Detecting system and method for shellcode based on memory searching

A detection system and search algorithm technology, which is applied in the field of network security intrusion detection and defense, can solve problems such as complex formats, poor compatibility, and inability to be parsed by analysis tools, and achieve the effect of improving the detection rate

Inactive Publication Date: 2013-04-17
ALIBABA (CHINA) CO LTD
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] At the same time, this type of technology has corresponding shortcomings: the mainstream document formats include office, pdf, flash and other document formats. Format parsing tools are very time-consuming and labor-intensive
However, the format analysis tools implemented by third parties based on this format document are often not well compatible with various non-standard format files, and have poor fault tolerance
As a result, gaps in vulnerability attacks are created. The attacker constructs a special format document so that the program triggered by the vulnerability can be parsed normally, but the third-party parsing tool cannot parse it, thereby bypassing various defense detections.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detecting system and method for shellcode based on memory searching
  • Detecting system and method for shellcode based on memory searching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The preferred embodiments of the present invention are given below in conjunction with the accompanying drawings to describe the technical solution of the present invention in detail.

[0029] refer to figure 1 , which shows a block diagram of a shellcode detection system based on memory search according to an implementation example of the present invention. Please note that throughout the specification and claims, "application" and "software" have the same meaning and can be used interchangeably. In the embodiment of the present invention, the detection system of the shellcode based on memory search runs in the Windows operating system. However, as a general detection and testing system, the detection system for shellcode based on memory search can run in any operating system.

[0030] The detection system of the shellcode based on memory search includes stack memory search module 104, heap memory search module 106, scheduling module 108, shellcode detection module 1...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detecting system for shellcode based on memory searching. The detecting system for shellcode includes a detected sample scheduling module, a memory searching algorithm module, a shellcode detecting module and a log module. A detecting method for shellcode includes the following steps: (1) the scheduling module schedules a tested application to open a detected document sample, (2) the memory searching algorithm module dumps memory of detected application to a file or performing memory searching directly, (3) shellcode detecting module scans the dumped file to find shellcode, and (4) the log output module outputs information related to shellcode. The detecting system and method for shellcode has the advantages of performing shellcode detection after being based on memory searching, being capable of detecting codes and encrypted and hidden shellcode of complicated application file formats so that a detection rate of malicious attack samples is raised greatly and an false positive rate and an false negative rate of malicious attack samples are lowered effectively.

Description

technical field [0001] The invention relates to the field of network security intrusion detection and defense, in particular to a shellcode detection system and method based on memory search. Background technique [0002] The use of buffer overflow security vulnerabilities and other memory memory security vulnerabilities is an important means to conduct network attacks and gain control of the system. Therefore, the defense technology against this type of vulnerability attack is an important content in the field of network security research. [0003] Since the implementation of the specific functions in the above-mentioned main vulnerability attacks must be completed through shellcode, the vulnerability carrier data generated by the attacker must protect the shellcode. Currently, detecting the existence of shellcode is the main means of judging the vulnerability attack. [0004] The current mainstream attack software carriers are mainly the most popular software such as micro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
Inventor 方兴
Owner ALIBABA (CHINA) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap