Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and system for discovering malicious code bypassing active defense

A technology of active defense and malicious code, applied in the fields of instruments, computing, electrical digital data processing, etc., can solve the problems of untimely discovery and low output efficiency

Active Publication Date: 2019-07-02
HARBIN ANTIY TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The current detection method has certain drawbacks. Nowadays, for the behavior of malicious code bypassing the active defense, it is mainly found by manual reverse analysis. This method has low output efficiency and is not timely discovered.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for discovering malicious code bypassing active defense
  • A method and system for discovering malicious code bypassing active defense
  • A method and system for discovering malicious code bypassing active defense

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0029] The invention proposes a method and system for discovering malicious code bypassing active defense, which can automatically discover behaviors of malicious code bypassing active defense by monitoring and comparing the systems.

[0030] Common antivirus software with active defense functions will have a built-in whitelist and a set of rules for identifying malicious behavior. The discrimination rules are summarized by anti-virus engineers after analyzing the code characteristics and behavior characteristics of a large number of malicious codes. These rules are divided ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a discovery method and system for bypassing active defense by a malicious code. The method comprises: active defense is turned on and a system key position is scanned simultaneously; a content and a key value of the system key position before suspicious code operation are recorded; the suspicious code is operated to obtain a monitoring result of the active defense; the system key position is scanned again and a content and a key value of the system key position after suspicious code operation are recorded; changing information of the contents and key values of the system key position before and after suspicious code operation is compared to obtain a newly added threat; a detection result of the active defense and the newly added threat are compared and whether detection result of the active defense and the newly added threat are the same is determined; and if so, no newly added suspicious code bypassing the active defense exists; and otherwise, a newly added suspicious code bypassing the active defense is discovered automatically. Therefore, automatic detection of a situation, only discovered manually previous, of bypassing active defense can be realized.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a method and system for discovering malicious code bypassing active defense. Background technique [0002] Active defense is a real-time protection technology based on independent analysis and judgment of program behavior, which solves the problem that traditional security software cannot defend against unknown malicious code. Today, most antivirus software has the function of active defense. For unknown malicious code to run on the user's machine, it must bypass the active defense of the antivirus software. Since the active defense technology judges whether the unknown program behavior is malicious or not based on the discovered malicious code behavior. Therefore, new types of malicious code can use unrecognized malicious program behaviors to bypass active defenses and achieve their own malicious purposes. [0003] The current detection method has certain dr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/554G06F21/566
Inventor 康学斌周奋彦肖新光
Owner HARBIN ANTIY TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com