CN102394859B - 基于线程行为的木马窃取文件检测方法和系统 - Google Patents
基于线程行为的木马窃取文件检测方法和系统 Download PDFInfo
- Publication number
- CN102394859B CN102394859B CN201110211059.1A CN201110211059A CN102394859B CN 102394859 B CN102394859 B CN 102394859B CN 201110211059 A CN201110211059 A CN 201110211059A CN 102394859 B CN102394859 B CN 102394859B
- Authority
- CN
- China
- Prior art keywords
- thread
- file
- network
- behavior
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 104
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 title abstract description 6
- 230000008569 process Effects 0.000 claims abstract description 92
- 230000005540 biological transmission Effects 0.000 claims abstract description 36
- 238000001514 detection method Methods 0.000 claims abstract description 30
- 230000008878 coupling Effects 0.000 claims description 12
- 238000010168 coupling process Methods 0.000 claims description 12
- 238000005859 coupling reaction Methods 0.000 claims description 12
- 230000015572 biosynthetic process Effects 0.000 claims description 7
- 238000012423 maintenance Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 abstract description 3
- 238000012546 transfer Methods 0.000 description 13
- 230000009471 action Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 230000003139 buffering effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000026676 system process Effects 0.000 description 2
- 241000193610 Canis rufus Species 0.000 description 1
- 241000272201 Columbiformes Species 0.000 description 1
- 241000254158 Lampyridae Species 0.000 description 1
- 241000159243 Toxicodendron radicans Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 244000309466 calf Species 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 230000035772 mutation Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110211059.1A CN102394859B (zh) | 2011-07-27 | 2011-07-27 | 基于线程行为的木马窃取文件检测方法和系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110211059.1A CN102394859B (zh) | 2011-07-27 | 2011-07-27 | 基于线程行为的木马窃取文件检测方法和系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102394859A CN102394859A (zh) | 2012-03-28 |
CN102394859B true CN102394859B (zh) | 2014-05-14 |
Family
ID=45862068
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110211059.1A Active CN102394859B (zh) | 2011-07-27 | 2011-07-27 | 基于线程行为的木马窃取文件检测方法和系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102394859B (zh) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102629308B (zh) * | 2012-03-09 | 2015-02-18 | 北京奇虎科技有限公司 | 一种防止登录信息被盗取的方法及装置 |
CN102662591B (zh) | 2012-04-13 | 2014-11-05 | 华为终端有限公司 | 数据处理方法和装置 |
CN103455757B (zh) * | 2012-05-31 | 2016-08-17 | 北京金山安全软件有限公司 | 一种识别病毒的方法及装置 |
US9323925B2 (en) | 2013-05-30 | 2016-04-26 | Trusteer, Ltd. | Method and system for prevention of windowless screen capture |
US10083296B2 (en) * | 2015-06-27 | 2018-09-25 | Mcafee, Llc | Detection of malicious thread suspension |
CN105718495A (zh) * | 2015-08-21 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | 一种数据库层次化html报表导出方法及系统 |
CN106022111B (zh) * | 2016-07-13 | 2019-01-22 | 北京金山安全软件有限公司 | 隐藏弹出式窗口的处理方法、装置及电子设备 |
CN108363921A (zh) * | 2017-07-05 | 2018-08-03 | 北京安天网络安全技术有限公司 | 一种基于进程行为特征发现窃密木马的方法及系统 |
CN109472140B (zh) * | 2017-12-29 | 2021-11-12 | 北京安天网络安全技术有限公司 | 基于窗体标题校验阻止勒索软件加密的方法及系统 |
CN108762826B (zh) * | 2018-04-23 | 2021-09-28 | 厦门市美亚柏科信息股份有限公司 | 进程隐藏方法及计算机可读存储介质 |
CN110855705A (zh) * | 2019-11-23 | 2020-02-28 | 赣南师范大学 | 面向网络攻击与防护的无端口隐蔽通信方法 |
CN113779583B (zh) * | 2021-11-10 | 2022-02-22 | 北京微步在线科技有限公司 | 一种行为检测方法、装置、存储介质及电子设备 |
CN114070634B (zh) * | 2021-11-22 | 2024-02-27 | 安天科技集团股份有限公司 | 一种基于smtp协议的窃密行为检测方法、装置及电子设备 |
CN115543586B (zh) * | 2022-11-28 | 2023-03-17 | 成都安易迅科技有限公司 | 应用层系统进程的启动方法、装置、设备及可读存储介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1818822A (zh) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | 缓冲区溢出攻击的检测方法 |
CN101098226A (zh) * | 2006-06-27 | 2008-01-02 | 飞塔信息科技(北京)有限公司 | 一种病毒在线实时处理系统及其方法 |
CN102004882A (zh) * | 2010-11-26 | 2011-04-06 | 北京安天电子设备有限公司 | 远程线程注入型木马的检测和处理的方法和装置 |
-
2011
- 2011-07-27 CN CN201110211059.1A patent/CN102394859B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1818822A (zh) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | 缓冲区溢出攻击的检测方法 |
CN101098226A (zh) * | 2006-06-27 | 2008-01-02 | 飞塔信息科技(北京)有限公司 | 一种病毒在线实时处理系统及其方法 |
CN102004882A (zh) * | 2010-11-26 | 2011-04-06 | 北京安天电子设备有限公司 | 远程线程注入型木马的检测和处理的方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
CN102394859A (zh) | 2012-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102394859B (zh) | 基于线程行为的木马窃取文件检测方法和系统 | |
CN103391216B (zh) | 一种违规外联报警及阻断方法 | |
US8566934B2 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
US20120240234A1 (en) | Usb firewall apparatus and method | |
CN108931968A (zh) | 一种应用于工业控制系统中的网络安全防护系统及其防护方法 | |
CN102546624A (zh) | 一种网络多路入侵检测防御方法及系统 | |
CN101257678A (zh) | 一种实现移动终端软件安全检测的方法、终端及系统 | |
CN111314381A (zh) | 安全隔离网关 | |
CN110351237B (zh) | 用于数控机床的蜜罐方法及装置 | |
CN108449310B (zh) | 一种国产网络安全隔离与单向导入系统及方法 | |
CN106791627A (zh) | 网络视频监控和安防报警集成系统及其安全访问鉴权方法 | |
CN109165508A (zh) | 一种外部设备访问安全控制系统及其控制方法 | |
WO2024012135A1 (zh) | 基于接口检测的外接式防护设备和方法 | |
EP2950502B1 (en) | Apparatus and method for preventing leakage of vehicle information | |
JP2006094258A (ja) | 端末装置、そのポリシー強制方法およびそのプログラム | |
CN112231679B (zh) | 一种终端设备验证方法、装置及存储介质 | |
CN103824014A (zh) | 一种局域网内的usb端口设备的隔离认证及监控方法 | |
CN110049015A (zh) | 网络安全态势感知系统 | |
CN103078813A (zh) | 基于snmp协议的终端安全接入的控制方法 | |
CN108683644A (zh) | 一种计算机网络安全检测方法 | |
JP2003152806A (ja) | 通信路のスイッチ接続制御システム | |
CN202050425U (zh) | 一种内网设备非法外联监控系统 | |
CN107395643B (zh) | 一种基于扫描探针行为的源ip保护方法 | |
CN114401103B (zh) | Smb远程传输文件检测方法及装置,电子设备,存储介质 | |
CN107908935A (zh) | 一种基于可见光通信的在线学习方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for detecting file stealing Trojan based on thread behavior Effective date of registration: 20170621 Granted publication date: 20140514 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin Antiy Technology Co., Ltd. Registration number: 2017110000004 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20190614 Granted publication date: 20140514 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin Antiy Technology Co., Ltd. Registration number: 2017110000004 |
|
CP03 | Change of name, title or address |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin Hi-tech Industrial Development Zone, Harbin, Heilongjiang Province (838 Shikun Road) Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
CP03 | Change of name, title or address | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for detecting file stealing Trojan based on thread behavior Effective date of registration: 20190828 Granted publication date: 20140514 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: Y2019230000002 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
CP01 | Change in the name or title of a patent holder |
Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20140514 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: Y2019230000002 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right |