Malicious software detection method and device, electronic equipment and storage medium

A malware and detection method technology, applied in the field of network security, can solve the problems of increased detection difficulty and low accuracy of malware identification

Pending Publication Date: 2020-06-19
SANGFOR TECH INC
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to hide malicious communication in legitimate communication traffic and increase the difficulty of detection, more and more malware uses changing domain names, IP addresses and encrypted network traffic to disguise, so traditional IoC-based malware identification is accurate low rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious software detection method and device, electronic equipment and storage medium
  • Malicious software detection method and device, electronic equipment and storage medium
  • Malicious software detection method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0038] see below figure 1 , figure 1 It is a flow chart of a malware detection method provided by the embodiment of the present application.

[0039] Specific steps can include:

[0040] S101: Obtain the ClientHello information sent by the client to the server;

[0041] Wherein, this embodiment may be applied to a client, may also be applied to a ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious software detection method. The detection method comprises the steps that Client Hello information sent by a client to a server is acquired; wherein the Client Helloinformation comprises a TLS protocol version of the client, a password suite, an extension item and key encryption information; according to the Client Hello information, TLS fingerprint informationof the client side is generated; judging whether a malicious fingerprint feature library comprises TLS fingerprint information of the client or not; and if so, judging that malicious software is detected. The method can improve the identification accuracy of malicious software. The invention further discloses a malicious software detection device, a storage medium and electronic equipment, which have the above beneficial effects.

Description

technical field [0001] The present application relates to the technical field of network security, and in particular to a malware detection method and device, an electronic device and a storage medium. Background technique [0002] In the field of network threat intelligence applications, malware is usually identified based on IoC (Indicators of Compromise, intrusion indicators), but this IoC-based malware identification method often needs to cooperate with file hash value (hash), domain name, Internet protocol address (Internet Protocol Address, IP address), Uniform Resource Identifier (Uniform Resource Identifier, URI) path, Hypertext Transfer Protocol User-Agent (HTTP User-Agent), and even network communication messages and many other information. In order to hide malicious communication in legitimate communication traffic and increase the difficulty of detection, more and more malware uses changing domain names, IP addresses and encrypted network traffic to disguise, so ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56H04L29/06
CPCG06F21/566H04L63/1408H04L63/145
Inventor 庞思铭
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap