<p>A method and a device for extracting a message format are disclosed. The method includes: capturing an execution trace of a malicious program client; and analyzing a processing procedure of an input message in the execution trace and extracting an input message format of a communication protocol for a malicious program. The efficiency of extraction is increased by the method. The accuracy of analysis and positioning is achieved and the false positive rate is decreased.</p>
申请公布号
WO2014169677(A1)
申请公布日期
2014.10.23
申请号
WO2013CN89913
申请日期
2013.12.19
申请人
TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
发明人
ZOU, ZAN;ZHANG, XIAOKANG;WANG, ZHI;JIA, CHUNFU;LIU, LU