Unlock instant, AI-driven research and patent intelligence for your innovation.

Macro-encryption-based malicious document detection method and apparatus, and medium

A detection method and technology of a detection device are applied in computer security devices, instruments, electronic digital data processing and other directions, and can solve the problem of document security detection that cannot analyze Office documents, cannot complete macro encryption, and macros that cannot be accessed by third parties. code and other issues to achieve the effect of security analysis and security detection

Pending Publication Date: 2021-03-30
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The macros of Office documents can be encrypted. In the case of unknown passwords, third parties cannot access the macro codes of Office documents, and cannot obtain the plaintext content of the macro codes, so that Office documents cannot be analyzed, resulting in the inability to complete the security of macro-encrypted documents. sex test

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Macro-encryption-based malicious document detection method and apparatus, and medium
  • Macro-encryption-based malicious document detection method and apparatus, and medium
  • Macro-encryption-based malicious document detection method and apparatus, and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The following will clearly and completely describe the technical solutions in the embodiments of the present invention in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0047] In order to enable those skilled in the art to better understand the solution of the present invention, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0048] Next, a method for detecting malicious documents based on macro encryption provided by an embodiment of the present invention is introduced in detail. figure 1 It is a flow chart of a method f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a macro-encryption-based malicious document detection method and apparatus, and a medium. According to a preset document analysis rule, an initial file of macro encryption is modified into a target file of a custom password; by modifying the password of the initial file, the macro code of the target file can be accessed by using the custom password to obtain the plaintext macro code of the target file. whether the plaintext macro code matches a preset code distribution rule or not is judged. if the plaintext macro code matches the preset code distribution rule, it shows that the macro code is maliciously modified, the initial file corresponding to the macro code is damaged, the reliability of the initial file cannot be guaranteed, and the initial file can be marked as a malicious file in order to avoid the system security problem caused by operating the initial file. According to the technical scheme, the plaintext macro code can be automatically obtained for macro decryption of the document, so that the security analysis of the document is realized, namely, the security detection of the macro encrypted document is realized.

Description

technical field [0001] The present invention relates to the technical field of file encryption, in particular to a macro-encrypted malicious document detection method, device and computer-readable storage medium. Background technique [0002] With the development of technology, especially the continuous improvement of phishing attack technology, malicious attackers usually implant malicious documents with macros in phishing attacks to lure victims to open the documents and trigger phishing attacks. Existing solutions can only directly analyze plaintext macro codes. In order to avoid sandbox detection and manual reverse analysis, malicious files will set passwords for macro codes. [0003] The macros of Office documents can be encrypted. In the case of unknown passwords, third parties cannot access the macro codes of Office documents, and cannot obtain the plaintext content of the macro codes, so that Office documents cannot be analyzed, resulting in the inability to complet...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 陆嘉杰范渊黄进
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD