公开(公告)号：US09213839B2

公开(公告)日：2015-12-15

申请号：US14207665

申请日：2014-03-13

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Yinzhi Cao ,  Xiang Pan ,  Yan Chen ,  Jianwei Zhuge ,  Xiaobin Qian ,  Jian Fu

IPC: G06F21/56

CPC classification number: G06F21/563 ,  G06F2221/033

Abstract: An embodiment of the present application provides technologies for detecting malicious content embedded in a content downloaded from an external source. The downloaded content converted into an opcode sequence by a web browser in a computing device. The opcode sequence is compared with a pre-stored opcode signature. The opcode signature comprises multiple sentences, and each sentence has multiple clauses. Each clause may include a matching opcode, a condition, an instruction, and an identifier. When a matching opcode in a clause matches with an opcode of the opcode sequence, and the condition as specified in the clause is determined to be true, the instruction in the clause is taken and next sentence identified by the identifier is taken to match the opcode sequence. Eventually, the last taken clause in the opcode signature may instruct whether opcode sequence contains malicious code.

Abstract translation: 本申请的实施例提供了用于检测嵌入在从外部源下载的内容中的恶意内容的技术。 下载的内容通过计算设备中的web浏览器转换成操作码序列。 操作码序列与预先存储的操作码签名进行比较。 操作码签名包含多个句子，每个句子都有多个子句。 每个子句可以包括匹配的操作码，条件，指令和标识符。 当条款中的匹配操作码与操作码序列的操作码匹配时，并且确定该条款中规定的条件为真时，将采用该条款中的指令，并将标识符识别的下一个句子与操作码匹配 序列。 最后，操作码签名中的最后一个条句可能指示操作码序列是否包含恶意代码。