Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting baleful programs

A malicious program and program technology, applied in the computer field, can solve problems such as the inability to detect and exploit unknown privilege escalation security vulnerabilities, and inability to solve advanced threats, etc., to achieve the effect of improving the detection success rate

Inactive Publication Date: 2017-05-10
ALIBABA GRP HLDG LTD
View PDF6 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the traditional signature-based static anti-virus scanning method cannot solve the current increasing number of advanced threats, it can only solve known virus threats, but it is helpless for the ever-changing new viruses
[0004] For example, the existing anti-virus software can only detect virus samples of the privilege escalation category based on specific security vulnerabilities, and then detect them based on the extracted features. Unable to solve the detection of exploiting unknown privilege escalation security vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting baleful programs
  • Method and device for detecting baleful programs
  • Method and device for detecting baleful programs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] Preferred embodiments of the present application will be described in detail below with reference to the accompanying drawings.

[0043] Currently, the latest operating systems such as windows, linux, etc., implement the permission division mechanism, and ordinary users can only use the default permissions (usually ordinary permissions, not high permissions), which can meet the daily use needs, and the running program needs When the authority is high, the user is required to confirm or enter a password, so as to ensure that the computer system is not damaged by malicious programs. For example, in Windows 7, by default, ordinary users do not have administrator privileges. When running a program that requires administrator or System privileges, a User Account Control (UAC) prompt box will pop up, prompting the user to enter a password or perform a confirmation operation. The same is true for the Linux system. It is recommended that general users use non-root privileges an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of computers, in particular to a method and device for detecting baleful programs. The method and device are used for improving the searching and killing capacity to novel viruses. The method includes the steps that program samples are put in a sandbox system to run, various associated processes generated by the program samples are monitored in real time, authority state information of the associated processes is recorded, and when it is determined that the authority of any associated process is improved, it is judged that the program samples are the baleful programs. Thus, baleful program detection can be carried out without depending on known security flaw characteristics, even aiming at new advanced threats, the program samples can be accurately defined as baleful programs, and the detection success rate of unknown viruses is greatly increased.

Description

technical field [0001] The present application relates to the field of computers, in particular to a method and device for detecting malicious programs. Background technique [0002] With the development of random computer technology, various virus programs are also increasing day by day. In order to ensure the safety of computer systems, virus detection and killing technology needs to be effectively developed. [0003] At present, the traditional signature-based static anti-virus scanning method cannot solve the increasing number of advanced threats. It can only solve known virus threats, but it is helpless for the ever-changing new viruses. [0004] For example, the existing anti-virus software can only detect virus samples of the privilege escalation category based on specific security vulnerabilities, and then detect them based on the extracted features. Unable to solve the detection of exploiting unknown privilege escalation security vulnerabilities. [0005] Therefor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 王云翔
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com