Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Vulnerability Exploitation Detection and Recognition Method Based on Dynamic Memory Fingerprint Anomaly Analysis

A dynamic memory and identification method technology, applied in the field of network security, can solve problems such as long time-consuming, incompatibility with the operating system, high upgrade cost, etc., and achieve the effects of low cost, wide coverage, high support rate and program compatibility

Active Publication Date: 2019-11-29
XINGHUA YONGHENG BEIJING TECH CO LTD
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The operating system itself will provide protection measures against vulnerabilities, but these protection measures are not compatible with the operating system under its version and some require the support of the compilation environment or hardware. The protection coverage is small and the compatibility is poor. The overall environment system upgrade cost is relatively high. big, time consuming

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Vulnerability Exploitation Detection and Recognition Method Based on Dynamic Memory Fingerprint Anomaly Analysis
  • A Vulnerability Exploitation Detection and Recognition Method Based on Dynamic Memory Fingerprint Anomaly Analysis
  • A Vulnerability Exploitation Detection and Recognition Method Based on Dynamic Memory Fingerprint Anomaly Analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] In order to solve the shortcomings of the loophole utilization detection scheme provided by the prior art, that is, the problems of inability to detect unknown type loopholes, poor compatibility, and small coverage area, the method of the present invention provides a loophole utilization detection and identification scheme. The target process, arranges the memory to the ideal state of defense, monitors the behavior of the target process and conducts dynamic analysis to identify the attack methods of vulnerability exploitation, not limited to known exploits, and has the effect of protecting the process and system environment.

[0052] In order to make the purpose of the method of the present invention and the technical solution more clear, further detailed description will be given below in conjunction with the accompanying drawings.

[0053] see figure 1 , is a schematic diagram of the loophole utilization detection and identification process of the method of the presen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a vulnerability exploitation detecting and recognizing method based on dynamic memory fingerprint anomaly analysis. The vulnerability exploitation detecting and recognizing method includes the following steps that 1, a dynamic link library file is injected into a target process; 2, a vectorization exception handling function is applied for; 3, data execution protection is started; 4, inaccessible memory blocks with random sizes are distributed; 5, a memory usage HeapSpray address is applied for; 6, the heap block distribution condition of a progress heap is monitored; 7, base addresses of loaded modules are selected again; 8, the memory block with the address of 0*1 and the inaccessible attribute is applied for; 9, the final anomalous event is taken over; 10, a specific interface function is hijacked, and environment is called for behavior recognition; 11, the thread scheduling process is hijacked, and the change action of an access token and a SecurityDescriptor pointer of the target process is monitored; 12, the execution condition of getting access to the address of a client layer under the kernel mode is monitored. By means of the steps, the effect of detecting vulnerability attacks is achieved, and the problem that the prior art has a complex process and lag period and is poor in compatibility is solved.

Description

[0001] 1. Technical field [0002] The invention provides a method for detecting and identifying loopholes based on abnormal analysis of dynamic memory fingerprints, which relates to a method for detecting and identifying loopholes and belongs to the technical field of network security. [0003] 2. Background technology [0004] Vulnerability refers to a weakness or flaw in a system, the susceptibility of the system to a specific threat attack or dangerous event, or the threatening effect of an attack. Vulnerabilities may come from flaws in the design of application software or operating systems or errors in coding, or from design flaws or unreasonable logical processes during business interaction processing. These flaws, errors or unreasonables may be exploited intentionally or unintentionally to adversely affect an organization's assets or operations, such as information systems being attacked or controlled, important data being stolen, user data being tampered with, and syst...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 何永强朱鲲鹏吕承琨卞玉捷
Owner XINGHUA YONGHENG BEIJING TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com