System rogue program detecting method and device

A malicious program and malicious technology, which is applied in the field of system malicious program detection for rootkit-type stubborn Trojans, can solve the problems of low detection accuracy of Trojans, leakage of viruses and failure to identify hidden Trojans, etc., so as to improve detection accuracy and security Effect

Active Publication Date: 2014-03-26
TENCENT TECH (SHENZHEN) CO LTD
View PDF5 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] Therefore, although the existing Rootkit prevention methods can deal with some kernel-level Trojans, there is a

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System rogue program detecting method and device
  • System rogue program detecting method and device
  • System rogue program detecting method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The solution of the embodiment of the present invention is mainly to: obtain the active driver program in the system kernel space, perform feature matching on the driver program information and the feature combination in the malicious code feature library, check the security status of the system kernel at the driver level, and detect the security status of the system. Whether the key call path has been tampered with and destroyed by stubborn malicious programs, and further select the corresponding removal and repair strategy for rootkit Trojans and other malicious programs to clear and repair, so as to improve the detection accuracy of system malicious programs and improve system security.

[0033] Such as figure 1 As shown, the first embodiment of the present invention proposes a system malicious program detection method, including:

[0034] Step S101, traversing the system kernel space to obtain a list of active drivers;

[0035] This embodiment uses the kernel featu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a system rogue program detecting method and device. The method comprises the steps of traversing system kernel space to obtain an active drive program list, taking the drive programs from the drive program list so as to obtain drive program information, matching the drive programs with the characteristic combinations in a preset malicious code characteristic base in characteristic on the basis of the drive program information so as to detect whether the drive programs are rogue programs. According to the system rogue program detecting method and device, the safety condition of the system kernel is checked in the drive level, whether key calling paths of a system is tampered and destroyed by stubborn rogue programs is checked, and corresponding elimination repair strategies are selected for rogue programs such as Rootkit Trojan programs to eliminate the rogue programs and repair the system. The system rogue program detecting method and device are strong in pertinency, low in false alarm rate, accurate in repair, and capable of preventing repeated infection, can thoroughly eliminate Rootkit type Trojan, ensure normal utilization of a user system, and greatly improve the safety of the system.

Description

technical field [0001] The invention relates to the technical field of Internet and network security, in particular to a system malicious program detection method and device for rootkit-like stubborn Trojan horses. Background technique [0002] At present, some malicious Trojan horses install Trojan horses on user systems by means of game plug-ins, video player bundles, or disguised as system software, release kernel drivers, and destroy the protection functions of security software through drivers, preventing security software from accessing files related to Trojan horses. 1. The scanning operation of the registry entries protects the process of the Trojan horse from being terminated by the security software, thereby hiding it safely on the user's computer, causing serious consequences for the user that the Trojan horse cannot be removed repeatedly. [0003] With the rampant proliferation of Trojan horse viruses and malware, various security software pay more and more atten...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566G06F21/568
Inventor 刘桂泽
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap