Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for acquiring behavior stack information

An acquisition method and behavior technology, applied in the security field, can solve the problems of interfering with the normal running process of terminal equipment, interfering with the normal use of terminal equipment by users, and low efficiency of acquiring behavior stack information, so as to avoid the normal running process, ensure the normal use, and improve the Get the effect of efficiency

Active Publication Date: 2021-01-15
QI AN XIN SECURITY TECH ZHUHAI CO LTD +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, only the behavior stack information corresponding to the injected process can be obtained through each capture module, and multiple processes can usually be created on the terminal device. If the behavior stack information is obtained through the above method, the steps of injecting the capture module need to be repeated, resulting in behavior stack The steps of information acquisition are complicated, resulting in low efficiency of behavior stack information acquisition
In addition, when the process is created, it means that the terminal device is running the process. At this time, injecting the capture module into the process will interfere with the normal running process of the terminal device, thereby interfering with the normal use of the terminal device by the user

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for acquiring behavior stack information
  • Method and device for acquiring behavior stack information
  • Method and device for acquiring behavior stack information

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0057] As described in the background, at present, the behavior stack information of a process is usually obtained by injecting a capture module into the process. However, only the behavior stack information corresponding to the injected process can be obtained through each capture module, and multiple processes can usually be created on the terminal device. If the behavior stack information is obtained through the above method, the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a behavior stack information acquisition method and device, and relates to the technical field of security, and mainly aims to acquire the behavior stack information of all processes on terminal device without repeatedly injecting a capture module into the processes and simplify the acquisition steps of the behavior stack information, so that the acquisition efficiency of the behavior stack information can be improved. In addition, the normal operation process of the terminal device can be prevented from being interfered, and a user can normally use the terminal device.The method comprises the following steps: monitoring a behavior event of a running process in terminal device in a kernel layer of the terminal device; when it is monitored that the behavior event occurs, stack information backtracking is conducted on system calling of the running process in a current process thread space corresponding to the behavior event, and behavior stack information of therunning process is obtained. The method and the device are suitable for acquiring the behavior stack information.

Description

technical field [0001] The present invention relates to the field of security technology, in particular to a method and device for acquiring behavior stack information. Background technique [0002] With the rapid development of Internet technology, more and more application programs appear and are widely applied to terminal devices in order to facilitate users' life and work. Therefore, in order to avoid terminal device data leakage and cause user property loss, terminal device data security becomes more and more important. In practical applications, the behavior stack information of the process in the terminal device is usually obtained, and the behavior stack feature database is constructed according to the behavior stack information, and then the behavior stack feature database is used as the basis for judging the normal operation behavior and abnormal operation behavior of the process, so as to provide Virus and Trojan horse detection and killing add new means to prote...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 王明广杨晓东游勇杨小波
Owner QI AN XIN SECURITY TECH ZHUHAI CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products