Title:
METHOD AND APPARATUS FOR DETECTING ZOMBIE FEATURE
Document Type and Number:
WIPO Patent Application WO/2018/076697
Kind Code:
A1
Abstract:
Disclosed by the embodiments of the present invention are a method and apparatus for detecting a zombie feature. The method of the embodiments of the present invention comprises: acquiring a first dynamic behavior file and a second dynamic behavior file, the first dynamic behavior file being a behavior file generated by a malicious file during dynamic behavior detection in a first sandbox, and the second dynamic behavior file being a behavior file generated by a malicious file during dynamic behavior detection in a second sandbox; and determining a zombie feature of the malicious file according to a common feature of the first dynamic behavior file and the second dynamic behavior file.
Inventors:
JIANG WU (CN)
Application Number:
PCT/CN2017/087170
Publication Date:
May 03, 2018
Filing Date:
June 05, 2017
Export Citation:
Assignee:
HUAWEI TECH CO LTD (CN)
International Classes:
G06F21/56; H04L29/06
Foreign References:
| CN104866765A | 2015-08-26 | |||
| CN102902924A | 2013-01-30 | |||
| CN104134019A | 2014-11-05 | |||
| US20160292419A1 | 2016-10-06 | |||
| CN201610948753A | 2016-10-25 |
Other References:
See also references of EP 3509001A4
Download PDF: