Method and system for preventing PowerShell malicious code execution

A malicious code and operation execution technology, applied in the field of information security, to prevent APT attacks and ransomware intrusion, and prevent the execution of malicious code

Inactive Publication Date: 2017-05-10
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Existing memory detection detects malicious code based on code genetic features, but encrypted PowerShell scripts cannot use this method of extracting code genetic features for detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for preventing PowerShell malicious code execution
  • Method and system for preventing PowerShell malicious code execution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] The present invention provides a method and a system embodiment for defending against PowerShell malicious code execution, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention It can be more obvious and understandable, and the technical solution in the present invention will be described in further detail below in conjunction with the accompanying drawings:

[0055]At present, PowerShell malicious code is used by various malicious programs to spread and execute programs with actual malicious functions. It mainly includes APT and ransomware, for example: PowerShell code embedded in office macro code, PowerShell code embedded in installation package program, PowerShell code embedded in database file, etc. Because the method of embedding script code into other programs has strong anti-killing ability and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for preventing PowerShell malicious code execution. The method comprises the steps that a progress chain, relevant to PowerShell.exe, in the system is acquired; the progress chain and a progress chain white list are matched, and if matching succeeds, the operation is allowed to be executed; the progress chain and a progress chain black list are matched, and if matching succeeds, the operation is stopped from being executed; if matching of the progress chain with the progress chain white list and the progress chain black list fails, a user decides to allow the operation to be executed or not. According to the technical scheme, the problem that a traditional detecting method cannot effectively prevent PowerShell malicious code execution can be solved.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a method and system for defending against PowerShell malicious code execution. Background technique [0002] At present, malicious scripts written in PowerShell have the characteristics of no physical files, which can break through the detection of traditional anti-virus products and are used by more and more attackers. In recent years, it has been frequently used by APT (Advanced Persistent Threat) and ransomware. [0003] At present, most anti-virus software is based on the detection of features extracted from physical files, and the detection of non-physical malicious codes has limitations to a certain extent. Existing memory detection detects malicious code based on code genetic features, but encrypted PowerShell scripts cannot use this method of extracting code genetic features for detection. Contents of the invention [0004] In view of the above-me...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 高喜宝李柏松
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products