Unlock instant, AI-driven research and patent intelligence for your innovation.

File-free attack detection method and device

An attack detection and file technology, applied in the field of information security, can solve the problem of inability to detect macro code attacks, and achieve the effect of protecting security

Pending Publication Date: 2022-03-22
BEIJING QIANXIN TECH +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention provides a fileless attack detection method and device to solve the defect in the prior art that the Excel 4.0 macro code attack cannot be detected by means of DCOM

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • File-free attack detection method and device
  • File-free attack detection method and device
  • File-free attack detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the purpose, technical solutions and advantages of the present invention clearer, the technical solutions in the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the present invention. Obviously, the described embodiments are part of the embodiments of the present invention , but not all examples. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0027] figure 1 It is a schematic flowchart of an embodiment of a fileless attack detection method provided by the present invention. Such as figure 1 As shown, the fileless attack detection method includes the following steps:

[0028] S101. Receive a message based on a remote procedure call protocol through a receiving function in the Excel process of the Hook.

[0029] In step S101, Ho...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a non-file attack detection method and device, and the method comprises the steps: receiving a message based on a remote procedure call protocol through a receiving function in an Excel process of Hook; obtaining an interface identifier and a function identifier of the request in the message based on the remote procedure call protocol; according to the requested interface identifier and the requested function identifier, determining a function of an interface for message access based on the remote procedure call protocol; comparing the message based on the remote procedure call protocol with a function of the interface, and determining whether a target macro code in the message based on the remote procedure call protocol accesses the interface or not based on a comparison result; and if the target macro code accesses the interface, intercepting the receiving function. By identifying the target macro code of the access interface and intercepting the receiving function where the target macro code is located, the detection and interception of the non-file attack based on the macro code can be realized, and the safety of the system is protected.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a fileless attack detection method and device. Background technique [0002] The existing macro code attack detection technology resists macro virus attacks through static malicious feature matching, parsing OLE file format, and violently clearing macro code data. [0003] A fileless attack method, using Excel to support DCOM interaction, can execute Excel4.0 macro code through DCOM to realize the attack on files. [0004] Excel supports the interactive mode of DCOM. Due to the characteristics of DCOM, it supports cross-process and cross-network calls. When using DCOM to attack, the victim does not need to actively open the document file to complete the attack. Since there is no file path when a DCOM attack occurs, it is impossible to defend against macro virus attacks by matching static file characteristics and parsing Excel file formats. Contents of the inventio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55
CPCG06F21/554
Inventor 王丹阳
Owner BEIJING QIANXIN TECH