A Vulnerability Exploitation Detection and Recognition Method Based on Dynamic Memory Fingerprint Anomaly Analysis

A dynamic memory and identification method technology, applied in the field of network security, can solve problems such as long time-consuming, incompatibility with the operating system, high upgrade cost, etc., and achieve the effects of low cost, wide coverage, high support rate and program compatibility
CN106991328BActive Publication Date: 2019-11-29XINGHUA YONGHENG BEIJING TECH CO LTD
7 Cites 1 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
XINGHUA YONGHENG BEIJING TECH CO LTD
Publication Date
2019-11-29

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention relates to a vulnerability exploitation detecting and recognizing method based on dynamic memory fingerprint anomaly analysis. The vulnerability exploitation detecting and recognizing method includes the following steps that 1, a dynamic link library file is injected into a target process; 2, a vectorization exception handling function is applied for; 3, data execution protection is started; 4, inaccessible memory blocks with random sizes are distributed; 5, a memory usage HeapSpray address is applied for; 6, the heap block distribution condition of a progress heap is monitored; 7, base addresses of loaded modules are selected again; 8, the memory block with the address of 0*1 and the inaccessible attribute is applied for; 9, the final anomalous event is taken over; 10, a specific interface function is hijacked, and environment is called for behavior recognition; 11, the thread scheduling process is hijacked, and the change action of an access token and a SecurityDescriptor pointer of the target process is monitored; 12, the execution condition of getting access to the address of a client layer under the kernel mode is monitored. By means of the steps, the effect of detecting vulnerability attacks is achieved, and the problem that the prior art has a complex process and lag period and is poor in compatibility is solved.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] 1. Technical field

[0002] The invention provides a method for detecting and identifying loopholes based on abnormal analysis of dynamic memory fingerprints, which relates to a method for detecting and identifying loopholes and belongs to the technical field of network security.

[0003] 2. Background technology

[0004] Vulnerability refers to a weakness or flaw in a system, the susceptibility of the system to a specific threat attack or dangerous event, or the threatening effect of an attack. Vulnerabilities may come from flaws in the design of application software or operating systems or errors in coding, or from design flaws or unreasonable logical processes during business interaction processing. These flaws, errors or unreasonables may be exploited intentionally or unintentionally to adversely affect an organization's assets or operations, such as information systems being attacked or controlled, important data being stolen, user data being tampered with, and syst...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More