Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and system for detecting malicious codes without physical files

A malicious code, intangible technology, applied in the field of information security, can solve the problem of ineffective identification of intangible file malicious code, etc., and achieve the effect of solving the problem of ineffective detection of intangible file malicious code

Active Publication Date: 2020-06-19
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above-mentioned technical problems, the present invention judges whether there is malicious code without physical file based on the corresponding relationship between processes, modules and files, and solves the problem that the traditional signature-based detection method cannot effectively identify malicious code without physical file

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for detecting malicious codes without physical files
  • A method and system for detecting malicious codes without physical files
  • A method and system for detecting malicious codes without physical files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention provides a method and a system embodiment for detecting malicious codes without physical files, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purpose, features and characteristics of the present invention The advantages can be more obvious and easy to understand, and the technical solution in the present invention will be further described in detail below in conjunction with the accompanying drawings:

[0028] The present invention first provides a method embodiment 1 for detecting malicious codes without entity files, such as figure 1 shown, including:

[0029] S101: traverse the running processes and modules in the system;

[0030] Wherein, the module is a DLL dynamic link library file, the DLL file is placed in the system, and when a certain program is executed, the corresponding DLL file will be called.

[0031] S102: Obtain...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for detecting a non-entity file malicious code. The method comprises the steps of traversing running processes and modules in the system; obtaining paths and file names corresponding to all the processes and modules and forming the records one by one; according to the paths and the file names in the records, determining whether there are corresponding files in a system disk or not, if there are corresponding files in the system disk, then giving up the corresponding records, if there are not corresponding files in the system disk, preventing the operation of the relevant processes and the modules, and carrying out a depth detection. By means of the technical scheme, the non-entity file class malicious code can be detected and prevented.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for detecting malicious codes of non-substantial files. Background technique [0002] Traditional malicious code detection software traverses all files in the computer disk, extracts signatures for comparison, and uses signatures to match memory. This method cannot effectively detect unknown malicious codes without physical files. [0003] There have been more and more APT (Advanced Persistent Threats) using non-substantial file attack methods, using this non-substantial file malicious code to inject itself or derived malicious code into the system memory after invading the host system , does not generate or exist physical files in the disk, and traditional terminal security products are weak in detection of attacks without physical files. Malicious codes without physical files may write malicious codes into the registry, or delete local files af...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 高喜宝闫博远李柏松
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD