Process behavior analysis method and system

A behavioral analysis and process technology, applied in the field of computer security, can solve problems that affect the quality and efficiency of analysis, and cannot achieve a comprehensive understanding, so as to achieve the effect of ensuring quality efficiency and complete and sufficient behavioral analysis

Active Publication Date: 2013-06-19
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, this method cannot analyze the behavior after it is injected into a normal process, so that computer security technicians cannot achieve a comprehensive understanding of the behavior of malicious processes, thus affecting the quality and efficiency of process behavior analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Process behavior analysis method and system
  • Process behavior analysis method and system
  • Process behavior analysis method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0025] figure 1 It is a flow chart of Embodiment 1 of the process behavior analysis method of the present invention, as figure 1 As shown, the method of the present embodiment includes:

[0026] Step 101. Obtain monitoring record data for monitoring preset sensitive processes.

[0027] In order to analyze the process behavior of the preset sensitive process, it is first necessary to monitor the process behavior of the sensitive process and obtain the monitoring record data, so that the follow-up analysis of the process behavior can be carried out based on the monitoring record data.

[0028] The sensitive process in the embodiment of the present invention can be preset as an application program interface call operation related to the security in the operating system and system key data operation. When monitoring the sensitive process, it can be used ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a process behavior analysis method and a system. The process behavior analysis method includes that monitoring recorded data of a monitored preset sensitive process are obtained; according to the monitoring recorded data, a handle, a process and a thread in the monitoring process are simulated and reproduced, virtual table entries respectively corresponding to the handle, the process and the thread are obtained, and the virtual table entries record the handle, the process and the thread and corresponding attributes created during the sensitivity process. A relative process of the sensitivity process is set, according to the virtual table entries, corresponding handle, process and thread operation of the relative sensitivity process and corresponding attributes are associated to a sensitivity process behavior analysis result. According to the process behavior analysis method and the system, behaviors of all processes relative to one process is comprehensively analyzed, and the quality and efficiency of process behavior analysis are improved.

Description

technical field [0001] The invention relates to computer security technology, in particular to a process behavior analysis method and system. Background technique [0002] Computer security has become an issue of increasing concern to people. Process behavior analysis is one of the important computer security monitoring technologies. The purpose is to determine the corresponding safety precautions to be taken. [0003] In the prior art, the process behavior analysis generally adopts analyzing the behavior of a computer process to determine the behavior function of the program code executed by the process. For example, at present, many malicious processes have the behavior of injecting their own code into normal processes to achieve the purpose of hidden operation. These malicious processes are just an injected code. The current process behavior analysis is to analyze the injected behavior process. Or analyze the malicious process itself, so the injection behavior of these ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/50
Inventor 刘业欣曲富平邱鹏
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap