Unlock instant, AI-driven research and patent intelligence for your innovation.

Security defense method, device and system

A security defense and file defense technology, applied in the computer field, can solve problems such as missing or false positives, failure to register and/or file defense, etc., and achieve the effect of reducing false negatives or false positives

Active Publication Date: 2016-04-20
BEIJING QIHOO TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, as computers are more and more widely used, there are more and more unknown programs and files. When the existing HIPS is actively defending, it is often unable to accurately defend the changes in the registry and / or files, so that it is leaked. Occasionally reported or falsely reported

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security defense method, device and system
  • Security defense method, device and system
  • Security defense method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] refer to figure 1 , shows a flowchart of steps of a security defense method according to Embodiment 1 of the present invention.

[0031] The security defense method of the present embodiment includes the following steps:

[0032] Step S102: The active defense system determines that the registry target item written by the current program does not exist.

[0033] When the program writes to the registry, the active defense system will start RD. RD provides monitoring of common system sensitive registry items, such as the addition and modification of startup items, service driver items, system policy items, browser settings or network settings (including NameServer). When a program modifies table entries, it is currently regarded as a sensitive behavior by RD by default and intercepted and suspended. This intercepted suspension has caused false negatives or false positives in the existing active defense system. In this embodiment, when the program writes the registry ent...

Embodiment 2

[0038] refer to figure 2 , shows a flowchart of steps of a security defense method according to Embodiment 2 of the present invention.

[0039] The security defense method of the present embodiment includes the following steps:

[0040] Step S202: the current program writes the registry target item into the registry.

[0041] Step S204: The active defense system determines whether the registry target item written by the current program complies with the registry defense rules; if yes, conducts registry defense and ends this process; if not, executes step S206.

[0042] Registry defense provides monitoring of common system sensitive registry items, such as monitoring of addition and modification of startup items, service driver items, system policy items, browser settings or network setting items. Generally speaking, these entries will be added to the registry defense rules. When these entries are changed, the active defense system will judge whether the change is allowed. ...

Embodiment 3

[0059] refer to image 3 , shows a flowchart of steps of a security defense method according to Embodiment 3 of the present invention.

[0060] In this embodiment, the joint defense of RD and FD of HIPS is taken as an example to illustrate the security defense scheme of the present invention. The solution of this embodiment includes content that can be used to statically scan startup items and add FD rules to prevent files from being tampered with.

[0061] The security defense method of the present embodiment includes the following steps:

[0062] Step S302: The active defense system obtains the registry entry of the boot program in the registry, parses out the path of the boot program, and adds the path of the boot program to the FD rule.

[0063] For example, the active defense system can obtain the registry entry of the boot program in the registry when scanning the boot program, parse out the path of the boot program, and then add the path of the boot program to the FD ru...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a security defense method, a device and a system, wherein the security defense method comprises steps of confirming that registry target items written in through a current program do not exist through an active defense system, obtaining data of the target items, analyzing target routes to be written in by the current program from the data, adding the target routes to file defense rules, and using file defense rules to defense files when the files are generated by the current program. The security defense method, the device and the system achieve the effects of union defense of RD and FD and reduction of failed reports or error reports.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to a security defense method, device and system. Background technique [0002] Active defense is a real-time protection technology based on independent analysis and judgment of program behavior to defend against malicious programs. Malicious program is an umbrella term for any software program intentionally created to perform unauthorized and often harmful acts. Computer viruses, backdoor programs, keyloggers, password stealers, Word and Excel macro viruses, boot sector viruses, script viruses, Trojan horses, crimeware, spyware, and adware can all be called malicious programs. [0003] When actively defending against malicious programs, it does not use file feature values ​​as the basis for judging malicious programs, but starts from the most primitive definition and directly uses the behavior of programs as the basis for judging malicious programs. Among them, the behav...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCG06F21/554G06F21/575G06F2221/034
Inventor 闫继平张晓霖
Owner BEIJING QIHOO TECH CO LTD