Java Web application memory Trojan horse detection method, terminal equipment and storage medium

A memory Trojan horse and detection method technology, applied in software engineering design, creation/generation of source code, instrument, etc., can solve problems such as large resource consumption, abnormal process crash, and impact on business applications, so as to achieve low resource consumption and avoid I/O The effect of the O operation

Active Publication Date: 2021-08-27
XIAMEN FUYUN INFORMATION TECH CO LTD +1
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its advantage is that the detection rate of internal testing Trojans is high, but the cpu usage of the target process and the resource consumption of the system IO are relatively large. Using JMC, the official tool of JDK, it is found that the usage rate of 1-core 2G cpu soars to 80% to 90% during the detection process. Between, seriously affecting the business application, there is a probability that the process will directly lead to an abnormal crash

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Java Web application memory Trojan horse detection method, terminal equipment and storage medium
  • Java Web application memory Trojan horse detection method, terminal equipment and storage medium
  • Java Web application memory Trojan horse detection method, terminal equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] The embodiment of the present invention provides a Java Web application memory Trojan detection method, such as figure 1 As shown, the method includes the following steps:

[0025] S1: Obtain a Class byte stream from a running Java Virtual Machine (Java Virtual Machine, JVM).

[0026] In this embodiment, the Class byte stream is obtained from the running Java virtual machine by Java agent technology, such as figure 2 As shown, the specific implementation method is as follows: write a jar file in advance according to the Java agent technical specification, use VirtualMachine.attach(pid) to inject the written jar file into the target process, register the conversion class file class ClassFileTransformer in the Java virtual machine, and call After InstrumentationUtils#retransformClasses redefines the Class, the Class byte stream running in the Java virtual machine can be captured.

[0027] S2: Parse the Class byte stream into recognizable Constant and Method.

[0028] ...

Embodiment 2

[0052] The present invention also provides a Java Web application memory Trojan detection terminal device, including a memory, a processor, and a computer program stored in the memory and operable on the processor, when the processor executes the computer program The steps in the above method embodiment of Embodiment 1 of the present invention are realized.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a Java Web application memory Trojan horse detection method, terminal equipment and a storage medium. The method comprises the following steps: S1, acquiring a Class byte stream from a running Java virtual machine; s2, the Class byte stream is analyzed into an identifiable Constance and an identifiable Method, and the Class byte stream is analyzed into the identifiable Constance and the identifiable Method; and S3, according to a sensitive rule base formed by sensitive rules, matching the analyzed Constant with the analyzed Method, According to a matching result, judging the risk of the Class byte stream. Compared with a traditional detection method, the method has the advantages that the resource consumption is lower, the influence on the operation of a service system is smaller, and a large amount of I/O operation is avoided.

Description

technical field [0001] The invention relates to the field of Trojan horse detection, in particular to a Java Web application memory Trojan horse detection method, a terminal device and a storage medium. Background technique [0002] Web application systems are now widely used in important business lines such as social networking, shopping, and mail, and occupy a very important position in network assets. The system is subject to a wide range of attacks and many attack technologies, making the system vulnerable to intrusion. "Fileless horse" (memory horse) is a fileless horse on the "host layer security side". Its implementation methods include: process injection (shellcode injection), WMI backdoor (resident malicious payload), remote execution of download commands (such as: powershell , mshta, regsvr32, etc.). The fileless horse (memory horse) of the "application layer security plane" is to make malicious Code resides in memory, and attackers often use memory horses for pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F8/30
CPCG06F21/566G06F8/315Y02D10/00
Inventor 曾祥江郑杭杰杨雅芳陈奋陈荣有
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap