Malicious software interception method and device based on kernel module

A kernel module and malware technology, applied in the field of network security, can solve problems such as the impossibility of malware attacks, and achieve the effect of avoiding post-event detection and repair

Active Publication Date: 2020-06-09
BEIJING QIANXIN TECH +1
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, there are certain defects in the above-mentioned several technical solutions, that is, after the malware is loaded into the kernel module, it is confirmed whether there is a malware attack by means of detection; , it also needs to be processed by manual operation and maintenance, so as to eliminate the adverse effects of malware attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software interception method and device based on kernel module
  • Malicious software interception method and device based on kernel module
  • Malicious software interception method and device based on kernel module

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0047] figure 1 It is a flowchart of an embodiment of the method for intercepting malicious software based on a kernel module of the present invention, such as figure 1 As shown, a method for intercepting malicious software based on a kernel module provided in an embodiment of the present invention includes the following steps:

[0048] S101: De...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a malicious software interception method and device based on a kernel module, and the method comprises the steps: determining that a kernel module loading notification is detected, carrying out the legality detection of kernel module information, and obtaining a legality detection result; wherein the legitimacy detection at least comprises detecting whetheran anti-initialization function exists; and if it is determined that the legality detection result is illegal, determining that malicious software loads the kernel module, and intercepting the malicious software. The device executes the method. According to the method and the device provided by the embodiment of the invention, malicious software can be intercepted in time, so that after-event detection and repair carried out after the kernel module is loaded by the malicious software are avoided.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a kernel module-based malicious software interception method and device. Background technique [0002] Linux is a set of Unix-like operating systems that are free to use and spread freely. It is a POSIX and UNIX-based multi-user, multi-tasking, multi-threading and multi-CPU operating system. It can run major UNIX utility software, application programs and network protocols. It supports 32-bit and 64-bit hardware. Linux inherits Unix's network-centric design idea and is a multi-user network operating system with stable performance. [0003] Along with the extensive application of Linux system, more and more malicious softwares attack the kernel module of Linux system, thereby brought great harm to the system security of Linux system, prior art adopts following means to handle: [0004] 1. Scan the local file system to detect the characteristic files of malware, so as t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/562Y02D30/50
Inventor 屈梦梦李常坤张聪汤迪斌
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap