Modeled software key behavior tracking method based on memory management

A technology of memory management and behavior, which is applied in the field of computer information security and information security, can solve problems such as increasing the workload of developers, reducing management flexibility, and affecting normal operation, so as to improve flexibility and adaptability, and improve adaptability , to avoid the effect of defining

Active Publication Date: 2014-03-12
中国航天系统科学与工程研究院
View PDF2 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its shortcoming is that when faced with a large number of monitoring target functions, the acquisition of original function signature information not only increases the workload, but also requires developers to be familiar with the functions. In addition, the definition of a large number of callback functions also increases development. staff workload and reduces management flexibility
The second method uses assembly language to modify the function entry address instruction to realize the jump to the monitoring function. The monitoring node mounted by this method is effective for all currently running processes and will affect the normal operation of other software.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Modeled software key behavior tracking method based on memory management
  • Modeled software key behavior tracking method based on memory management
  • Modeled software key behavior tracking method based on memory management

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The specific embodiment of the present invention will be described in further detail below with reference to the accompanying drawings.

[0052] Such as figure 1 As shown, a method for tracking key behaviors of patterned software based on memory management in the present invention, the specific implementation steps are as follows:

[0053] (1) The monitoring console first loads the PE file of the monitoring target software, and analyzes the behavior node information of the PE file through static mapping; the behavior node information refers to the operating system and other user-defined APIs referenced by the PE file Information, behavior node information is stored in the IAT import address table of the PE file;

[0054] (2) According to the behavior node information obtained in step (1), the key behavior of the monitoring software is formed by adding and removing behavior nodes and stored in the database, and the key behavior feature information to be extracted is det...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

According to a modeled software key behavior tracking method based on memory management, a software key behavior monitoring system is formed by monitoring probes which are arranged on a monitoring control platform of servers and a client side. By means of the monitoring control platform, behavior node information of software to be monitored is extracted through static analysis, key behaviors and behavior extraction feature information are defined, and target software is monitored through a probe injection method. The key behavior information is effectively extracted through the monitoring probes by means of the function hijacking technology, the heap space code staying technology based on small memory management and the container management technology for balancing stack space. Single-threaded and multi-threaded software key behaviors with the complex recursive call relation are effectively tracked, high flexibility and high adaptability are achieved, and normal running of the target software and normal running of other software are taken into consideration.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method for tracking key behaviors of software based on memory management models, which realizes flexible management and effective extraction of key behaviors of software, and belongs to the field of computer information security. Background technique [0002] With the continuous deepening of informatization construction, software applications have become an inseparable and important part of large systems such as society, military, and enterprises. At the same time, due to the inherent vulnerability and "black box" characteristics of software behavior, the security and reliability of software applications have also become important issues affecting informatization operation and maintenance, and urgently need to be confirmed and guaranteed. [0003] Software behavior accurately reflects the running track of the software, internally records the security and reliability informat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F9/46G06F12/02
Inventor 袁野范志强
Owner 中国航天系统科学与工程研究院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap