Software detection method, device, equipment and medium

A detection method and software technology, applied in the computer field, can solve problems such as inability to effectively detect ransomware and difficulty in ensuring the security of computer systems, and achieve the effect of high reliability and security.

Inactive Publication Date: 2019-01-15
SANGFOR TECH INC
View PDF6 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The current method commonly used to detect ransomware is to automatically generate some files with specific file suffixes in the specified directory of the computer system working environment as bait files, and monitor whether the target software encrypts the bait files , to determine whether the target software is ransomware, but since it is impossible to predict the files in which directory the ransomware will encrypt, when the decoy file is not set properly, not only the ransomware cannot be effectively detected, but it may also cause damage to the computer system. Normal files are encrypted by ransomware, which makes it difficult to guarantee the security of the computer system. In addition, judging whether the target software is ransomware based only on the encryption operation of the target software can easily lead to misjudgment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software detection method, device, equipment and medium
  • Software detection method, device, equipment and medium
  • Software detection method, device, equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] figure 1 It is a flowchart of a software detection method provided by an embodiment of the present invention. Please refer to figure 1 , the specific steps of the detection method of the software include:

[0045] Step S10: Obtain a feature set recording various behavioral features belonging to ransomware.

[0046] It should be noted that the feature set referred to in this step records various behavioral features that ransomware often executes, and it needs to be emphasized that the behavioral feature in the feature set in this step is not limited to one.

[0047] Step S11: transferring the target software to the sandbox, and running the target software in the sandbox.

[0048] It should be noted that the sandbox is a virtual system environment based on virtualization technology. The programs running in this environment are all independent. After the sandbox is closed, all operations performed in the sandbox will be restored, and will not affect The computer system...

Embodiment 2

[0056] In order to facilitate the understanding of the first embodiment above, the following provides an embodiment of this solution in an actual scenario:

[0057] Users mark unknown and suspicious samples that cannot be obtained through cloud scanning or static scanning as target software. When running the target software on the user's host, the target software needs to be uploaded to the cloud sandbox to determine the behavior characteristics. The content of the judgment is to first obtain the feature set that records the behavioral features of the ransomware, monitor the working content of the target software, and then judge whether the operating behavior of the target software matches the preset number of behavioral features in the feature set. , it is determined that the target software is ransomware, and then the user is prompted and removed in time. If it is not ransomware, no processing is performed.

Embodiment 3

[0059] On the basis of the above embodiments, the present invention also provides the following series of preferred implementation manners.

[0060] As a preferred implementation, the specific operation content of the behavioral features in the feature set includes:

[0061] Obtain the disk directory through the GetDriveType system function, traverse the original files in the disk directory, and encrypt the original files.

[0062] It should be noted that the ransomware may search the files in a certain disk directory by traversing the disk directory, and find the original files that meet the conditions for modification and encryption. During specific execution, ransomware often traverses the disk directory through the GetDriveType system function, then traverses the original files in the corresponding disk directory through functions such as FindFirstFile and FindNextFile, and finally performs operations such as CreateFile and WriteFile to encrypt the corresponding original f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software detection method, a device, equipment and a medium. The method comprises the following steps: transmitting a target software to a sandbox and running the target software in the sandbox; acquiring a feature set in which behavioral characteristics belonging to the extortion software are recorded; monitoring and judging whether the operation behavior of the target software matches with a preset number of behavior characteristics in the feature set; If so, the target software is judged to be blackmail software. As the sandbox is a stand-alone virtual work environment built on a computer system, even if the target software is blackmail software, in addition, the method takes multiple behavioral characteristics as the basis for judging the extortion software, and has relatively higher reliability than judging the extortion software only based on a certain behavioral characteristic. The invention also discloses a method for judging the extortion software based on the behavior characteristics. In addition, the invention also provides a software detecting device, a device and a medium, the beneficial effects of which are as described above.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to a software detection method, device, equipment and medium. Background technique [0002] Ransomware is one of the more popular types of malware at present. It encrypts user files under the computer system, etc., so that the user's data assets or computing resources cannot be used normally, and extorts money from the user on this condition. Such user data assets include documents, emails, databases, source codes, pictures, compressed files and other files. [0003] The current method commonly used to detect ransomware is to automatically generate some files with specific file suffixes in the specified directory of the computer system working environment as bait files, and monitor whether the target software encrypts the bait files , to determine whether the target software is ransomware, but since it is impossible to predict the files in which directory the ransomware w...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/53G06F21/56
CPCG06F21/53G06F21/562
Inventor 王正
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap