Check patentability & draft patents in minutes with Patsnap Eureka AI!

Malicious code detection method and device

A malicious code detection and malicious code technology, applied in the direction of platform integrity maintenance, etc., can solve problems such as malicious code cannot be protected, malicious code is not allowed to be executed, and detection methods cannot be detected, etc., and achieves the effect of fine-grained protection.

Active Publication Date: 2022-02-15
北京椒图科技有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, for unknown malicious codes and malicious codes generated after known malicious codes are transformed, this detection method cannot detect, and thus cannot avoid malicious codes posing a threat to network security issues under the Linux operating system
[0005] The second is the preset whitelist program. If an attacker implants malicious code into programs other than the whitelist program, the malicious code will not be allowed to execute because these programs are not included in the whitelist program. Therefore, malicious code can be avoided. The code poses a threat to network security issues under the Linux operating system. However, if the attacker implants malicious code into the whitelist program, the malicious code will be allowed to execute. Security issues pose a threat
[0006] It can be seen that the existing malicious code protection methods cannot protect some malicious codes, resulting in low reliability of malicious code protection. Therefore, how to improve the reliability of malicious code protection has become a technical problem that needs to be solved by those skilled in the art.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method and device
  • Malicious code detection method and device
  • Malicious code detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] This embodiment 1 provides a malicious code detection method from the perspective of the security protection system of the Linux operating system host, specifically, see figure 1 , the method may specifically include:

[0053] S101: Obtain the calling path of the sensitive function during the execution of the program of the Linux operating system;

[0054] S102: When the calling path is not a sensitive path, determine that there is a threat of malicious code in the program of the Linux operating system.

[0055] It should be noted that the sensitive function is a function that can access the resources of the Linux operating system, and / or a function that can change the state of the Linux operating system, and the sensitive path is a function other than the sensitive function set by the Linux operating system A call path other than the normal call path for .

[0056] The malicious code detection method provided by this embodiment, by obtaining the calling path of the s...

Embodiment 2

[0058] The second embodiment is based on the first embodiment, and provides another malicious code detection method from the perspective of the security protection system of the Linux operating system host, specifically, see figure 2 , the method may specifically include:

[0059] S201: Determine the sensitive function and determine the sensitive path;

[0060] As a kind of implementable mode, the file operation function, creation process function, memory operation function, network access function and system-related functions in the program of determining Linux operating system are sensitive functions in this application:

[0061] Wherein, the file operation function includes any one or more of open function, openat function, openat64 function, read function, pread function, write function and writev function;

[0062] The creation process function includes any one or more of execve function, clone function and fexecve function;

[0063] The memory operation function inclu...

example 1

[0075] First, the dlsym function in the sensitive path after instrumentation will be monitored at the first time, and it is found that it further calls the syscall function, and the syscall function is also instrumented, and will continue to monitor, and it is further found that the openat64 in the sensitive function is called through the syscall function function, through the above tracking, it is determined that the calling path of the openat64 function in the sensitive function is "calling through the syscall function".

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application discloses a malicious code detection method and device, by obtaining the calling path of the sensitive function during the execution of the program of the Linux operating system, and determining whether the calling path is a sensitive path, when it is determined that the calling path is a sensitive path, that is It is determined that there is a threat of malicious code in the program of the Linux operating system. Different from the malicious code protection method in the prior art, the solution provided by the embodiment of the present application is to detect malicious code based on the function call relationship contained in the program of the operating system, and can detect unknown malicious code, and the existing Malicious code generated after malicious code transformation is known, and compared with the protection of malicious code by programs based on the Linux operating system, its protection granularity is finer, so that even if malicious code is implanted into a whitelist program, it can be effectively detected.

Description

technical field [0001] The present application relates to the technical field of network security protection, and more specifically, relates to a malicious code detection method and device. Background technique [0002] With the rapid development of network and computer technology, the Linux operating system is gradually used by more and more network users, and the network security issues under the Linux operating system are receiving more and more attention. At present, the network security problems under the Linux operating system are mostly caused by attackers implanting malicious codes (such as viruses, worms, backdoor programs, etc.) into the programs of the Linux operating system. Security poses a threat, and it is usually necessary to protect against malicious codes implanted in programs of the Linux operating system. [0003] In the prior art, there are mainly the following two protection methods for malicious codes commonly used: [0004] The first type detects ma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 贾佳
Owner 北京椒图科技有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com