Unlock instant, AI-driven research and patent intelligence for your innovation.

A sandbox monitoring method and device

A sandbox and process technology, applied in the field of network security, can solve problems such as low difficulty in implementation, analysis of malicious code interference, and non-execution of malicious code

Active Publication Date: 2021-09-28
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, the sandbox is implemented inside the virtual machine and monitored through hooks (Hook). Hook is a method for monitoring system call sequences by injecting code when executing system calls. However, this monitoring method implements The difficulty is low, and it is easy for malicious code to find that it is running in the sandbox by checking the well-known Hook points, so that the relevant malicious code in the sample will not be executed in the sandbox environment, which will bring security researchers to analyze the malicious code. interference

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A sandbox monitoring method and device
  • A sandbox monitoring method and device
  • A sandbox monitoring method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The embodiment of the present invention provides a sandbox monitoring method. By monitoring the system call generated by the process of the program to be analyzed, the system call and its parameters and the result of the system call are passed to the sandbox analysis process for analysis, and then It avoids the defect that when the sandbox monitoring technology is implemented through Hook, it is easy to be reversed by malicious code by checking the well-known Hook points.

[0026] The specific implementation manners of a sandbox monitoring method and device provided in the embodiments of the present invention will be described below with reference to the drawings in the description.

[0027] A sandbox monitoring method provided by an embodiment of the present invention, such as figure 1 As shown, it specifically includes the following steps:

[0028] S101, start the program to be analyzed in the sandbox;

[0029] S102. Determine the process ID of the program to be ana...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the present invention provide a sandbox monitoring method and device, which are used to reduce the possibility of malicious code reverse engineering by checking known Hook points. The method includes: starting the program to be analyzed in the sandbox; determining the process ID of the program to be analyzed; during the running of the program to be analyzed, determining that the interrupt currently generated or the specific instruction executed is a system call; determining the system call Generated by the process identified by the process ID of the program to be analyzed; obtain the system call and its parameters, and obtain the result of the system call, so that the obtained system call and its parameters and the result of the system call Passed to the sandbox analysis process for analysis.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a sandbox monitoring method and device. Background technique [0002] With the development and popularization of computer technology, computer applications have fully penetrated into people's work and life, and have become an indispensable important tool and home entertainment equipment for people. With the widespread use of computers, corresponding computer security issues will also arise. Faced with the temptation of money, some hackers will take advantage of computer security holes to steal user's computer information and destroy the computer system through corresponding malicious programs, causing huge economic losses to the majority of computer users. [0003] In order to detect related malicious programs, computer security researchers have developed corresponding antivirus tools, such as running a piece of unknown code in a sandbox, and analyzing whether the unkno...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53G06F21/56
CPCG06F21/53G06F21/566
Inventor 关墨辰李林哲王永亮王小丰肖新光
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com