CN103955644B - 一种基于终端自启动项的静态木马检测方法 - Google Patents
一种基于终端自启动项的静态木马检测方法 Download PDFInfo
- Publication number
- CN103955644B CN103955644B CN201410171414.0A CN201410171414A CN103955644B CN 103955644 B CN103955644 B CN 103955644B CN 201410171414 A CN201410171414 A CN 201410171414A CN 103955644 B CN103955644 B CN 103955644B
- Authority
- CN
- China
- Prior art keywords
- startup item
- record
- data
- file
- static
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000003068 static effect Effects 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 title claims abstract description 25
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 title claims abstract description 22
- 238000001514 detection method Methods 0.000 claims abstract description 31
- 238000012544 monitoring process Methods 0.000 claims abstract description 7
- 238000001914 filtration Methods 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 claims description 6
- 230000035945 sensitivity Effects 0.000 claims description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000035772 mutation Effects 0.000 description 3
- 239000002023 wood Substances 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 241000283086 Equidae Species 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410171414.0A CN103955644B (zh) | 2014-04-25 | 2014-04-25 | 一种基于终端自启动项的静态木马检测方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410171414.0A CN103955644B (zh) | 2014-04-25 | 2014-04-25 | 一种基于终端自启动项的静态木马检测方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103955644A CN103955644A (zh) | 2014-07-30 |
CN103955644B true CN103955644B (zh) | 2017-06-06 |
Family
ID=51332919
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410171414.0A Active CN103955644B (zh) | 2014-04-25 | 2014-04-25 | 一种基于终端自启动项的静态木马检测方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103955644B (zh) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104462972A (zh) * | 2014-12-19 | 2015-03-25 | 浪潮电子信息产业股份有限公司 | 一种木马查杀工具 |
CN104503807B (zh) * | 2014-12-31 | 2018-05-25 | 北京奇虎科技有限公司 | 启动项的管理方法及装置 |
CN105590053B (zh) * | 2015-12-18 | 2018-11-09 | 北京奇虎科技有限公司 | 启动项未知风险的检测方法及装置 |
CN109241734A (zh) * | 2018-08-10 | 2019-01-18 | 航天信息股份有限公司 | 一种防护软件运行效率优化方法及系统 |
CN109254805A (zh) * | 2018-09-21 | 2019-01-22 | 武汉斗鱼网络科技有限公司 | 一种应用自启动方法、终端装置及可读存储介质 |
CN110012030A (zh) * | 2019-04-23 | 2019-07-12 | 北京微步在线科技有限公司 | 一种关联检测黑客的方法及装置 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201477598U (zh) * | 2009-09-01 | 2010-05-19 | 北京鼎普科技股份有限公司 | 终端木马监测装置 |
CN103019778A (zh) * | 2012-11-30 | 2013-04-03 | 北京奇虎科技有限公司 | 开机启动项的清理方法和装置 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9213838B2 (en) * | 2011-05-13 | 2015-12-15 | Mcafee Ireland Holdings Limited | Systems and methods of processing data associated with detection and/or handling of malware |
-
2014
- 2014-04-25 CN CN201410171414.0A patent/CN103955644B/zh active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201477598U (zh) * | 2009-09-01 | 2010-05-19 | 北京鼎普科技股份有限公司 | 终端木马监测装置 |
CN103019778A (zh) * | 2012-11-30 | 2013-04-03 | 北京奇虎科技有限公司 | 开机启动项的清理方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
CN103955644A (zh) | 2014-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103955644B (zh) | 一种基于终端自启动项的静态木马检测方法 | |
Sato et al. | Detecting android malware by analyzing manifest files | |
Sun et al. | Detecting anomalous user behavior using an extended isolation forest algorithm: an enterprise case study | |
CN104598824B (zh) | 一种恶意程序检测方法及其装置 | |
Lin et al. | Identifying android malicious repackaged applications by thread-grained system call sequences | |
JP2016053956A (ja) | ウェブ基盤の悪性コード探知システムおよび方法 | |
CN103428196A (zh) | 一种基于url白名单的web应用入侵检测方法和装置 | |
KR101851233B1 (ko) | 파일 내 포함된 악성 위협 탐지 장치 및 방법, 그 기록매체 | |
WO2018099206A1 (zh) | 一种apt检测方法、系统及装置 | |
CN102768717A (zh) | 恶意文件检测的方法及装置 | |
CN109672671A (zh) | 基于智能行为分析的安全网关及安全防护系统 | |
CN105046152B (zh) | 基于函数调用图指纹的恶意软件检测方法 | |
CN103324615A (zh) | 基于搜索引擎优化的钓鱼网站探测方法及系统 | |
CN103500307A (zh) | 一种基于行为模型的移动互联网恶意应用软件检测方法 | |
CN107016298B (zh) | 一种网页篡改监测方法及装置 | |
KR101692982B1 (ko) | 로그 분석 및 특징 자동 학습을 통한 위험 감지 및 접근제어 자동화 시스템 | |
CN104598820A (zh) | 一种基于特征行为分析的木马病检测方法 | |
CN107800686A (zh) | 一种钓鱼网站识别方法和装置 | |
CN110135162A (zh) | Webshell后门识别方法、装置、设备及存储介质 | |
WO2017197942A1 (zh) | 病毒库的获取方法及装置、设备、服务器、系统 | |
CN106375303A (zh) | 攻击防御方法及装置 | |
Djanali et al. | SQL injection detection and prevention system with raspberry Pi honeypot cluster for trapping attacker | |
CN108241802A (zh) | 一种聚合多维的Android平台隐私窃取类应用自动识别方法 | |
CN104978523A (zh) | 一种基于网络热词识别的恶意样本捕获方法及系统 | |
KR20140077405A (ko) | 사이버 공격 탐지 장치 및 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20160511 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: State Grid Smart Grid Institute Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute |
|
CB02 | Change of applicant information |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute Applicant before: State Grid Smart Grid Institute |
|
COR | Change of bibliographic data | ||
GR01 | Patent grant | ||
GR01 | Patent grant |