Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for interfering malicious program

A malicious program and process technology, applied in the field of network security, can solve problems such as inability to resist malicious programs, and achieve the effect of increasing confusion

Pending Publication Date: 2022-03-25
杭州默安科技有限公司
View PDF14 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, in order to prevent the interference of the CS malicious program, the method of identifying the CS malicious program is usually used to prevent it. However, even if the CS malicious program can be quickly identified, it is still impossible to fight against the malicious program, so that the attacker will still By continuously downloading CS malicious programs, in an attempt to achieve the ultimate goal of controlling the host

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for interfering malicious program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] like figure 1 As shown, a method for interfering with malicious programs includes the following steps: obtaining malicious program heap information according to the CS malicious program process, and performing feature analysis to obtain malicious program memory features, and writing malicious program memory features as detection rules; traversing the host runtime Heap information of each process memory, and scan the memory malicious program process according to the detection rules. When the CS malicious program is delivered to the host, it will be stored in the process memory. Therefore, it needs to carry the CS malicious program when the host is running. Identify the malicious program process in the memory of the program, and then carry out interference and countermeasures against the malicious program.

[0043] Obtain the malicious program heap information according to the CS malicious program process, and perform feature analysis to obtain the memory characteristics ...

Embodiment 2

[0083] A computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, any one of the interference methods mentioned above is realized.

[0084]More specific examples of computer-readable storage media may include, but are not limited to, electrical connections with one or more wire segments, portable computer diskettes, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.

[0085] In the present application, a computer-readable storage medium may be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In this application, however, a computer-readable signal medium may include a data signal propagat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for interfering a malicious program in the technical field of network security, which comprises the following steps of: acquiring malicious program heap information according to a CS malicious program process, performing feature analysis to obtain malicious program memory features, and compiling the malicious program memory features into a detection rule; traversing heap information of each process memory when the host runs, and scanning out a memory malicious program process according to a detection rule; obtaining an initial configuration file from the memory malicious program process, and decrypting the initial configuration file to obtain a decrypted configuration file; constructing a plurality of groups of interference request packets according to the decryption configuration file, and repeatedly sending the plurality of groups of interference request packets to the server; whether the server side issues an attacker task or not is judged, if yes, an interference result is constructed and sent to the server side, and if not, the interference request packet is continuously and repeatedly sent to the server side, and the bottleneck that an existing safety product only has a rogue program detection function and cannot be confronted with rogue programs is broken through.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method for interfering with malicious programs. Background technique [0002] CobaltStrike (CS for short), as a penetration testing artifact, adopts C / S architecture and can perform distributed team collaboration. CS integrates powerful functions such as port forwarding, service scanning, automatic overflow, multi-mode port monitoring, Windows exe and dll Trojan generation, Java Trojan generation, Office macro virus generation, Trojan bundling, etc., and is deeply loved by the majority of red team students. [0003] At present, in order to prevent the interference of the CS malicious program, the method of identifying the CS malicious program is usually used to prevent it. However, even if the CS malicious program can be quickly identified, it is still impossible to fight against the malicious program, so that the attacker will still By continuously download...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L9/06G06F21/56
CPCH04L63/145H04L9/0631G06F21/56G06F21/562
Inventor 王嘉雄周涛涛钟宏强
Owner 杭州默安科技有限公司