Method and device for detecting suspicious progresses

A process and suspicious technology, applied in the field of information security, can solve the problems of virus false positives and false negatives, user losses, user-triggered virus detection lag, etc., to avoid attacks and improve security.

Inactive Publication Date: 2013-01-02
BEIJING QIHOO TECH CO LTD
View PDF3 Cites 59 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, because the virus database is not updated in real time, the user triggers virus detection is also lagging behind, and the use of this existing technology is prone to virus false positives and false negatives and problems
For example, if a user visits a website with a Trojan horse through a browser (horse-mounted website), the browser process will download the Trojan horse program and execute it without the user's knowledge. At this time, it will inevitably cause the Trojan horse program to run in the user's device, stealing the user's account password and other information, thereby causing losses to the user.
Especially for new viruses, even if the user triggers the Trojan horse detection process after visiting the Trojan horse website, the Trojan horse cannot be detected because it is not included in the virus database

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting suspicious progresses
  • Method and device for detecting suspicious progresses
  • Method and device for detecting suspicious progresses

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] In order to make the above objects, features and advantages of the present application more obvious and comprehensible, the present application will be further described in detail below in conjunction with the accompanying drawings and specific implementation methods.

[0068] One of the core concepts of the embodiments of the present application is to propose a mechanism for whitelist detection of processes running in the browser, and to effectively prevent suspicious processes running in the browser by using the "white or black" feature of the whitelist. Improve the security of users surfing the Internet.

[0069] refer to figure 1 , shows a flow chart of the steps of Embodiment 1 of a suspicious process detection method of the present application, which may specifically include the following steps:

[0070] Step 101, acquiring the first feature data of each running process in the browser, the first feature data including the hash value and digital signature of the e...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a device for detecting suspicious progresses. The method includes acquiring first characteristic data of the progresses of a browser; matching the first characteristic data in a preset first white list data base; and judging one progress to be a suspicious progress if the first characteristic data of the progress are not in the preset first white list data base, wherein the first characteristic data include Hash values and digital signatures of executable files of the progresses, and the preset first white list data base includes the credible file Hash values and the credible file digital signatures. According to the method and the device for detecting the suspicious progresses, the suspicious progresses can be fully, effectively and accurately distinguished, and safety for users to surf the internet is improved.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a suspicious process detection method and a suspicious process detection device. Background technique [0002] A computer virus refers to a set of computer instructions or program codes that are inserted into a computer program by the compiler to destroy computer functions or data, affect computer use, and are capable of self-replication. Once a computer is infected with a virus, it usually shows that its files are added, deleted, changed names or attributes, and moved to other directories. These operations of viruses on computer files may cause normal programs to fail to run, computer operating systems to crash, and computers to A series of problems such as remote control and user information being stolen. [0003] At present, the computer viruses that Internet users are more likely to be infected with are "trojan horses". A Trojan horse refers to a prog...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30
Inventor 张聪宋申雷肖鹏刘起
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap