CN105243327B - A kind of secure file processing method - Google Patents

A kind of secure file processing method Download PDF

Info

Publication number
CN105243327B
CN105243327B CN201510792215.6A CN201510792215A CN105243327B CN 105243327 B CN105243327 B CN 105243327B CN 201510792215 A CN201510792215 A CN 201510792215A CN 105243327 B CN105243327 B CN 105243327B
Authority
CN
China
Prior art keywords
page file
scripted code
file
sample
eigenvectors
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510792215.6A
Other languages
Chinese (zh)
Other versions
CN105243327A (en
Inventor
陈虹宇
罗阳
苗宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SICHUAN SHENHU TECHNOLOGY Co Ltd
Original Assignee
SICHUAN SHENHU TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SICHUAN SHENHU TECHNOLOGY Co Ltd filed Critical SICHUAN SHENHU TECHNOLOGY Co Ltd
Priority to CN201510792215.6A priority Critical patent/CN105243327B/en
Publication of CN105243327A publication Critical patent/CN105243327A/en
Application granted granted Critical
Publication of CN105243327B publication Critical patent/CN105243327B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of secure file processing method, this method includes:The invasion mode for judging page file determines corresponding feature extraction and assorting process according to invasion mode, and safety detection is carried out to mobile terminal page file by feature extraction and assorting process.The present invention proposes a kind of file detection recognition method, is detected using different mode classifications to different invasion modes, and introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.

Description

A kind of secure file processing method
Technical field
The present invention relates to Computer Data Security, more particularly to a kind of secure file processing method.
Background technology
With Internet continuous development with it is universal, various network safety events emerge one after another, entire mobile Internet Environment receive serious threat, bring huge loss to society.Network safety event is mostly that hacker attacks behavior is drawn It rises, and immanent cause is the security breaches of software or document itself.The loophole is utilized in invader, to the page in mobile device File is distorted or is pretended, and ordinary user's None- identified is made, and takes this opportunity to execute or distribute illegal program.Existing page file inspection Survey includes static detection and dynamic detection, but all refers to monitor the function triggered when running paper and event, without consider into The fuzzy treatment technology that the person of invading uses, thus malicious script code discrimination is very low, and existing detection model has been used and has been imitated True technology makes the computing resource of mobile device end consume excessive.
Invention content
To solve the problems of above-mentioned prior art, the present invention proposes a kind of secure file processing method, including:
The invasion mode for judging page file determines corresponding feature extraction and assorting process according to invasion mode, passes through Feature extraction and assorting process carry out safety detection to mobile terminal page file.
Preferably, the method further includes:Before the feature extraction, it is first determined scripted code is in page file Position extracts scripted code from page file, if the scripted code, which passes through, the reasons such as encodes, compresses and obscure, Original scripted code is restored, set of eigenvectors is finally extracted according to feature extraction algorithm;
It is described that corresponding feature extraction and assorting process are determined according to invasion mode, further comprise, for being based on script The page file of code invasion, extraction are characterized in that base unit is word;For the page realized based on non-scripted code invasion mode Page file is divided when extracting feature, then carries out feature extraction by face file;According to two different feature extractions Mode is based respectively on Bayes assorting processes and decision tree assorting process, establishes two different disaggregated models, then uses simultaneously Two assorting processes are combined by the mode of connection.
Preferably for the page file realized based on non-scripted code invasion mode, the feature of training sample set is extracted Vector, the training sample set are divided into two classes, based on non-scripted code invasion malicious file sample set and be free of scripted code Secure file sample set;In feature extraction, the set of eigenvectors of two different sample sets is extracted respectively, according to scheduled spy Selection algorithm is levied, two set of eigenvectors are handled, to obtain the set of eigenvectors of learning algorithm needs;Then according to The set of eigenvectors for practising algorithm and extraction, identification model is established using decision tree assorting process;Finally to unknown page file into Row identification;When page file is identified, the set of eigenvectors of unknown page file is extracted, utilizes this feature vector set generation It is identified for page file, the identification for then establishing set of eigenvectors according to oneself as the input of identifier, identifier is right Classification is identified in set of eigenvectors;Finally obtain the classification results of unknown page file.
Preferably, described to extract two different sample sets respectively when carrying out non-scripted code Intrusion Signatures vector extraction Set of eigenvectors further comprise following procedure:
1. extracting malice sample set set of eigenvectors Tm, and calculate the word frequency tf of wherein each feature vectorM, i
2. the safe sample set set of eigenvectors T of extractionnAnd calculate the word frequency tf of wherein each feature vectorN, j
3. calculating TmIn each inverse-document-frequency idf of the feature vector in the safe sample setM, i
4. calculating TnIn each inverse-document-frequency idf of the feature vector in the malice sample setN, j
5. selecting the set of eigenvectors of different sample sets respectively, it is then combined with to obtain the feature vector of non-scripted code invasion Collection.
The present invention compared with prior art, has the following advantages:
The present invention proposes a kind of file detection recognition method, is carried out using different mode classifications to different invasion modes Detection, introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.
Description of the drawings
Fig. 1 is the flow chart of secure file processing method according to the ... of the embodiment of the present invention.
Specific implementation mode
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing of the diagram principle of the invention It states.The present invention is described in conjunction with such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details Or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of secure file processing method.Fig. 1 is file according to the ... of the embodiment of the present invention Security processing flow chart.
The present invention makes detection for two different invasion mode specific aims, using two different feature extractions and divides Class method establishes identification module, then carries out parallel connection to identification module, is carried out to the scripted code in page file complete anti- Fuzzy preceding operation ensures the validity for the set of eigenvectors attacked based on scripted code.Based on multiclass classification process, difference is entered It invades mode to be detected using different assorting processes, improves detection success rate.
The page file detection method of the present invention mainly has three big modules:Data prediction, feature extraction and page file Identification.
(1) data prediction:It is pre-processed for the text set for invading mode based on scripted code.According to being based on foot This code invades the analysis of mode and page file structure, positioning, sentencing to can perform scripted code in page file first Which object disconnected scripted code is present in, and according to the adduction relationship between object, the scripted code in object is extracted, It is stored in new text file;Then according to the coding mode of scripted code, the scripted code by coding is decoded, To restore original scripted code;Finally, Anti-fuzzy processing is carried out to scripted code, removes the redundancy in scripted code, Finally obtain original script code.
(2) feature extraction:The present invention proposes two different feature extraction modes, for what is invaded based on scripted code Page file, extraction is characterized in that base unit is word, the time required to reducing extraction;Mode is invaded for being based on non-scripted code The page file of realization divides page file when extracting feature, then still uses identical with existing feature extraction Method, after feature extraction terminates, by feature selecting algorithm, the dimension for effectively reducing feature selects identification higher Feature.
(3) page file identifies:According to two different feature extraction modes, it is based on Bayes assorting processes and decision tree Assorting process establishes two different disaggregated models, then by the way of in parallel, two assorting processes is combined, are carried The high verification and measurement ratio of model.
Before characteristic vector pickup, it is necessary first to position of the scripted code in page file is determined, from page file Scripted code is extracted, if the scripted code is by coding, compression and the processing such as fuzzy, needs to restore most original Scripted code, finally according to feature extraction algorithm extract set of eigenvectors.
When being detected to unknown page file, it is necessary first to it is extracted from unknown page file and can perform scripted code, and And scripted code is decoded and de-fuzzy processing, obtain original scripted code.Then according to string matching algorithm, Feature vector matching is carried out, judges that there are which feature vectors in scripted code.Finally according to Bayes algorithms and by training sample Obtained data judge the classification of the unknown page file.
General detection may be used for the page file detection invaded based on non-scripted code:Training sample is extracted first The feature vector of this collection.Training sample set is divided into two classes:Based on non-scripted code invasion malicious file sample set and be free of foot The secure file sample set of this code.In feature extraction, the set of eigenvectors for extracting two different sample sets respectively, root are needed According to certain feature selecting algorithm, two set of eigenvectors are handled, to obtain the set of eigenvectors of learning algorithm needs. Then according to the set of eigenvectors of learning algorithm and extraction, identification model is established.The present invention is established using decision tree assorting process Identification model.Finally unknown page file is identified.
When unknown page file is identified, it is necessary first to extract the set of eigenvectors of unknown page file, the spy Sign vector set can effectively show the unknown page file, can be known instead of page file using this feature vector set Not.Then identification set of eigenvectors established as the input of identifier, identifier according to oneself, knows set of eigenvectors Do not classify.Finally obtain the classification results of unknown page file.
Characteristic extracting module proposed by the present invention invades mode, using two different spies according to existing page file It levies extracting mode and extracts feature vector.For the characteristic vector pickup for invading mode based on scripted code, first by scripted code It is extracted from page file, the processing such as Anti-fuzzy is carried out to the scripted code, obtain original scripted code.Then with word For unit, feature extraction is carried out.Feature selecting processing finally is carried out to the feature vector extracted, and increases key feature vector Weight, ensure the set of eigenvectors finally obtained have higher validity.Mode is invaded for based on non-scripted code Set of eigenvectors is extracted, and using by page file piecemeal, extracts feature vector respectively, is then carried out feature selecting processing, is obtained Last feature vector.
To before invading the characteristic vector pickup of mode based on scripted code, being divided into two to the pretreatment of page file Step, the first step are positioned and are extracted to the executable scripted code in page file, the script that second step will extract Code be decoded with the processing such as Anti-fuzzy, finally obtain original scripted code.
In page file, scripted code usually exists in dictionary.The several groups entry that dictionary includes, every group of entry is all It is made of key and value, wherein key must be moniker, and the key in a dictionary is unique;Value can be any conjunction Method object.There are two types of embedded modes for scripted code:A kind of is directly with hexadecimal or the character string of text mode, another kind It is stored in another object, is called indirectly by pointer.In the latter case, it is encrypted to be generally stored inside a process for it Stream.
In order to reliably extract scripted code, need to being handled on semantic hierarchies in text.In general page file In, the entry position of scripted code can be positioned according to keyword.Scripted code other than being directly embedded into page file, It can reside in other page files of local host, it could even be possible to residing on distance host.Scripted code is supported Dynamic call.
The extraction of scripted code is described below
1. opening page file;
2. initializing internal data structure;
3. carrying out catalog directory retrieval, active dictionary entry address is found;
It may be scanned for containing the position candidate of scripted code 4. pair above-mentioned, and detect the data type of dictionary entry;
5. if its data type is the element in predefined keywords set, just contain scripted code in this dictionary, Scripted code is extracted;
6. a pair scripted code decompresses.
It is usually the stream by coding in indirect referencing object, in the object, to the script generation after coding Code decoding:Judge the character in stream whether by coding, that is, judges whether contain coding mode field in the head of stream, if Have, decoding functions is called to be decoded;Finally preserve result.
Malicious file can escape detection by increasing redundancy section.Page file is opened when page file reader to collapse Burst when, user will be considered that be page file oneself through damage, actually malicious script code is just in running background.Even some malice Malicious script code is embedded in before page file head or after end mark by file.Anti-fuzzy processing is in order to by script generation Code carries out a most originalization processing, lays a solid foundation for the feature extraction of back.In the present invention, Anti-fuzzy processing master The string segmentation and additional redundancy content the two fuzzy technologys to be directed in scripted code are handled.Firstly the need of removal Unrelated annotation is run with scripted code, secondly needs to restore the character string after being divided, is reduced to original character String.Can be more than 50 bytes with its length of a large amount of variable in scripted code, in order to be handled in next step conveniently, to these variables It is handled, if variable-length is more than 50 bytes, carries out Uniform Name.
By the data prediction of early period, present scripted code oneself through be most original scripted code, extraction feature to The detailed process of amount is as follows.
1. scripted code to be divided into the character string s as unit of word;
2. establishing word frequency look-up table m;
3. traversing character string s, word w is checked whether in m, if jumping to 4, otherwise, jumping to 5;
4. the word frequency m [w] of word w increases 1 in look-up table;
5. word frequency m [w]=l of word w in look-up table;
6. traversing m, traversal pointer is ptr;
7. if m is keyword, the corresponding feature weights of ptr are increased into maximum value;
8. choosing first five feature vector as last set of eigenvectors.
When carrying out non-scripted code Intrusion Signatures vector extraction, training sample set is divided into two classes:Based on non-script generation The malicious file sample set and secure file sample set of code technology.Needing the feature vector extracted, there are two features:First, at certain Occurrence frequency is higher in class sample set, but occurrence frequency is relatively low in another kind of sample set.If meeting the two features, This feature vector set can be very good to distinguish two different sample sets.According to above to the description of feature vector, non-script generation The characteristic vector pickup process of code invasion is as follows:
1. extracting malice sample set set of eigenvectors Tm, and calculate the word frequency tf of wherein each feature vectorM, i
2. the safe sample set set of eigenvectors T of extractionnAnd calculate the word frequency tf of wherein each feature vectorN, j
3. calculating TmIn each inverse-document-frequency idf of the feature vector in safe sample setM, i
4. calculating TnIn each inverse-document-frequency idf of the feature vector in malice sample setN, j
5. selecting the set of eigenvectors of different sample sets respectively, be then combined with, obtain the feature of non-scripted code invasion to Quantity set.
When the page file detection method of the present invention carries out classification and Detection to unknown page file, first from page file Scripted code is extracted, which is divided into two parts:One is the scripted code embedded, another part is except script Remaining page file data other than code.Then two parts of page file are detected respectively, utilize Bayes algorithms The identification model of structure is detected scripted code, using the identification model of Decision tree classified algorithms structure to the residue of page file Data are detected.Finally, testing result is handled in result integration module, obtains the page file detection side of the present invention Final detection result of the method to the page file.Just its detailed process is described below.
Set of eigenvectors based on scripted code invasion is using simple and practical Bayes assorting processes as assorting process. It calculates separately unknown page file X and belongs to safe sample set CnProbability PNBelong to the probability of malice sample set with page file X PM, then by PNAnd PMIt is compared, obtains the classification that page file X is most approached, to judge the classification of unknown page file X. If PM>PNIt then indicates to contain malicious script code in the page file, conversely, not containing malicious script in the page file then Code.
Before page file detection based on the invasion of non-scripted code, wherein Sample is training sample set, and Vector is base In the set of eigenvectors of non-scripted code invasion.
Establish decision tree root root nodes;
If Sample all be just, return label be+single node tree root;
If Sample is anti-, return label be _ single node tree root;
If Vector is sky, it is most common object vector value in Sample to return to single node root, label;
Otherwise, for each probable value v of Vectori
Add a new branch v at rooti, enable SamplesiFor SamplesiIt is v to meet Vector attribute valuesiSon Collection;
If SamplesiFor sky, under this new branch plus a leaf node, the label of node be in Sample most Universal object vector value;
Otherwise add a subtree under new branch:
(Samplesi, object vector value, Vector), terminate.
When based on decision tree disaggregated model establish complete after, so that it may with according to disaggregated model to unknown page file It is detected:
1. page file is divided according to 100 byte-sizeds, file data blocks are obtained;
2. the feature vector of each page file data block of extraction;
3. the feature vector of all page file data blocks is carried out Integrated Selection, page file vector to the end is obtained Collection;
4. using this feature vector set as the input of judgement tree classification model;
5. item according to judgement tree classification model output may determine that whether the page file is to enter using non-scripted code The page file invaded.
During realization, parallel connection is carried out to two different Classification and Identification models, and need to be to two different identifications The result of model is handled.By the output of two different identification modules, the input of integration module as a result, according to result Processing function in integration module, if there are one export result for M (malicious file), not in two different identification modules It is malicious file to know page file then, unknown if the recognition result of two different identification modules is all N (secure file) Page file is secure file.
In conclusion the present invention proposes a kind of file detection recognition method, different points is utilized to different invasion modes Class mode is detected, and introducing Fuzzy Processing prevents the camouflage of malicious code, improves detection success rate.
Obviously, it should be appreciated by those skilled in the art, each module of the above invention or each steps can be with general Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed Network on, optionally, they can be realized with the procedure script code that computing system can perform, it is thus possible to by them Storage is executed by computing system within the storage system.In this way, the present invention is not limited to any specific hardware and softwares to combine.
It should be understood that the above-mentioned specific implementation mode of the present invention is used only for exemplary illustration or explains the present invention's Principle, but not to limit the present invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention Covering the whole variations fallen into attached claim scope and boundary or this range and the equivalent form on boundary and is repairing Change example.

Claims (2)

1. a kind of secure file processing method, which is characterized in that including:
The invasion mode for judging page file determines corresponding feature extraction and assorting process according to invasion mode, passes through feature Extraction and assorting process carry out safety detection to mobile terminal page file;
The method further includes:Before the feature extraction, it is first determined position of the scripted code in page file, from the page Scripted code is extracted in file, if the scripted code restores original foot by coding, compression and Fuzzy Processing This code finally extracts set of eigenvectors according to feature extraction algorithm;
It is described that corresponding feature extraction and assorting process are determined according to invasion mode, further comprise, for being based on scripted code The page file of invasion, extraction are characterized in that base unit is word;For the page text realized based on non-scripted code invasion mode Page file is divided when extracting feature, then carries out feature extraction by part;According to two different feature extraction modes, It is based respectively on Bayes assorting processes and decision tree assorting process, establishes two different disaggregated models, then uses side in parallel Two assorting processes are combined by formula;
It is described to extract scripted code from page file, further comprise:
(1) opens page file;
(2) initializes internal data structure;
(3) carries out catalog directory retrieval, finds active dictionary entry address;
(4) containing the position candidate of scripted code to may scan for, and detect the data type of dictionary entry;
(5) if its data type of is the element in predefined keywords set, just contain scripted code in this dictionary, it is right Scripted code extracts;
(6) decompresses scripted code;
When carrying out classification and Detection to unknown page file, scripted code is extracted from page file first, by the page file point For two parts:One is the scripted code embedded, another part is the remaining page file data in addition to scripted code; Then two parts of page file are detected respectively, using Bayes algorithms structure identification model to scripted code into Row detection, the identification model built using Decision tree classified algorithms are detected the remaining data of page file;Finally, detection is tied Fruit is handled in result integration module, obtains the final detection result to the page file;Detailed process is:
Set of eigenvectors based on scripted code invasion is using simple and practical Bayes assorting processes as assorting process;Respectively It calculates unknown page file X and belongs to safe sample set CnProbability PNBelong to the probability P of malice sample set with page file XM, so Afterwards by PNAnd PMIt is compared, obtains the classification that page file X is most approached, to judge the classification of unknown page file X;If PM>PNIt then indicates to contain malicious script code in the page file, conversely, not containing malicious script code in the page file then;
Before page file detection based on the invasion of non-scripted code, wherein Sample is training sample set, and Vector is based on non- The set of eigenvectors of scripted code invasion;
Establish decision tree root root nodes;
If Sample all be just, return label be+single node tree root;
If Sample is anti-, return label be _ single node tree root;
If Vector is sky, it is most common object vector value in Sample to return to single node root, label;
Otherwise, for each probable value v of Vectori
Add a new branch v at rooti, enable SamplesiFor SamplesiIt is v to meet Vector attribute valuesiSubset;
If SamplesiFor sky, a leaf node is added under this new branch, the label of node is most universal in Sample Object vector value;
Otherwise add a subtree under new branch:
(Samplesi, object vector value, Vector), terminate.
2. according to the method described in claim 1, it is characterized in that, for invading the page that mode is realized based on non-scripted code File extracts the feature vector of training sample set, and the training sample set is divided into two classes, the malice based on the invasion of non-scripted code Paper sample collection and secure file sample set without scripted code;In feature extraction, two different sample sets are extracted respectively Set of eigenvectors two set of eigenvectors are handled according to scheduled feature selecting algorithm, with obtain learning algorithm need The set of eigenvectors wanted;Then it according to the set of eigenvectors of learning algorithm and extraction, is established and is identified using decision tree assorting process Model;Finally unknown page file is identified;When page file is identified, the feature of unknown page file is extracted Vector set is identified using this feature vector set instead of page file, then using set of eigenvectors as the input of identifier, The identification that identifier is established according to oneself, classification is identified to set of eigenvectors;Finally obtain the classification knot of unknown page file Fruit.
CN201510792215.6A 2015-11-17 2015-11-17 A kind of secure file processing method Expired - Fee Related CN105243327B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510792215.6A CN105243327B (en) 2015-11-17 2015-11-17 A kind of secure file processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510792215.6A CN105243327B (en) 2015-11-17 2015-11-17 A kind of secure file processing method

Publications (2)

Publication Number Publication Date
CN105243327A CN105243327A (en) 2016-01-13
CN105243327B true CN105243327B (en) 2018-08-31

Family

ID=55040970

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510792215.6A Expired - Fee Related CN105243327B (en) 2015-11-17 2015-11-17 A kind of secure file processing method

Country Status (1)

Country Link
CN (1) CN105243327B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108090354B (en) * 2017-11-14 2021-12-10 中国科学院信息工程研究所 Unsupervised masquerading detection method and system based on file access graph
CN108429754A (en) * 2018-03-19 2018-08-21 深信服科技股份有限公司 A kind of high in the clouds Distributed Detection method, system and relevant apparatus
CN112232076A (en) * 2019-06-26 2021-01-15 腾讯科技(深圳)有限公司 Script processing method and device and electronic equipment
CN112269904B (en) * 2020-09-28 2023-07-25 华控清交信息科技(北京)有限公司 Data processing method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103221960A (en) * 2012-12-10 2013-07-24 华为技术有限公司 Detection method and apparatus of malicious code
CN103577755A (en) * 2013-11-01 2014-02-12 浙江工业大学 Malicious script static detection method based on SVM (support vector machine)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100953111B1 (en) * 2007-01-15 2010-04-16 주정윤 On-line file security method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103221960A (en) * 2012-12-10 2013-07-24 华为技术有限公司 Detection method and apparatus of malicious code
CN103577755A (en) * 2013-11-01 2014-02-12 浙江工业大学 Malicious script static detection method based on SVM (support vector machine)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Web环境下脚本攻击检测与防御研究;黎满;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150430(第04期);1-18 *

Also Published As

Publication number Publication date
CN105243327A (en) 2016-01-13

Similar Documents

Publication Publication Date Title
CN107180192B (en) Android malicious application detection method and system based on multi-feature fusion
CN109753800B (en) Android malicious application detection method and system fusing frequent item set and random forest algorithm
CN107908963B (en) Method for automatically detecting core characteristics of malicious codes
CN107241352B (en) Network security event classification and prediction method and system
CN109359439B (en) software detection method, device, equipment and storage medium
CN109005145B (en) Malicious URL detection system and method based on automatic feature extraction
CN109784056B (en) Malicious software detection method based on deep learning
CN106503558B (en) A kind of Android malicious code detecting method based on community structure analysis
CN109922065B (en) Quick identification method for malicious website
CN105243327B (en) A kind of secure file processing method
CN105468972B (en) A kind of mobile terminal document detection method
CN110263538A (en) A kind of malicious code detecting method based on system action sequence
CN112199677A (en) Data processing method and device
CN113297580B (en) Code semantic analysis-based electric power information system safety protection method and device
CN113221032A (en) Link risk detection method, device and storage medium
CN112487422B (en) Malicious document detection method and device, electronic equipment and storage medium
Manavi et al. A new method for malware detection using opcode visualization
CN117113163A (en) Malicious code classification method based on bidirectional time domain convolution network and feature fusion
CN114448664A (en) Phishing webpage identification method and device, computer equipment and storage medium
Yerima et al. Bot-IMG: A framework for image-based detection of Android botnets using machine learning
CN105224873B (en) A kind of smart machine document authentication method
Sushma et al. Deep learning for phishing website detection
CN116702143A (en) Intelligent malicious software detection method based on API (application program interface) characteristics
CN115314268B (en) Malicious encryption traffic detection method and system based on traffic fingerprint and behavior
CN114817925B (en) Android malicious software detection method and system based on multi-modal graph features

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180831

Termination date: 20191117