Detection device and method of unknown application bug threat

A threat detection and vulnerability technology, applied in the field of computer communication, can solve the problem of high false alarm rate of new Trojan horse detection, and achieve the effect of solving false alarms

Inactive Publication Date: 2016-01-20
南京曼安信息科技有限公司
View PDF12 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has a certain ability to detect unknown Trojan horses, but in essence it is still a detection method based on Trojan horse signatures, and the detection false positive rate for new Trojan horses is relatively high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection device and method of unknown application bug threat
  • Detection device and method of unknown application bug threat

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to make the technical solution and characteristics of the present invention clearer, the present invention will be further described in detail below in conjunction with the embodiments and accompanying drawings. Here, the following examples are used to illustrate the present invention, but not to limit the scope of the present invention.

[0038] Such as figure 1As shown, the unknown application vulnerability threat detection device of the present invention includes a sample collection device 1 , a preprocessing filter device 2 , a simulated behavior monitoring device 3 , and a behavior analysis and comparison device 4 .

[0039] Among them, the function of the sample collection device 1 is to collect and restore various file attachments transmitted on the network from network traffic. The acquisition device adopts standard protocol restoration technology, which can restore protocols such as mail / HTTP.

[0040] The pre-processing filtering device 2 is used to...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of computer communication, in particular to a detection device and method of unknown application bug threat. The detection device comprises a sample acquisition device, a preprocessing filter device, an analog behavior monitoring device and a behavior comparison and analysis device, wherein the sample acquisition device is used for collecting a transmitted application document attachment sample from the flow of a network inlet; the preprocessing filter device is used for preprocessing the collected document attachment sample and filtering known sample accessories which contain application bugs and the sample accessories which obviously do not contain the application bugs; the analog behavior monitoring device is used for carrying out simulation execution detection on the filtered sample accessories; and the behavior comparison and analysis device is used for carrying out comparison and analysis on a behavior process which is monitored and recorded by analog execution to find suspicious acts which exhibit security threats in the behavior process. An expert system knowledge base is adopted to carry out result analysis and judgment on the detected suspicious acts and can intelligently judge whether the bug threats which can be taken advantage are in the presence in the detected suspicious acts or not along with a situation that the knowledge base is constantly enriched, and a problem of false alarm can be effectively solved.

Description

technical field [0001] The invention relates to the technical field of computer communication, in particular to a device and method for detecting unknown application vulnerability threats. Background technique [0002] In recent years, the issue of network security has become one of the key issues of global concern. With the disclosure of the "Snowden" incident, the issue of network privacy and individual users' online security has once again become the focus of public attention. With the continuous development of network attack technology, especially the increasing proliferation of APT advanced persistent threat attacks, although major security vendors are constantly launching various security products using new technologies, the security problem is still serious. [0003] With the improvement of public security awareness, traditional executable file-based Trojan horse attacks have fallen behind, and everyone has realized that unknown executable files are suspicious and un...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57H04L29/06
Inventor 冯南凌世播赵斌朱学文
Owner 南京曼安信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap