Malicious sample detection method based on dynamic binary instrumentation

• Main Authors: YU RUYUN, MA LIYAN, KANG RONGBAO, ZHU LEI
• Format: Patent
• Language: Chinese; English
• Published: 27.08.2024
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

The invention provides a malicious sample detection method based on dynamic binary instrumentation. The method comprises the following steps: S1, identifying API calling; s2, API calling information with a certain time sequence relation is obtained; and S3, analyzing the relevance of API calling based on the obtained API calling information to obtain malicious code behavior information. The API calling information with a certain time sequence relation in the malicious code execution process can be accurately obtained, association analysis and behavior extraction can be carried out on API calling according to the API calling information, operation behavior information of malicious codes on files, registries, services and process threads is extracted, and therefore the malicious code execution efficiency is improved. The method is flexible to use and does not affect the system performance. 本发明提供一种基于动态二进制插桩的恶意样本检测方法，包括如下步骤：S1，识别API调用；S2，获取具有一定时序关系的API调用信息；S3，基于获取的API调用信息对API调用的关联性进行分析，得到恶意代码行为信息。本发明能够准确获取恶意代码执行过