CN102467631A - System and method for treating computer worms - Google Patents
System and method for treating computer worms Download PDFInfo
- Publication number
- CN102467631A CN102467631A CN2010105510835A CN201010551083A CN102467631A CN 102467631 A CN102467631 A CN 102467631A CN 2010105510835 A CN2010105510835 A CN 2010105510835A CN 201010551083 A CN201010551083 A CN 201010551083A CN 102467631 A CN102467631 A CN 102467631A
- Authority
- CN
- China
- Prior art keywords
- character string
- treatment
- computer worm
- infected
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Medical Treatment And Welfare Office Work (AREA)
Abstract
The invention provides a system and a method for treating computer worms. The system comprises an infection character string receiving module, a treatment character string generation module and a treatment character string back-transmission module, wherein the infection character string receiving module receives an infection character string generated by the computer worms from a host computer infected by the computer worms, wherein the infection character string comprises a malicious code executed by utilizing a bug program; the treatment character string generation module generates a treatment code used for treating the computer worms, and replaces the malicious code of the infection character string with the treatment code to generate a treatment character string, wherein the treatment code is executed by utilizing the bug program; and treatment character string back-transmission module transmits the treatment character string back to the infected host computer. Therefore, the bug program of the infected host computer executes the treatment code to treat the computer worms in the infected host computer.
Description
Technical field
The invention relates to a kind of computer worm therapy system and method and the embodied on computer readable programmed recording medium that stores the computer worm methods of treatment.
Background technology
Computer worm is similar with computer virus, is a kind of computer program that can self-replacation.Wherein, computer worm need not be attached in other program, does not need user's interventional procedure usually yet, just can self-replacation or execution.Not all computer worm all can directly destroy infected system, yet but harmful to network mostly.In addition, computer worm may be carried out the rubbish program code (Denial-of-Service DOS) attacks, or makes the very big degree of execution efficient of computing machine reduce, thereby influences the normal use of computing machine to start denial of service.
The topmost distribution media of computer worm is a buffer zone overflow leak.In recent years, along with the development of relevant safeguard measure, increased the difficulty of worm propagation really.Therefore, the quantity of computer worm has a declining tendency in recent years.But because none complete scheme of resolve buffer district overflow still so far, and still having the main frame of numerous quantity still not receive appropriate protection, the puppet's network (Botnets) that therefore utilizes worm to set up often becomes the instrument that the assailant obtains sudden huge profits.
So computer worm is the safety of serious threat the Internet still, and the assailant considers under the situation of commercial interest, can significantly improve worm and rogue program propagate with exist invisible, with its its time that wields influence of lengthening.Yet prior art only can be treated the computer worm that has been stored in this machine, can't suppress the propagation of computer worm.
Summary of the invention
Therefore; A purpose of the present invention is that a kind of computer worm therapy system is being provided; When infecting character string in order to receive at the computing machine that infected by computer worm; To infect the character string change is a treatment character string, and passback treatment character string is to infected computing machine, to treat the computer worm on the infected computer.The computer worm therapy system comprises one and infects character string receiver module, a treatment character string generation module and a treatment character string passback module.Infect the character string receiver module and see through network, an infected main frame that infected by a computer worm, the infection character string that the receiving computer worm is produced.Wherein, infect character string and comprise a rogue program code, and the rogue program code is to utilize a leak program and be performed.Treatment character string generation module produces the treatment procedure code in order to the treatment computer worm.The rogue program code that treatment character string generation module will infect in the character string replaces with the treatment procedure code, to produce a treatment character string.Wherein, the treatment procedure code is to utilize the leak program and be performed.Treatment character string passback module passback treatment character string is to infected main frame.So the leak program of infected main frame is carried out the treatment procedure code of treatment character string, and treats the computer worm on the infected main frame.
Another object of the present invention is that a kind of computer worm methods of treatment is being provided.In the computer worm methods of treatment; When the computing machine that infected by computer worm is received the infection character string; To infect the character string change is a treatment character string, and passback treatment character string is to infected computing machine, to treat the computer worm on the infected computer.The computer worm methods of treatment can be in fact as a computer program, and is stored in the computer-readable medium storing, and makes computing machine read object computer worm methods of treatment after this recording medium.The computer worm methods of treatment comprises: the infection character string that an infected main frame that infected by a computer worm, receiving computer worm are produced.Wherein, infect character string and comprise a rogue program code, and the rogue program code is to utilize a leak program and be performed.Generation is in order to a treatment procedure code of treatment computer worm.Wherein, the treatment procedure code is to utilize the leak program and be performed.The rogue program code that infects in the character string is replaced with the treatment procedure code, to produce a treatment character string.Passback treatment character string is to infected main frame.So the leak program of infected main frame is carried out the treatment procedure code of treatment character string, and treat the computer worm of infected main frame.
Use the present invention and have advantage.Can treat by the infected main frame of the non-local side of computer worm infection.In addition, also can make infected other main frame that infected by computer worm of main frame treatment of having treated.In addition, can avoid infected main frame to be repeated treatment.In addition, after a plurality of treatment procedure codes that utilize same leak program are integrated, can save and utilize a plurality of treatment character strings of same leak program to be uploaded to the required frequency range of infected main frame, and when infected main frame is carried out required system resource.
Description of drawings
For letting above and other objects of the present invention, characteristic, advantage and the embodiment can be more obviously understandable, the explanation of appended accompanying drawing be following:
Fig. 1 is the functional block diagram according to a kind of computer worm therapy system of an embodiment of the present invention;
Fig. 2 is the process flow diagram according to a kind of computer worm methods of treatment of another embodiment of the present invention;
Fig. 3 is an embodiment of integral treatment character string (step 520) among Fig. 2.
[primary clustering symbol description]
100: computer worm therapy system 170: the leak judge module
110: infect character string receiver module 300: infected main frame
120: treatment character string generation module 180: integrate module
130: treatment character string passback module 200: network
140: intrusion detecting module 400: the computer worm methods of treatment
150: treatment judge module 410~527: step
160: go up transmission module
Embodiment
Below will clearly demonstrate spirit of the present invention with accompanying drawing and detailed description; Has common knowledge the knowledgeable under any in the technical field after understanding preferred embodiment of the present invention; When can be by the technology of teachings of the present invention, change and modification, it does not break away from spirit of the present invention and scope.
Please with reference to Fig. 1, it illustrates the functional block diagram according to a kind of computer worm therapy system of an embodiment of the present invention.When the computer worm therapy system is received the infection character string at the computing machine that infected by computer worm; To infect the character string change is a treatment character string; And passback treatment character string is to infected computing machine, with the computer worm on the treatment infected computer.
Computer worm therapy system 100 comprises one and infects character string receiver module 110, a treatment character string generation module 120 and a treatment character string passback module 130.Infect character string receiver module 110 and see through network 200, an infected main frame 300 that infected by a computer worm, the infection character string that the receiving computer worm is produced.Wherein, infect character string and comprise a rogue program code, and the rogue program code is to utilize a leak program and be performed.Whether in addition, computer worm therapy system 100 can be detected the network character string that automatic network 200 is received, be the infection character string that infected by computer worm.Therefore, computer worm therapy system 100 can comprise an intrusion detecting module 140.When seeing through network 200 receptions one network character string, whether intrusion detecting module 140 can meet a computer worm characteristic through judging the network character string, and judges whether the network character string is infected.When the network character string met the computer worm characteristic, intrusion detecting module 140 decision network character strings were infected, and the network character string is regarded as infecting character string, received and supply to infect character string receiver module 110.Wherein, (Intrusion-detection system is IDS) as intrusion detecting module 140 for an available intruding detection system.In addition, also can there be a computer worm property data base, infeeds and invade detecting module 140 comparisons, infected by computer worm to judge the network character string.
The treatment procedure code that treatment character string generation module 120 produces in order to the treatment computer worm.The rogue program code that treatment character string generation module 120 will infect in the character string replaces with the treatment procedure code, to produce a treatment character string.Wherein, intrusion detecting module 140 can be detected the position of rogue program code in infecting character string, carries out the foundation that program code is replaced as treatment character string generation module 120.Because infected main frame 300 must have the leak program that the rogue program code utilized just can be infected, therefore can make the treatment procedure code utilize the leak program identical with the rogue program code, and by infected main frame 300 execution.
Treatment character string passback module 130 passback treatment character strings are to infected main frame 300.So the leak program of infected main frame 300 is carried out the treatment procedure code of treatment character string, and treats the computer worm on the infected main frame 300.Wherein, the treatment procedure code can make infected main frame 300 after treatment, when receiving the infection character string that the same computer worm produced, will infect character string and abandon.In addition, when the treatment procedure code also can make infected main frame 300 desire to upload the infection character string of tool computer worm, abandon the infection character string desiring to upload.Yet in other embodiments, the treatment procedure code can be treated the computer worm on the infected main frame 300 through alternate manner, is not limited to present embodiment.Thus, not only computer worm therapy system 100 can not receive the computer worm infection, also can further treat by the infected main frame 300 of the non-local side of computer worm infection.
In addition, computer worm therapy system 100 can be uploaded to the infected main frame 300 of having treated with the program code of treatment character string generation module 120 and treatment character string passback module 130.So the infected main frame 300 of having treated can be set up another treatment character string generation module and another treatment character string passback module 130, and as another computer worm therapy system.Therefore, computer worm therapy system 100 can comprise transmission module 160 on.Last transmission module 160 is uploaded a module of the program code that comprises treatment character string generation module 120 and treatment character string passback module 120 and is set up package to the infected main frame 300 of having treated.So, after infected main frame 300 execution modules of having treated are set up package, set up another treatment character string generation module and another character string passback module in the infected main frame 300 of having treated.Thus, the infected main frame 300 of having treated can be used as another computer worm therapy system, treats the main frame that other is infected by computer worm.
In addition, can make the infected main frame 300 of having treated, require download module to set up package to computer worm therapy system 100 through the treatment procedure code.Therefore, the treatment procedure code can comprise in order to computer worm therapy system 100 is transmitted the download instruction that a download requires.So the treatment procedure code utilizes the leak program and after making infected main frame 300 carry out download instruction, infected main frame 300 can transmit downloading requests to computer worm therapy system 100.When computer worm therapy system 100 was received downloading request, transmission module was set up package to infected main frame 300 on transmission module 160 began in the triggering.Thus, the treatment procedure code not only can be treated the computer worm on the infected main frame 300, also can make the infected main frame 300 of having treated can treat the computer worm therapy system of computer worm as another.
In addition, owing to the treatment procedure code is to utilize the leak program identical with the rogue program code to carry out, therefore possibly be regarded as a computer worm, and the main frame that transmits the treatment procedure code is repeated to transmit the treatment character string by intrusion detecting module 140.Therefore, computer worm therapy system 100 also can comprise a treatment judge module 150.When intrusion detecting module 140 decision network character strings met the computer worm characteristic, treatment judge module 150 judged whether the network character string comprises the treatment procedure code.When the network character string comprised the treatment procedure code, treatment judge module 150 judged that the infected main frame 300 that transmits the network character string was treated, and does not make treatment character string generation module 120 produce the treatment procedure code.Thus, the infected main frame 300 that can avoid repetitive therapy to treat, and save the required resource of treatment computer worm.
In addition, can utilize the treatment procedure code of the various computing machine worm of identical leak program to be integrated into a treatment character string treatment.Therefore, computer worm therapy system 100 more can comprise a leak judge module 170 and an integrate module 180.When another that infects that character string receiver module 110 receives that another computer worm produces infects character string; Leak judge module 170 is judged another leak program that another another rogue program code that infects character string is utilized, and the leak program of whether being utilized with previous rogue program code is identical.Wherein, treatment character string generation module 130 produces in order to treat another treatment procedure code of another computer worm.When the leak program of being utilized was identical, integrate module 180 was integrated into an integrated process code with the treatment procedure code of another treatment procedure code with the computer worm that before utilized identical leak program.Wherein, the integrated process code is to utilize aforementioned identical leak program and be performed.Treatment character string generation module 120 replaces with the integrated process code with another rogue program code in another infection character string, to produce an integral treatment character string.So treatment character string passback module 130 passback integral treatment character strings are utilized a plurality of computer worms of identical leak program to infected main frame 300 with treatment.Thus, can reduce the required treatment character string number of a plurality of computer worms of treatment.Therefore, can save a plurality of treatment character strings of utilizing same leak program and be uploaded to the required frequency range of infected main frame 300, and when infected main frame 300 is carried out required system resource.
Please with reference to Fig. 2, it is the process flow diagram according to a kind of computer worm methods of treatment of another embodiment of the present invention.In the computer worm methods of treatment; When the computing machine that infected by computer worm is received the infection character string; To infect the character string change is a treatment character string, and passback treatment character string is to infected computing machine, to treat the computer worm on the infected computer.The computer worm methods of treatment can be in fact as a computer program, and is stored in the computer-readable medium storing, and makes computing machine read object computer worm methods of treatment after this recording medium.Computer-readable medium storing can be ROM (read-only memory), flash memory, floppy disk, hard disk, CD, with oneself dish, tape, can or be familiar with the embodied on computer readable programmed recording medium that identical function can thought and have to this art easily by the database of network access.Computer worm methods of treatment 400 comprises:
In step 440, an infected main frame that infected by a computer worm, the infection character string that the receiving computer worm is produced.Wherein, infect character string and comprise a rogue program code, and the rogue program code is to utilize a leak program and be performed.
In step 450, produce a treatment procedure code in order to the treatment computer worm.Because infected main frame must have the leak program that the rogue program code utilized just can be infected, therefore can make the treatment procedure code utilize the leak program identical with the rogue program code, and by infected main frame execution.
In step 460, the rogue program code that infects in the character string is replaced with the treatment procedure code, to produce a treatment character string.Wherein, can detect the position of rogue program code in infecting character string earlier, the foundation when replacing as step 460.
In step 470, passback treatment character string is to infected main frame.So the leak program of infected main frame is carried out the treatment procedure code (step 480) of treatment character string, and treat the computer worm of infected main frame.Wherein, the treatment procedure code can make infected main frame after treatment, when receiving the infection character string that the same computer worm produced, will infect character string and abandon.In addition, the treatment procedure code also can make infected main frame after treatment, when desiring to upload the infection character string of tool computer worm, abandon the infection character string desiring to upload.Yet in other embodiments, the treatment procedure code can be treated the computer worm on the infected main frame through alternate manner, is not limited to present embodiment.Thus, can treat by the infected main frame of the non-local side of computer worm infection.
Whether before step 440, can detect received network character string earlier is the infection character string that infected by computer worm.Therefore, computer worm methods of treatment 400 also can comprise reception one network character string (step 410).In addition, can in step 420, judge whether the network character string meets a computer worm characteristic.Wherein, step 420 can be passed through an intruding detection system, and whether detecting network character string meets a computer worm characteristic (step 420).In addition, also can a network character string and a computer worm property data base be compared, whether meet computer worm characteristic (step 420) to judge the network character string.
In step 530, when the network character string did not meet the computer worm characteristic, the decision network character string was not for infecting character string, and normally carried out the network character string.When the network character string met the computer worm characteristic, then the decision network character string was infected, and the network character string is regarded as infecting character string, supplied step 440 to receive.
In addition, do not avoid infected main frame to be repeated treatment, therefore can when the network character string meets the computer worm characteristic, judge whether the network character string comprises treatment procedure code (step 430).When the network character string does not comprise the treatment procedure code, then the network character string is regarded as infecting character string, supply step 440 to receive.When the network character string comprised the treatment procedure code, judgement transmitted the infected main frame of the network character string that meets the computer worm characteristic by treatment (step 540), and do not produce the treatment character string it is not treated.Thus, the infected main frame that can avoid repetitive therapy to treat, and save the required resource of treatment computer worm.
In addition, can make the infected main frame of having treated also have the function of the computer worm on other main frame of treatment.Therefore, can when step 490, produce a character string generating routine and character string passback program.Wherein, the character string generating routine is in order to after execution, and the rogue program code that infects in the character string is replaced with the treatment procedure code, and produces treatment character string (step 460).Character string passback program is in order to passback treatment character string (step 470) after execution.So, can in step 500, upload the program that comprises character string generating routine and character string passback program and set up package to infected main frame.So, after the infected main frame executive routine of having treated is set up package, set up execution character string generating routine and character string passback program in the infected main frame of having treated, and can have the function of other infected main frame of treatment of step 460 and step 470.Thus, not only can treat infected main frame, also can make infected other main frame that infected by computer worm of main frame treatment of having treated.
In addition, can make the infected main frame of having treated, require voluntarily to download and set up package through the treatment procedure code.Therefore, the treatment procedure code that step 450 produced can comprise a download instruction that transmits a download requirement.So the treatment procedure code utilizes the leak program and after making infected main frame carry out download instruction, infected main frame 300 transmits downloading requests, and the uploading of beginning step 500.Thus, the treatment procedure code not only can be treated the computer worm on the infected main frame, also can make infected other infected main frame of main frame treatment of having treated.
In addition, can utilize the treatment procedure code of the various computing machine worm of identical leak program to be integrated into a treatment character string treatment.Therefore, can be when receiving another infection character string (step 510) that another computer worm produced, integral treatment character string (step 520).Please with reference to Fig. 3, it is an embodiment of integral treatment character string (step 520) among Fig. 2.Integral treatment character string (step 520) can comprise following steps:
When another that receives that another computer worm produced infects character string (step 510), judge another leak program that another another rogue program code that infects character string is utilized, the leak program of whether being utilized with previous computer worm is identical.
In step 523, when the leak program of being utilized is identical, another treatment procedure code and treatment procedure code are integrated into an integrated process code.Wherein, the integrated process code is to utilize aforementioned identical leak program and be performed.
In step 524, another another rogue program code that infects in the character string is replaced with the integrated process code, to produce an integral treatment character string.
So in step 525, passback integral treatment character string is utilized a plurality of computer worms of identical leak program to infected main frame with treatment.Thus, can reduce the required treatment character string number of a plurality of computer worms of treatment.Therefore, can save and utilize a plurality of treatment character strings of same leak program to be uploaded to the required frequency range of infected main frame, and when infected main frame is carried out required system resource.
In step 526, in the leak program of being utilized not simultaneously, another is infected another rogue program code in the character string, replace with another treatment procedure code that step 521 produces, to produce another treatment character string.
In step 527, return another treatment character string to infected main frame, to treat another computer worm.
Can know by the invention described above embodiment, use the present invention and have advantage.Can treat by the infected main frame of the non-local side of computer worm infection.In addition, also can make infected other main frame that infected by computer worm of main frame treatment of having treated.In addition, can avoid infected main frame to be repeated treatment.In addition, after a plurality of treatment procedure codes that utilize same leak program are integrated, can save and utilize a plurality of treatment character strings of same leak program to be uploaded to the required frequency range of infected main frame, and when infected main frame is carried out required system resource.
Though the present invention discloses as above with embodiment; Right its is not in order to limit the present invention; Anyly be familiar with this art; Do not breaking away from the spirit and scope of the present invention, when can doing various changes and retouching, so protection scope of the present invention is as the criterion when looking the scope that appending claims defines.
Claims (12)
1. a computer worm therapy system is characterized in that, comprises:
One infects the character string receiver module; See through network, an infected main frame that infected by a computer worm receives the infection character string that this computer worm produces; Wherein this infection character string comprises a rogue program code, and this rogue program code is to utilize a leak program and be performed;
One treatment character string generation module; Generation is in order to treat a treatment procedure code of this computer worm; And this rogue program code that will infect in the character string replaces with this treatment procedure code; To produce a treatment character string, wherein this treatment procedure code is to utilize this leak program and be performed; And
One treatment character string passback module, passback should be treated character string to this infected main frame, made this leak program of this infected main frame carry out this treatment procedure code of this treatment character string whereby, and treated this computer worm on this infected main frame.
2. computer worm therapy system according to claim 1 is characterized in that, also comprises:
One intrusion detecting module; When receiving a network character string through network, whether meet a computer worm characteristic through judging this network character string, judge whether this network character string is infected; Wherein when this network character string meets this computer worm characteristic; Judge that this network character string is infected, and this network character string is regarded as this infection character string, infect the character string receiver module for this and receive.
3. computer worm therapy system according to claim 1 is characterized in that, also comprises:
One intrusion detecting module when receiving a network character string through network, judges whether this network character string meets a computer worm characteristic; And
One treatment judge module; When this network character string meets this computer worm characteristic; Judge whether this network character string comprises this treatment procedure code; And when this network character string comprises this treatment procedure code, judge that this infected main frame that transmits this network character string was treated, and do not make treatment character string generation module produce this treatment procedure code.
4. computer worm therapy system according to claim 1 is characterized in that, also comprises:
Transmission module on one; Upload a module of the program code that comprises this treatment character string generation module and this treatment character string passback module and set up package to this infected main frame; After making this infected this module of main frame execution set up package whereby, set up another treatment character string generation module and another character string passback module in this infected main frame.
5. computer worm therapy system according to claim 4; It is characterized in that; This treatment procedure code comprises in order to this computer worm therapy system is transmitted one downloads a download instruction that requires; After making this treatment procedure code utilize this leak program whereby and making this infected main frame carry out this download instruction, this computer worm therapy system is transmitted this downloading request, should go up transmission module and upload this module and set up package to this infected main frame to trigger.
6. computer worm therapy system according to claim 1 is characterized in that, also comprises:
One leak judge module; When another that receive that another computer worm produces at this infection character string receiver module infects character string; Judge this another whether infect another leak program that another rogue program code of character string utilized identical with this leak program, wherein should the generation of treatment character string generation module in order to treat another treatment procedure code of this another computer worm; And
One integrate module; When this another leak program is identical with this leak program; This another treatment procedure code and this treatment procedure code are integrated into an integrated process code; And this another rogue program code that this treatment character string generation module is infected in the character string this another replaces with this integrated process code, and to produce an integral treatment character string, wherein this integrated process code is to utilize this leak program and be performed.
7. a computer worm methods of treatment is characterized in that, comprises:
From an infected main frame that infected by a computer worm, what receive that this computer worm produces one infects character string, and wherein this infection character string comprises a rogue program code, and this rogue program code is to utilize a leak program and be performed;
Generation is in order to treat a treatment procedure code of this computer worm, and wherein this treatment procedure code is to utilize this leak program and be performed;
This rogue program code in this infection character string is replaced with this treatment procedure code, to produce a treatment character string; And
Passback should be treated character string to this infected main frame, made this leak program of this infected main frame carry out this treatment procedure code of this treatment character string whereby, and treated this computer worm of this infected main frame.
8. computer worm methods of treatment according to claim 7 is characterized in that, also comprises:
Receive a network character string;
Judge whether this network character string meets a computer worm characteristic; And
When this network character string meets a computer worm characteristic, judge that this network character string is infected, and this network character string is regarded as this infection character string.
9. computer worm methods of treatment according to claim 7 is characterized in that, also comprises:
Receive a network character string;
Judge whether this network character string meets a computer worm characteristic;
When this network character string meets this computer worm characteristic, judge whether this network character string comprises this treatment procedure code; And
When this network character string comprises this treatment procedure code, judge that this infected main frame that transmits this network character string was treated, and do not produce this treatment procedure code.
10. computer worm methods of treatment according to claim 7 is characterized in that, also comprises:
Produce a character string generating routine, replace with this treatment procedure code, should treat character string and produce in order to this rogue program code that will infect in the character string;
Produce character string passback program, should treat character string in order to passback; And
Upload a program of the program code that comprises this character string generating routine and this character string passback program and set up package to this infected main frame; After making this infected this program of main frame execution set up package whereby; Can this rogue program code in this infection character string be replaced with this treatment procedure code; Should treat character string and produce, and passback should the treatment character string.
11. computer worm methods of treatment according to claim 10 is characterized in that, this treatment procedure code comprises in order to transmit one downloads a download instruction that requires, and this computer worm methods of treatment also comprises:
Make this treatment procedure code utilize this leak program and make this infected main frame carry out this download instruction, to transmit this downloading request;
When receiving this downloading request, begin to upload this program and set up package to this infected main frame.
12. computer worm methods of treatment according to claim 7 is characterized in that, also comprises:
Receive another infection character string that another computer worm produces;
Generation is in order to treat another treatment procedure code of this another computer worm;
Judge this another whether infect another leak program that another rogue program code of character string utilized identical with this leak program;
When this another leak program is identical with this leak program, this another treatment procedure code and this treatment procedure code are integrated into an integrated process code; And
This another rogue program code that infects this another in character string replaces with this integrated process code, and to produce an integral treatment character string, wherein this integrated process code is to utilize this leak program and be performed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010551083.5A CN102467631B (en) | 2010-11-17 | 2010-11-17 | System and method for treating computer worms |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010551083.5A CN102467631B (en) | 2010-11-17 | 2010-11-17 | System and method for treating computer worms |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102467631A true CN102467631A (en) | 2012-05-23 |
| CN102467631B CN102467631B (en) | 2014-12-17 |
Family
ID=46071260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010551083.5A Expired - Fee Related CN102467631B (en) | 2010-11-17 | 2010-11-17 | System and method for treating computer worms |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102467631B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040255163A1 (en) * | 2002-06-03 | 2004-12-16 | International Business Machines Corporation | Preventing attacks in a data processing system |
| US20090049549A1 (en) * | 2007-07-10 | 2009-02-19 | Taejoon Park | Apparatus and method for detection of malicious program using program behavior |
| CN101751530A (en) * | 2009-12-29 | 2010-06-23 | 成都市华为赛门铁克科技有限公司 | Method for detecting loophole aggressive behavior and device |
| CN101800754A (en) * | 2010-03-25 | 2010-08-11 | 中国科学院计算技术研究所 | Method for distributing patch |
-
2010
- 2010-11-17 CN CN201010551083.5A patent/CN102467631B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040255163A1 (en) * | 2002-06-03 | 2004-12-16 | International Business Machines Corporation | Preventing attacks in a data processing system |
| US20090049549A1 (en) * | 2007-07-10 | 2009-02-19 | Taejoon Park | Apparatus and method for detection of malicious program using program behavior |
| CN101751530A (en) * | 2009-12-29 | 2010-06-23 | 成都市华为赛门铁克科技有限公司 | Method for detecting loophole aggressive behavior and device |
| CN101800754A (en) * | 2010-03-25 | 2010-08-11 | 中国科学院计算技术研究所 | Method for distributing patch |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102467631B (en) | 2014-12-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101083311B1 (en) | System for detecting malicious script and method for detecting malicious script using the same | |
| US10430586B1 (en) | Methods of identifying heap spray attacks using memory anomaly detection | |
| Zhang et al. | Arrow: Generating signatures to detect drive-by downloads | |
| US9973531B1 (en) | Shellcode detection | |
| Canali et al. | Prophiler: a fast filter for the large-scale detection of malicious web pages | |
| US9602525B2 (en) | Classification of malware generated domain names | |
| US20130312081A1 (en) | Malicious code blocking system | |
| US8769692B1 (en) | System and method for detecting malware by transforming objects and analyzing different views of objects | |
| US20090064337A1 (en) | Method and apparatus for preventing web page attacks | |
| CN106549980B (en) | Malicious C & C server determination method and device | |
| WO2017086837A1 (en) | Method for detecting malicious programs and elements | |
| Kim et al. | Malicious URL protection based on attackers' habitual behavioral analysis | |
| WO2014113597A1 (en) | Detection of malicious scripting language code in a network environment | |
| KR101964148B1 (en) | Wire and wireless access point for analyzing abnormal action based on machine learning and method thereof | |
| WO2021017318A1 (en) | Cross-site scripting attack protection method and apparatus, device and storage medium | |
| CN108369541B (en) | System and method for threat risk scoring of security threats | |
| JP6505533B2 (en) | Malicious code detection | |
| CN107122657B (en) | Database agent device for defending SQL injection attack | |
| CN102208002A (en) | Novel computer virus scanning and killing device | |
| CN109327451A (en) | A kind of method, system, device and medium that the upload verifying of defence file bypasses | |
| JP2011193343A (en) | Communications network monitoring system | |
| US9275231B1 (en) | Method and apparatus for securing a computer using an optimal configuration for security software based on user behavior | |
| CN105791250B (en) | Application program detection method and device | |
| KR101181843B1 (en) | JavaScript obfuscation by hooking automatically decrypted and how to detect malicious Web sites | |
| KR20120137326A (en) | Method and apparatus to detect malicious domain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141217 Termination date: 20211117 |