Title:
METHOD AND DEVICE FOR DETECTING MALICIOUS CODE IN ELF FILE
Document Type and Number:
WIPO Patent Application WO/2016/082240
Kind Code:
A1
Abstract:
Disclosed is a method for detecting malicious code in an ELF file. The method comprises: acquiring functions as well as code instruction offset and code instruction length of the functions in an ELF file; acquiring corresponding instruction code segments according to the code instruction offset and the code instruction length of the functions; performing disassembly analysis on the instruction code segments and generating feature codes according to the instruction code segments after the disassembly analysis; detecting whether the feature codes exist in a preset malicious code feature library; and if it is detected that the feature codes exist in the preset malicious code feature library, determining that the ELF file has malicious code. According to the method provided by embodiments of the present invention, two limitations of "start offset and continuous binary segment" in a mainstream detection means in the prior art are eliminated, malicious code in an ELF file can be more flexibly detected, and higher inspiring detection capability is achieved. Also disclosed is a device for detecting malicious code in an ELF file.
More Like This:
Inventors:
YUAN HAITAO (CN)
YUE DONG (CN)
HU XUEFEI (CN)
PAN XUANCHEN (CN)
YUE DONG (CN)
HU XUEFEI (CN)
PAN XUANCHEN (CN)
Application Number:
PCT/CN2014/093184
Publication Date:
June 02, 2016
Filing Date:
December 05, 2014
Export Citation:
Assignee:
WUHAN ANTIY MOBILE SECURITY CO LTD (CN)
International Classes:
G06F21/56
Foreign References:
| CN103268445A | 2013-08-28 | |||
| CN103914654A | 2014-07-09 | |||
| CN103902909A | 2014-07-02 |
Attorney, Agent or Firm:
TSINGYIHUA INTELLECTUAL PROPERTY LLC (CN)
北京清亦华知识产权代理事务所(普通合伙) (CN)
北京清亦华知识产权代理事务所(普通合伙) (CN)
Download PDF: