Shellcode detection method and device

A detection method and technology to be detected, applied in the field of information security, can solve the problems of special codes not working, code detection of hidden time behavior, huge time and cost consumption, etc.

Pending Publication Date: 2018-01-09
BEIJING QIANXIN TECH
View PDF6 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, dynamic detection does not work at all for a special part of the code
For example, shellcode that uses anti-virtualization technology cannot be detected through dynamic detection at all; secondly, when performing dynamic detection, in order to improve efficiency, an effective detection time is often set, and some behavior codes that hide for a long time It is also impossible to detect through dynamic detection
On the other hand, if static detection is used, the signature sequence must be pre-defined by security experts. Once the characteristics of the shellcode change, manpower and material resources need to be re-invested to analyze the sample, which consumes a lot of time and cost.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Shellcode detection method and device
  • Shellcode detection method and device
  • Shellcode detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0168] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0169] refer to figure 1 , shows a flow chart of the steps of an embodiment of a shellcode detection method according to an embodiment of the present application, which may specifically include the following steps:

[0170] Step 101, obtaining instruction information of the shellcode to be detected;

[0171] In the embodiment of the present application, the shellcode to be detected may be a new shellcode sample captured by securit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Embodiments of the invention provide a shellcode detection method and device. The method comprises the following steps of: obtaining instruction information of a to-be-detected shellcode; generating feature data of the to-be-detected shell code by adoption of the instruction information; respectively calculating a similarity between the to-be-detected shellcode and each shellcode category in a preset shellcode sample library according to the feature data; and determining a category of the to-be-detected shellcode according to the similarity, so as to deploy a corresponding preventive measure for the shellcode and then avoid the occurrence of safety accidents. According to the method and device, codes of the to-be-detected shellcode do not need to be executed line by line, and safety experts do not need to pre-define feature sequences, so that the consumption of resources such as human cost and the like is decreased and the shellcode detection efficiency is improved.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a shellcode detection method, a shellcode detection device, a shellcode sample library generation method and a shellcode sample library generation device. Background technique [0002] Shellcode refers to a piece of binary code that can complete special tasks, and can call or establish a shell (shell) with higher authority according to different tasks. Shellcode is the core of overflow programs and worms. It is generally sent to the attacked server as data. By sending a piece of binary code to an unpatched and vulnerable host and executing it, the control of the target machine can be obtained, and then implemented. Hacktivism. However, if the type of shellcode can be detected in advance, corresponding preventive measures can be deployed to avoid security incidents. [0003] In the prior art, the detection of shellcode mainly includes two methods of dynami...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 王占一
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap