Real-time threat detection method

An algorithm and information flow technology, applied in the field of system security, can solve the problems of unsatisfactory effect and high false positive rate of threat detection, and achieve the effect of improving security and usability and reducing damage.

Inactive Publication Date: 2018-05-15
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF12 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Embodiments of the present invention provide a method for detecting real-time threats to solve the problems of high misjudgment rate and unsatisfactory effects in threat detection in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time threat detection method
  • Real-time threat detection method
  • Real-time threat detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] In order to enable those skilled in the art to better understand the technical solutions in the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described The embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.

[0058] Such as figure 1 As shown in , a method for detecting real-time threats, by tracking the information flow at the system level, forming a chain relationship diagram of specific processes and executable file objects, and monitoring and detecting system calls for the objects involved in the relationship diagram .

[0059] Such as ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a real-time threat detection method. According to the method, a chain relation graph of specific processes and executable file objects is formed by tracking an information stream on a system level, system calling monitoring is performed according to the objects involved in the relation graph, and the objects are detected. The method comprises the specificsteps that system calling in the program execution process is monitored and recorded; quick detection is performed on a program; whether program threat exceeds a stipulated value is judged, if yes, next operation is performed, and otherwise monitoring continues to be executed; deep detection is performed on the program; and the program threat is recognized, if the program process is normal, the threat is eliminated, and quick detection is continued, and otherwise threat response is performed. Through the method, security threat, such as file viruses, Trojan horses and ransomware, running in ahost can be recognized effectively and accurately; and meanwhile, damage of unknown malicious codes to a host file can be relieved, and the security and availability of a terminal host system are remarkably improved.

Description

technical field [0001] The invention relates to the technical field of system security, in particular to a method for detecting real-time threats. Background technique [0002] The key to host security protection lies in the ability to detect and prevent malicious code attacks. In terms of malicious code protection, the detection principle of domestic security vendors is basically based on signature signatures. The advantage of this detection method is that the matching speed is fast and the false positive rate is low, but the premise is that the malicious code does not change during its software life cycle. Unfortunately, most viruses and Trojan horses will produce a large number of mutations in a short period of time, and code obfuscation techniques such as deformation, encryption, and polymorphism have been widely used. At the same time, the explosive growth trend of malicious code scale also makes it more and more difficult to update and maintain the signature signatur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/53G06F21/56G06K9/62
CPCG06F21/53G06F21/554G06F21/566G06F18/24
Inventor 张尧
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap