Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device and virtual machine for detecting rogue program

A malicious program and virtual machine technology, applied in the field of information security, can solve the problem of undetectable deformed malicious programs, etc.

Active Publication Date: 2012-02-01
BEIJING HONGXIANG TECH SERVICE CO LTD
View PDF5 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The present application provides a method, device and virtual machine for detecting malicious programs, so as to solve the problem that the prior art cannot detect deformed malicious programs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and virtual machine for detecting rogue program
  • Method, device and virtual machine for detecting rogue program
  • Method, device and virtual machine for detecting rogue program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] In order to make the above objects, features and advantages of the present application more obvious and comprehensible, the present application will be further described in detail below in conjunction with the accompanying drawings and specific implementation methods.

[0053] For the detection of malicious programs, especially for the detection of malicious programs such as MBR-based Bootkit or viruses similar to Bootkit, the present application proposes a detection method, which can detect these malicious programs no matter what kind of deformation they have.

[0054] Below at first introduce the thinking that this application proposes, as follows:

[0055] Under normal circumstances, the boot process of a computer system is:

[0056] Power-on self-test --> Mainboard BIOS starts from floppy disk, hard disk or CD-ROM according to user-specified startup sequence --> System BIOS reads Master Boot Record (MBR) into memory --> Hands over control to master boot program --> ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method, a device and a virtual machine for detecting a rogue program for solving the problem of the prior art that a transformative rogue program cannot be detected. The method comprises the following steps: setting a virtual memory; reading an MBR (Master Boot Record) and storing the MBR into the virtual memory; simulating to execute each instruction in the MBR in the virtual memory, and detecting if the virtual memory is modified after executing each instruction; and if being modified, confirming the rogue program, otherwise, continuing to simulate to execute the next instruction till finishing the simulated execution of all the instructions in the MBR. According to the method, any condition code converter technique can be ignored, and so long as an action occurs in a practical running, the action can be detected.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a method, device and virtual machine for detecting malicious programs. Background technique [0002] Malicious programs generally refer to programs that run illegally on a computer system without authorization. For example, a computer virus is a malicious program running in a computer system, which can pose a threat to the security of the computer system. [0003] With the development of computer and network technology, various forms of computer viruses have appeared. Among them, rootkit is a kind of kernel-level Trojan horse virus, which is a kind of software that hides other programs or processes, and may be a combination of one or more software. In a broad sense, rootkit can also be regarded as a technology. [0004] In modern operating systems, applications cannot directly access the hardware, but use the hardware by calling the interfaces provided by...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F9/455G06F21/56
CPCG06F21/566G06F9/455G06F21/00G06F21/575G06F9/45533G06F21/56
Inventor 邵坚磊谭合力
Owner BEIJING HONGXIANG TECH SERVICE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com