Automatic behavior white list collection method for malicious program detection
The invention relates to an automatic behavior white list collection method for malicious program detection, and the method comprises the following steps: inputting processed sample programs marked asnormal into a database, and enabling a central server to distribute original sample files of each da...
Gespeichert in:
Hauptverfasser: | , , , , , , , , |
---|---|
Format: | Patent |
Sprache: | chi ; eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | The invention relates to an automatic behavior white list collection method for malicious program detection, and the method comprises the following steps: inputting processed sample programs marked asnormal into a database, and enabling a central server to distribute original sample files of each database sample to a plurality of sandbox analysis programs and monitor the task states of the sandbox analysis programs in the whole process; enabling the sandbox analysis programs to respectively analyze each single sample, forming an analysis log and then transmitting the analysis log back to thecentral server, and enabling the central server to call the dynamic log analysis module to form a white list of the single sample; performing duplication elimination and template statistics processingon the white list of the samples, integrating the white list into an overall white list, and storing the white list into a database in a classified manner according to sample categories; and repeating the second step and the t |
---|