sample file of the described binary format to being mapped to internal memory;
Output module, for exporting the sample file of the binary format after described filtration.
Wherein, described analysis module comprises:
First analyzes submodule, for the feature string according to character set and virus family storehouse, the sample file of the described binary format that is mapped to internal memory is carried out to full text string matching, obtains and mates unsuccessful character string;
Second analyzes submodule, for filtering out the unsuccessful character string of described coupling, the sample file of the binary format after being filtered.
Wherein, described the first analysis submodule comprises:
The first matching module, be complementary for the sample file of the described binary format to being mapped to internal memory and the concentrated character string of described character code, obtains the sample file that the unsuccessful insignificant character string of coupling and the character string that the match is successful form;
The second matching module, mated for the sample file to the described character string that the match is successful composition and the feature string in described virus family storehouse, obtains the unsuccessful string to be filtered of coupling.
Wherein, described the second matching module comprises:
The first computing module, for the cryptographic hash of the character string of calculating the sample file that the described character string that the match is successful forms;
The second computing module, for the cryptographic hash of the feature string that calculates described virus family storehouse;
Matched sub-block, for the cryptographic hash of the feature string in the cryptographic hash of the character string of the sample file of described binary format and described virus family storehouse is compared, if unequal, think that two string matchings of comparing are unsuccessful, and obtain the unsuccessful string to be filtered of coupling, otherwise think that the match is successful.
Wherein, described second analyze submodule specifically for: filter out the unsuccessful insignificant character string of described coupling and the unsuccessful string to be filtered of described coupling, the sample file of the binary format after being filtered.
The beneficial effect of technique scheme of the present invention is as follows:
In such scheme, sample file by the binary format by acquisition is mapped to internal memory, and the sample file of this binary format is carried out to full text character string filter analysis, thereby filter out the unsuccessful character string of coupling, extract effectively string, effectively reduce the analysis result set of sample file, greatly promote checking and killing virus efficiency.
The accompanying drawing explanation
Fig. 1 is sample file analytical approach process flow diagram of the present invention;
The structural frames schematic diagram that Fig. 2 is sample file analytical equipment of the present invention.
Embodiment
For making the technical problem to be solved in the present invention, technical scheme and advantage clearer, be described in detail below in conjunction with the accompanying drawings and the specific embodiments.
As shown in Figure 1, embodiments of the invention provide a kind of sample file analytical approach, comprising:
This embodiment of the present invention is mapped to internal memory by the sample file of the binary format by acquisition, and the sample file of this binary format is carried out to full text character string filter analysis, effectively reduce the analysis result set of sample file, greatly promote checking and killing virus efficiency.
In another embodiment of the present invention, comprise that, on the basis of above-mentioned steps 11-14, above-mentioned steps 13 comprises:
Step 131, according to the feature string in character set and virus family storehouse, carry out the full text string matching to the sample file of the described binary format that is mapped to internal memory, obtains the unsuccessful character string of coupling;
Step 132, filter out the unsuccessful character string of described coupling, the sample file of the binary format after being filtered.
Wherein, character set comprises UNICODE, UFT-8, and GBK, GB2312, all character sets commonly used such as MBCS, the virus family storehouse comprises the feature set of strings that fixed a certain type or polytype virus characteristic of correspondence string form.
In another embodiment of the present invention, comprise that, on the basis of above-mentioned steps 11-14, above-mentioned steps 131 comprises:
Step 1311, be complementary to the sample file of the described binary format that is mapped to internal memory and the concentrated character string of described character code, obtains the unsuccessful insignificant character string of coupling and sample file corresponding to character string that the match is successful;
Step 1312, to the described character string that the match is successful, corresponding sample file and the feature string in described virus family storehouse are mated, and obtain the unsuccessful string to be filtered of coupling.
In this embodiment, the concentrated character string of sample file by the binary format to being mapped to internal memory and character code is complementary, obtain the unsuccessful insignificant character string of coupling, here the method that adopts everyday character to filter, exclude obvious insignificant character string, as: " the heir S cowherb of rewarding with food and drink spreads whiz and scalds " obtains sample file corresponding to character string that the match is successful, thereby dwindle the quantity of the sample file of binary format, can significantly promote viral killing efficiency.
Further, in another embodiment of the present invention, step 1312 can comprise:
Step 13121, calculate Hash (Hash) value of the character string in sample file corresponding to the described character string that the match is successful;
Step 13122, calculate the hash value of the feature string in described virus family storehouse;
Step 13123, the hash value of the feature string in the hash value of the character string in the sample file of described binary format and described virus family storehouse is compared, if unequal, think that two string matchings of comparing are unsuccessful, and obtain the unsuccessful string to be filtered of coupling, otherwise think that the match is successful.
In this embodiment, the hash value of the hash value of character string or feature string is all the values that adopt a DWORD(double byte of CRC32 algorithm generation), when string matching, according to this CRC32 value generated, only need a processor instruction, as, (Cmp, eRx, eRx) just can judge whether the CRC32 value of two character strings equates, whether two character strings mate, the very big like this analysis efficiency that promoted.Particularly, in above-mentioned steps 13123, the described step that the hash value of the feature string in the hash value of the character string in the sample file of described binary format and described family storehouse is compared comprises: adopt a processor instruction that the hash value of the feature string in the hash value of the character string in the sample file of described binary format and described family storehouse is compared.Wherein, after obtaining mating unsuccessful string to be filtered, can mate unsuccessful string to be filtered to these and be sorted, sorted as adopted the quicksort method, thereby these strings to be filtered be fallen in forced filtration.
Correspondingly, in above-described embodiment, step 132 can comprise: filter out the unsuccessful insignificant character string of described coupling and the unsuccessful string to be filtered of described coupling, the sample file of the binary format after being filtered.
Wherein, in above-described embodiment, described character set comprises: UNICODE, UFT-8, GBK, GB2312, MBCS character code.Wherein, can be according to 3500 Chinese characters commonly used, English, symbols etc. are used as the significant character collection and are mated, thereby exclude idle character.
In above-mentioned implementation column of the present invention, sample file to binary format is mapped to internal memory, and employing comprises that the significant character collection of all character sets is mated, exclude obvious insignificant character string, dwindle the quantity of the sample file of binary format, reduce the sample size of analyzing, thereby can significantly promote checking and killing virus efficiency, further the sample file (the visible string extracted) excluded after insignificant character string is mated with the feature string in virus family storehouse, thereby filter out the unsuccessful character string of coupling, thereby effectively reduce the analysis result set, promote checking and killing virus efficiency.
As shown in Figure 2, embodiments of the invention also provide a kind of sample file analytical equipment, comprising:
Obtain module 21, for obtaining the sample file of binary format;
This device embodiment of the present invention is mapped to internal memory by the sample file of the binary format by acquisition equally, and the sample file of this binary format is carried out to full text character string filter analysis, effectively reduce the analysis result set of sample file, greatly promote checking and killing virus efficiency.
Wherein, described analysis module comprises:
First analyzes submodule, for the feature string according to character set and virus family storehouse, the sample file of the described binary format that is mapped to internal memory is carried out to full text string matching, obtains and mates unsuccessful character string;
Second analyzes submodule, for filtering out the unsuccessful character string of described coupling, the sample file of the binary format after being filtered.
Wherein, character set comprises UNICODE, UFT-8, and GBK, GB2312, all character sets commonly used such as MBCS, the virus family storehouse comprises the feature set of strings that fixed a certain type or polytype virus characteristic of correspondence string form.
Wherein, described the first analysis submodule comprises:
The first matching module, be complementary for the sample file of the described binary format to being mapped to internal memory and the concentrated character string of described character code, obtains the sample file that the unsuccessful insignificant character string of coupling and the character string that the match is successful form;
The second matching module, mated for the sample file to the described character string that the match is successful composition and the feature string in described virus family storehouse, obtains the unsuccessful string to be filtered of coupling.
Wherein, described the second matching module comprises:
The first computing module, for the cryptographic hash of the character string of calculating the sample file that the described character string that the match is successful forms;
The second computing module, for the cryptographic hash of the feature string that calculates described virus family storehouse;
Matched sub-block, for the cryptographic hash of the feature string in the cryptographic hash of the character string of the sample file of described binary format and described virus family storehouse is compared, if unequal, think that two string matchings of comparing are unsuccessful, and obtain the unsuccessful string to be filtered of coupling, otherwise think that the match is successful.
In this embodiment, the concentrated character string of sample file by the binary format to being mapped to internal memory and character code is complementary, obtain the unsuccessful insignificant character string of coupling, here the method that adopts everyday character to filter, exclude obvious insignificant character string, as: " the heir S cowherb of rewarding with food and drink spreads whiz and scalds " obtains sample file corresponding to character string that the match is successful, thereby dwindle the quantity of the sample file of binary format, can significantly promote viral killing efficiency.
Wherein, described second analyze submodule specifically for: filter out the unsuccessful insignificant character string of described coupling and the unsuccessful string to be filtered of described coupling, the sample file of the binary format after being filtered.
This device embodiment of the present invention is mapped to internal memory by the sample file to binary format equally, and employing comprises that the significant character collection of all character sets is mated, exclude obvious insignificant character string, dwindle the quantity of the sample file of binary format, reduce the sample size of analyzing, thereby can significantly promote checking and killing virus efficiency, further the sample file (the visible string extracted) excluded after insignificant character string is mated with the feature string in virus family storehouse, thereby filter out the unsuccessful character string of coupling, thereby effectively reduce the analysis result set, promote checking and killing virus efficiency.
The above is the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the prerequisite that does not break away from principle of the present invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (12)
1. a sample file analytical approach, is characterized in that, comprising:
Obtain the sample file of binary format;
The sample file of described binary format is mapped to internal memory;
Sample file to the described binary format that is mapped to internal memory carries out full text character string filter analysis, the sample file of the binary format after being filtered;
Export the sample file of the binary format after described filtration.
2. sample file analytical approach according to claim 1, is characterized in that, the described sample file to the described binary format that is mapped to internal memory carries out full text character string filter analysis, and the step of the sample file of the binary format after being filtered comprises:
According to the feature string in character set and virus family storehouse, the sample file of the described binary format that is mapped to internal memory is carried out to the full text string matching, obtain the unsuccessful character string of coupling;
Filter out the unsuccessful character string of described coupling, the sample file of the binary format after being filtered.
3. sample file analytical approach according to claim 2, is characterized in that, the described feature string according to character set and virus family storehouse, and the step of the sample file of the described binary format that is mapped to internal memory being carried out to string matching in full comprises:
The sample file of the described binary format that is mapped to internal memory and the concentrated character string of described character code are complementary, obtain the unsuccessful insignificant character string of coupling and sample file corresponding to character string that the match is successful;
To the described character string that the match is successful, corresponding sample file and the feature string in described virus family storehouse are mated, and obtain the unsuccessful string to be filtered of coupling.
4. sample file analytical approach according to claim 3, is characterized in that, the sample file that the described character string that the match is successful is formed and the feature string in described virus family storehouse are mated, and the step that obtains the unsuccessful string to be filtered of coupling comprises:
Calculate the cryptographic hash of the character string in sample file corresponding to the described character string that the match is successful;
Calculate the cryptographic hash of the feature string in described virus family storehouse;
The cryptographic hash of the feature string in the cryptographic hash of the character string in the sample file of described binary format and described virus family storehouse is compared, if unequal, think that two string matchings of comparing are unsuccessful, and obtain the unsuccessful string to be filtered of coupling, otherwise think that the match is successful.
5. sample file analytical approach according to claim 4, is characterized in that, the step that the cryptographic hash of the feature string in the cryptographic hash of the character string in the sample file of described binary format and described virus family storehouse is compared comprises:
Adopt a processor instruction that the cryptographic hash of the feature string in the cryptographic hash of the character string in the sample file of described binary format and described virus family storehouse is compared.
6. according to the described sample file analytical approach of claim 3 or 4, it is characterized in that, the described unsuccessful character string of described coupling that filters out, the step of the sample file of the binary format after being filtered comprises:
Filter out the unsuccessful insignificant character string of described coupling and the unsuccessful string to be filtered of described coupling, the sample file of the binary format after being filtered.
7. sample file analytical approach according to claim 2, is characterized in that, described character set comprises: UNICODE, UFT-8, GBK, GB2312 and/or MBCS character code.
8. a sample file analytical equipment, is characterized in that, comprising:
Obtain module, for obtaining the sample file of binary format;
Mapping block, be mapped to internal memory for the sample file by described binary format;
Analysis module, carry out full text character string filter analysis, the sample file of the binary format after being filtered for the sample file of the described binary format to being mapped to internal memory;
Output module, for exporting the sample file of the binary format after described filtration.
9. sample file analytical equipment according to claim 8, is characterized in that, described analysis module comprises:
First analyzes submodule, for the feature string according to character set and virus family storehouse, the sample file of the described binary format that is mapped to internal memory is carried out to full text string matching, obtains and mates unsuccessful character string;
Second analyzes submodule, for filtering out the unsuccessful character string of described coupling, the sample file of the binary format after being filtered.
10. sample file analytical equipment according to claim 9, is characterized in that, described first analyzes submodule comprises:
The first matching module, be complementary for the sample file of the described binary format to being mapped to internal memory and the concentrated character string of described character code, obtains the sample file that the unsuccessful insignificant character string of coupling and the character string that the match is successful form;
The second matching module, mated for the sample file to the described character string that the match is successful composition and the feature string in described virus family storehouse, obtains the unsuccessful string to be filtered of coupling.
11. sample file analytical equipment according to claim 10, is characterized in that, described the second matching module comprises:
The first computing module, for the cryptographic hash of the character string of calculating the sample file that the described character string that the match is successful forms;
The second computing module, for the cryptographic hash of the feature string that calculates described virus family storehouse;
Matched sub-block, for the cryptographic hash of the feature string in the cryptographic hash of the character string of the sample file of described binary format and described virus family storehouse is compared, if unequal, think that two string matchings of comparing are unsuccessful, and obtain the unsuccessful string to be filtered of coupling, otherwise think that the match is successful.
12. sample file analytical equipment according to claim 11, it is characterized in that, described second analyze submodule specifically for: filter out the unsuccessful insignificant character string of described coupling and the unsuccessful string to be filtered of described coupling, the sample file of the binary format after being filtered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210174885.8A CN103455753B (en) | 2012-05-30 | 2012-05-30 | Sample file analysis method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210174885.8A CN103455753B (en) | 2012-05-30 | 2012-05-30 | Sample file analysis method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103455753A true CN103455753A (en) | 2013-12-18 |
| CN103455753B CN103455753B (en) | 2016-07-13 |
Family
ID=49738103
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210174885.8A Active CN103455753B (en) | 2012-05-30 | 2012-05-30 | Sample file analysis method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103455753B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104715194A (en) * | 2013-12-13 | 2015-06-17 | 北京启明星辰信息安全技术有限公司 | Malicious software detection method and device |
| CN106484730A (en) * | 2015-08-31 | 2017-03-08 | 北京国双科技有限公司 | Character string matching method and device |
| CN106790101A (en) * | 2016-12-23 | 2017-05-31 | 北京邮电大学 | A kind of mature detector set creation method, intrusion detection method and device |
| CN107102998A (en) * | 2016-02-22 | 2017-08-29 | 阿里巴巴集团控股有限公司 | A kind of String distance computational methods and device |
| CN109871685A (en) * | 2019-02-19 | 2019-06-11 | 腾讯科技(深圳)有限公司 | A kind of analysis method and device of RTF file |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156348B (en) * | 2016-07-21 | 2019-06-28 | 杭州安恒信息技术股份有限公司 | A kind of auditing method of database object script risky operation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005017708A2 (en) * | 2003-08-14 | 2005-02-24 | Washington University | Method and apparatus for detecting predefined signatures in packet payload using bloom filters |
| CN101350054A (en) * | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | Method and apparatus for automatically protecting computer noxious program |
| WO2011011916A1 (en) * | 2009-07-29 | 2011-02-03 | 华为技术有限公司 | Regular expression matching method and system, and searching device |
| CN102289617A (en) * | 2010-06-21 | 2011-12-21 | 三星Sds株式会社 | Anti-malware device, server, and method of matching malware patterns |
-
2012
- 2012-05-30 CN CN201210174885.8A patent/CN103455753B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005017708A2 (en) * | 2003-08-14 | 2005-02-24 | Washington University | Method and apparatus for detecting predefined signatures in packet payload using bloom filters |
| CN101350054A (en) * | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | Method and apparatus for automatically protecting computer noxious program |
| WO2011011916A1 (en) * | 2009-07-29 | 2011-02-03 | 华为技术有限公司 | Regular expression matching method and system, and searching device |
| CN102289617A (en) * | 2010-06-21 | 2011-12-21 | 三星Sds株式会社 | Anti-malware device, server, and method of matching malware patterns |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104715194A (en) * | 2013-12-13 | 2015-06-17 | 北京启明星辰信息安全技术有限公司 | Malicious software detection method and device |
| CN104715194B (en) * | 2013-12-13 | 2018-03-27 | 北京启明星辰信息安全技术有限公司 | Malware detection method and apparatus |
| CN106484730A (en) * | 2015-08-31 | 2017-03-08 | 北京国双科技有限公司 | Character string matching method and device |
| CN107102998A (en) * | 2016-02-22 | 2017-08-29 | 阿里巴巴集团控股有限公司 | A kind of String distance computational methods and device |
| US11256756B2 (en) | 2016-02-22 | 2022-02-22 | Advanced New Technologies Co., Ltd. | Character string distance calculation method and device |
| CN106790101A (en) * | 2016-12-23 | 2017-05-31 | 北京邮电大学 | A kind of mature detector set creation method, intrusion detection method and device |
| CN109871685A (en) * | 2019-02-19 | 2019-06-11 | 腾讯科技(深圳)有限公司 | A kind of analysis method and device of RTF file |
| CN109871685B (en) * | 2019-02-19 | 2023-08-08 | 腾讯科技(深圳)有限公司 | RTF file analysis method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103455753B (en) | 2016-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103455753B (en) | Sample file analysis method and device | |
| KR101162051B1 (en) | Using string comparison malicious code detection and classification system and method | |
| CN103810425B (en) | The detection method of malice network address and device | |
| CN102779249B (en) | Malware detection methods and scanning engine | |
| CN102891852B (en) | Message analysis-based protocol format automatic inferring method | |
| CN103679012A (en) | Clustering method and device of portable execute (PE) files | |
| CN105912514B (en) | Text copy detection system and method based on fingerprint characteristic | |
| CN108985064B (en) | Method and device for identifying malicious document | |
| CN105359139A (en) | Security information management system and security information management method | |
| CN108737423A (en) | Fishing website based on webpage key content similarity analysis finds method and system | |
| Roussev et al. | File fragment encoding classification—An empirical approach | |
| CN104391881A (en) | Word segmentation algorithm-based log parsing method and word segmentation algorithm-based log parsing system | |
| CN103473346A (en) | Android re-packed application detection method based on application programming interface | |
| CN105447169B (en) | Document normalizing method, literature search method and corresponding intrument | |
| CN105205397A (en) | Rogue program sample classification method and device | |
| CN105868169B (en) | A kind of data acquisition device, collecting method and system | |
| CN102169496A (en) | Anchor text analysis-based automatic domain term generating method | |
| CN104407872A (en) | Code clone detection method | |
| CN104516862A (en) | Method and system for selecting and reading coded format of target document | |
| CN102298681B (en) | Software identification method based on data stream sliced sheet | |
| CN103455597A (en) | Distributed information hiding detection method facing mass web images | |
| CN105488405A (en) | PDB debug information based malicious code analysis method and system | |
| CN105488409B (en) | A kind of method and system for detecting malicious code family's mutation and new family | |
| CN106650449B (en) | Script heuristic detection method and system based on variable name confusion degree | |
| CN103324888A (en) | Method and system for automatically extracting virus characteristics based on family samples |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100085 Beijing City, Haidian District Road 33, Jinshan building Xiaoying Co-patentee after: CONEW NETWORK TECHNOLOGY (BEIJING) Co.,Ltd. Patentee after: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Co-patentee after: Beijing Cheetah Mobile Technology Co.,Ltd. Address before: 100085 Beijing City, Haidian District Road 33, Jinshan building Xiaoying Co-patentee before: CONEW NETWORK TECHNOLOGY (BEIJING) Co.,Ltd. Patentee before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Co-patentee before: SHELL INTERNET (BEIJING) SECURITY TECHNOLOGY Co.,Ltd. |