SIMILAR MALICIOUS CODE RETRIEVAL APPARATUS AND METHOD BASED ON MALICIOUS CODE FEATURE INFORMATION

摘要

The present invention provides a kind of similar malicious code retrieval devices and one kind to be based on malicious code characteristic information, these search for the similitude in malicious sample with highest similitude, malicious sample is based on existing, and by similar data, and the malicious sample of producer's group information is provided to analysis personnel, thus allow analyst to be used for detailed analysis. Provided device may include: a kind of which register new input queue malicious code of malicious code register cell completely such as new malicious code sample, especially and registers details and extracts new malicious code sample; A kind of malicious code sample that malicious code analysis unit analysis details are new; A kind of unit of malicious code, this DNA extracting solutions extract malicious code DNA information, the characteristic information including malicious code, based on the information of malicious code analysis malicious code resolution unit; A kind of which progress similarity-rough set of malicious code DNA comparing units, passes through between DNA types, the information and the previous malicious code sample of malicious code DNA information that malicious code DNA is extracted; And similar malicious code retrieval unit calculates the malicious code DNA comparing units of total similarity and pre-stored malicious code sample similarity calculation between new malicious code sample in this way, and extracts the certain amount of malicious code sample as similar malicious code search result. ;The 2016 of copyright KIPO submissions