Unlock instant, AI-driven research and patent intelligence for your innovation.

Malicious code detection method and device based on JAVA program and storage medium

A malicious code detection and program technology, applied in the field of information security, can solve the problems that security software cannot be attached, and memory horses are difficult to detect.

Pending Publication Date: 2022-07-01
北京中睿天下信息技术有限公司
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The memory horse itself is difficult to detect by traditional antivirus software
[0004] At present, JAVA memory horse detection is detected through the Agent plug-in method, which has great resistance to the agent injection method. Once the Trojan horse program first enters the JVM, the Trojan horse program will delete the relevant API loaded by the Agent, and the subsequent security software will use the Agent technology. Doing detection will not be able to attach to the target JVM process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code detection method and device based on JAVA program and storage medium
  • Malicious code detection method and device based on JAVA program and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.

[0028] In the description of the present invention, unless otherwise specified, "plurality" means two or more. The terms "comprising", "having" and any variations thereof are intended to cover non-exclusive inclusion, for example, a process, method, system, product or device comprising a series of steps or units is not necessarily limited to those steps that are expressly listed or units, but may also include other steps or units inherent to these processes, methods, products or devices, or steps or units added based on further optimized solutions of the present invent...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious code detection method and device based on a JAVA program and a storage medium. The method comprises the steps that firstly, a JVM code segment memory is detected in a target process; when it is detected that the memory of the JVM code segment is modified, obtaining a JIT permission; under the JIT permission, all CLASS package names loaded by the JVM are obtained, classes loaded by the JVM are filtered, filtered CLASS original data are obtained through a JIT interface, and original data scanning is carried out through YARA; and finally, the scanned abnormal CLASS data is obtained and extracted, and it can be seen that the malicious codes of the JAVA program are detected by bypassing a JVM layer module anti-loading mechanism in a system-level module injection mode.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a JAVA program-based malicious code detection method, device and storage medium. Background technique [0002] The memory horse is a fileless Trojan. After running successfully, there is no related file to associate, and it is attached to the system or security application software process. Generally, the memory Trojan is parasitic in the host process in the form of shellcode, and the size can be smaller than KB, so it is difficult to correlate Check. [0003] JAVA memory Trojan refers to the Trojan program running in the JAVA / JVM process. It belongs to a container Trojan. Unlike the traditional system-level memory Trojan, the bytecode it runs has nothing to do with the CPU and operating system. All action capabilities (ie API calls) are relayed and triggered by the host JVM. The memory horse itself is difficult to detect by traditional antivirus software. [0004...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 刘庆林罗浩刘正伟魏海宇谢辉高鹏吴小勇李小琼康柏荣王鲲
Owner 北京中睿天下信息技术有限公司