Method and system for quickly detecting malicious code

A malicious code and fast technology, applied in the field of malicious code detection, can solve the problems of limited disk IO read speed, long waiting process, etc.

Active Publication Date: 2011-04-20
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF3 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Traditional detection technology is limited by disk IO read speed. It takes a long waiting process to fully and accurately detect viruses. Especially toda

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for quickly detecting malicious code
  • Method and system for quickly detecting malicious code
  • Method and system for quickly detecting malicious code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0081] The present invention provides a method and system for quickly detecting malicious codes, which are mainly aimed at the windows system environment. According to the characteristic that malicious codes will enter the memory after they run, they directly go to the memory to scan all the started processes of the system and the corresponding entity files of the loaded modules. , specific non-PE existence directory, root directory and other sensitive items. Compared with the traditional engine, the invention can avoid scanning other normal files, thereby improving the detection speed. Simultaneously, the present invention judges whether malicious codes are divided into two channels, namely: regular engine scanning through feature code matching, and judgment through behavior patterns. Therefore, even if there is no feature code, the present invention can directly make a judgment on the attribute of the file, realize data acquisition and directional analysis on a special envir...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for quickly detecting a malicious code. The method comprises the following steps of: acquiring all files at preset detection points; performing conventional engine scanning on all the acquired files; reporting a suspicious file if the suspicious file is discovered; performing behavior pattern judgment on files at detection points for the behavior pattern judgment in all the files if the suspicious file is not discovered; and reporting the suspicious file if the suspicious file is discovered. In the method, other normal files can be prevented from being scanned and the malicious code can be quickly positioned, so that the detection speed is improved. Meanwhile, in the method, attributes of a file without a feature code can be directly judged, so data acquisition and directional analysis are performed on a special environment, and the malicious code which cannot be detected by the conventional quick scanning is detected.

Description

technical field [0001] The invention relates to malicious code detection technology, in particular to a method and system for rapidly detecting malicious codes. Background technique [0002] With the rapid development of computer technology, the capacity of the hard disk of the main storage device of the computer continues to increase, more and more software is installed by users, and the number and capacity of files in the hard disk continue to increase. [0003] Many malicious codes will copy themselves to Windows fixed and sensitive directories such as system32 and startup. Traditional conventional engines list these directories as high-risk directories and scan all files in these directories to achieve fast scanning. However, the files in this directory The vast majority of files are fine. [0004] Traditional detection technology is limited by disk IO read speed. It takes a long waiting process to fully and accurately detect viruses. Especially today, T-class hard disk...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/56
Inventor 李石磊李果徐翰隆
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap