Intrusion kernel detection method and device, computing equipment and computer storage medium

A detection method and kernel technology, applied in the software field, can solve the problems of inability to know the attacker and the detection time is too late, and achieve the effect of preventing the process from invading the kernel

Pending Publication Date: 2021-02-02
BEIJING QIHOO TECH CO LTD
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1) The timing of the detection is too late, the attacker has already invaded the kernel and controlled the execution of the code, so it is easy to bypass the above detection methods
[00

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion kernel detection method and device, computing equipment and computer storage medium
  • Intrusion kernel detection method and device, computing equipment and computer storage medium
  • Intrusion kernel detection method and device, computing equipment and computer storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0025] figure 1 A flow chart of a detection method for kernel intrusion according to an embodiment of the present invention is shown. Such as figure 1 As shown, the detection method for intruding the kernel specifically includes the following steps:

[0026] Step S101 , extracting the feature information of the ROOT attack behavior of the process invading the kernel, and determining the corresponding detection conditions.

[002...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion kernel detection method and device, computing equipment and a computer storage medium, and the method comprises the steps: extracting the feature information of anintrusion kernel process for an ROOT attack behavior, and determining a detection condition corresponding to the feature information, wherein the detection conditions comprise suspicious attack detection conditions and determined attack detection conditions; setting multi-stage detection at different module layers of the equipment to detect the to-be-detected process, wherein each stage of detection corresponds to different detection conditions; and determining whether the to-be-detected process is a process invading the kernel or not according to a detection result of the multi-stage detection. Corresponding detection conditions are determined according to feature information extracted from a process invading a kernel, multi-level detection is set in different module layers of equipmentto detect to-be-detected processes in a targeted mode, attack behaviors of the processes can be effectively detected before the to-be-detected processes attack ROOT or in the attack process, and therefore process execution is prevented, and the process from invading kernel is avoided.

Description

technical field [0001] The present invention relates to the field of software, in particular to a method and device for detecting an intrusion kernel, computing equipment, and a computer storage medium. Background technique [0002] The goal of an attacker invading the kernel is to obtain the ROOT privilege of the device, so that the ROOT privilege can be used to control the entire device. Based on kernel security considerations, device manufacturers set ROOT-related detection in the device before the device leaves the factory to detect whether it is attacked. There are also various methods for detecting ROOT in the prior art. However, the detection of the ROOT in the device manufacturer and the prior art is based on the detection of the device and the compromised kernel. The attack behavior of kernel intrusion generally needs to be divided into multi-step attacks to complete. The detection method in the prior art is often when the attack is nearly completed, and the devi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55
CPCG06F21/55
Inventor 周明建姚俊王彦峰窦文科张继
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap