Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for detecting application program behavior legality

An application and detection method technology, applied in the direction of platform integrity maintenance, instruments, electronic digital data processing, etc., can solve the unknown security loopholes in applications, cannot identify and prevent illegal behavior of legitimate applications, and cannot distinguish applications, etc. problem, to achieve good defense effect, high recognition rate, low false alarm rate

Inactive Publication Date: 2009-04-15
厦门市美亚柏科资讯科技有限公司
View PDF0 Cites 47 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, because applications often have unknown security vulnerabilities, many intrusions are directly intruded into the application, and the intrusion code is executed through the intruded application
The existing defense technology only determines the legality of the behavior based on whether the executed program is in the permission list, and cannot distinguish whether the behavior of the application is the normal behavior of the application itself or the behavior of a malicious intruder who invaded into the application. Unable to identify and block illegal behavior of legitimate applications
In computers using existing protection software, the illegal actions performed by these intruders through legitimate applications are often released because they meet the filter matching rules, leaving malicious intruders with an opportunity to bypass the protection software

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting application program behavior legality
  • Method and system for detecting application program behavior legality
  • Method and system for detecting application program behavior legality

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In modern operating systems, various behaviors of applications must be implemented by calling system interfaces. Therefore, as long as the caller of the system interface is traced, the actual controller of the application behavior can be found. That is to say, by monitoring some system interfaces that may be used by malicious intruders and verifying the legitimacy of the callers of these system interface functions, it is possible to identify whether the actual controllers of these behaviors are legal, thereby detecting intruders Illegal actions performed through compromised applications.

[0025] In order to illustrate the working principle of the present invention, how the intruder invades the application program is firstly described below.

[0026] First, overflow vulnerabilities exist in many applications. The overflow vulnerability is caused by one or some input functions (user input parameters) in the program not strictly verifying the boundaries of the received ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for detecting the legitimacy of an application program behavior comprises the following steps: monitoring one or more system interfaces of a computer to cause the monitored system interfaces to jump to a monitoring module for execution when the monitoring system interfaces receive a call; blocking the application program of a caller and judging the validity of the caller: permitting the caller to call an interface function and continuously perform the application program of the caller if the caller is legal; and, pausing the behavior of the application program of the caller and issuing an intrusion alarm if the caller is illegal. The detection method finds out whether an executor of the application program behavior is legal or not by monitoring the system interfaces of the computer so as to intercept the program behavior executed by illegal executors and give an alarm. Compared with the existing fuzzier behavioral analysis technology, the detection method has the advantages of low false alarm rate, high recognition rate and the like, especially has good defense effect against the intrusion behavior due to overflow vulnerability, so the detection method is an effective supplement to the existing behavior analysis defense technology.

Description

technical field [0001] The invention relates to a method and system for detecting computer security, in particular to a method and system for detecting the legality of application program behavior. Background technique [0002] The vigorous development of the Internet has made network and computer security an increasingly serious problem. In the computer, there are unknown security holes in the system and various application software, such as unknown overflow holes, etc. These holes may be exploited by malicious intruders at any time to cause varying degrees of damage to the computer system and / or applications, documents, etc. . Therefore, a variety of protection software is widely used on network computers to detect and even contain malicious intruders. [0003] At present, most of the local protection software running on network computers adopts behavior analysis technology, such as active defense technology, to detect the behavior of exploiting unknown overflow vulnerab...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/22G06F21/55
Inventor 袁灿锭滕达
Owner 厦门市美亚柏科资讯科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com