Automatic behavior white list collection method for malicious program detection

The invention relates to an automatic behavior white list collection method for malicious program detection, and the method comprises the following steps: inputting processed sample programs marked asnormal into a database, and enabling a central server to distribute original sample files of each da...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: WANG WEI, ZHANG JIE, WANG ZONGCAI, DENG JINXIANG, HU YONG, MAO CHUNSEN, ZHAO JIAN, YU XIANGJI, HU ZHOU
Format: Patent
Sprache:chi ; eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention relates to an automatic behavior white list collection method for malicious program detection, and the method comprises the following steps: inputting processed sample programs marked asnormal into a database, and enabling a central server to distribute original sample files of each database sample to a plurality of sandbox analysis programs and monitor the task states of the sandbox analysis programs in the whole process; enabling the sandbox analysis programs to respectively analyze each single sample, forming an analysis log and then transmitting the analysis log back to thecentral server, and enabling the central server to call the dynamic log analysis module to form a white list of the single sample; performing duplication elimination and template statistics processingon the white list of the samples, integrating the white list into an overall white list, and storing the white list into a database in a classified manner according to sample categories; and repeating the second step and the t