Malicious script detection method and device and storage medium

A malicious script and detection method technology, which is applied in the field of network security, can solve the problems that cannot be detected and killed correctly, sandbox and other devices cannot be effectively identified, and file format identification is difficult

Active Publication Date: 2020-07-14
SANGFOR TECH INC
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] 2. Most malicious scripts have forged suffixes, which makes it difficult to identify file formats, and sandboxes and other devices cannot effectively identify them
[0009] 3. Most downloader malicious scripts will pull Internet viruses and execute them in memory, and the virus parent will not be saved on the victim's disk, so even if anti-virus software is installed, it cannot be detected and killed correctly (that is, a typical fileless attack)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious script detection method and device and storage medium
  • Malicious script detection method and device and storage medium
  • Malicious script detection method and device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0081] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the drawings in the embodiments of the present invention.

[0082] Such as figure 1 As shown, the embodiment of the present application provides a malicious script detection method, including:

[0083] S101. Obtain a file to be detected.

[0084] The malicious script detection method in the embodiment of the present application can be applied to a host device or a mobile device (malicious script detection device), and monitor malicious script files by obtaining the files to be detected stored or received in the host device or mobile device .

[0085] Among them, the files to be detected mainly include files downloaded by the host device or mobile device through the Web, files transferred by FTP, SMB intranet, and office macro script files that may exist in email attachments.

[0086] S102. Perform text recognition on the file to be ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Embodiments of the invention disclose a malicious script detection method and device, and a storage medium. The method comprises the step: obtaining a to-be-detected file; performing text recognitionon the to-be-detected file to obtain a to-be-detected text; detecting whether the to-be-detected text has at least one specific behavior feature or not; if the at least one specific behavior characteristic exists, carrying out association rule mining processing on the at least one specific behavior characteristic, wherein an association behavior characteristic combination meeting preset conditionsis determined, and the preset conditions are the minimum support degree and the minimum credibility of the behavior characteristic combination; obtaining a scoring result corresponding to the associated behavior feature combination; judging whether the to-be-detected file is a malicious script or not based on the scoring result. According to the method, text recognition is carried out on the to-be-detected file, the behavior that a malicious script falsifies a suffix is eradicated, association analysis is carried out on the behavior characteristics of the to-be-detected file, judgment of themalicious script has better interpretability, and the technical effect of false alarm is reduced.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a malicious script detection method, device and storage medium. Background technique [0002] As the current anti-virus technology matures, traditional PE viruses are increasingly difficult to penetrate into the host network, and are often blocked by gateway security devices such as AF and WAF. Therefore, more and more network attacks begin to use malicious scripts to bypass (bypass), because most security products do not have the ability to detect plain text files, and often adopt a release strategy to achieve the goal of invading user hosts. Effect. [0003] The existing technology mainly adopts the following methods to prevent such attacks: [0004] 1. Deploy firewalls, virus gateways, sandboxes and other devices at the network egress to monitor and kill incoming traffic. [0005] 2. Install anti-virus software on the terminal machine for overall monitoring and kil...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/145H04L63/1408H04L63/1416
Inventor 杨玉华蒲大峰
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap