Malicious code detection and defense method

A malicious code detection and program technology, applied in the field of malicious code detection and defense systems

Inactive Publication Date: 2013-12-04
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF11 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Typical security software uses several types of malicious code detection technologies, but these technologies have different degrees of defects. In order to deal with the constantly generated malicious codes, security software needs to update and upgrade the virus database frequently, and these update and upgrade data are A server is required to provide

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection and defense method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The invention provides a system including detection, response and defense.

[0026] (1) Detection

[0027] Detection is a key part of the invention, it is like a camera in a mall. Detection is done by setting watchpoints, which are set in the following aspects:

[0028] 1. Process creation and termination, remote thread creation, memory reading and writing, dynamic link library loading;

[0029] 2. Network port monitoring, data sending and receiving, and protocol interfaces such as HTTP provided by the operating system;

[0030] 3. Addition, deletion, modification of registry entries, and files corresponding to registry entries;

[0031] 4. Deletion and modification of operating system files, creation, copying, moving, and deletion of files in the system directory, installation, copying, moving, and deletion of applications;

[0032] 5. Loading and modification of kernel modules, creation, startup and modification of services, modification of SPI, BHO, SSDT, etc.

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Different from other malicious code detection and defense methods, a malicious code detection and defense method is characterized in that a malicious code detection and defense system is built by the aid of a centerless network based on P2P (peer-to-peer). Running of an unknown program cannot be stopped, the unknown program can be monitored in the subsequent running process, mass data obtained by monitoring the program are processed to obtain some strategies, the strategies are similar to conditioned reflex and tell a defense portion how to process a certain program, a response portion tells the defense portion what to do for a certain program, and the main content includes terminating malicious processes, terminating network connection, recovering broken registry keys, recovering broken files, preventing a kernel module from loading and modifying, recovering services and recovering tampered kernel information. The malicious code detection and defense method has the advantages that autonomic update and rapid response are realized, a user and the program are transparent, and after effects are avoided.

Description

technical field [0001] The present invention is a malicious code detection and defense method, which is different from other malicious code detection and defense methods in that the present invention uses a P2P-based decentralized network to construct a malicious code detection and defense system. Background technique [0002] Malicious codes in the traditional sense can be divided into viruses, worms, Trojan horses, etc., but with the rise of computer-dependent e-commerce, viruses, worms, Trojan horses, etc. no longer have obvious boundaries. Most malicious codes are generated under the drive of profit, and are manufactured to steal various accounts and money. General malicious code detection can be divided into static detection and dynamic detection according to whether the code is executed. Static detection includes checksum comparison, characteristic string inspection, heuristic scanning, logic analysis and network sniffing, etc. Dynamic detection includes integrity de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08G06F21/56
Inventor 陈厅张小松陈瑞东牛伟纳王东廖军张凡张蕾
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap