Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Real-time monitoring method and device for webpage Trojan horse

A real-time monitoring and web Trojan technology, applied in computer security devices, data exchange networks, instruments, etc., can solve the problems of protecting computer security, poor real-time performance, and huge system resource consumption, avoiding browsers occupying too much memory, guaranteeing safety effect

Active Publication Date: 2010-12-01
XIAMEN MEIYA PICO INFORMATION
View PDF3 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the feature code-based scanning method is widely used and the identification is relatively fast, it often fails to report some Internet horses that exploit unknown vulnerabilities or code-encrypted and confused Internet horses, and cannot fundamentally protect computer security in real time.
[0005] Virtual machine detection generally uses software to simulate the addressing, compilation, and execution of CPU instructions to find virus signatures in the mechanism after execution. This method consumes a lot of system resources, has poor real-time performance, and is rarely used for scanning and killing web Trojan horses.
[0006] Behavior detection is by monitoring some behavioral characteristics of the application program (such as embezzlement interception system interruption, modification of the total memory and memory control block, writing operations to executable files, boot sector or performing suspicious actions such as formatting disks, virus programs, etc. Match the behavior feature library with the host program switching and search API function address, etc. This method can better prevent some web Trojan attacks, but often only some functions are enabled due to the huge consumption of system resources
[0007] Regardless of which of the above detection methods is used, there is still a blind spot in the detection of exploiting unknown vulnerabilities to mount a horse

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time monitoring method and device for webpage Trojan horse
  • Real-time monitoring method and device for webpage Trojan horse
  • Real-time monitoring method and device for webpage Trojan horse

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] As shown in the attached figure, since the principle of most webpages to hang horses at present is to use browser or third-party control vulnerabilities, combined with heap spray (heap spray) technology, open up a large amount of memory and write shellcode, so as to achieve the execution of shellcode to download Trojans and purpose of execution.

[0054] The principle of using the heap spray technology is to write a lot of useless codes in the memory. When the EIP pointer of the program is hijacked and executed to these useless codes, it will not have any impact on the execution of the subsequent Shellcode. These codes often also play a role. It acts as the return address of the function, so it has certain characteristics, such as 0x0A0A0A0A, 0x0B0B0B0B, 0x0C0C0C0C, 0x90909090. By detecting a large area with similar characteristics in the memory, it can effectively avoid the execution of malicious code, which can help detect some web Trojan horses aggressive behavior. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a real-time monitoring method and a real-time monitoring device for webpage Trojan horse. The method comprises the following monitoring steps of: injecting a browser process needing monitoring; examining the memory utilization situation in the process space and recording the current memory utilization situation; monitoring the behavior that the browser opens a new webpage; and when opening the new webpage, checking memory increment at first, suspending the process if the memory increment is greater than a specified threshold, searching whether newly increased memory has a suspicious characteristic, and giving an alarm and recording the current webpage information if the newly increased memory has the suspicious characteristic. The method for determining the webpage Trojan horse by monitoring the memory increment situation of the browser process and whether the newly increased memory has the suspicious characteristic is a lightweight system security protection method; and the method can guarantee the security of the regularly browsed webpage without affecting the speed of browsing the internet.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method and device for real-time monitoring of web page Trojan horses. Background technique [0002] With the continuous advancement of the Internet, browsing the web, downloading files, etc. have become the daily habits of many people. However, in the process of people browsing the web, many webpage Trojan horses will be embedded in people's computers inadvertently to carry out illegal activities such as account theft, such as webpage Trojan horses that exploit buffer overflow vulnerabilities in IE browsers, causing people to bear great risks when browsing the webpage . [0003] In the prior art, detection methods for web page Trojans mainly include feature code detection, behavior detection and virtual machine detection. [0004] Signature code detection is still the most commonly used technology at present. Its implementation is relatively simple, and the ability ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26G06F21/00G06F21/56
Inventor 张婷张永光张雪峰
Owner XIAMEN MEIYA PICO INFORMATION
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com