Sandbox detection alarming method and system based on main engine characteristic

A host and sandbox technology, applied in the field of malicious program detection technology and network security, can solve the problems of ineffective detection of malicious program detection, defects in malicious programs, etc., achieve low false positive rate and avoid false negative effects

Inactive Publication Date: 2015-07-08
STATE GRID CORP OF CHINA +3
View PDF5 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The purpose of the present invention is to provide a sandbox detection and alarm method and system based on host characteristics, which are used to solve the problems in the prior art that malicious programs cannot be effectively detected and there are defects in detecting malicious programs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sandbox detection alarming method and system based on main engine characteristic
  • Sandbox detection alarming method and system based on main engine characteristic
  • Sandbox detection alarming method and system based on main engine characteristic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] In order to make the objectives, technical solutions and advantages of the present invention clearer, each embodiment of the present invention will be described in detail below with reference to the accompanying drawings. However, those of ordinary skill in the art can appreciate that, in the various embodiments of the present invention, many technical details are set forth in order for the reader to better understand the present application. However, even without these technical details and various changes and modifications based on the following embodiments, the technical solutions claimed in the claims of the present application can be realized.

[0063] The first embodiment of the present invention relates to a sandbox detection and alarm method based on host characteristics, such as figure 1 As shown, the application of this embodiment is based on a computer hardware system and a virtual machine, the computer hardware system can run a user operating system, the vir...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a sandbox detection alarming method and a sandbox detection alarming system based on main engine characteristic. The method is characterized by comprising following steps: inserting a virtual machine monitor between a user operating system and a computer hardware system, the virtual machine monitor offers a virtual hardware platform completely simulating the computer hardware system for the virtual machine, and the user operating system runs on the virtual hardware platform; tracking and detecting the main engine characteristic of the virtual system when unknown program to be detected runs on the virtual machine; recognizing the alarm level according to the tracking detection result of the main engine characteristic of the virtual system, generating alarm information being corresponding to the alarm level, and recording the unknown program to be detected in a log information mode. The sandbox detection alarming method and the sandbox detection alarming system based on main engine characteristic performs the unknown program to be detected in the virtual machine monitoring environment for finding rogue program and monitoring the entire attack life cycle of the rogue program.

Description

technical field [0001] The invention relates to the field of malicious program detection technology and network security, in particular to a sandbox detection and alarm method and system based on host characteristics. Background technique [0002] Information and Internet technologies have changed the way people acquire knowledge and communicate. Enterprises also use these new technologies to greatly improve employee efficiency, improve operational capabilities, and create new market opportunities. However, these technologies also increase the risk of organizations being attacked. Risks, and therefore need to constantly improve the detection of malicious programs to deal with these potential, or ongoing threats. For example: State Grid Corporation, as an important backbone enterprise related to national energy security and the lifeline of the national economy, undertakes the basic mission of providing safe and sustainable power supply for economic and social development, but...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/53
Inventor 刘志永王红凯夏正敏伍军宿雅婷李建华
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap