Unlock instant, AI-driven research and patent intelligence for your innovation.

Safe defense system

A security defense and file defense technology, applied in the field of security defense systems, can solve the problems of false negatives or false positives, inability to register and/or file defense, etc., and achieve the effect of reducing false negatives or false positives

Active Publication Date: 2013-03-20
BEIJING QIHOO TECH CO LTD
View PDF6 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, as computers are more and more widely used, there are more and more unknown programs and files. When the existing HIPS is actively defending, it is often unable to accurately defend the changes in the registry and / or files, so that it is leaked. Occasionally reported or falsely reported

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safe defense system
  • Safe defense system
  • Safe defense system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] refer to figure 1 , shows a flowchart of steps of a security defense method according to Embodiment 1 of the present invention.

[0024] The security defense method of the present embodiment includes the following steps:

[0025] Step S102: The active defense system determines that the registry target item written by the current program does not exist.

[0026] When the program writes to the registry, the active defense system will start RD. RD provides monitoring of common system sensitive registry items, such as the addition and modification of startup items, service driver items, system policy items, browser settings or network settings (including NameServer). When a program modifies table entries, it is currently regarded as a sensitive behavior by RD by default and intercepted and suspended. This intercepted suspension has caused false negatives or false positives in the existing active defense system. In this embodiment, when the program writes the registry ent...

Embodiment 2

[0031] refer to figure 2 , shows a flowchart of steps of a security defense method according to Embodiment 2 of the present invention.

[0032] The security defense method of the present embodiment includes the following steps:

[0033] Step S202: the current program writes the registry target item into the registry.

[0034] Step S204: The active defense system determines whether the registry target item written by the current program complies with the registry defense rules; if yes, conducts registry defense and ends this process; if not, executes step S206.

[0035] Registry defense provides monitoring of common system sensitive registry items, such as monitoring of addition and modification of startup items, service driver items, system policy items, browser settings or network setting items. Generally speaking, these entries will be added to the registry defense rules. When these entries are changed, the active defense system will judge whether the change is allowed. . ...

Embodiment 3

[0052] refer to image 3 , shows a flowchart of steps of a security defense method according to Embodiment 3 of the present invention.

[0053] In this embodiment, the joint defense of RD and FD of HIPS is taken as an example to illustrate the security defense scheme of the present invention. The solution of this embodiment includes content that can be used to statically scan startup items and add FD rules to prevent files from being tampered with.

[0054] The security defense method of the present embodiment includes the following steps:

[0055] Step S302: The active defense system obtains the registry entry of the boot program in the registry, parses out the path of the boot program, and adds the path of the boot program to the FD rule.

[0056] For example, the active defense system can obtain the registry entry of the boot program in the registry when scanning the boot program, parse out the path of the boot program, and then add the path of the boot program to the FD ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a safe defense system comprising a client terminal and a cloud safety server, wherein the client terminal comprises a confirming module, an analyzing module and a file defense module, the confirming module is used by an active defense system to confirm that registry target items written in through a current program do not exist, the analyzing module is used for obtaining data of the target items and analyzing target routes to be written in through the current program, the file defense module is used for adding the target routes into file defense rules and using the file defense rules to defend files when the files are generated by the current program, and the cloud safety sever is used for receiving the generated files sent by the file defense module, judging safety of the generated files according to the set rules and returning judged results to the client terminal. By means of the safe defense system, effects of union defense of RD and FD, and reduction of failed reports and error reports are achieved.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a security defense system. Background technique [0002] Active defense is a real-time protection technology based on independent analysis and judgment of program behavior to defend against malicious programs. Malicious program is an umbrella term for any software program intentionally created to perform unauthorized and often harmful acts. Computer viruses, backdoor programs, keyloggers, password stealers, Word and Excel macro viruses, boot sector viruses, script viruses, Trojan horses, crimeware, spyware, and adware can all be called malicious programs. [0003] When actively defending against malicious programs, it does not use file feature values ​​as the basis for judging malicious programs, but starts from the most primitive definition and directly uses the behavior of programs as the basis for judging malicious programs. Among them, the behavior of using the feature li...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 闫继平张晓霖
Owner BEIJING QIHOO TECH CO LTD