CN101350052B - 发现计算机程序的恶意行为的方法和装置 - Google Patents
发现计算机程序的恶意行为的方法和装置 Download PDFInfo
- Publication number
- CN101350052B CN101350052B CN2007101624426A CN200710162442A CN101350052B CN 101350052 B CN101350052 B CN 101350052B CN 2007101624426 A CN2007101624426 A CN 2007101624426A CN 200710162442 A CN200710162442 A CN 200710162442A CN 101350052 B CN101350052 B CN 101350052B
- Authority
- CN
- China
- Prior art keywords
- monitored
- action
- file
- collection
- virus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (21)
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101624426A CN101350052B (zh) | 2007-10-15 | 2007-10-15 | 发现计算机程序的恶意行为的方法和装置 |
JP2010529219A JP5011436B2 (ja) | 2007-10-15 | 2008-10-15 | コンピュータプログラムの悪意ある行為を見つける方法及び装置 |
PCT/CN2008/072698 WO2009049555A1 (fr) | 2007-10-15 | 2008-10-15 | Procédé et appareil pour détecter le comportement malveillant d'un programme informatique |
EP08838678A EP2219130A4 (en) | 2007-10-15 | 2008-10-15 | METHOD AND APPARATUS FOR DETECTING THE MALICIOUS BEHAVIOR OF A COMPUTER PROGRAM |
US12/738,031 US8898775B2 (en) | 2007-10-15 | 2008-10-15 | Method and apparatus for detecting the malicious behavior of computer program |
HK09103765.8A HK1124414A1 (en) | 2007-10-15 | 2009-04-23 | Method and apparatus for finding malicious behaviors of computer programs |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101624426A CN101350052B (zh) | 2007-10-15 | 2007-10-15 | 发现计算机程序的恶意行为的方法和装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101350052A CN101350052A (zh) | 2009-01-21 |
CN101350052B true CN101350052B (zh) | 2010-11-03 |
Family
ID=40268839
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007101624426A Active CN101350052B (zh) | 2007-10-15 | 2007-10-15 | 发现计算机程序的恶意行为的方法和装置 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8898775B2 (zh) |
EP (1) | EP2219130A4 (zh) |
JP (1) | JP5011436B2 (zh) |
CN (1) | CN101350052B (zh) |
HK (1) | HK1124414A1 (zh) |
WO (1) | WO2009049555A1 (zh) |
Families Citing this family (86)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8499350B1 (en) * | 2009-07-29 | 2013-07-30 | Symantec Corporation | Detecting malware through package behavior |
FI20060665A0 (fi) * | 2006-07-07 | 2006-07-07 | Nokia Corp | Poikkeavuuden havaitseminen |
CN101350054B (zh) | 2007-10-15 | 2011-05-25 | 北京瑞星信息技术有限公司 | 计算机有害程序自动防护方法及装置 |
CN101350052B (zh) | 2007-10-15 | 2010-11-03 | 北京瑞星信息技术有限公司 | 发现计算机程序的恶意行为的方法和装置 |
US8935789B2 (en) * | 2008-07-21 | 2015-01-13 | Jayant Shukla | Fixing computer files infected by virus and other malware |
US8863282B2 (en) * | 2009-10-15 | 2014-10-14 | Mcafee Inc. | Detecting and responding to malware using link files |
KR101671795B1 (ko) * | 2010-01-18 | 2016-11-03 | 삼성전자주식회사 | 동적 링크 라이브러리 삽입 공격을 방지하는 컴퓨터 시스템 및 방법 |
CN103106366B (zh) * | 2010-08-18 | 2016-05-04 | 北京奇虎科技有限公司 | 一种基于云的样本数据库动态维护方法 |
CN102630320B (zh) * | 2010-10-04 | 2015-06-17 | 松下电器产业株式会社 | 信息处理装置以及应用程序不正当协作防止方法 |
CN102163161B (zh) * | 2011-04-01 | 2018-09-25 | 奇智软件(北京)有限公司 | 一种进程管理方法及装置 |
RU2454705C1 (ru) * | 2011-04-19 | 2012-06-27 | Закрытое акционерное общество "Лаборатория Касперского" | Система и способ защиты компьютерного устройства от вредоносных объектов, использующих сложные схемы заражения |
CN102194072B (zh) * | 2011-06-03 | 2012-11-14 | 奇智软件(北京)有限公司 | 一种处理计算机病毒的方法、装置及系统 |
CN102253863B (zh) * | 2011-06-15 | 2017-05-03 | 奇智软件(北京)有限公司 | 一种进程关闭方法 |
KR101206853B1 (ko) * | 2011-06-23 | 2012-11-30 | 주식회사 잉카인터넷 | 네트워크 접근 제어시스템 및 방법 |
CN102855129B (zh) * | 2011-06-29 | 2015-08-19 | 奇智软件(北京)有限公司 | 自动创建独立进程的方法及其系统 |
CN102289616A (zh) * | 2011-06-30 | 2011-12-21 | 北京邮电大学 | 移动智能终端中系统资源恶意侵占的防范方法和系统 |
US8732831B2 (en) * | 2011-07-14 | 2014-05-20 | AVG Netherlands B.V. | Detection of rogue software applications |
US9288226B2 (en) * | 2011-07-14 | 2016-03-15 | AVG Netherlands B.V. | Detection of rogue software applications |
CN102222194A (zh) * | 2011-07-14 | 2011-10-19 | 哈尔滨工业大学 | Linux主机计算环境安全保护的模块及方法 |
CN102331965A (zh) * | 2011-09-15 | 2012-01-25 | 深圳桑菲消费通信有限公司 | 终端资源管理的方法 |
CN102761458B (zh) * | 2011-12-20 | 2014-11-05 | 北京安天电子设备有限公司 | 一种反弹式木马的检测方法和系统 |
US9659173B2 (en) * | 2012-01-31 | 2017-05-23 | International Business Machines Corporation | Method for detecting a malware |
US20130239214A1 (en) * | 2012-03-06 | 2013-09-12 | Trusteer Ltd. | Method for detecting and removing malware |
KR101212497B1 (ko) * | 2012-05-02 | 2012-12-14 | 주식회사 팀스톤 | 컴퓨팅 장치에서 수행되는 자원 모니터링 방법 및 컴퓨팅 장치 |
CN102819713B (zh) * | 2012-06-29 | 2015-09-16 | 北京奇虎科技有限公司 | 一种检测弹窗安全性的方法和系统 |
US9245120B2 (en) | 2012-07-13 | 2016-01-26 | Cisco Technologies, Inc. | Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning |
CN103049695B (zh) * | 2012-12-11 | 2015-12-09 | 北京奇虎科技有限公司 | 一种计算机病毒的监控方法和装置 |
CN103020524B (zh) * | 2012-12-11 | 2015-08-05 | 北京奇虎科技有限公司 | 计算机病毒监控系统 |
CN103902892B (zh) * | 2012-12-24 | 2017-08-04 | 珠海市君天电子科技有限公司 | 基于行为的病毒防御方法及系统 |
CN104050413A (zh) * | 2013-03-13 | 2014-09-17 | 腾讯科技(深圳)有限公司 | 一种数据处理的方法及终端 |
CN103413091B (zh) * | 2013-07-18 | 2016-01-20 | 腾讯科技(深圳)有限公司 | 恶意行为的监控方法及装置 |
US9323931B2 (en) | 2013-10-04 | 2016-04-26 | Bitdefender IPR Management Ltd. | Complex scoring for malware detection |
US20150113644A1 (en) * | 2013-10-21 | 2015-04-23 | Trusteer, Ltd. | Exploit Detection/Prevention |
CN103679024B (zh) * | 2013-11-19 | 2015-03-25 | 百度在线网络技术(北京)有限公司 | 病毒的处理方法及设备 |
US9710648B2 (en) * | 2014-08-11 | 2017-07-18 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US10102374B1 (en) | 2014-08-11 | 2018-10-16 | Sentinel Labs Israel Ltd. | Method of remediating a program and system thereof by undoing operations |
CN105809033A (zh) * | 2014-12-30 | 2016-07-27 | 北京奇虎科技有限公司 | 恶意进程处理方法及装置 |
CN106033513A (zh) * | 2015-03-13 | 2016-10-19 | 阿里巴巴集团控股有限公司 | 软件检测方法及设备 |
GB201504612D0 (en) * | 2015-03-18 | 2015-05-06 | Inquisitive Systems Ltd | Forensic analysis |
US9798878B1 (en) * | 2015-03-31 | 2017-10-24 | Symantec Corporation | Systems and methods for detecting text display manipulation attacks |
CN104850793B (zh) * | 2015-05-28 | 2017-09-29 | 成都中科创达软件有限公司 | 一种安卓系统智能控制管理方法 |
CN104866760B (zh) * | 2015-06-01 | 2017-10-10 | 成都中科创达软件有限公司 | 一种智能手机安全防护方法 |
CN104955043B (zh) * | 2015-06-01 | 2018-02-16 | 成都中科创达软件有限公司 | 一种智能终端安全防护系统 |
CN104866761B (zh) * | 2015-06-01 | 2017-10-31 | 成都中科创达软件有限公司 | 一种高安全性安卓智能终端 |
US10089465B2 (en) | 2015-07-24 | 2018-10-02 | Bitdefender IPR Management Ltd. | Systems and methods for tracking malicious behavior across multiple software entities |
CN105354487B (zh) * | 2015-10-23 | 2018-10-16 | 北京金山安全软件有限公司 | 应用监控处理方法、装置及终端设备 |
CN106650438A (zh) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | 一种恶意程序检测的方法及装置 |
US10880316B2 (en) | 2015-12-09 | 2020-12-29 | Check Point Software Technologies Ltd. | Method and system for determining initial execution of an attack |
US10440036B2 (en) * | 2015-12-09 | 2019-10-08 | Checkpoint Software Technologies Ltd | Method and system for modeling all operations and executions of an attack and malicious process entry |
CN105574410B (zh) * | 2015-12-15 | 2018-07-31 | 北京金山安全软件有限公司 | 一种应用程序的安全检测方法及装置 |
CN105608375A (zh) * | 2015-12-17 | 2016-05-25 | 北京金山安全软件有限公司 | 一种进程信息获取方法及装置 |
CN105608377A (zh) * | 2015-12-24 | 2016-05-25 | 国家电网公司 | 一种信息系统进程安全管理系统及管理方法 |
CN105630636A (zh) * | 2016-01-26 | 2016-06-01 | 陈谦 | 一种智能电子设备操作系统的动态恢复方法及其装置 |
CN107292169B (zh) * | 2016-03-31 | 2021-04-16 | 阿里巴巴集团控股有限公司 | 恶意软件的威胁溯源方法及装置 |
CN106156610B (zh) * | 2016-06-29 | 2019-02-12 | 珠海豹趣科技有限公司 | 一种进程路径获取方法、装置和电子设备 |
CN106156612B (zh) * | 2016-07-04 | 2019-04-26 | 北京金山安全软件有限公司 | 防止用户界面特权隔离被攻击的方法、装置及终端设备 |
CN106169049B (zh) * | 2016-07-12 | 2019-04-09 | 珠海豹趣科技有限公司 | 一种处理线程注册的方法、装置及电子设备 |
CN106228062B (zh) * | 2016-07-12 | 2019-04-26 | 珠海豹趣科技有限公司 | 一种处理进程注册的方法、装置及电子设备 |
CN106560833A (zh) * | 2016-07-22 | 2017-04-12 | 哈尔滨安天科技股份有限公司 | 一种基于文件头检测感染式病毒的方法及系统 |
CN107666464B (zh) * | 2016-07-28 | 2020-11-06 | 腾讯科技(深圳)有限公司 | 一种信息处理方法及服务器 |
CN106709330B (zh) * | 2016-07-29 | 2020-04-21 | 腾讯科技(深圳)有限公司 | 记录文件执行行为的方法及装置 |
US11120106B2 (en) | 2016-07-30 | 2021-09-14 | Endgame, Inc. | Hardware—assisted system and method for detecting and analyzing system calls made to an operating system kernel |
US10534910B1 (en) * | 2016-10-04 | 2020-01-14 | Hewlett-Packard Development Company, L.P. | Using threat model to monitor host execution |
US11616812B2 (en) | 2016-12-19 | 2023-03-28 | Attivo Networks Inc. | Deceiving attackers accessing active directory data |
US11695800B2 (en) | 2016-12-19 | 2023-07-04 | SentinelOne, Inc. | Deceiving attackers accessing network data |
US11151247B2 (en) | 2017-07-13 | 2021-10-19 | Endgame, Inc. | System and method for detecting malware injected into memory of a computing device |
US11151251B2 (en) * | 2017-07-13 | 2021-10-19 | Endgame, Inc. | System and method for validating in-memory integrity of executable files to identify malicious activity |
US10462171B2 (en) | 2017-08-08 | 2019-10-29 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
CN107517226B (zh) * | 2017-09-30 | 2021-03-19 | 北京奇虎科技有限公司 | 基于无线网络入侵的报警方法及装置 |
US11470115B2 (en) | 2018-02-09 | 2022-10-11 | Attivo Networks, Inc. | Implementing decoys in a network environment |
US10671725B2 (en) * | 2018-03-20 | 2020-06-02 | Didi Research America, Llc | Malicious process tracking |
CN109255238B (zh) * | 2018-08-24 | 2022-01-28 | 成都网思科平科技有限公司 | 终端威胁检测与响应方法及引擎 |
CN110866253B (zh) * | 2018-12-28 | 2022-05-27 | 北京安天网络安全技术有限公司 | 一种威胁分析方法、装置、电子设备及存储介质 |
CN109784051B (zh) * | 2018-12-29 | 2021-01-15 | 360企业安全技术(珠海)有限公司 | 信息安全防护方法、装置及设备 |
EP3973427A4 (en) | 2019-05-20 | 2023-06-21 | Sentinel Labs Israel Ltd. | SYSTEMS AND METHODS FOR EXECUTABLE CODE DETECTION, AUTOMATIC FEATURE EXTRACTION, AND POSITION-INDEPENDENT CODE DETECTION |
CN110826067B (zh) * | 2019-10-31 | 2022-08-09 | 深信服科技股份有限公司 | 一种病毒检测方法、装置、电子设备及存储介质 |
CN111027071B (zh) * | 2019-12-19 | 2024-05-24 | 北京安天网络安全技术有限公司 | 一种威胁程序全行为关联分析方法及装置 |
CN111177665B (zh) * | 2019-12-27 | 2022-02-11 | 浙大网新科技股份有限公司 | 一种新生成可执行文件的安全追溯方法 |
CN111310179B (zh) * | 2020-01-22 | 2024-07-09 | 腾讯科技(深圳)有限公司 | 计算机病毒变种的分析方法、装置和计算机设备 |
CN115023699A (zh) * | 2020-03-24 | 2022-09-06 | 深圳市欢太科技有限公司 | 恶意进程的检测方法、装置、电子设备及存储介质 |
US20230300114A1 (en) * | 2020-04-21 | 2023-09-21 | Zscaler, Inc. | Endpoint Data Loss Prevention |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
CN113312201A (zh) * | 2021-06-23 | 2021-08-27 | 深信服科技股份有限公司 | 一种异常进程的处置方法及相关装置 |
US11899782B1 (en) | 2021-07-13 | 2024-02-13 | SentinelOne, Inc. | Preserving DLL hooks |
CN114692151B (zh) * | 2022-04-08 | 2023-07-18 | 成都理工大学 | 一种u盘病毒的发现方法及其应用工具 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1625121A (zh) * | 2003-12-05 | 2005-06-08 | 中国科学技术大学 | 一种分层协同的网络病毒和恶意代码识别方法 |
US6973578B1 (en) * | 2000-05-31 | 2005-12-06 | Networks Associates Technology, Inc. | System, method and computer program product for process-based selection of virus detection actions |
CN1728035A (zh) * | 2005-07-27 | 2006-02-01 | 毛德操 | 一种利用代理技术实现计算机病毒防治的方法 |
CN1801030A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 一种区分有害程序行为的方法 |
Family Cites Families (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US2196A (en) * | 1841-07-29 | Improvement in saw-mill dogs | ||
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
AU2001294083A1 (en) | 2000-08-18 | 2002-02-25 | Camelot Information Technologies Ltd. | An adaptive system and architecture for access control |
JP3790661B2 (ja) | 2000-09-08 | 2006-06-28 | インターナショナル・ビジネス・マシーンズ・コーポレーション | アクセス制御システム |
AU2002242043B2 (en) | 2001-01-31 | 2006-12-14 | Cisco Technology, Inc. | Network port profiling |
CN1282083C (zh) | 2001-09-14 | 2006-10-25 | 北京瑞星科技股份有限公司 | 计算机内存病毒监控和带毒运行方法 |
US7549164B2 (en) * | 2003-06-11 | 2009-06-16 | Symantec Corporation | Intrustion protection system utilizing layers and triggers |
US7152242B2 (en) | 2002-09-11 | 2006-12-19 | Enterasys Networks, Inc. | Modular system for detecting, filtering and providing notice about attack events associated with network security |
US20040143749A1 (en) * | 2003-01-16 | 2004-07-22 | Platformlogic, Inc. | Behavior-based host-based intrusion prevention system |
US10110632B2 (en) | 2003-03-31 | 2018-10-23 | Intel Corporation | Methods and systems for managing security policies |
US20040225877A1 (en) | 2003-05-09 | 2004-11-11 | Zezhen Huang | Method and system for protecting computer system from malicious software operation |
CN1329828C (zh) | 2003-08-06 | 2007-08-01 | 华为技术有限公司 | 一种防止计算机病毒的方法及装置 |
AU2003298193A1 (en) | 2003-12-17 | 2005-07-05 | Telecom Italia S.P.A. | Method and apparatus for monitoring operation of processing systems, related network and computer program product therefor |
EP1725946A4 (en) * | 2004-03-10 | 2012-07-11 | Enterasys Networks Inc | Dynamic Network Detection System and Method |
JP4643204B2 (ja) | 2004-08-25 | 2011-03-02 | 株式会社エヌ・ティ・ティ・ドコモ | サーバ装置 |
USH2196H1 (en) * | 2004-09-30 | 2007-07-03 | Symantec Corporation | Method for intercepting specific system calls in a specific application from applications space for security |
US20060075494A1 (en) * | 2004-10-01 | 2006-04-06 | Bertman Justin R | Method and system for analyzing data for potential malware |
JP4327698B2 (ja) * | 2004-10-19 | 2009-09-09 | 富士通株式会社 | ネットワーク型ウィルス活動検出プログラム、処理方法およびシステム |
US7409719B2 (en) | 2004-12-21 | 2008-08-05 | Microsoft Corporation | Computer security management, such as in a virtual machine or hardened operating system |
CN100547513C (zh) | 2005-02-07 | 2009-10-07 | 福建东方微点信息安全有限责任公司 | 基于程序行为分析的计算机防护方法 |
US8046831B2 (en) | 2005-03-02 | 2011-10-25 | Actiance, Inc. | Automating software security restrictions on system resources |
US20070067844A1 (en) * | 2005-09-16 | 2007-03-22 | Sana Security | Method and apparatus for removing harmful software |
JP2006330864A (ja) * | 2005-05-24 | 2006-12-07 | Hitachi Ltd | サーバ計算機システムの制御方法 |
CN100401224C (zh) | 2005-06-23 | 2008-07-09 | 福建东方微点信息安全有限责任公司 | 计算机反病毒防护系统和方法 |
GB0513375D0 (en) * | 2005-06-30 | 2005-08-03 | Retento Ltd | Computer security |
US20080134326A2 (en) * | 2005-09-13 | 2008-06-05 | Cloudmark, Inc. | Signature for Executable Code |
US7694134B2 (en) | 2005-11-11 | 2010-04-06 | Computer Associates Think, Inc. | System and method for encrypting data without regard to application |
US8453243B2 (en) | 2005-12-28 | 2013-05-28 | Websense, Inc. | Real time lockdown |
CN100461197C (zh) | 2006-05-16 | 2009-02-11 | 北京启明星辰信息技术有限公司 | 一种恶意代码自动分析系统及方法 |
JP2008021274A (ja) * | 2006-06-15 | 2008-01-31 | Interlex Inc | プロセス監視装置及び方法 |
CN101350052B (zh) | 2007-10-15 | 2010-11-03 | 北京瑞星信息技术有限公司 | 发现计算机程序的恶意行为的方法和装置 |
CN101350053A (zh) | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | 防止网页浏览器被漏洞利用的方法和装置 |
CN101350054B (zh) | 2007-10-15 | 2011-05-25 | 北京瑞星信息技术有限公司 | 计算机有害程序自动防护方法及装置 |
-
2007
- 2007-10-15 CN CN2007101624426A patent/CN101350052B/zh active Active
-
2008
- 2008-10-15 US US12/738,031 patent/US8898775B2/en active Active
- 2008-10-15 EP EP08838678A patent/EP2219130A4/en not_active Withdrawn
- 2008-10-15 WO PCT/CN2008/072698 patent/WO2009049555A1/zh active Application Filing
- 2008-10-15 JP JP2010529219A patent/JP5011436B2/ja not_active Expired - Fee Related
-
2009
- 2009-04-23 HK HK09103765.8A patent/HK1124414A1/xx not_active IP Right Cessation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6973578B1 (en) * | 2000-05-31 | 2005-12-06 | Networks Associates Technology, Inc. | System, method and computer program product for process-based selection of virus detection actions |
CN1625121A (zh) * | 2003-12-05 | 2005-06-08 | 中国科学技术大学 | 一种分层协同的网络病毒和恶意代码识别方法 |
CN1801030A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 一种区分有害程序行为的方法 |
CN1728035A (zh) * | 2005-07-27 | 2006-02-01 | 毛德操 | 一种利用代理技术实现计算机病毒防治的方法 |
Also Published As
Publication number | Publication date |
---|---|
JP2011501279A (ja) | 2011-01-06 |
JP5011436B2 (ja) | 2012-08-29 |
CN101350052A (zh) | 2009-01-21 |
WO2009049555A1 (fr) | 2009-04-23 |
US20100293615A1 (en) | 2010-11-18 |
EP2219130A1 (en) | 2010-08-18 |
US8898775B2 (en) | 2014-11-25 |
HK1124414A1 (en) | 2009-07-10 |
EP2219130A4 (en) | 2011-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101350052B (zh) | 发现计算机程序的恶意行为的方法和装置 | |
CN101350054B (zh) | 计算机有害程序自动防护方法及装置 | |
KR102307534B1 (ko) | 다수 소프트웨어 개체들에 걸쳐서 악성 행동을 트래킹하기 위한 시스템들 및 방법들 | |
Bayer et al. | A View on Current Malware Behaviors. | |
CN100401224C (zh) | 计算机反病毒防护系统和方法 | |
CN101373501B (zh) | 针对计算机病毒的动态行为捕获方法 | |
EP2893447B1 (en) | Systems and methods for automated memory and thread execution anomaly detection in a computer network | |
US7870612B2 (en) | Antivirus protection system and method for computers | |
US8578490B2 (en) | System and method for using timestamps to detect attacks | |
CN101098226B (zh) | 一种病毒在线实时处理系统及其方法 | |
CN100547513C (zh) | 基于程序行为分析的计算机防护方法 | |
KR101230271B1 (ko) | 악성 코드 탐지를 위한 시스템 및 방법 | |
US8397292B2 (en) | Method and device for online secure logging-on | |
KR100910761B1 (ko) | 프로세스 행위 예측 기법을 이용한 비정형 악성코드 탐지방법 및 그 시스템 | |
WO2001017162A1 (en) | Extensible intrusion detection system | |
CN102160048A (zh) | 收集和分析恶意软件数据 | |
KR101132197B1 (ko) | 악성 코드 자동 판별 장치 및 방법 | |
CN100557545C (zh) | 一种区分有害程序行为的方法 | |
CN115840940A (zh) | 一种无文件木马检测方法、系统、介质及设备 | |
US20230214489A1 (en) | Rootkit detection based on system dump files analysis | |
US11368377B2 (en) | Closed loop monitoring based privileged access control | |
EP3913486A1 (en) | Closed loop monitoring based privileged access control | |
Kim et al. | Linux based unauthorized process control | |
Arul et al. | Dynamic runtime protection technique against the file system injecting malwares | |
Mahmoud et al. | Redefining Malware Sandboxing: Enhancing Analysis through Sysmon and ELK Integration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1124414 Country of ref document: HK |
|
ASS | Succession or assignment of patent right |
Owner name: BEIJING RISING INTERNATIONAL TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: BEIJING RISING INTERNATIONAL SOFTWARE CO., LTD. Effective date: 20100413 |
|
C41 | Transfer of patent application or patent right or utility model | ||
COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100080 ROOM 1305, ZHONGKE BUILDING, NO.22, ZHONGGUANCUN AVENUE, BEIJING CITY TO: 100190 ROOM 1301, ZHONGKE BUILDING, NO.22, ZHONGGUANCUN AVENUE, HAIDIAN DISTRICT, BEIJING CITY |
|
TA01 | Transfer of patent application right |
Effective date of registration: 20100413 Address after: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Applicant after: Beijing Rising Information Technology Co., Ltd. Address before: 100080, room 1305, Zhongke building, 22 Zhongguancun street, Beijing Applicant before: Beijing Rising International Software Co., Ltd. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1124414 Country of ref document: HK |
|
C56 | Change in the name or address of the patentee | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee after: Beijing Rising Information Technology Co., Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee before: Beijing Rising Information Technology Co., Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee after: Beijing net an Technology Limited by Share Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee before: Beijing Rising Information Technology Co., Ltd |