Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for intercepting behaviors of program, and client equipment

A program execution and program technology, which is applied in the field of intercepting program behavior and client devices, can solve problems such as disconnection and inability to effectively intercept malicious programs, and achieve the effect of improving protection capabilities and effective interception.

Active Publication Date: 2013-02-13
BEIJING QIHOO TECH CO LTD +1
View PDF7 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Because the malicious program disconnects the network connection between the client and the cloud security center through the attack on the user network, or temporarily disconnects the entire network connection, which makes the cloud security center unable to effectively block the malicious program

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for intercepting behaviors of program, and client equipment
  • Method and device for intercepting behaviors of program, and client equipment
  • Method and device for intercepting behaviors of program, and client equipment

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0169] a.exe is a malicious program, which will first disconnect the network when it is running, and then trigger an interception point by writing a system startup item in the registry for self-starting.

[0170] Before using the technology proposed by the present invention, the active defense intercepted the writing behavior of the registry. When trying to obtain the file level of a.exe, because the network has been disconnected, it cannot be obtained. In order to avoid error prompts, only Choose to allow it to do so.

[0171] And after using the technology that the present invention proposes, will inquire and record its process information when creating a process (i.e. before running) for a.exe, when detecting registry writing behavior, judge that current network can't be connected, The file level of the current process will be obtained by querying the previous records, thereby normally intercepting the execution of this program.

example 2

[0173] Combined with the process chain to handle the situation of network disconnection. For example: a.exe is an unknown program, b.exe is a white program that can be used (white use), when a.exe is running, it will disconnect the network, and then call b.exe to write and start item, thus triggering the interception point.

[0174] When creating processes for a.exe and b.exe, the process information is recorded, such as the file level of the process executed by a.exe is malicious level, the file level of the process executed by b.exe is security level, and a.exe The executed process is the parent process of the process executed by b.exe.

[0175] When b.exe executes the operation of writing to the registry, the interception point is triggered, and the active defense creates a relationship through the previously recorded process. It can be known that b.exe is created by a.exe, so the process executed by b.exe is obtained at the same time and the file level of the process exe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for intercepting behaviors of a program, and client equipment, and aims to solve the problem that a malicious program cannot be intercepted due to network disconnection. The method comprises the following steps of: during creation of processes for the program, querying and recording the process information of each process; when a certain program executes operation to trigger preset interception points, acquiring the process information of the process which is executed by the program; and judging whether the program is in accordance with interception conditions according to the acquired process information, and when the program is in accordance with the interception conditions, intercepting the program. By the invention, the protection capacity of safety protection software is improved, and the malicious program can be effectively intercepted.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method, device and client device for intercepting program behavior. Background technique [0002] Malicious program is an umbrella term for any software program intentionally created to perform unauthorized and often harmful acts. Computer viruses, backdoor programs, keyloggers, password stealers, Word and Excel macro viruses, boot sector viruses, script viruses (batch, windows shell, java, etc.), Trojan horses, crimeware, spyware and adware, etc., These are examples of what could be called malicious programs. [0003] Traditional anti-malware programs mainly rely on the signature database mode. The signature library is composed of the signature codes of malicious program samples collected by the manufacturer, and the signature code is the difference between the malicious program and the legitimate software that the analysis engineer finds, and intercepts a piece of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 余和范纪鍠郑文彬孙晓骏
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com