Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting rogue program

A malicious program and program technology, applied in the field of information security, can solve problems such as the inability of security software to obtain disk data, and achieve the effects of reducing the inaccuracy of detection results, reducing the false positive rate, and reducing the false negative rate.

Active Publication Date: 2013-06-12
BEIJING QIHOO TECH CO LTD
View PDF6 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, since the operating system has been infected, the Trojan horse can tamper with the disk read and write functions of the operating system, and even directly tamper with the read and write support functions in the lower-level BIOS, so that the security software cannot obtain real disk data.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting rogue program
  • Method and device for detecting rogue program
  • Method and device for detecting rogue program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0052]One of the core ideas of the embodiment of the present invention is that the sample program runs in the virtual machine, and records the information of the specified operation when the sample program runs in the virtual machine in the disk image file. After the sample program finishes running, obtain Execute the information of the specified operation and detect whether there are preset malicious characteristic data and / or pres...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for detecting a rogue program. The method comprises the following steps: starting a virtual machine, and running a sample program in the virtual machine; obtaining the information of the sample program for performing designated operation in the virtual machine, wherein the information for performing designated operation comprises object data for performing designated operation; detecting whether preset rogue feature data exists in the object data; and if yes, judging that the sample program is a rogue program. According to the method and the device, the risk of host infection can be reduced, the false alarm rate of rogue programs is reduced, and the rate of missing report of novel rogue programs is reduced.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and device for detecting malicious programs. Background technique [0002] MBR (Master Boot Record, the master boot record of the disk) is located in the 0 head 0 track 1 sector of the disk. It has a fixed size storage area and is the first area read by the computer to access the disk after it is turned on. MBR generally consists of three parts: the main boot program, the disk partition table, and the end flag word. Among them, the main boot program is used to check whether the partition table is correct when the computer is started, and hand over control to the system boot program on the disk after the system hardware completes the self-check. The main boot program in the MBR is independent from the operating system. This independence is reflected in the startup process of the computer: the general computing startup process is to perform a self-test after ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/53
Inventor 张聪
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products