Unlock instant, AI-driven research and patent intelligence for your innovation.

Novel defending method and device for unknown malicious software

A new type of malware, applied in the field of network security, can solve problems such as inability to defend against viruses or malicious attacks, loss, and inability to effectively detect and defend security mechanisms, and achieve the effect of abandoning detection lag and improving defense capabilities.

Active Publication Date: 2016-07-20
STATE GRID CORP OF CHINA +1
View PDF9 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

With the advancement of technology, the above-mentioned viruses or attack tools have been focused on prevention, such as zero-day threats, advanced evasion techniques such as deformation and polymorphism, multi-stage attacks, APT attacks and other new attack methods have appeared. More modern attack methods, the traditional security mechanism is still unable to carry out effective detection and defense, thus causing huge losses
[0004] In the existing technology, the traditional method of signature detection is often used for viruses or malicious attacks, and it has been unable to effectively defend against viruses or malicious attacks with non-traditional attack types

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Novel defending method and device for unknown malicious software
  • Novel defending method and device for unknown malicious software
  • Novel defending method and device for unknown malicious software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] The present invention provides the defense method of novel unknown malicious software, such as figure 1 As shown, the defense method includes:

[0051] 11. In the threat analysis and detection equipment, the malicious software in the stage of exploiting the vulnerability is obtained through the virtual identification technology, the first alarm information including the source address and the address of the controlled server is generated, and the alarm information is added to the record of the reputation database.

[0052] The reason why threat analysis and detection equipment is used in step 11 is that signature-based detection technologies are often used in traditional threat detection technologies. When new threats appear, it takes a period of time for security vendors to discover viruses before they can detect them. Provide a signature, so that its anti-virus tools can have the ability to detect and kill the virus. However, with the development of technology, attac...

Embodiment 2

[0085] The present invention also provides the defense equipment 2 of novel unknown malicious software, such as Figure 4 As shown, the defense device 2 includes:

[0086] The processing module 21 is used to obtain the malicious software in the vulnerability exploitation stage through the virtual identification technology in the threat analysis and detection device, generate the first alarm information including the source address and the address of the controlled server, and add the alarm information to the credit library in the record.

[0087] The interception module 22 is configured to intercept, in the intrusion prevention device, the behavior of downloading malicious software and the behavior of communicating with the controlled server through linkage with traditional intrusion prevention devices and based on the records stored in the reputation database, to generate Second alert information, and track the subsequent activities of the malware.

[0088] A cleaning modul...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a novel defending method and device for unknown malicious software, and belongs to the field of network safety. The method comprises the steps: obtaining malicious software at the phase of exploitation of vulnerability through employing the technology of virtual recognition, generating first alarm information, adding first alarm information to the record of a credibility library, carrying out the intercepting of a downloading behavior of the malicious software and the behavior of the communication of a controller server based on the record stored in the credibility library, generating second alarm information, and carrying out the clearing of existed malicious software according to the first and second alarm information. The method can confirm the existing of the malicious software through employing the technology of virtual recognition and the credibility library during the exploitation of vulnerability, and tracks the subsequent activity of the malicious software. Compared with the prior art, the method can recognize the malicious software in a novel attack mode, gets rid of detection hysteresis caused by a signature mode, improves the defense capability of the malicious software, and reduces the loss caused by the malicious software.

Description

technical field [0001] The invention belongs to the field of network security, in particular to a defense method and equipment for novel unknown malicious software. Background technique [0002] With the rapid development of science and technology, the Internet has penetrated into all walks of life, providing various conveniences for people's lives in all aspects. [0003] But there are a small number of people with high technical level, for the purpose of gaining profits, make and use a variety of malicious software to obtain other people's important and private information, such as worms, Trojan horses, distributed denial of service (Distributed Denial of Service, DDoS), etc. Viruses or attack tools. With the advancement of technology, the above-mentioned viruses or attack tools have been focused on prevention, such as zero-day threats, advanced evasion techniques such as deformation and polymorphism, multi-stage attacks, APT attacks and other new attack methods have appe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/56
CPCG06F21/56G06F21/566G06F21/568H04L63/1441
Inventor 夏威吴科庆王以良龚小刚王红凯张旭东叶卫姚一杨黄慧沈潇军沈志豪张景明冯宇
Owner STATE GRID CORP OF CHINA