Malicious software identification method and device and medium

• Main Authors: FAN YUAN, YAN CHAOMIN, LIU BO
• Format: Patent
• Language: Chinese; English
• Published: 11.03.2022
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention discloses a malicious software identification method and device and a medium, and the method comprises the steps: obtaining HTTPS flow in a to-be-detected network, analyzing the obtained flow to obtain identification information, and carrying out the Hash operation of the identification information to generate a detection Hash value. The detection hash value can be generated without a private key, and the success rate of malicious traffic identification is improved. The detection hash value is compared with a hash value stored in a database, whether the flow is malicious flow or not is judged, the database is used for storing the hash value of the malicious flow, and due to the fact that the hash values of different HTTPS flows are different, whether the current detection flow is the malicious flow or not can be accurately judged according to the hash value. And if the traffic is the malicious traffic, determining that the software corresponding to the traffic is malicious software. Therefore, t