Unlock instant, AI-driven research and patent intelligence for your innovation.

Malicious program publishing detection method, device and medium

A malicious program and detection method technology, applied in the field of network security, can solve problems such as blacklist failure, and achieve the effect of eliminating false positives

Active Publication Date: 2021-09-07
HANGZHOU GUYI NETWORK TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Attackers make blacklists permanently invalid with rapid changes to malicious domains

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious program publishing detection method, device and medium
  • Malicious program publishing detection method, device and medium
  • Malicious program publishing detection method, device and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that the relative arrangements of components and steps, numerical expressions and numerical values ​​set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.

[0028] At the same time, it should be understood that, for the convenience of description, the sizes of the various parts shown in the drawings are not drawn according to the actual proportional relationship.

[0029] The following description of at least one exemplary embodiment is merely illustrative in nature and in no way taken as limiting the invention, its application or uses.

[0030] Techniques, methods and devices known to those of ordinary skill in the relevant art may not be discussed in detail, but where appropriate, such techniques, methods and devices should be considered part of the descript...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present invention discloses a malicious program publishing detection method, device and medium, wherein the method includes: extracting summary information from the HTTP request message used to initiate file download, combining the summary information with the malicious and safe website identification library Match the identification information, if the matching is unsuccessful, use the decision classifier to classify the summary information, if it is determined that the summary information is the summary information for the suspicious malicious website, then generate the download connection information for the suspicious malicious resource of the suspicious malicious website , associating the download connection information of multiple suspicious malicious resources to determine the network release information of the suspicious malicious resources. The method, device and medium of the present invention can better describe the activities of the malicious program distribution network through the network node graph, pay attention to the mechanism of the malicious program distribution network and the attributes of the network infrastructure, and can detect malicious network activities that have not occurred before , thereby increasing the detection rate of malicious programs and improving network security.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a malicious program release detection method, device and medium. Background technique [0002] At present, the general malicious program download attack process can be divided into three stages. In the first stage, that is, the exploit stage, the attacker’s goal is to run a small piece of code on the victim’s host. For this, the attacker first prepares a Websites with downloadable exploit driver code. When the victim visits the malicious page, the browser fetches and executes the driver code. When the attack is successful, it forces the browser to execute the injected shellcode. In the subsequent second phase, the installation phase, the shellcode downloads the actual malware binary and launches it. Once the malware program is running, it exhibits its malicious activity in the third stage, the control phase, where, typically, the malware connects back to a rem...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0236H04L63/1433H04L63/145H04L67/02H04L67/06
Inventor 胡浩何小梅刘青王明华叶青青岑黎光董冬伟李冀
Owner HANGZHOU GUYI NETWORK TECH CO LTD