A Trojan Horse Detection Method Based on Computer Memory Analysis Technology
A technology of memory analysis and detection method, which is applied to the detection of information security incidents and various computer attack incidents, and in the field of Trojan horse detection based on computer memory analysis technology, which can solve the problems of high false alarm rate, difficulty in finding malicious code, and difficulty in application , to achieve reliable detection results and prevent the impact of Trojan horse detection results
Active Publication Date: 2021-06-01
SHANDONG COMP SCI CENTNAT SUPERCOMP CENT IN JINAN
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0024] With the continuous development and maturity of malicious code detection technology, many malicious code detection methods have emerged. However, these methods have their limitations in the detection of special Trojans: signature scanning and broad-spectrum feature methods are difficult to find unknown malicious code. ; The heuristic method has a high false positive rate and is difficult to apply; the sandbox method is easily detected and circumvented by malicious code; the full traffic analysis method is difficult to detect unknown Trojans encrypted by communication
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0050] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.
[0051] like figure 1 As shown, a schematic diagram of the composition of the Trojan horse detection method based on the computer memory analysis technology of the present invention is provided. The Trojan horse detection method based on the memory analysis technology of the present invention includes behavior monitoring, malicious code detection, comprehensive analysis of disk information, and comprehensive correlation analysis. , The test result presents five parts.
[0052] The behavior monitoring part of the present invention includes four sub-parts: process operation behavior monitoring, registry behavior monitoring, file operation behavior monitoring, and network data monitoring; the malicious code detection part is based on memory analysis technology detection, including dynamic link library detection, malicious process Detection, hidden process ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The Trojan horse detection method based on computer memory analysis technology of the present invention includes behavior monitoring, malicious code detection, comprehensive analysis of disk information, comprehensive correlation analysis, and detection result presentation; behavior monitoring includes process operation, registry operation, file operation and network data monitoring , Malicious code detection includes dynamic link library detection, malicious process, hidden process detection, driver detection, comprehensive analysis of disk information includes registry startup items, file scanning, and PE file analysis. In the Trojan horse detection method of the present invention, for malicious codes protected by encryption, the state of the malicious codes in the memory is decrypted, and the detection of such malicious codes using the technology does not need to be decrypted, the detection results are more reliable, and rootkit attacks can be effectively prevented Impact on Trojan detection results.
Description
technical field [0001] The present invention relates to a method for detecting a Trojan horse, more specifically, to a method for detecting a Trojan horse based on computer memory analysis technology. This method will be applied in the field of information security, mainly for the detection of information security incidents and various computer attack incidents. Background technique [0002] a). Trojan horse; [0003] The name comes from the "Trojan horse" in ancient Greek mythology, because this type of malicious program, like the Trojan horse, is characterized by strong concealment and is not easy to be found. Here it specifically refers to a type of spy code that lurks after entering the host computer and sends information about the host computer to the Trojan horse operator. Once entering the computer, the Trojan horse program will actively search for system resources, obtain necessary legal conditions for existence, or avoid being captured and killed. After that, the ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/55G06F21/56
Inventor 徐丽娟王连海徐淑奖韩晓晖张睿超周洋
Owner SHANDONG COMP SCI CENTNAT SUPERCOMP CENT IN JINAN