Detection method and detection device for attack in spray pattern

A mode and detection module technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems such as detection failure

Active Publication Date: 2014-08-13
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF5 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The embodiment of the present invention provides a method and device for detecting a spray mode attack, which is used to solve the problem that the detection ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and detection device for attack in spray pattern
  • Detection method and detection device for attack in spray pattern
  • Detection method and detection device for attack in spray pattern

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0106] Embodiments of the present invention provide a method and device for detecting a spray mode attack, which executes an application program in a simulation manner, and detects the calling of a sensitive function during the execution of the application program, and the sensitive function is a function used to manage memory; when When an abnormal call to a sensitive function is detected and an abnormal memory block is generated, determine the cumulative number of times the sensitive function is called abnormally and the abnormal memory block is generated; The abnormal memory block generated during the function call is subjected to timestamp detection, and the first score is generated according to the result of the timestamp detection; if the first score is not less than the second threshold, it is determined that the application program has a spray mode attack. Since the time stamp of the abnormal memory block can be detected to determine whether there is a spray mode attack...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An embodiment of the invention relates to the technical field of computer security, in particular to a detection method and a detection device for an attack in a spray pattern, which are used to solve a problem that a method judging whether the attack in the spray pattern exists simply by detecting whether a shellcode can be executed is possible to be subjected to detection failure. The method disclosed by the embodiment of the invention comprises the steps of: detecting a calling situation of a sensitive function; if calling of the sensitive function is abnormal and an accumulative number of memory blocks that are abnormal is not less than a first threshold value, performing time stamp detection upon the memory blocks that are abnormal during a calling progress of the sensitive function, generating a first fraction according to a result of the time stamp detection; if the first fraction is not less than a second threshold value, determining that an application is subjected to attach in the spray pattern. Whether the attack in the spray pattern exists can be judged simply by detecting time stamps of the abnormal memory blocks, so that occurrences of detection failure are reduced.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method and device for detecting spray pattern attacks. Background technique [0002] With the continuous development of computer technology, computer network has become the main tool for people to obtain information, followed by the continuous improvement of the demand for computer security technology. Computer viruses, Trojan horses, spyware and malicious codes are the main threats faced by computer networks in recent years, among which spray (spray) type web page Trojan horses are a new type of Trojan horses that have appeared recently. Spray includes a variety of modes, such as Heapspray (heap spray), object spray (object spray), jit spray (just in time spray, timely spray), etc. Spray-type webpage Trojan horses are widely used because of their strong versatility and easy generation of malicious webpages. Therefore, the detection of spray-type webpage Trojan horse...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 郝力男
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap