METHOD AND DEVICE FOR EXTRACTING MESSAGE FORMAT

摘要

A method and a device for extracting a message format are disclosed. The method includes: capturing an execution trace of a malicious program client; and analyzing a processing procedure of an input message in the execution trace and extracting an input message format of a communication protocol for a malicious program. The efficiency of extraction is increased by the method. The accuracy of analysis and positioning is achieved and the false positive rate is decreased.