首页>
外国专利>
CRYPTOGRAPHIC BLOCK IDENTIFICATION APPARATUS, CRYPTOGRAPHIC BLOCK IDENTIFICATION METHOD, AND NON-TRANSITORY COMPUTER READABLE RECORDING MEDIUM STORING CRYPTOGRAPHIC BLOCK IDENTIFICATION PROGRAM
CRYPTOGRAPHIC BLOCK IDENTIFICATION APPARATUS, CRYPTOGRAPHIC BLOCK IDENTIFICATION METHOD, AND NON-TRANSITORY COMPUTER READABLE RECORDING MEDIUM STORING CRYPTOGRAPHIC BLOCK IDENTIFICATION PROGRAM
展开▼
机译:密码学块识别装置,密码学块识别方法和非暂态计算机可读记录介质存储密码学块识别程序
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part. The block candidate extraction part analyzes an execution trace in which an execution step of malware is recorded, calculates an evaluation value representing cipher likeliness of the execution step based on whether or not an operation type that characterizes cipher likeliness of the execution step is included in the execution step, and extracts an execution step where the evaluation value exceeds a threshold L, as a block candidate which is a candidate of a cryptographic block. The cryptographic block identification part identifies a region of the execution trace in which the block candidates are consecutive beyond a threshold M, as a cryptographic block.
展开▼