Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Program processing method and program processing system

A program processing and program technology, applied in the field of program processing methods and systems, can solve problems such as failure to successfully intercept malicious programs, non-checking of dynamic link libraries, etc.

Active Publication Date: 2013-03-27
360 TECH GRP CO LTD
View PDF10 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, in order to minimize the impact on program performance, the active defense technology only detects the exe file of the program, and does not check the dynamic link library (Dynamic Link Library, DLL) file loaded by the program.
Therefore, some malicious programs take advantage of this, and use DLL hijacking technology to package the DLL file of the malicious program with the programs in the trusted white list (such as the programs that come with the operating system). When the user chooses to execute the white list When a program is installed, the DLL file of the malicious program will be loaded, so that the active defense technology cannot successfully intercept the malicious program

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program processing method and program processing system
  • Program processing method and program processing system
  • Program processing method and program processing system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0099] refer to figure 1 , which shows a flowchart of a program processing method according to an embodiment of the present invention, and the method may specifically include:

[0100] Step S101, when a creation process of a program to be executed is detected, feature information of the program to be executed is acquired.

[0101] Step S102, uploading the feature information of the program to be executed to the server, and the server matches the feature information of the program to be executed with the pre-set cloud identification conditions to obtain a matching result.

[0102] Step S103, receiving the matching result returned by the server, and determining whether there is a hijacked DLL file in the program to be executed according to the matching result.

[0103] The specific process of the program processing method proposed in this embodiment will be described in detail in the following embodiments.

[0104] Through the above steps S101-S103, it is possible to use the c...

Embodiment 2

[0106] refer to figure 2 , shows a flowchart of a program processing method according to an embodiment of the present invention.

[0107] In order to adapt to the update speed of malicious programs and quickly identify and kill malicious programs, active defense technologies are generally used to detect and kill malicious programs. Active defense technology is a real-time protection technology that conducts independent analysis and judgment based on the behavior of the program, and protects the key positions of the system by setting interception points at key positions of the system. When a program performs behaviors that modify these key locations (such as writing to the registry, creating scheduled tasks, modifying the browser homepage, modifying the default browser, and registering browser plug-ins, etc.), the program will be intercepted. It is necessary to judge whether the modification behavior is malicious. Usually, the judgment of the behavior is realized by judging w...

Embodiment 3

[0117] Next, a specific program processing method will be described in detail.

[0118] refer to image 3 , shows a flowchart of a program processing method according to an embodiment of the present invention, the method includes:

[0119] Step S301 , when the creation process of the program to be executed is detected, check whether there is a hijacked DLL file in the program to be executed through the cloud identification condition preset by the server.

[0120] The embodiment of the present invention is mainly to increase the query process of the DLL file when the program to be executed is created. It is necessary to check whether the program to be executed has a hijacked DLL file. If it exists, it means that the program to be executed may be used by a malicious program. , so it is necessary to further check whether these hijacked DLL files are safe.

[0121] In this embodiment, it is checked whether there is a hijacked DLL file in the program to be executed through the cl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An embodiment of the invention discloses a program processing method and a program processing system, and aims to solve the problem that active defense cannot normally intercept a malicious program since the malicious program utilizes a credible program in a white list to load malicious DLL (dynamic link library) files. The program processing method includes: acquiring feature information of the program to be executed when the program to be executed is detected to create courses; uploading the feature information of the program to be executed to a server, and matching the feature information of the program to be executed with a preset cloud-end identifying condition by the server to obtain a matching result; receiving the matching result returned by the server, and determining whether intercepted DLL files exist in the program to be executed or not according to the matching result. By the aid of the program processing method and the program processing system in the embodiment, malicious programs can be intercepted more effectively.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a program processing method and system. Background technique [0002] Malicious program is an umbrella term for any software program intentionally created to perform unauthorized and often harmful acts. Computer viruses, backdoor programs, keyloggers, password stealers, Word and Excel macro viruses, boot sector viruses, script viruses (batch, windows shell, java, etc.), Trojan horses, crimeware, spyware and adware, etc., These are examples of what could be called malicious programs. [0003] Nowadays, the number of malicious programs in the world is increasing geometrically. In order to adapt to the update speed of malicious programs and quickly identify and kill malicious programs, active defense technologies are generally used to kill malicious programs. Active defense technology is a real-time protection technology based on independent analysis and judgment based on...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F9/445G06F21/56
CPCG06F21/566G06F2221/2115
Inventor 张晓霖郑文彬
Owner 360 TECH GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products