Method for distinguishing baleful program behavior

A program and behavioral technology, applied in the field of attack protection and computer virus, can solve problems such as ports and protocols cannot be set, virus or hacker intrusion, affecting the normal operation of the network, etc.

Inactive Publication Date: 2006-07-12
MICROPOINT WISDOM (BEIJING) INFORMATION SECURITY TECH CO LTD
View PDF0 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its main defects are: 1. It requires users to be very familiar with the system in order to effectively set it; 2. Because the monitoring particles are too large, it is basically impossible to set the ports and protocols that must be used in network applications. If allowed to pass, it may cause Virus or hacker intrusion occurs; if it is not allowed to pass through, it may directly affect the normal operation of the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for distinguishing baleful program behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0057] The method for distinguishing harmful program behaviors of the present invention is based on a virus attack recognition rule base, which records the attack behavior characteristics of various viruses, Trojan horses and harmful programs, each record corresponds to a type of virus, and each A virus-like virus corresponds to an action set, which includes a series of actions and specific associations among them.

[0058] The method for distinguishing harmful program behaviors of the present invention includes the following steps:

[0059] 1.1) Monitor and record the actions of unknown programs;

[0060] 1.2) comparing the recorded action behavior of the program with the virus attack identification rule base as a whole;

[0061] 1.3) Distinguish harmful program behaviors according to the comparison results; if yes, alarm the user or preven...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a specification method of harmful program based on the virus attack identification base of state movement set, which comprises the following steps: 1.1) monitoring and recording the movement behavior of unknown program; 1.2) integrating the recorded program to compare with the virus identification regular base; 1.3) judging the compared result whether the result is harmful program behavior; alarming or stopping the operation of program if yes; continuing operating and returning to the step 1.1) if not. The invention analyses the unknown program behavior without depending virus code, which improves the efficiency and precision.

Description

technical field [0001] The invention relates to a computer virus and attack protection method, in particular to a method for distinguishing harmful program behaviors for unknown programs. Background technique [0002] For a long time, the struggle against computer virus invasion and anti-invasion has been going on fiercely. With the use of computers more and more widely, the intensity of this struggle has also risen to a new height. After long-term struggle and practice, people have summed up many specific methods to prevent the invasion of computer viruses, and developed many corresponding prevention products. These products can be roughly divided into two categories. One is to isolate intruding viruses, such as firewalls, which prevent the entry of intruding viruses by restricting communication ports and protocols; the other is to isolate virus-infected files that may form intrusions. Searching, such as anti-virus software, uses the code characteristics that may form intr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F1/00
Inventor 刘旭
Owner MICROPOINT WISDOM (BEIJING) INFORMATION SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap