Threat tracing method and device of malware

A malicious software and event technology, applied in the direction of platform integrity maintenance, etc., can solve the problems of active defense that cannot trace threats and consume network resources, and achieve the effects of avoiding secondary attacks, reducing network resources, and high processing efficiency

Active Publication Date: 2017-10-24
ALIBABA GRP HLDG LTD
View PDF3 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The purpose of this application is to provide a threat source method and device for malicious software, to achieve the purpose of real-time threat source tracking, to solve the problem that active defense cannot be used for threat source tracking, and to use big data analysis to perform threat source source consuming network resources and lag. The problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat tracing method and device of malware
  • Threat tracing method and device of malware
  • Threat tracing method and device of malware

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] Before discussing the exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although the flowcharts describe operations as sequential processing, many of the operations may be performed in parallel, concurrently, or simultaneously. In addition, the order of operations can be rearranged. The process may be terminated when its operations are complete, but may also have additional steps not included in the figure. The processing may correspond to a method, function, procedure, subroutine, subroutine, or the like.

[0028] The "node" and "load balancing device" referred to in this context are computer devices, which refer to intelligent electronic devices that can perform predetermined processing procedures such as numerical calculations and / or logical calculations by running predetermined programs or instructions, which may include processing The processor and the memory,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a threat tracing method and a threat tracing device for malware. The method comprises the following steps of building an association relation between nodes according to a bottom-layer event when the bottom-layer event of software is monitored, wherein each node is corresponding to a progress or a file of the bottom layer event; and when the progress of the malware is detected, searching and recording all dangerous progress and files related to the detected progress according o the built association relation. An association relation network between the nodes is built and updated in real time, so that a threat can be quickly traced based on the association relation network; compared with a big data analysis network tracing mode, the threat tracing method is reduced in consumption of network resources and even does not consume the network resources, and processing efficiency is high.

Description

technical field [0001] The present application relates to the technical field of software security, and in particular to a threat source tracing method and device for malicious software. Background technique [0002] Traditional anti-malware tools analyze and update the signature database by continuously responding to malware; and then use the signature matching in the signature database to deal with newly generated malware. This method has a certain lag and cannot accurately defend against unknown malware. [0003] The rise of active defense has solved this problem to a certain extent, by analyzing whether a process is a malicious process through behavioral judgment, and then allowing or blocking it. However, some well-designed malicious software often has complex links, and the detection of active defense is generally the last link. Even if the process is blocked or the malicious program is deleted, the entrance (or source) of the attack has not been found. There is stil...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/56
Inventor 姬生利
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap