CN101304409B - 恶意代码检测方法及系统 - Google Patents
恶意代码检测方法及系统 Download PDFInfo
- Publication number
- CN101304409B CN101304409B CN2008100291745A CN200810029174A CN101304409B CN 101304409 B CN101304409 B CN 101304409B CN 2008100291745 A CN2008100291745 A CN 2008100291745A CN 200810029174 A CN200810029174 A CN 200810029174A CN 101304409 B CN101304409 B CN 101304409B
- Authority
- CN
- China
- Prior art keywords
- information
- system information
- malicious code
- instruction
- registry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000001514 detection method Methods 0.000 claims abstract description 23
- 230000004044 response Effects 0.000 claims description 54
- 230000008569 process Effects 0.000 claims description 42
- 230000005540 biological transmission Effects 0.000 claims description 18
- 230000008859 change Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (6)
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008100291745A CN101304409B (zh) | 2008-06-28 | 2008-06-28 | 恶意代码检测方法及系统 |
PCT/CN2009/071451 WO2009155805A1 (zh) | 2008-06-28 | 2009-04-24 | 恶意代码检测方法及系统 |
US12/483,681 US20090327688A1 (en) | 2008-06-28 | 2009-06-12 | Method and system for detecting a malicious code |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008100291745A CN101304409B (zh) | 2008-06-28 | 2008-06-28 | 恶意代码检测方法及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101304409A CN101304409A (zh) | 2008-11-12 |
CN101304409B true CN101304409B (zh) | 2011-04-13 |
Family
ID=40114123
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008100291745A Expired - Fee Related CN101304409B (zh) | 2008-06-28 | 2008-06-28 | 恶意代码检测方法及系统 |
Country Status (3)
Country | Link |
---|---|
US (1) | US20090327688A1 (zh) |
CN (1) | CN101304409B (zh) |
WO (1) | WO2009155805A1 (zh) |
Families Citing this family (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101304409B (zh) * | 2008-06-28 | 2011-04-13 | 成都市华为赛门铁克科技有限公司 | 恶意代码检测方法及系统 |
CN101763481B (zh) * | 2010-01-15 | 2011-07-27 | 北京工业大学 | 基于lzw压缩算法的未知恶意代码检测方法 |
US8713679B2 (en) * | 2011-02-18 | 2014-04-29 | Microsoft Corporation | Detection of code-based malware |
CN102156834B (zh) * | 2011-04-18 | 2013-04-24 | 北京思创银联科技股份有限公司 | 实现进程防杀的方法 |
US9436826B2 (en) | 2011-05-16 | 2016-09-06 | Microsoft Technology Licensing, Llc | Discovering malicious input files and performing automatic and distributed remediation |
CN102737197A (zh) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | 一种用于数据设备的屏蔽方法和装置 |
CN102737175A (zh) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | 一种数据安全防控中的设备接入方法、用户设备及装置 |
CN102737193A (zh) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | 一种数据安全防控中的设备屏蔽方法及装置 |
CN102411687B (zh) * | 2011-11-22 | 2014-04-23 | 华北电力大学 | 未知恶意代码的深度学习检测方法 |
US8640242B2 (en) * | 2011-12-01 | 2014-01-28 | Mcafee, Inc. | Preventing and detecting print-provider startup malware |
US9038185B2 (en) | 2011-12-28 | 2015-05-19 | Microsoft Technology Licensing, Llc | Execution of multiple execution paths |
CN103679013B (zh) * | 2012-09-03 | 2017-10-31 | 腾讯科技(深圳)有限公司 | 系统恶意程序检测方法及装置 |
GB2507036A (en) * | 2012-10-10 | 2014-04-23 | Lifecake Ltd | Content prioritization |
US9183062B2 (en) * | 2013-02-25 | 2015-11-10 | International Business Machines Corporation | Automated application reconfiguration |
US9794106B1 (en) * | 2013-03-04 | 2017-10-17 | Google Inc. | Detecting application store ranking spam |
US9213839B2 (en) | 2013-03-14 | 2015-12-15 | Huawei Technologies Co., Ltd. | Malicious code detection technologies |
US9832217B2 (en) * | 2014-03-13 | 2017-11-28 | International Business Machines Corporation | Computer implemented techniques for detecting, investigating and remediating security violations to IT infrastructure |
US9710648B2 (en) | 2014-08-11 | 2017-07-18 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US10102374B1 (en) | 2014-08-11 | 2018-10-16 | Sentinel Labs Israel Ltd. | Method of remediating a program and system thereof by undoing operations |
US9514305B2 (en) * | 2014-10-17 | 2016-12-06 | Qualcomm Incorporated | Code pointer authentication for hardware flow control |
US9733969B2 (en) * | 2015-06-30 | 2017-08-15 | EMC IP Holding Company LLC | Method and system for malware detection in virtual machines |
CN105160247B (zh) * | 2015-09-30 | 2019-05-31 | 北京奇虎科技有限公司 | 一种识别浏览器被劫持的方法 |
TWI611349B (zh) * | 2015-12-11 | 2018-01-11 | 財團法人資訊工業策進會 | 檢測系統及其方法 |
CN106560831B (zh) * | 2015-12-31 | 2019-07-02 | 哈尔滨安天科技股份有限公司 | 一种恶意代码绕过主动防御的发现方法及系统 |
CN108170437B (zh) * | 2016-12-07 | 2021-03-12 | 腾讯科技(深圳)有限公司 | 一种应用管理方法及终端设备 |
US11616812B2 (en) | 2016-12-19 | 2023-03-28 | Attivo Networks Inc. | Deceiving attackers accessing active directory data |
US11695800B2 (en) | 2016-12-19 | 2023-07-04 | SentinelOne, Inc. | Deceiving attackers accessing network data |
US10489185B2 (en) * | 2017-03-17 | 2019-11-26 | Nicira, Inc. | Hypervisor-assisted approach for locating operating system data structures based on attribute matching |
US20180267818A1 (en) * | 2017-03-17 | 2018-09-20 | Nicira, Inc. | Hypervisor-assisted approach for locating operating system data structures based on notification data |
US11314862B2 (en) * | 2017-04-17 | 2022-04-26 | Tala Security, Inc. | Method for detecting malicious scripts through modeling of script structure |
JP2020530922A (ja) | 2017-08-08 | 2020-10-29 | センチネル ラボ, インコーポレイテッドSentinel Labs, Inc. | エッジネットワーキングのエンドポイントを動的にモデリングおよびグループ化する方法、システム、およびデバイス |
KR102022168B1 (ko) * | 2017-12-15 | 2019-09-18 | 이방훈 | 하드웨어 태스크 스위칭을 이용한 은닉 태스크의 감지 방법 및 장치 |
US11470115B2 (en) | 2018-02-09 | 2022-10-11 | Attivo Networks, Inc. | Implementing decoys in a network environment |
CN110866253B (zh) * | 2018-12-28 | 2022-05-27 | 北京安天网络安全技术有限公司 | 一种威胁分析方法、装置、电子设备及存储介质 |
US11086996B2 (en) * | 2019-04-12 | 2021-08-10 | International Business Machines Corporation | Automatic idle-state scanning for malicious code |
EP3973427A4 (en) | 2019-05-20 | 2023-06-21 | Sentinel Labs Israel Ltd. | SYSTEMS AND METHODS FOR EXECUTABLE CODE DETECTION, AUTOMATIC FEATURE EXTRACTION, AND POSITION-INDEPENDENT CODE DETECTION |
CN112241529B (zh) * | 2019-07-16 | 2024-03-29 | 腾讯科技(深圳)有限公司 | 恶意代码检测方法、装置、存储介质和计算机设备 |
CN112084492A (zh) * | 2020-09-18 | 2020-12-15 | 中科御信科技发展(许昌)有限公司 | 使用irp和局部序列比对算法检测分布式恶意软件的方法 |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
US11899782B1 (en) | 2021-07-13 | 2024-02-13 | SentinelOne, Inc. | Preserving DLL hooks |
US20230171099A1 (en) * | 2021-11-27 | 2023-06-01 | Oracle International Corporation | Methods, systems, and computer readable media for sharing key identification and public certificate data for access token verification |
CN114661492B (zh) * | 2022-03-03 | 2023-04-07 | 深圳融安网络科技有限公司 | 进程通信方法、系统、终端设备及介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1449515A (zh) * | 2000-07-01 | 2003-10-15 | 马科尼通讯有限公司 | 检测恶意代码的方法 |
CN1647007A (zh) * | 2002-04-13 | 2005-07-27 | 计算机联合思想公司 | 检测怀有恶意代码的系统与方法 |
CN101183418A (zh) * | 2007-12-25 | 2008-05-21 | 北京大学 | 一种Windows隐蔽性恶意软件检测方法 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7627898B2 (en) * | 2004-07-23 | 2009-12-01 | Microsoft Corporation | Method and system for detecting infection of an operating system |
US7725735B2 (en) * | 2005-03-29 | 2010-05-25 | International Business Machines Corporation | Source code management method for malicious code detection |
US7841006B2 (en) * | 2005-10-05 | 2010-11-23 | Computer Associates Think, Inc. | Discovery of kernel rootkits by detecting hidden information |
US7461036B2 (en) * | 2006-01-18 | 2008-12-02 | International Business Machines Corporation | Method for controlling risk in a computer security artificial neural network expert system |
AU2007200606A1 (en) * | 2006-03-03 | 2007-09-20 | Pc Tools Technology Pty Limited | Scanning files using direct file system access |
KR100799302B1 (ko) * | 2006-06-21 | 2008-01-29 | 한국전자통신연구원 | 시스템 이벤트 정보를 이용한 은닉 프로세스 탐지 시스템및 방법 |
US7814549B2 (en) * | 2006-08-03 | 2010-10-12 | Symantec Corporation | Direct process access |
US8281393B2 (en) * | 2006-11-08 | 2012-10-02 | Mcafee, Inc. | Method and system for detecting windows rootkit that modifies the kernel mode system service dispatch table |
US7921461B1 (en) * | 2007-01-16 | 2011-04-05 | Kaspersky Lab, Zao | System and method for rootkit detection and cure |
US8458794B1 (en) * | 2007-09-06 | 2013-06-04 | Mcafee, Inc. | System, method, and computer program product for determining whether a hook is associated with potentially unwanted activity |
US8397295B1 (en) * | 2007-12-20 | 2013-03-12 | Symantec Corporation | Method and apparatus for detecting a rootkit |
CN101304409B (zh) * | 2008-06-28 | 2011-04-13 | 成都市华为赛门铁克科技有限公司 | 恶意代码检测方法及系统 |
-
2008
- 2008-06-28 CN CN2008100291745A patent/CN101304409B/zh not_active Expired - Fee Related
-
2009
- 2009-04-24 WO PCT/CN2009/071451 patent/WO2009155805A1/zh active Application Filing
- 2009-06-12 US US12/483,681 patent/US20090327688A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1449515A (zh) * | 2000-07-01 | 2003-10-15 | 马科尼通讯有限公司 | 检测恶意代码的方法 |
CN1647007A (zh) * | 2002-04-13 | 2005-07-27 | 计算机联合思想公司 | 检测怀有恶意代码的系统与方法 |
CN101183418A (zh) * | 2007-12-25 | 2008-05-21 | 北京大学 | 一种Windows隐蔽性恶意软件检测方法 |
Also Published As
Publication number | Publication date |
---|---|
CN101304409A (zh) | 2008-11-12 |
WO2009155805A1 (zh) | 2009-12-30 |
US20090327688A1 (en) | 2009-12-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101304409B (zh) | 恶意代码检测方法及系统 | |
US7606946B2 (en) | Removable device and program startup method | |
CN102662741B (zh) | 虚拟桌面的实现方法、装置和系统 | |
US9275229B2 (en) | System to bypass a compromised mass storage device driver stack and method thereof | |
KR101928127B1 (ko) | 애플리케이션용 선택적 파일 액세스 기법 | |
US9104895B2 (en) | Method for accessing a portable data storage medium with auxiliary module and portable data storage medium | |
US7788665B2 (en) | Migrating a virtual machine that owns a resource such as a hardware device | |
CA2140165C (en) | Method and system for providing protected mode device drivers | |
US9454387B2 (en) | Method and system for installing portable executable applications | |
US7600133B2 (en) | Backing up at least one encrypted computer file | |
EP2704004B1 (en) | Computing device having a dll injection function, and dll injection method | |
US8417969B2 (en) | Storage volume protection supporting legacy systems | |
CN116680037A (zh) | 数据隔离方法及装置、电子设备 | |
US20090019223A1 (en) | Method and systems for providing remote strage via a removable memory device | |
CN102124436A (zh) | 用于便携式存储器件的动态文件系统限制 | |
WO2000063760A2 (en) | A device driver for accessing computer files | |
US20040167996A1 (en) | Computer system having a virtualized I/O device | |
US7793004B2 (en) | Computer peripheral device implemented as optic storage device or/and removable disk by software emulation and implementing method thereof | |
CN101373457B (zh) | Windows环境下一种基于USB设备的硬盘写保护锁的方法 | |
JP4149434B2 (ja) | ファイル・オープン時にファイル・ロックが実施されるオペレーティング・システムを有するコンピュータ・システム内の少なくとも1つのターゲット・ファイルにアクセスする方法およびシステム | |
KR101460451B1 (ko) | 프로세스 주소 공간을 제어하는 장치 및 방법 | |
JP4853671B2 (ja) | アクセス権限判定システム、アクセス権限判定方法及びアクセス権限判定プログラム | |
CN101236533B (zh) | Windows环境下一种基于PCI卡实现硬盘写保护锁的方法 | |
JP5482781B2 (ja) | 情報処理システム及び情報処理システムの動作方法 | |
KR101079968B1 (ko) | 이동 통신 단말의 사용자가 소속된 그룹에 따라 상기 이동통신 단말의 런처를 자동 변경시켜주는 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
ASS | Succession or assignment of patent right |
Owner name: CHENGDU CITY HUAWEI SAIMENTEKE SCIENCE CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20090508 |
|
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20090508 Address after: Qingshui River District, Chengdu high tech Zone, Sichuan Province, China: 611731 Applicant after: Chengdu Huawei Symantec Technologies Co., Ltd. Address before: Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Province, China: 518129 Applicant before: Huawei Technologies Co., Ltd. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C56 | Change in the name or address of the patentee |
Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. |
|
CP01 | Change in the name or title of a patent holder |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee after: Huawei Symantec Technologies Co., Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee before: Chengdu Huawei Symantec Technologies Co., Ltd. |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110413 Termination date: 20160628 |