CN103632088A - 一种木马检测方法及装置 - Google Patents

一种木马检测方法及装置 Download PDF

Info

Publication number
CN103632088A
CN103632088A CN201210310462.4A CN201210310462A CN103632088A CN 103632088 A CN103632088 A CN 103632088A CN 201210310462 A CN201210310462 A CN 201210310462A CN 103632088 A CN103632088 A CN 103632088A
Authority
CN
China
Prior art keywords
described process
plot
wooden horse
memory block
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210310462.4A
Other languages
English (en)
Chinese (zh)
Inventor
聂万泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201210310462.4A priority Critical patent/CN103632088A/zh
Priority to TW101146915A priority patent/TWI554907B/zh
Priority to US13/973,229 priority patent/US9152788B2/en
Priority to EP18190007.7A priority patent/EP3422238B1/en
Priority to PCT/US2013/056562 priority patent/WO2014035857A1/en
Priority to EP13759086.5A priority patent/EP2891104B1/en
Priority to JP2015525646A priority patent/JP5882542B2/ja
Publication of CN103632088A publication Critical patent/CN103632088A/zh
Priority to US14/842,648 priority patent/US9516056B2/en
Priority to JP2016018519A priority patent/JP6165900B2/ja
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
CN201210310462.4A 2012-08-28 2012-08-28 一种木马检测方法及装置 Pending CN103632088A (zh)

Priority Applications (9)

Application Number Priority Date Filing Date Title
CN201210310462.4A CN103632088A (zh) 2012-08-28 2012-08-28 一种木马检测方法及装置
TW101146915A TWI554907B (zh) 2012-08-28 2012-12-12 Trojan horse detection method and device
US13/973,229 US9152788B2 (en) 2012-08-28 2013-08-22 Detecting a malware process
EP18190007.7A EP3422238B1 (en) 2012-08-28 2013-08-26 Detecting a malware process
PCT/US2013/056562 WO2014035857A1 (en) 2012-08-28 2013-08-26 Detecting a malware process
EP13759086.5A EP2891104B1 (en) 2012-08-28 2013-08-26 Detecting a malware process
JP2015525646A JP5882542B2 (ja) 2012-08-28 2013-08-26 マルウェアプロセスの検出
US14/842,648 US9516056B2 (en) 2012-08-28 2015-09-01 Detecting a malware process
JP2016018519A JP6165900B2 (ja) 2012-08-28 2016-02-03 マルウェアプロセスの検出

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210310462.4A CN103632088A (zh) 2012-08-28 2012-08-28 一种木马检测方法及装置

Publications (1)

Publication Number Publication Date
CN103632088A true CN103632088A (zh) 2014-03-12

Family

ID=50189431

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210310462.4A Pending CN103632088A (zh) 2012-08-28 2012-08-28 一种木马检测方法及装置

Country Status (6)

Country Link
US (2) US9152788B2 (enExample)
EP (2) EP2891104B1 (enExample)
JP (2) JP5882542B2 (enExample)
CN (1) CN103632088A (enExample)
TW (1) TWI554907B (enExample)
WO (1) WO2014035857A1 (enExample)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105608377A (zh) * 2015-12-24 2016-05-25 国家电网公司 一种信息系统进程安全管理系统及管理方法
CN106415577A (zh) * 2014-03-31 2017-02-15 赛门铁克公司 用于识别可疑事件来源的系统和方法
CN114969737A (zh) * 2022-05-26 2022-08-30 深信服科技股份有限公司 一种病毒处理的方法、装置、电子设备及介质
WO2022193630A1 (zh) * 2021-03-15 2022-09-22 清华大学 敏感数据的读取方法、装置、电子设备及存储介质
CN115766279A (zh) * 2022-12-06 2023-03-07 北京天融信网络安全技术有限公司 网络攻击取证方法、装置、电子设备及可读取存储介质

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10223530B2 (en) 2013-11-13 2019-03-05 Proofpoint, Inc. System and method of protecting client computers
WO2016186902A1 (en) * 2015-05-20 2016-11-24 Alibaba Group Holding Limited Detecting malicious files
CN106295328B (zh) 2015-05-20 2019-06-18 阿里巴巴集团控股有限公司 文件检测方法、装置及系统
US10083296B2 (en) * 2015-06-27 2018-09-25 Mcafee, Llc Detection of malicious thread suspension
US10049214B2 (en) * 2016-09-13 2018-08-14 Symantec Corporation Systems and methods for detecting malicious processes on computing devices
CN110414230B (zh) * 2019-06-21 2022-04-08 腾讯科技(深圳)有限公司 病毒查杀方法、装置、计算机设备和存储介质
CN111552962B (zh) * 2020-03-25 2024-03-01 三六零数字安全科技集团有限公司 一种基于Windows操作系统的U盘PE格式文件病毒的拦截方法
US11874920B2 (en) * 2020-12-30 2024-01-16 Acronis International Gmbh Systems and methods for preventing injections of malicious processes in software
CN113641997B (zh) * 2021-07-19 2025-03-14 卡奥斯工业智能研究院(青岛)有限公司 工业主机的安全防护方法、装置、系统及存储介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7493498B1 (en) * 2002-03-27 2009-02-17 Advanced Micro Devices, Inc. Input/output permission bitmaps for compartmentalized security
CN101826139A (zh) * 2009-12-30 2010-09-08 厦门市美亚柏科信息股份有限公司 一种非可执行文件挂马检测方法及其装置

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5812848A (en) * 1995-08-23 1998-09-22 Symantec Corporation Subclassing system for computer that operates with portable-executable (PE) modules
EP1684151A1 (en) * 2005-01-20 2006-07-26 Grant Rothwell William Computer protection against malware affection
WO2006090647A1 (ja) * 2005-02-25 2006-08-31 Matsushita Electric Industrial Co., Ltd. 処理装置
US7673345B2 (en) 2005-03-31 2010-03-02 Intel Corporation Providing extended memory protection
KR100843701B1 (ko) * 2006-11-07 2008-07-04 소프트캠프(주) 콜 스택에 기록된 정보를 이용한 에이피아이 확인방법
US7917725B2 (en) * 2007-09-11 2011-03-29 QNX Software Systems GmbH & Co., KG Processing system implementing variable page size memory organization using a multiple page per entry translation lookaside buffer
US8578483B2 (en) * 2008-07-31 2013-11-05 Carnegie Mellon University Systems and methods for preventing unauthorized modification of an operating system
CA2806368C (en) * 2009-07-29 2019-04-30 Reversinglabs Corporation Portable executable file analysis
US8572740B2 (en) 2009-10-01 2013-10-29 Kaspersky Lab, Zao Method and system for detection of previously unknown malware
TW201137660A (en) * 2009-12-23 2011-11-01 Ibm Method and system for protecting an operating system against unauthorized modification
US8468602B2 (en) 2010-03-08 2013-06-18 Raytheon Company System and method for host-level malware detection
US20120036569A1 (en) * 2010-04-05 2012-02-09 Andrew Cottrell Securing portable executable modules
KR101122650B1 (ko) * 2010-04-28 2012-03-09 한국전자통신연구원 정상 프로세스에 위장 삽입된 악성코드 탐지 장치, 시스템 및 방법
AU2011293160B2 (en) * 2010-08-26 2015-04-09 Verisign, Inc. Method and system for automatic detection and analysis of malware
TW201220186A (en) * 2010-11-04 2012-05-16 Inventec Corp Data protection method for damaged memory cells
US8955132B2 (en) 2011-04-14 2015-02-10 F-Secure Corporation Emulation for malware detection
RU2487405C1 (ru) * 2011-11-24 2013-07-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ для исправления антивирусных записей
US9614865B2 (en) * 2013-03-15 2017-04-04 Mcafee, Inc. Server-assisted anti-malware client
EP2784716A1 (en) * 2013-03-25 2014-10-01 British Telecommunications public limited company Suspicious program detection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7493498B1 (en) * 2002-03-27 2009-02-17 Advanced Micro Devices, Inc. Input/output permission bitmaps for compartmentalized security
CN101826139A (zh) * 2009-12-30 2010-09-08 厦门市美亚柏科信息股份有限公司 一种非可执行文件挂马检测方法及其装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李青: "内网管理系统中移动存储介质管理软件的设计", 《中国优秀硕士论文全文数据库》, no. 3, 15 March 2012 (2012-03-15), pages 33 - 39 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106415577A (zh) * 2014-03-31 2017-02-15 赛门铁克公司 用于识别可疑事件来源的系统和方法
CN106415577B (zh) * 2014-03-31 2020-06-16 Ca公司 用于识别可疑事件来源的系统和方法
CN105608377A (zh) * 2015-12-24 2016-05-25 国家电网公司 一种信息系统进程安全管理系统及管理方法
WO2022193630A1 (zh) * 2021-03-15 2022-09-22 清华大学 敏感数据的读取方法、装置、电子设备及存储介质
US12399842B2 (en) 2021-03-15 2025-08-26 Tsinghua University Sensitive data reading method and apparatus, electronic device, and storage medium
CN114969737A (zh) * 2022-05-26 2022-08-30 深信服科技股份有限公司 一种病毒处理的方法、装置、电子设备及介质
CN115766279A (zh) * 2022-12-06 2023-03-07 北京天融信网络安全技术有限公司 网络攻击取证方法、装置、电子设备及可读取存储介质

Also Published As

Publication number Publication date
WO2014035857A1 (en) 2014-03-06
JP2016105310A (ja) 2016-06-09
US20140068774A1 (en) 2014-03-06
JP2015523668A (ja) 2015-08-13
EP2891104A1 (en) 2015-07-08
JP6165900B2 (ja) 2017-07-19
EP3422238A1 (en) 2019-01-02
EP3422238B1 (en) 2020-03-11
EP2891104B1 (en) 2018-10-10
US20160087998A1 (en) 2016-03-24
US9152788B2 (en) 2015-10-06
JP5882542B2 (ja) 2016-03-09
TWI554907B (zh) 2016-10-21
US9516056B2 (en) 2016-12-06
TW201409272A (zh) 2014-03-01

Similar Documents

Publication Publication Date Title
CN103632088A (zh) 一种木马检测方法及装置
US8978141B2 (en) System and method for detecting malicious software using malware trigger scenarios
CN101515320B (zh) 一种攻击时漏洞检测方法及其系统
US10817211B2 (en) Method for completing a secure erase operation
CN104598823A (zh) 一种安卓系统中内核级rootkit检测方法及其系统
US11675905B2 (en) System and method for validating in-memory integrity of executable files to identify malicious activity
JP4048382B1 (ja) 情報処理システムおよびプログラム
CN104915599A (zh) 一种应用程序监控方法及终端
CN103971056A (zh) 一种防止操作系统中应用程序被卸载的方法和装置
CN114065196A (zh) Java内存马检测方法、装置、电子设备与存储介质
CN103955649B (zh) 一种安全启动终端设备的方法
CN115688106A (zh) 一种Java agent无文件注入内存马的检测方法及装置
CN115600204A (zh) 一种检测shellcode恶意代码的方法和系统及计算机设备
KR20190079002A (ko) 이동식 저장 장치 및 그의 보안 방법
CN108681670A (zh) 基于细粒度特征的Android恶意应用检测的方法及装置
CN116418593A (zh) 一种动态可信度量方法、电子设备及存储介质
CN103366115A (zh) 安全性检测方法和装置
CN117744082A (zh) 操作系统中恶意软件的检测方法及装置、存储介质
US9280666B2 (en) Method and electronic device for protecting data
EP2819055B1 (en) System and method for detecting malicious software using malware trigger scenarios
CN103927492B (zh) 一种数据处理设备及数据保护方法
CN105653931B (zh) 一种数据处理方法及电子设备
CN101739519A (zh) 用于一硬件的监控装置及监控方法
JP2008059596A (ja) 情報処理システムおよびプログラム
CN115422572A (zh) 一种基于aab文件的安全保护方法及系统

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20140312