Overflow vulnerability detection method and system for advanced persistent threat

A vulnerability and detection technology, which is applied in the direction of instrumentation, electronic digital data processing, platform integrity maintenance, etc., can solve the problems of incomplete identification of known vulnerabilities, inability to effectively detect 0day vulnerabilities, etc., and achieve efficient known and unknown vulnerabilities , the effect of efficient detection

Active Publication Date: 2014-07-02
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF1 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Traditional known vulnerability threats are mainly obtained by parsing the format of known vulnerabilities. This method does not fully identify known vulnerabilities, and cannot effectively detect 0day vulnerabilities that can be exploited by advanced sustainable threats.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Overflow vulnerability detection method and system for advanced persistent threat
  • Overflow vulnerability detection method and system for advanced persistent threat

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention provides an overflow vulnerability detection method and system for advanced persistent threats, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and The advantages can be more obvious and easy to understand, and the technical solution in the present invention will be further described in detail below in conjunction with the accompanying drawings:

[0027] The present invention firstly provides a kind of overflow vulnerability detection method aimed at advanced sustainable threats, such as figure 1 shown, including:

[0028] S101 selects the basic version of the software to be detected, and records the branch version information with the patch file; the basic version is one or more important versions of the software to be detected;

[0029] S102 captures suspicious document type samples in the network, and puts the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an overflow vulnerability detection method and system for advanced persistent threat. Firstly, a basic version of software to be detected is selected, and branch version information containing patch files is recorded; the basic version is one or more important versions of the software to be detected; a suspicious file type sample in a network is captured and input into a virtual machine; according to corresponding relations of the patch files and branch versions, branch version environment is constructed in the virtual machine; the suspicious file type sample is loaded and opened in the branch version environment; API calling situations of the suspicious file type sample are monitored to judge whether overflow behaviors exist, and whether the branch versions are updated versions, and accordingly whether a 0day loophole capable of being used by the advanced persistent threat exists. Besides, known loopholes of the software to be detected can be effectively detected, and whether the 0day loopholes exist in the software to be detected can be found.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to an overflow vulnerability detection method and system for advanced sustainable threats. Background technique [0002] An advanced persistent threat (APT) refers to an attacker launching a long-term, sophisticated attack on a target. Its attacks are targeted and launched after long-term preparations. Its main characteristics are: attackers have more professional technical capabilities, can fully exploit the vulnerabilities of the target, including the ability to exploit unknown vulnerabilities; APT usually lasts for a long time, and attackers may use all kinds of opportunities to attack the target, which may last for a long time Collect security holes and finally achieve your own goals. [0003] Facing the complex Internet security situation and the growing number of Advanced Persistent Threats (APTs), it is becoming more and more common to use document format ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 康学斌肖新光
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap