CN102542196A - 一种恶意代码发现和预防方法 - Google Patents
一种恶意代码发现和预防方法 Download PDFInfo
- Publication number
- CN102542196A CN102542196A CN2011103752976A CN201110375297A CN102542196A CN 102542196 A CN102542196 A CN 102542196A CN 2011103752976 A CN2011103752976 A CN 2011103752976A CN 201110375297 A CN201110375297 A CN 201110375297A CN 102542196 A CN102542196 A CN 102542196A
- Authority
- CN
- China
- Prior art keywords
- malicious code
- kernel objects
- kernel
- title
- malicious
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000002265 prevention Effects 0.000 claims abstract description 18
- 230000008878 coupling Effects 0.000 claims description 6
- 238000010168 coupling process Methods 0.000 claims description 6
- 238000005859 coupling reaction Methods 0.000 claims description 6
- 230000026676 system process Effects 0.000 claims description 3
- 208000015181 infectious disease Diseases 0.000 claims 4
- 230000000903 blocking effect Effects 0.000 claims 1
- 238000001514 detection method Methods 0.000 abstract description 14
- 238000001914 filtration Methods 0.000 abstract description 8
- 230000003068 static effect Effects 0.000 abstract description 6
- 238000012544 monitoring process Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 6
- 241000700605 Viruses Species 0.000 description 5
- 244000188472 Ilex paraguariensis Species 0.000 description 4
- 230000002155 anti-virotic effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000035772 mutation Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000036039 immunity Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
Description
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110375297.6A CN102542196B (zh) | 2011-11-23 | 2011-11-23 | 一种恶意代码发现和预防方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110375297.6A CN102542196B (zh) | 2011-11-23 | 2011-11-23 | 一种恶意代码发现和预防方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102542196A true CN102542196A (zh) | 2012-07-04 |
CN102542196B CN102542196B (zh) | 2014-09-17 |
Family
ID=46349063
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110375297.6A Active CN102542196B (zh) | 2011-11-23 | 2011-11-23 | 一种恶意代码发现和预防方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102542196B (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102902919A (zh) * | 2012-08-30 | 2013-01-30 | 北京奇虎科技有限公司 | 一种可疑操作的识别处理方法、装置和系统 |
CN103809955A (zh) * | 2012-11-15 | 2014-05-21 | 腾讯科技(深圳)有限公司 | 结束进程的方法和装置 |
CN105303111A (zh) * | 2015-10-16 | 2016-02-03 | 珠海市君天电子科技有限公司 | 一种用户终端中恶意进程的识别方法、装置及用户终端 |
CN108875357A (zh) * | 2017-12-20 | 2018-11-23 | 北京安天网络安全技术有限公司 | 一种程序启动方法、装置、电子设备及存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101206692A (zh) * | 2006-12-20 | 2008-06-25 | 联想(北京)有限公司 | 检测进程的方法及设备 |
US20080320594A1 (en) * | 2007-03-19 | 2008-12-25 | Xuxian Jiang | Malware Detector |
CN101373505A (zh) * | 2008-06-17 | 2009-02-25 | 华为技术有限公司 | 释放句柄的方法、装置及文件删除系统 |
CN102243699A (zh) * | 2011-06-09 | 2011-11-16 | 深圳市安之天信息技术有限公司 | 一种恶意代码检测方法及系统 |
-
2011
- 2011-11-23 CN CN201110375297.6A patent/CN102542196B/zh active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101206692A (zh) * | 2006-12-20 | 2008-06-25 | 联想(北京)有限公司 | 检测进程的方法及设备 |
US20080320594A1 (en) * | 2007-03-19 | 2008-12-25 | Xuxian Jiang | Malware Detector |
CN101373505A (zh) * | 2008-06-17 | 2009-02-25 | 华为技术有限公司 | 释放句柄的方法、装置及文件删除系统 |
CN102243699A (zh) * | 2011-06-09 | 2011-11-16 | 深圳市安之天信息技术有限公司 | 一种恶意代码检测方法及系统 |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102902919A (zh) * | 2012-08-30 | 2013-01-30 | 北京奇虎科技有限公司 | 一种可疑操作的识别处理方法、装置和系统 |
CN102902919B (zh) * | 2012-08-30 | 2015-11-25 | 北京奇虎科技有限公司 | 一种可疑操作的识别处理方法、装置和系统 |
CN103809955A (zh) * | 2012-11-15 | 2014-05-21 | 腾讯科技(深圳)有限公司 | 结束进程的方法和装置 |
CN103809955B (zh) * | 2012-11-15 | 2018-10-09 | 腾讯科技(深圳)有限公司 | 结束进程的方法和装置 |
CN105303111A (zh) * | 2015-10-16 | 2016-02-03 | 珠海市君天电子科技有限公司 | 一种用户终端中恶意进程的识别方法、装置及用户终端 |
CN105303111B (zh) * | 2015-10-16 | 2019-02-15 | 珠海豹趣科技有限公司 | 一种用户终端中恶意进程的识别方法、装置及用户终端 |
CN108875357A (zh) * | 2017-12-20 | 2018-11-23 | 北京安天网络安全技术有限公司 | 一种程序启动方法、装置、电子设备及存储介质 |
CN108875357B (zh) * | 2017-12-20 | 2020-05-12 | 北京安天网络安全技术有限公司 | 一种程序启动方法、装置、电子设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN102542196B (zh) | 2014-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10055585B2 (en) | Hardware and software execution profiling | |
US7665139B1 (en) | Method and apparatus to detect and prevent malicious changes to tokens | |
EP3756121B1 (en) | Anti-ransomware systems and methods using a sinkhole at an electronic device | |
CN109471697B (zh) | 一种监控虚拟机中系统调用的方法、装置及存储介质 | |
US10515213B2 (en) | Detecting malware by monitoring execution of a configured process | |
EP3270319B1 (en) | Method and apparatus for generating dynamic security module | |
WO2015131804A1 (en) | Call stack relationship acquiring method and apparatus | |
WO2016033966A1 (zh) | 应用数据的保护方法及装置 | |
US20190114421A1 (en) | Just in time memory analysis for malware detection | |
JP5832954B2 (ja) | タグ付与装置及びタグ付与方法 | |
CN102542196B (zh) | 一种恶意代码发现和预防方法 | |
CN116502220B (zh) | 一种对抗性Java内存马的检测方法及处理方法 | |
CN103294951A (zh) | 一种基于文档型漏洞的恶意代码样本提取方法及系统 | |
US10902122B2 (en) | Just in time memory analysis for malware detection | |
CN107122656B (zh) | 一种通过自调试防止外部调试的方法和装置 | |
CN112651024A (zh) | 用于恶意代码检测的方法及装置、设备 | |
JP2016099857A (ja) | 不正プログラム対策システムおよび不正プログラム対策方法 | |
Stirparo et al. | In-memory credentials robbery on android phones | |
CN105453104B (zh) | 系统保护用文件安全管理装置和管理方法 | |
JP2012083909A (ja) | アプリケーション特性解析装置およびプログラム | |
CN108256338B (zh) | 一种基于扩展API改写的Chrome扩展敏感数据跟踪方法 | |
CN115270126B (zh) | 一种检测Java内存马的方法、装置、电子设备及存储介质 | |
JP2010134536A (ja) | パタンファイル更新システム、パタンファイル更新方法、及びパタンファイル更新プログラム | |
CN112351008B (zh) | 网络攻击分析方法、装置、可读存储介质及计算机设备 | |
Zhang et al. | Contextual approach for identifying malicious inter-component privacy leaks in android apps |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C53 | Correction of patent of invention or patent application | ||
CB02 | Change of applicant information |
Address after: 100080 Haidian District City, Zhongguancun, the main street, No. 1 Hailong building, room 1415, room 14 Applicant after: Beijing Antiy Electronic Installation Co., Ltd. Address before: 100084, 2B-521, bright city, No. 1, Nongda South Road, Beijing, Haidian District Applicant before: Beijing Antiy Electronic Installation Co., Ltd. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 100080 Beijing city Haidian District minzhuang Road No. 3, Tsinghua Science Park Building 1 Yuquan Huigu a Patentee after: Beijing ahtech network Safe Technology Ltd Address before: 100080 Haidian District City, Zhongguancun, the main street, No. 1 Hailong building, room 1415, room 14 Patentee before: Beijing Antiy Electronic Installation Co., Ltd. |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method for finding and preventing malicious codes Effective date of registration: 20190719 Granted publication date: 20140917 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Beijing ahtech network Safe Technology Ltd Registration number: 2019230000008 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20210810 Granted publication date: 20140917 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: BEIJING ANTIY NETWORK TECHNOLOGY Co.,Ltd. Registration number: 2019230000008 |