CN100547513C - 基于程序行为分析的计算机防护方法 - Google Patents
基于程序行为分析的计算机防护方法 Download PDFInfo
- Publication number
- CN100547513C CN100547513C CNB200510007682XA CN200510007682A CN100547513C CN 100547513 C CN100547513 C CN 100547513C CN B200510007682X A CNB200510007682X A CN B200510007682XA CN 200510007682 A CN200510007682 A CN 200510007682A CN 100547513 C CN100547513 C CN 100547513C
- Authority
- CN
- China
- Prior art keywords
- program
- behavior
- action
- protecting method
- analyzing based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 212
- 238000004458 analytical method Methods 0.000 title claims abstract description 15
- 230000009471 action Effects 0.000 claims abstract description 160
- 241000700605 Viruses Species 0.000 claims abstract description 61
- 230000009931 harmful effect Effects 0.000 claims abstract description 40
- 230000008569 process Effects 0.000 claims description 26
- 241000726445 Viroids Species 0.000 claims description 12
- 230000004048 modification Effects 0.000 claims description 10
- 238000012986 modification Methods 0.000 claims description 10
- 239000010410 layer Substances 0.000 claims description 8
- KKIMDKMETPPURN-UHFFFAOYSA-N 1-(3-(trifluoromethyl)phenyl)piperazine Chemical compound FC(F)(F)C1=CC=CC(N2CCNCC2)=C1 KKIMDKMETPPURN-UHFFFAOYSA-N 0.000 claims description 6
- 230000000052 comparative effect Effects 0.000 claims description 6
- 102100033641 Bromodomain-containing protein 2 Human genes 0.000 claims description 5
- 101000871850 Homo sapiens Bromodomain-containing protein 2 Proteins 0.000 claims description 5
- 208000032826 Ring chromosome 3 syndrome Diseases 0.000 claims description 5
- 238000009434 installation Methods 0.000 claims description 5
- 238000012544 monitoring process Methods 0.000 claims description 5
- 230000008859 change Effects 0.000 claims description 4
- 238000009825 accumulation Methods 0.000 claims description 3
- 239000012792 core layer Substances 0.000 claims description 3
- 238000011112 process operation Methods 0.000 claims description 3
- 230000002155 anti-virotic effect Effects 0.000 abstract description 10
- 230000003612 virological effect Effects 0.000 abstract description 3
- 230000006399 behavior Effects 0.000 description 177
- 230000009545 invasion Effects 0.000 description 6
- 239000000047 product Substances 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006378 damage Effects 0.000 description 3
- 241000283086 Equidae Species 0.000 description 2
- 230000015556 catabolic process Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 239000012467 final product Substances 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000009885 systemic effect Effects 0.000 description 2
- 208000027418 Wounds and injury Diseases 0.000 description 1
- 230000001740 anti-invasion Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 230000009385 viral infection Effects 0.000 description 1
Images
Abstract
Description
Claims (37)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB200510007682XA CN100547513C (zh) | 2005-02-07 | 2005-02-07 | 基于程序行为分析的计算机防护方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB200510007682XA CN100547513C (zh) | 2005-02-07 | 2005-02-07 | 基于程序行为分析的计算机防护方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1818823A CN1818823A (zh) | 2006-08-16 |
CN100547513C true CN100547513C (zh) | 2009-10-07 |
Family
ID=36918868
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB200510007682XA Expired - Fee Related CN100547513C (zh) | 2005-02-07 | 2005-02-07 | 基于程序行为分析的计算机防护方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100547513C (zh) |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100437614C (zh) * | 2005-11-16 | 2008-11-26 | 白杰 | 未知病毒程序的识别及清除方法 |
US7870612B2 (en) | 2006-09-11 | 2011-01-11 | Fujian Eastern Micropoint Info-Tech Co., Ltd | Antivirus protection system and method for computers |
CN101013461A (zh) * | 2007-02-14 | 2007-08-08 | 白杰 | 基于程序行为分析的计算机防护方法 |
CN101127638B (zh) * | 2007-06-07 | 2011-06-15 | 飞塔公司 | 一种具有主动性的病毒自动防控系统和方法 |
CN101350054B (zh) | 2007-10-15 | 2011-05-25 | 北京瑞星信息技术有限公司 | 计算机有害程序自动防护方法及装置 |
CN101350052B (zh) | 2007-10-15 | 2010-11-03 | 北京瑞星信息技术有限公司 | 发现计算机程序的恶意行为的方法和装置 |
CN101470620B (zh) * | 2007-12-29 | 2013-01-16 | 珠海金山软件有限公司 | Pe文件源代码一致性的判定方法及装置 |
CN101286986B (zh) * | 2008-05-15 | 2011-09-14 | 成都市华为赛门铁克科技有限公司 | 一种主动防御的方法、装置及系统 |
CN101593249B (zh) * | 2008-05-30 | 2011-08-03 | 成都市华为赛门铁克科技有限公司 | 一种可疑文件分析方法及系统 |
CN102073816A (zh) * | 2010-12-31 | 2011-05-25 | 兰雨晴 | 基于行为的软件可信度量系统及方法 |
CN102789559A (zh) * | 2011-05-20 | 2012-11-21 | 北京网秦天下科技有限公司 | 监测移动设备中程序安装和程序运行的方法和系统 |
CN103136471B (zh) * | 2011-11-25 | 2015-12-16 | 中国科学院软件研究所 | 一种恶意Android应用程序检测方法和系统 |
CN103136475B (zh) * | 2011-11-29 | 2017-07-04 | 姚纪卫 | 一种检查计算机病毒的方法和装置 |
JP2013171556A (ja) * | 2012-02-23 | 2013-09-02 | Hitachi Ltd | プログラム解析システム及び方法 |
CN102694817B (zh) * | 2012-06-08 | 2016-08-03 | 北京奇虎科技有限公司 | 一种识别程序的网络行为是否异常的方法、装置及系统 |
CN102752290B (zh) * | 2012-06-13 | 2016-06-01 | 深圳市腾讯计算机系统有限公司 | 一种云安全系统中的未知文件安全信息确定方法和装置 |
CN102779255B (zh) | 2012-07-16 | 2014-11-12 | 腾讯科技(深圳)有限公司 | 判断恶意程序的方法及装置 |
CN103810424B (zh) | 2012-11-05 | 2017-02-08 | 腾讯科技(深圳)有限公司 | 一种异常应用程序的识别方法及装置 |
CN103839003B (zh) * | 2012-11-22 | 2018-01-30 | 腾讯科技(深圳)有限公司 | 恶意文件检测方法及装置 |
CN103207969B (zh) * | 2013-04-12 | 2016-10-05 | 百度在线网络技术(北京)有限公司 | 检测Android恶意软件的装置以及方法 |
CN103366115B (zh) * | 2013-07-03 | 2016-03-23 | 中国联合网络通信集团有限公司 | 安全性检测方法和装置 |
CN103428223B (zh) * | 2013-08-28 | 2016-08-10 | 北京永信至诚科技股份有限公司 | 一种木马行为识别方法与系统 |
CN105653948B (zh) * | 2014-11-14 | 2020-04-24 | 腾讯数码(深圳)有限公司 | 一种阻止恶意操作的方法及装置 |
CN106033511A (zh) * | 2015-03-17 | 2016-10-19 | 阿里巴巴集团控股有限公司 | 防止网站数据泄露的方法及设备 |
CN106682507B (zh) | 2016-05-19 | 2019-05-14 | 腾讯科技(深圳)有限公司 | 病毒库的获取方法及装置、设备、服务器、系统 |
CN108959951B (zh) * | 2017-05-19 | 2021-01-12 | 北京瑞星网安技术股份有限公司 | 文档安全防护的方法、装置、设备及可读存储介质 |
CN107609411A (zh) * | 2017-09-15 | 2018-01-19 | 郑州云海信息技术有限公司 | 一种智能监控保密文件的系统和方法 |
CN107657176A (zh) * | 2017-09-26 | 2018-02-02 | 四川长虹电器股份有限公司 | 一种基于行为分析的未知恶意代码识别与分析方法 |
CN107992751B (zh) * | 2017-12-21 | 2020-05-08 | 苏州浪潮智能科技有限公司 | 一种基于分支行为模型的实时威胁检测方法 |
CN108073809A (zh) * | 2017-12-25 | 2018-05-25 | 哈尔滨安天科技股份有限公司 | 基于异常组件关联的apt启发式检测方法及系统 |
CN110798438A (zh) * | 2018-08-09 | 2020-02-14 | 北京安天网络安全技术有限公司 | 应用内防火墙实现方法、系统及存储介质 |
CN109040136A (zh) * | 2018-09-29 | 2018-12-18 | 成都亚信网络安全产业技术研究院有限公司 | 一种网络攻击的检测方法及电子设备 |
CN111104670B (zh) * | 2019-12-11 | 2023-09-01 | 国网甘肃省电力公司电力科学研究院 | 一种apt攻击的识别和防护方法 |
CN117313095B (zh) * | 2023-11-28 | 2024-02-13 | 慧盾信息安全科技(苏州)股份有限公司 | 一种实时监控记录未知病毒行为轨迹的系统与方法 |
-
2005
- 2005-02-07 CN CNB200510007682XA patent/CN100547513C/zh not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN1818823A (zh) | 2006-08-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100547513C (zh) | 基于程序行为分析的计算机防护方法 | |
CN100401224C (zh) | 计算机反病毒防护系统和方法 | |
US7870612B2 (en) | Antivirus protection system and method for computers | |
US10417420B2 (en) | Malware detection and classification based on memory semantic analysis | |
US8646080B2 (en) | Method and apparatus for removing harmful software | |
US8397297B2 (en) | Method and apparatus for removing harmful software | |
US7673137B2 (en) | System and method for the managed security control of processes on a computer system | |
US11562068B2 (en) | Performing threat detection by synergistically combining results of static file analysis and behavior analysis | |
CN101098226B (zh) | 一种病毒在线实时处理系统及其方法 | |
RU2571723C2 (ru) | Система и способ для снижения нагрузки на операционную систему при работе антивирусного приложения | |
US8621624B2 (en) | Apparatus and method for preventing anomaly of application program | |
CN101350054B (zh) | 计算机有害程序自动防护方法及装置 | |
CN100557545C (zh) | 一种区分有害程序行为的方法 | |
CA2533853C (en) | Method and system for detecting unauthorised use of a communication network | |
US7665139B1 (en) | Method and apparatus to detect and prevent malicious changes to tokens | |
US8397292B2 (en) | Method and device for online secure logging-on | |
CN101986324A (zh) | 用于恶意软件检测的事件的异步处理 | |
CN105408911A (zh) | 硬件和软件执行概况分析 | |
CN113364750B (zh) | 一种基于Snort和OpenFlow启发式诱导APT攻击引入蜜罐的方法 | |
WO2008098519A1 (fr) | Procédé de protection d'ordinateur sur la base d'une analyse de comportements de programme | |
US20100005528A1 (en) | Methods for hooking applications to monitor and prevent execution of security-sensitive operations | |
CN115086081B (zh) | 一种蜜罐防逃逸方法及系统 | |
CN1801031B (zh) | 运用程序行为知识库判断已知程序被攻击的方法 | |
RU2708355C1 (ru) | Способ обнаружения вредоносных файлов, противодействующих анализу в изолированной среде | |
US20230315850A1 (en) | Rootkit detection based on system dump sequence analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
ASS | Succession or assignment of patent right |
Owner name: BEIJING EASTERN MICROPOINT INFO-TECH CO., LTD. Free format text: FORMER OWNER: FUJIAN ORIENT MICROPOINT INFORMATION SECURITY CO., LTD. Effective date: 20150715 |
|
C41 | Transfer of patent application or patent right or utility model | ||
TR01 | Transfer of patent right |
Effective date of registration: 20150715 Address after: 100097 Beijing city Haidian District landianchang road A Jin Yuan era business center No. 2 block 5E Patentee after: Beijing Dongfang Micropoint Information Technology Co.,Ltd. Address before: 350002, No. 548, industrial road, Gulou District, Fujian, Fuzhou, five Patentee before: Fujian Orient Micropoint Information Security Co.,Ltd. |
|
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091007 |
|
CF01 | Termination of patent right due to non-payment of annual fee |