ShellCode detecting method and device

A detection method and a technology of a detection device, which are applied in the field of network security, can solve problems such as difficult static detection of ShellCode, and achieve the effect of reducing requirements and costs

Active Publication Date: 2014-08-27
INST OF INFORMATION ENG CAS
View PDF6 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The present invention provides a ShellCode detection method and device to solve the technical problem that the existing technology can only detect after the ShellCode is running, which cannot avoid the existing damage to the system and the confusion technology makes it difficult to statically detect the ShellCode

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ShellCode detecting method and device
  • ShellCode detecting method and device
  • ShellCode detecting method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0055] ShellCode is the execution carrier of vulnerability attack. A complete vulnerability attack requires the cooperation of vulnerability utilization technology and ShellCode to achieve the desired attack effect. To solve this problem, the embodiment of the present invention firstly provides a ShellCode detection method, see figure 1 ,incl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a ShellCode detecting method and device. The method comprises the steps of establishing a ShellCode instruction sequence feature library containing a ShellCode feature sequence; loading a file to be detected and analyzing the file to be detected to obtain an analyzed file; conducting simulated instruction execution and analysis on the analyzed file, recording suspicious instruction sequences, comparing the suspicious instruction sequences with the ShellCode feature sequence in the ShellCode instruction sequence feature library, and judging whether the analyzed file contains the ShellCode; outputting a detection result. According to the ShellCode detecting method and device, detection can be conducted before ShellCode execution, the influence of the ShellCode on a system is prevented, and malicious tampering is prevented in time.

Description

technical field [0001] The invention relates to the field of network security, in particular to a ShellCode detection method and device. Background technique [0002] At present, buffer overflow is a main springboard for various system attacks and gaining control of the system. To implement buffer overflow attacks, ShellCode must be used, and the attack data must contain the corresponding ShellCode. Therefore, strengthening the detection of attacks such as buffer overflow is an important research content in the field of information security. At the same time, currently widely used software such as Office, Adobe Reader and other document processing software has become a springboard for many ShellCode attacks. Many attackers hide ShellCode in these commonly used documents such as DOC and PDF to attack. [0003] The current detection of ShellCode is mainly divided into static detection and dynamic detection. Static ShellCode detection technology generally uses pattern matching...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/565
Inventor 喻民姜建国李敏刘超仇新梁黄超王菲飞王冉晴赵双刘坤颖高翔胡波
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap