Method and device for processing drive programs, and storage medium

A technology of drivers and processing methods, which is applied in the field of information security, can solve the problems of narrow detection range, poor accuracy, and inability to detect abnormal drivers, etc., and achieve the effect of comprehensive detection range and improved accuracy

Active Publication Date: 2018-06-29
TENCENT TECH (SHENZHEN) CO LTD
View PDF5 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the process of implementing the embodiments of the present invention, the inventors found that the above-mentioned related technologies have at least the following problems: the above-mentioned method of detecting abnormal drivers can only detect known abnormal drivers, but cannot detect unknown abnormal drivers. Narrow range, poor accuracy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for processing drive programs, and storage medium
  • Method and device for processing drive programs, and storage medium
  • Method and device for processing drive programs, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0044] The embodiment of the present invention provides a driver processing method, which can be applied to the scenario of terminal security detection, by analyzing the behavior of each driver on the terminal and comparing it with the preset behavior in the preset conditions , thus detecting abnormal drivers.

[0045] In a possible implementation, the terminal can install a specified application with a security detection function, and execute the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An embodiment of the invention discloses a method and a device for processing drive programs, and a storage medium, and belongs to the field of information safety. The method includes determining theto-be-detected target drive programs; acquiring preset conditions comprising at least one type of preset behavior of exception drive programs; carrying out behavior analysis on the target drive programs according to behavior patterns of the preset behavior in the preset conditions and behavior patterns of the target drive programs and determining whether the target drive programs have the preset behavior specified by the preset conditions or not; determining that the target drive programs are the exception drive programs when the target drive programs have the preset behavior specified by thepreset conditions. The method, the device and the storage medium in the embodiment of the invention have the advantages that behavior of the target drive programs is detected according to the preset behavior of the exception drive programs, whether the target drive programs are the exception drive programs or not can be determined, accordingly, the known exception drive programs can be detected, the unknown exception drive programs further can be detected, the method and the device are comprehensive in detection range, and the accuracy can be improved.

Description

technical field [0001] The embodiments of the present invention relate to the field of information security, and in particular to a driver processing method, device and storage medium. Background technique [0002] Rootkit refers to an abnormal driver with malicious behavior. It often hides information such as itself and specified files, processes, and network links on the terminal. The hidden information has certain malicious behaviors, thereby causing great harm to the terminal. Even It will cause property damage to users. Therefore, how to accurately detect Rootkit becomes an urgent problem to be solved. [0003] see figure 1 , in related technologies, known abnormal drivers are usually obtained, and the MD5 (Message Digest Algorithm, message digest algorithm fifth edition) values ​​of these abnormal drivers are determined, thereby creating an abnormal feature library including the MD5 values ​​of the abnormal drivers, And determine the specified directory where abnorm...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033Y02D10/00
Inventor 全永春饶帅程虎
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap