Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and system for detecting non-entity file malicious code

A malicious code, intangible technology, applied in the field of information security, can solve the problem of ineffective identification of intangible file malicious code, etc., and achieve the effect of solving the problem of ineffective detection of intangible file malicious code

Active Publication Date: 2017-05-31
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above-mentioned technical problems, the present invention judges whether there is malicious code without physical file based on the corresponding relationship between processes, modules and files, and solves the problem that the traditional signature-based detection method cannot effectively identify malicious code without physical file

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting non-entity file malicious code
  • Method and system for detecting non-entity file malicious code
  • Method and system for detecting non-entity file malicious code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention provides an embodiment of a method and a system for detecting malicious code in an insubstantial file, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above objects, features and the present invention better. The advantages can be more obvious and easy to understand, and the technical solutions in the present invention are described in further detail below in conjunction with the accompanying drawings:

[0028] The present invention first provides Embodiment 1 of a method for detecting malicious codes without physical files, such as figure 1 shown, including:

[0029] S101: Traverse the running processes and modules in the system;

[0030] The module is a DLL dynamic link library file, the DLL file is placed in the system, and when a certain program is executed, the corresponding DLL file will be called.

[0031] S102: Obtain the paths and file n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for detecting a non-entity file malicious code. The method comprises the steps of traversing running processes and modules in the system; obtaining paths and file names corresponding to all the processes and modules and forming the records one by one; according to the paths and the file names in the records, determining whether there are corresponding files in a system disk or not, if there are corresponding files in the system disk, then giving up the corresponding records, if there are not corresponding files in the system disk, preventing the operation of the relevant processes and the modules, and carrying out a depth detection. By means of the technical scheme, the non-entity file class malicious code can be detected and prevented.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and a system for detecting malicious codes of insubstantial files. Background technique [0002] Traditional malicious code detection software traverses all files in the computer disk, extracts signatures for comparison, and uses signatures to match memory. This method cannot effectively detect unknown malicious code without entity files. [0003] More and more APTs (Advanced Persistent Threats) have used the attack method without physical files, using such malicious code without physical files to inject itself or derived malicious code into the system memory after invading the host system , and does not generate or exist physical files in the disk, and traditional terminal security products are weak in detecting attacks on such intangible files. Malicious code without physical files may write malicious code into the registry, or delete local files after th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 高喜宝闫博远李柏松
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD