Software-action description, fetching and controlling method with virtual address space characteristic

A behavior and address technology, applied in software testing/debugging, platform integrity maintenance, instruments, etc., can solve problems such as high false alarm rate, missed detection, false detection, and time-consuming, so as to improve accuracy and efficiency, The effect of improving detection accuracy and improving recognition efficiency
CN1892615AActive Publication Date: 2007-01-10上海浦东软件园信息技术股份有限公司
0 Cites 7 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
上海浦东软件园信息技术股份有限公司
Publication Date
2007-01-10

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

Said invention discloses software behavioural abnormality detection and protecting means. It contains obtaining one software behaviour and address attribute and establishing characteristic of correspondence data integration; using said established characteristic data integration detecting and protection software abnormal behavior, wherein characteristic data integration having virtual space address attribute. Said invented method can restrict software behaviour track without error, capable of raising detecting accuracy, greatly raising identifying efficiency and convenient execution. It can independently use and conjunctively use with other data, for example short sequence, status attribute, and resource attribute. Said invention can realize real time detecting with controlling to application program behaviour, capable of being used in main unit information system safety protection and network information system invasion protection etc field.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the security protection of computers and network information systems and other fields that need to grasp the characteristics of software behavior. More specifically, the invention relates to a software behavior abnormality detection and protection method based on program behavior. Background technique

[0002] From the technical aspect, the security defense means of network information system can be divided into active and passive. Passive means, or reactive means, usually refer to: After an event occurs, by collecting information such as the object of the event, the environment setting, and the result, the characteristics of the subject of the event are extracted, analyzed and analyzed. Standardization, and then use it in future security defenses. Common prevention tools include antivirus, NIDS / HIDS, etc. Although this detection method can detect known viruses and intrusion behaviors very well, it is powerless to detect new ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More