產生純化惡意程式的方法、偵測惡意程式之方法及其系統

Abstract

本發明提出一種在一系統中產生一純化惡意程式的方法，該方法包含下列步驟：在一訓練階段使該系統接收一良性程式以及一已知惡意程式樣本。擷取在該良性程式中與安全性相關的一指令群。透過複數資料流路徑來追蹤與該指令群相依的一程式片段。將該程式片段分割成複數獨立資料流元素。找出在該已知惡意程式樣本中與該複數獨立資料流元素相同的一部分程式。從該已知惡意程式樣本中去除該部分程式，以產生該純化惡意程式。 The invention provides a method of generating a distillation malware program in a system. The method comprises steps of: causing the system to receive a benign program and a known malware program sample in a training procedure; extracting an instruction set associated with security in the benign program, tracing a program slice associated with the instruction set by a plurality of data flow path; slicing the program slice into a plurality of independent data flow elements; indentifying a same part program between the known malware program sample and the plurality of independent data flow elements; and removing the same part program from the known malware program sample for generating the distillation malware program.