Method, electronic device, and user interface for on-demand detecting malware
First Claim
1. A method for on-demand detecting a malware, adapted for estimating whether an application has vulnerabilities or malicious behaviors, and the method comprising:
- receiving the application;
decompiling the application, to generate a compiled code related to the application;
creating multiple compilation paths according to the compiled code and an association analysis, wherein the compilation paths correspond to multiple instruction paths of the application, respectively;
predicting a risk level and a test time of each of the compilation paths which has vulnerabilities or malicious behaviors, and classifying the compilation paths as multiple test items correspondingly;
receiving a detection command, to select at least one of the test items and a detectable time; and
selecting the corresponding compilation paths according to selection of the test items and the detectable time, to execute the instruction paths corresponding to the selected compilation paths, and to generate a detection result indicating whether the application has the vulnerabilities or the malicious behaviors;
wherein each of the compilation paths has at least one element instruction, at least one program code instruction, or combination thereof, and during prediction of the risk level and the test time of each of the compilation paths which has the vulnerabilities or the malicious behaviors, risk data of the element instruction and risk data of the program code instruction are used for prediction to correspondingly generate an element risk value and an element execution time of the element instruction of each of the compilation paths, and to generate a program code risk value and a program code execution time of the program code instruction, so as to predict the risk level and the test time of each of the compilation paths which has the vulnerabilities or the malicious behaviors.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, an electronic device, and a user interface for on-demand detecting a malware are provided and adapted for estimating whether an application has vulnerabilities or malicious behaviors. The method includes the following steps. Firstly, evaluating a risk level and a test time of the application which has vulnerabilities or malicious behaviors. Next, detecting the application by selection of user to estimate the risk level of the application which has vulnerabilities or malicious behaviors and then correspondingly generating a detection result. Therefore, the method, the electronic device, and the user interface for on-demand detecting the malware can detect the risk level of the application which has vulnerabilities or malicious behaviors before getting virus pattern of the variant or new malware.
-
Citations
18 Claims
-
1. A method for on-demand detecting a malware, adapted for estimating whether an application has vulnerabilities or malicious behaviors, and the method comprising:
-
receiving the application; decompiling the application, to generate a compiled code related to the application; creating multiple compilation paths according to the compiled code and an association analysis, wherein the compilation paths correspond to multiple instruction paths of the application, respectively; predicting a risk level and a test time of each of the compilation paths which has vulnerabilities or malicious behaviors, and classifying the compilation paths as multiple test items correspondingly; receiving a detection command, to select at least one of the test items and a detectable time; and selecting the corresponding compilation paths according to selection of the test items and the detectable time, to execute the instruction paths corresponding to the selected compilation paths, and to generate a detection result indicating whether the application has the vulnerabilities or the malicious behaviors; wherein each of the compilation paths has at least one element instruction, at least one program code instruction, or combination thereof, and during prediction of the risk level and the test time of each of the compilation paths which has the vulnerabilities or the malicious behaviors, risk data of the element instruction and risk data of the program code instruction are used for prediction to correspondingly generate an element risk value and an element execution time of the element instruction of each of the compilation paths, and to generate a program code risk value and a program code execution time of the program code instruction, so as to predict the risk level and the test time of each of the compilation paths which has the vulnerabilities or the malicious behaviors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An electronic device for on-demand detecting a malware, adapted for estimating whether an application has vulnerabilities or malicious behaviors, and the electronic device comprising:
-
a display unit, configured for displaying a detection interface; a storage unit, configured for storing the application; and a computing processing unit, configured for executing following steps; receiving the application by operating the detection interface; decompiling the application, to generate a compiled code related to the application; creating multiple compilation paths according to the compiled code and an association analysis, wherein the compilation paths correspond to multiple instruction paths of the application, respectively; predicting a risk level and a test time of each of the compilation paths which has the vulnerabilities or the malicious behaviors, and classifying the compilation paths as multiple test items correspondingly; receiving a detection command by operating the detection interface, to select at least one of the test items and a detectable time; and selecting the corresponding compilation paths according to selection of the test items and the detectable time, to execute the instruction paths corresponding to the selected compilation paths, to generate a detection result indicating whether the application has the vulnerabilities or the malicious behaviors; wherein each of the compilation paths has one of at least one element instruction and at least one program code instruction, or the combination thereof, and when the computing processing unit predicts the risk level and the test time of each of the compilation paths which has the vulnerabilities or the malicious behaviors, the computing processing unit uses risk data of the element instruction and risk data of the program code instruction for prediction to correspondingly generate an element risk value and an element execution time of the element instruction of each of the compilation paths, and generate a program code risk value and a program code execution time of the program code instruction, so as to predict the risk level and the test time of each of the compilation paths which has vulnerabilities or malicious behaviors. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable recording medium, wherein the non-transitory computer-readable recording medium records a computer executable program, and when the non-transitory computer-readable recording medium is accessed by a processor, the processor executes the computer executable program comprising:
-
receiving the application; decompiling the application, to generate a compiled code related to the application; creating multiple compilation paths according to the compiled code and an association analysis, wherein the compilation paths correspond to multiple instruction paths of the application, respectively; predicting a risk level and a test time of each of the compilation paths which has vulnerabilities or malicious behaviors, and classifying the compilation paths as multiple test items correspondingly; receiving a detection command, to select at least one of the test items and a detectable time; and selecting the corresponding compilation paths according to selection of the test items and the detectable time, to execute the instruction paths corresponding to the selected compilation paths, and to generate a detection result indicating whether the application has the vulnerabilities or the malicious behaviors; wherein each of the compilation paths has at least one element instruction, at least one program code instruction, or combination thereof, and during prediction of the risk level and the test time of each of the compilation paths which has the vulnerabilities or the malicious behaviors, risk data of the element instruction and risk data of the program code instruction are used for prediction to correspondingly generate an element risk value and an element execution time of the element instruction of each of the compilation paths, and to generate a program code risk value and a program code execution time of the program code instruction, so as to predict the risk level and the test time of each of the compilation paths which has the vulnerabilities or the malicious behaviors.
-
Specification