发明名称 |
METHOD AND DEVICE FOR EXTRACTING MESSAGE FORMAT |
摘要 |
Examples of extracting a message format are disclosed. Extracting the message format may include capturing an execution trace of a malicious program client and identifying and analyzing a processing procedure of a message in the execution trace. An input message format is identified based on the analysis, where the input message format is of a communication protocol used by a malicious program. The examples of identifying the message format provide increase extraction efficiency, accurate analysis and positioning, and a reduced rate of false positives. |
申请公布号 |
US2015205963(A1) |
申请公布日期 |
2015.07.23 |
申请号 |
US201514674717 |
申请日期 |
2015.03.31 |
申请人 |
Tencent Technology (Shenzhen) Company Limited |
发明人 |
ZOU Zan;ZHANG Xiaokang;WANG Zhi;JIA Chunfu;LIU Lu |
分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for identifying a message format, comprising:
capturing, using a processor, an execution trace of an executable program; identifying, using the processor, a processing procedure in the execution trace, the processing procedure used by the executable program to process a message received by the executable program; and extracting, using the processor, the message format by analyzing the processing procedure of the message, wherein the message format is a format used by a communication protocol of a malicious program. |
地址 |
Shenzhen Guangdong CN |