Image detection method, device and system for malicious codes

The invention discloses a graphical detection method, device and system for a malicious code, and the method comprises the steps: disassembling the malicious code, obtaining a binary file and an assembly file, and enabling the binary file and the assembly file to comprise the same relative virtual a...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	LI YANG, YAO YUEJUAN, HUANG YONG, LI JIAXU, LI WEISHI, KANG JIE
Format:	Patent
Sprache:	chi ; eng
Schlagworte:	CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	LI YANG YAO YUEJUAN HUANG YONG LI JIAXU LI WEISHI KANG JIE
description	The invention discloses a graphical detection method, device and system for a malicious code, and the method comprises the steps: disassembling the malicious code, obtaining a binary file and an assembly file, and enabling the binary file and the assembly file to comprise the same relative virtual address; encoding data in the assembly file according to a first encoding rule to obtain a first code at each relative virtual address; encoding data in the binary file according to a second encoding rule and a third encoding rule to obtain a second code and a third code at each relative virtual address; and using the first code, the second code and the third code at each relative virtual address as RGB values, generating an image of the malicious code, and identifying the image to determine the category of the malicious code. The detection precision can be improved. 本发明公开了一种针对恶意代码的图像化检测方法、装置和系统，其中，图像化检测方法包括对恶意代码进行反汇编，得到二进制文件和汇编文件，二进制文件和汇编文件包括相同的相对虚拟地址；对汇编文件中的数据按照第一编码规则编码，得到各个相对虚拟地址处的第一编码；对二进制文件中的数据分别按照第二编码规则和第三编码规则
format	Patent
fullrecord	<record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_CN115470486A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>CN115470486A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_CN115470486A3</originalsourceid><addsrcrecordid>eNrjZLD1zE1MT1VISS1JTS7JzM9TyE0tychP0QGKlGUmpyok5qUoFFcWl6TmKqTlFynkJuZkJmfmlxYrJOenpBbzMLCmJeYUp_JCaW4GRTfXEGcP3dSC_PjU4oLE5NS81JJ4Zz9DQ1MTcwMTCzNHY2LUAADzpC_e</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Image detection method, device and system for malicious codes</title><source>esp@cenet</source><creator>LI YANG ; YAO YUEJUAN ; HUANG YONG ; LI JIAXU ; LI WEISHI ; KANG JIE</creator><creatorcontrib>LI YANG ; YAO YUEJUAN ; HUANG YONG ; LI JIAXU ; LI WEISHI ; KANG JIE</creatorcontrib><description>The invention discloses a graphical detection method, device and system for a malicious code, and the method comprises the steps: disassembling the malicious code, obtaining a binary file and an assembly file, and enabling the binary file and the assembly file to comprise the same relative virtual address; encoding data in the assembly file according to a first encoding rule to obtain a first code at each relative virtual address; encoding data in the binary file according to a second encoding rule and a third encoding rule to obtain a second code and a third code at each relative virtual address; and using the first code, the second code and the third code at each relative virtual address as RGB values, generating an image of the malicious code, and identifying the image to determine the category of the malicious code. The detection precision can be improved. 本发明公开了一种针对恶意代码的图像化检测方法、装置和系统，其中，图像化检测方法包括对恶意代码进行反汇编，得到二进制文件和汇编文件，二进制文件和汇编文件包括相同的相对虚拟地址；对汇编文件中的数据按照第一编码规则编码，得到各个相对虚拟地址处的第一编码；对二进制文件中的数据分别按照第二编码规则和第三编码规则</description><language>chi ; eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2022</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20221213&DB=EPODOC&CC=CN&NR=115470486A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,777,882,25545,76296</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20221213&DB=EPODOC&CC=CN&NR=115470486A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>LI YANG</creatorcontrib><creatorcontrib>YAO YUEJUAN</creatorcontrib><creatorcontrib>HUANG YONG</creatorcontrib><creatorcontrib>LI JIAXU</creatorcontrib><creatorcontrib>LI WEISHI</creatorcontrib><creatorcontrib>KANG JIE</creatorcontrib><title>Image detection method, device and system for malicious codes</title><description>The invention discloses a graphical detection method, device and system for a malicious code, and the method comprises the steps: disassembling the malicious code, obtaining a binary file and an assembly file, and enabling the binary file and the assembly file to comprise the same relative virtual address; encoding data in the assembly file according to a first encoding rule to obtain a first code at each relative virtual address; encoding data in the binary file according to a second encoding rule and a third encoding rule to obtain a second code and a third code at each relative virtual address; and using the first code, the second code and the third code at each relative virtual address as RGB values, generating an image of the malicious code, and identifying the image to determine the category of the malicious code. The detection precision can be improved. 本发明公开了一种针对恶意代码的图像化检测方法、装置和系统，其中，图像化检测方法包括对恶意代码进行反汇编，得到二进制文件和汇编文件，二进制文件和汇编文件包括相同的相对虚拟地址；对汇编文件中的数据按照第一编码规则编码，得到各个相对虚拟地址处的第一编码；对二进制文件中的数据分别按照第二编码规则和第三编码规则</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2022</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZLD1zE1MT1VISS1JTS7JzM9TyE0tychP0QGKlGUmpyok5qUoFFcWl6TmKqTlFynkJuZkJmfmlxYrJOenpBbzMLCmJeYUp_JCaW4GRTfXEGcP3dSC_PjU4oLE5NS81JJ4Zz9DQ1MTcwMTCzNHY2LUAADzpC_e</recordid><startdate>20221213</startdate><enddate>20221213</enddate><creator>LI YANG</creator><creator>YAO YUEJUAN</creator><creator>HUANG YONG</creator><creator>LI JIAXU</creator><creator>LI WEISHI</creator><creator>KANG JIE</creator><scope>EVB</scope></search><sort><creationdate>20221213</creationdate><title>Image detection method, device and system for malicious codes</title><author>LI YANG ; YAO YUEJUAN ; HUANG YONG ; LI JIAXU ; LI WEISHI ; KANG JIE</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_CN115470486A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>chi ; eng</language><creationdate>2022</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>LI YANG</creatorcontrib><creatorcontrib>YAO YUEJUAN</creatorcontrib><creatorcontrib>HUANG YONG</creatorcontrib><creatorcontrib>LI JIAXU</creatorcontrib><creatorcontrib>LI WEISHI</creatorcontrib><creatorcontrib>KANG JIE</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>LI YANG</au><au>YAO YUEJUAN</au><au>HUANG YONG</au><au>LI JIAXU</au><au>LI WEISHI</au><au>KANG JIE</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Image detection method, device and system for malicious codes</title><date>2022-12-13</date><risdate>2022</risdate><abstract>The invention discloses a graphical detection method, device and system for a malicious code, and the method comprises the steps: disassembling the malicious code, obtaining a binary file and an assembly file, and enabling the binary file and the assembly file to comprise the same relative virtual address; encoding data in the assembly file according to a first encoding rule to obtain a first code at each relative virtual address; encoding data in the binary file according to a second encoding rule and a third encoding rule to obtain a second code and a third code at each relative virtual address; and using the first code, the second code and the third code at each relative virtual address as RGB values, generating an image of the malicious code, and identifying the image to determine the category of the malicious code. The detection precision can be improved. 本发明公开了一种针对恶意代码的图像化检测方法、装置和系统，其中，图像化检测方法包括对恶意代码进行反汇编，得到二进制文件和汇编文件，二进制文件和汇编文件包括相同的相对虚拟地址；对汇编文件中的数据按照第一编码规则编码，得到各个相对虚拟地址处的第一编码；对二进制文件中的数据分别按照第二编码规则和第三编码规则</abstract><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier
ispartof
issn
language	chi ; eng
recordid	cdi_epo_espacenet_CN115470486A
source	esp@cenet
subjects	CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS
title	Image detection method, device and system for malicious codes
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T15%3A33%3A36IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=LI%20YANG&rft.date=2022-12-13&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ECN115470486A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true