Safety detection method and device

A detection method and security technology, applied in computer security devices, platform integrity maintenance, instruments, etc., can solve the problems of poor computer system security and stability, affecting system security and stability, and coarse security detection granularity. , to achieve the effect of ensuring security and stability, improving security detection efficiency, and improving security and stability

Active Publication Date: 2014-03-26
TENCENT TECH (SHENZHEN) CO LTD +1
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the process of realizing the present invention, the inventor found that the prior art has at least the following problems: the above-mentioned existing real-time protection technology only performs security verification on the initiation process of sensitive operations, but in practical applications, an initiation process may contain Multiple modules, when the initiating process is a safe (that is, white attribute) process, and the multiple modules in the initiating process include dangerous (that is, black attribute) modules, and the dangerous module is injected, dll hijacks and enters the belonging Safely initiate the process and initiate sensitive operations. According to the existing real-time protection technology mentioned above, since the initiation process is safe, the sensitive operation is directly released, and the actual initiator is a black attribute module that hijacks the initiation process and initiates it. Seriously affecting the security and stability of the system
Therefore, the security detection granularity in the existing real-time protection technology is too coarse, resulting in poor security and stability of the computer system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety detection method and device
  • Safety detection method and device
  • Safety detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] figure 1 It is a flow chart of the safety detection method provided by Embodiment 1 of the present invention. Such as figure 1 As shown, the security detection method of this embodiment may specifically include the following steps:

[0052]100. Determine the initiating module in the process of initiating the sensitive operation;

[0053] 101. Collect the identity information of the initiating module;

[0054] 102. Check the safety of initiating sensitive operations according to the collected information and the preset database.

[0055] For example, the sensitive operation in this embodiment may be driver loading, modification of system registry keys, or injection. Compared with the prior art, the technical solution of this embodiment can specifically determine the initiating module in the process that initiates the sensitive operation. Then collect the identity information of the initiating module, for example, the identity information of the initiating module may...

Embodiment 2

[0083] figure 2 It is a flow chart of the safety detection method provided by Embodiment 2 of the present invention. Such as figure 2 As shown, the security detection method of this embodiment may specifically include the following steps:

[0084] 200. The security detection device monitors and captures sensitive operations;

[0085] 201. The safety detection device determines the initiating module in the process of initiating the sensitive operation through the positioning method of stack backtracking;

[0086] 202. The security detection device collects the identity information of the initiating module;

[0087] 203. The safety detection device judges whether the identity information of the initiating module is included in the preset black attribute database, and if it is included, execute step 204; otherwise, when it is not included, execute step 205;

[0088] In this embodiment, the technical solution of the present invention is described by taking the preset database ...

Embodiment 3

[0096] image 3 It is a flow chart of the safety detection method provided by Embodiment 3 of the present invention. Such as image 3 As shown, the security detection method of this embodiment may specifically include the following steps:

[0097] 300. The security detection device monitors and captures sensitive operations;

[0098] 301. The safety detection device collects parameter information of sensitive operations;

[0099] 302. The security detection device determines the initiating module in the process of initiating the sensitive operation through the location method of thread start address query;

[0100] 303. The security detection device collects the identity information of the initiating module;

[0101] 304. The safety detection device judges whether the preset white attribute database includes both the identity information of the initiating module and the parameter information of the sensitive operation, when the preset white attribute database includes both...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a safety detection method and device and belongs to the technical field of computer safety. The safety detection method comprises the steps that a launching module which launches sensitive operation in a process is determined, the identity information of the launching module is acquired, and the safety of the launched sensitive operation is detected according to the acquired information and a preset database. Compared with the prior art, the safety detection method and device have the advantages that the detection granularity is fine, and the safety and the stability of a computer system can be effectively improved; due to the fact that the safety of the launched sensitive operation is detected according to the identity information of the launching module and the preset database, the problem that the situation that a launching module with a black property launches sensitive operation by hijacking the progress of a launching module with a white property can not be detected can be effectively solved, as a result, the safety detecting efficiency can be effectively improved, and the safety and the stability of the computer system are guaranteed.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a security detection method and device. Background technique [0002] With the development of science and technology, computer real-time protection technology is a necessary guarantee to ensure the safe operation of computers. [0003] In the existing real-time protection technology, by monitoring sensitive operations of the system such as driver loading, modifying key entries in the system registry, or injection, etc., when a sensitive operation of the system is captured, the initiation process of the sensitive operation and Information about the initiating process. For example, the relevant information of the initiating process exe of the sensitive operation may include at least one of md5, digital signature and file vendor information of the initiating process. Then perform security detection on the initiating process according to the relevant information of the in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/566G06F21/554G06F21/50
Inventor 肖全举
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap