Software-action description, fetching and controlling method with virtual address space characteristic

A behavior and address technology, applied in software testing/debugging, platform integrity maintenance, instruments, etc., can solve problems such as high false alarm rate, missed detection, false detection, and time-consuming, so as to improve accuracy and efficiency, The effect of improving detection accuracy and improving recognition efficiency

Active Publication Date: 2007-01-10
上海浦东软件园信息技术股份有限公司
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The main problem faced by the model based on conditional probability is that it takes a lot of time to establish a normal behavior model and implement high-precision detection, and often has a high false alarm rate due to insufficient training
The rule-based behavior detection model is difficult to determine efficient and f

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software-action description, fetching and controlling method with virtual address space characteristic
  • Software-action description, fetching and controlling method with virtual address space characteristic
  • Software-action description, fetching and controlling method with virtual address space characteristic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] The technical solutions of the present invention will be further described below in conjunction with specific embodiments.

[0057] First, the present invention provides a detection and protection method for abnormal software behavior, including: acquiring a software behavior and its address attribute and establishing a corresponding characteristic data set; and applying the established characteristic data set to detect and protect software abnormal behavior, wherein, The feature data set has a virtual space address attribute. In the method of the present invention, the description of the software line with the address attribute can be provided, wherein the basic elements are as follows:

[0058] 1) Take system calls as the basic elements of software behavior. System calls refer to various service interfaces provided by the operating system to the application layer software to complete specific tasks that can only be completed by the system for the application software...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Said invention discloses software behavioural abnormality detection and protecting means. It contains obtaining one software behaviour and address attribute and establishing characteristic of correspondence data integration; using said established characteristic data integration detecting and protection software abnormal behavior, wherein characteristic data integration having virtual space address attribute. Said invented method can restrict software behaviour track without error, capable of raising detecting accuracy, greatly raising identifying efficiency and convenient execution. It can independently use and conjunctively use with other data, for example short sequence, status attribute, and resource attribute. Said invention can realize real time detecting with controlling to application program behaviour, capable of being used in main unit information system safety protection and network information system invasion protection etc field.

Description

technical field [0001] The invention relates to the security protection of computers and network information systems and other fields that need to grasp the characteristics of software behavior. More specifically, the invention relates to a software behavior abnormality detection and protection method based on program behavior. Background technique [0002] From the technical aspect, the security defense means of network information system can be divided into active and passive. Passive means, or reactive means, usually refer to: After an event occurs, by collecting information such as the object of the event, the environment setting, and the result, the characteristics of the subject of the event are extracted, analyzed and analyzed. Standardization, and then use it in future security defenses. Common prevention tools include antivirus, NIDS / HIDS, etc. Although this detection method can detect known viruses and intrusion behaviors very well, it is powerless to detect new ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36G06F21/00G06F21/55
Inventor 冯敏韩欣
Owner 上海浦东软件园信息技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap