会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 10. 发明公开
    • CLASSIFICATION METHOD, DEVICE AND SYSTEM FOR PROGRAM FILE
    • 程序文件的分类方法,装置和系统
    • EP3306493A1
    • 2018-04-11
    • EP16887739.7
    • 2016-12-07
    • Huawei Technologies Co., Ltd.
    • LIU, Zhenhua
    • G06F17/30
    • G06F21/53G06F17/30G06F21/55G06K9/6218
    • A program file classification method, a program file classification apparatus, and a program file classification system are disclosed. The system uses an agent program in a client and a sandbox server to obtain behavior information corresponding to at least two behaviors executed by a program file at runtime. Each piece of behavior information includes a behavior identifier and a path related during execution of a corresponding behavior. A classification server performs normalization processing on the path in each piece of behavior information, where the normalization processing is used to reduce path diversity; generates a feature vector according to at least two pieces of behavior information obtained after the path normalization processing; and determines, according to the feature vector, a category to which the program file belongs. According to the classification method, the classification apparatus, and the classification system in embodiments of the present invention, normalization processing is performed on the path, so that randomness of a path obtained after the normalization processing is reduced, so as to improve a program file classification effect and accordingly reduce a workload in identifying a malicious program file.
    • 公开了一种程序文件分类方法,程序文件分类装置和程序文件分类系统。 该系统使用客户端和沙箱服务器中的代理程序来获取与在运行时由程序文件执行的至少两个行为相对应的行为信息。 每条行为信息包括在对应行为的执行期间相关的行为标识符和路径。 分类服务器对每条行为信息中的路径进行归一化处理,归一化处理用于减少路径分集; 根据路径归一化处理后的至少两条行为信息生成特征向量; 并根据该特征向量确定该程序文件所属的类别。 根据本发明实施例中的分类方法,分类装置和分类系统,对路径进行归一化处理,以减少归一化处理后得到的路径的随机性,从而改善程序文件 分类效果,并相应减少识别恶意程序文件的工作量。