Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for monitoring script virus

A script virus and script technology, applied in computer security devices, instruments, computing, etc., can solve the problems of unmonitored mutant viruses, difficulty in taking into account various situations, etc., and achieve the effect of protecting security

Active Publication Date: 2019-01-25
BEIJING CHEETAH MOBILE TECH CO LTD +4
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] It can be seen that through different encryption methods or by encrypting different characters in the string, a variety of encryption results can be obtained. The traditional static analysis-based matching method is difficult to take into account various situations, and often cannot monitor variants. Virus

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for monitoring script virus
  • Method and device for monitoring script virus
  • Method and device for monitoring script virus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.

[0038] The monitoring method of the script virus that the embodiment of the present invention provides, such as figure 1 shown, including the following steps:

[0039] Step 11, hooking the entry point function of the memory image of the binary file necessary for the running of the script program.

[0040] Here, the hook refers to changing the original execution flow of the program by modifying the memory data. For example, an additional function (forged function) execution process can be added before or after the execution of the original process entry point, so that the information (function parameters) passed to the original process entry point can be modified or the result of the original process entry point can be modified. Change. In the abo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a monitoring method and device of a script virus. The method comprises the following steps: hooking an entry point function of a binary file memory map necessary for operation of a script program; decrypting the script program by using a decryption function to obtain a real command sequence; analyzing real script action corresponding to the real command sequence, and performing corresponding operation according to the real script action. According to the method and the device, the script virus can be effectively monitored to protect the safety of an operation system.

Description

technical field [0001] The invention relates to the technical field of computer virus analysis and processing, in particular to a script virus monitoring method and device. Background technique [0002] Script viruses refer to malicious programs written in scripting languages ​​that can harm or disrupt the normal operation of computer systems. Common scripting languages ​​include Visual Basic Script (referred to as VBScript) and javascript. Scripting language is relatively simple to learn and write, and can use the objects and components provided by the Windows system to operate files, registry and network, etc. Script viruses written based on scripting language have the characteristics of large destructive power and wide spread, which seriously harm the user's system security. [0003] The monitoring of script viruses by traditional security software is usually based on static analysis and identification, and further monitoring is carried out by matching characters in sen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/562G06F21/563
Inventor 杨景杰苏海峰白彦庚邹义鹏
Owner BEIJING CHEETAH MOBILE TECH CO LTD