CN104252593B - Script monitoring method and device - Google Patents
Script monitoring method and device Download PDFInfo
- Publication number
- CN104252593B CN104252593B CN201310263489.7A CN201310263489A CN104252593B CN 104252593 B CN104252593 B CN 104252593B CN 201310263489 A CN201310263489 A CN 201310263489A CN 104252593 B CN104252593 B CN 104252593B
- Authority
- CN
- China
- Prior art keywords
- script
- function
- component
- monitoring information
- compiling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
Abstract
The application discloses a script monitoring method and a device, wherein the method comprises the following steps: acquiring monitoring information generated by a component in the process of running a script, wherein the component is a system component in an operating system; and monitoring the script according to the monitoring information. Through the method and the device, the problem that the monitoring effect of the script is poor due to the fact that the mode of adopting the plaintext to carry out virus feature matching is prone to being interfered is solved, and monitoring of the script is enhanced.
Description
Technical field
The present invention relates to computer safety fields, in particular to script monitoring method and device.
Background technique
Script file, does not need to be compiled into binary file generally, but the program by being had in operating system
It is executed, for example, Microsoft visualizes basic formula script version (Microsoft Visual Basic Script
Edition, referred to as VBScript, are also abbreviated as VBS), which is a kind of based on the basic programming language (Visual of visualization
Basic scripting language).The VBS script be do not need to be compiled into binary file then can be directly by host (for example, operation be
Wscript.exe in system) it explains source code and executes.
For script file, in the related art, antivirus software carrys out scan script file generally by characteristic information
In plain text, if being matched to characteristic information, suggest that user is virus.However for the script of encryption, if directly matching in plain text,
It matches less than anything.The antivirus software of some large manufacturers will use the script virtual machine dynamic that they voluntarily research and develop
The script of encryption is decrypted in ground, and uses the feature in the plaintext of the script after decryption matching virus base.Inventor exists
It is found in research process, since the matching process is also to carry out before host carries out actual operation processing to the script,
It is still using matched mode in plain text, therefore success of this matched result dependent on decryption.If the encryption
Script in further comprise the measures of some interference, then expected effect may be not achieved in the matching result.
For the prison for leading to script vulnerable to interference using the progress matched mode of virus characteristic in plain text in the related technology
Ineffective problem is controlled, currently no effective solution has been proposed.
Summary of the invention
This application provides a kind of script monitoring method and devices, at least to solve using progress virus characteristic matching in plain text
The mode problem that causes the monitoring effect of script bad vulnerable to interference.
According to the one aspect of the application, a kind of script monitoring method is provided, comprising: securing component is in Run Script
The monitoring information generated in the process, wherein the component is the system component in operating system;According to the monitoring information to institute
Script is stated to be monitored.
Preferably, obtaining the monitoring information that the component generates during running the script includes: hook
Compiling function or analytical function in the component;It obtains the component and executes the compiling function or the analytical function
During the monitoring information that generates.
Preferably, in the case where the script is encryption script, the compiling function in the component is linked up with;Wherein, institute
State the plaintext that monitoring information is the script that the script is decrypted in the compiling function.
Preferably, in the case where linking up with the analytical function in the component, the monitoring information is the parsing
Function carries out what syntactic analysis obtained to the script, and the monitoring information includes: component tune when executing the script
System command in one or more operating systems.
Preferably, before linking up with the compiling function or the analytical function in the component, the method is also
It include: the type for judging the script;It is determined according to the type of the script and links up with the compiling function or the hook solution
Analyse function.
Preferably, it is determined according to the type of the script and links up with the compiling function or the hook analytical function packet
It includes: in the case where the type of the script is that Microsoft visualizes basic formula VBS script, determining and link up with the compiling letter
Number;In the case where the type of the script is batch processing script, determines and link up with the analytical function.
According to the another aspect of the application, a kind of script monitoring device is additionally provided, comprising: module is obtained, for obtaining
The monitoring information that component generates during Run Script, wherein the component is the system component in operating system;Monitoring
Module, for being monitored according to the monitoring information to the script.
Preferably, the acquisition module includes: hook subelement, for linking up with compiling function or solution in the component
Analyse function;Subelement is obtained, is produced for obtaining during the component executes the compiling function or the analytical function
The raw monitoring information.
Preferably, the hook subelement, for being linked up in the component in the case where the script is encryption script
Compiling function;Wherein, the monitoring information is the script that the script is decrypted in the compiling function
In plain text.
Preferably, in the case where linking up with the analytical function in the component, the monitoring information is the parsing
Function carries out what syntactic analysis obtained to the script, and the monitoring information includes: component tune when executing the script
System command in one or more operating systems.
Preferably, described device further include: judgment module, for judging the type of the script;Determining module is used for root
It is determined according to the type of the script and links up with the compiling function or the hook analytical function.
Preferably, the determining module includes: the first determining subelement, for being Microsoft in the type of the script
In the case where visualizing basic formula VBS script, determines and link up with the compiling function;Second determines subelement, for described
In the case that the type of script is batch processing script, determines and link up with the analytical function.
Pass through the application, the monitoring information generated during Run Script using acquisition system component, according to the prison
Control information is monitored the script.Solving leads to foot vulnerable to interference using the progress matched mode of virus characteristic in plain text
The bad problem of this monitoring effect, strengthens the monitoring to script.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen
Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is the flow chart according to the script monitoring method of the embodiment of the present application;
Fig. 2 is the structural block diagram according to the script monitoring device of the embodiment of the present application;
Fig. 3 is the preferred structure block diagram one according to the script monitoring device of the embodiment of the present application;
Fig. 4 is the preferred structure block diagram two according to the script monitoring device of the embodiment of the present application;
Fig. 5 is the preferred structure block diagram three according to the script monitoring device of the embodiment of the present application;
Fig. 6 is the flow chart monitored according to the VBS script of the application preferred embodiment;
Fig. 7 is the flow chart monitored according to the BAT script of the application preferred embodiment.
Specific embodiment
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions
It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not
The sequence being same as herein executes shown or described step.
Following embodiment can be applied in computer, such as be applied in PC.Also it can be applied to and use intelligence at present
In mobile terminal in energy operating system, and it is not limited to this.For computer or mobile terminal operating system not
Particular/special requirement, as long as supporting script operation.For example, following embodiment can be applied in Windows operating system.
A kind of script monitoring method is present embodiments provided, Fig. 1 is the script monitoring method according to the embodiment of the present application
Flow chart, as shown in Figure 1, comprising the following steps that
Step S102, the monitoring information that securing component generates during Run Script, wherein the component is operation system
System component in system;
Step S104 is monitored the script according to the monitoring information.
System component in operating system can be handled the script in Run Script.In the treatment process, meeting
The monitoring information that can be used to be monitored the script is obtained, since the monitoring information is system component to script
This dynamic process of reason obtains, compared with static state compares the mode of script plaintext in the related technology, on the one hand, provide one
The new script monitor mode of kind, on the other hand, the monitoring information obtained in this way is less susceptible to interference employed in script and arranges
The influence applied, to can be improved monitoring effect to a certain extent.
System component may call at least one of in Run Script: the order of bottom, function, other association journeys
Sequence.These recalls informations can be exported and execute these orders, function when institute as monitoring information, or by system component
The information of generation is as monitoring information, it will be able to realize the monitoring to script, compared to the mode monitored in the related technology, be promoted
The effect of monitoring.
There are many mode possibility for obtaining these monitoring informations, provides a kind of preferably mode in the present embodiment: adopting
The monitoring information generated during Run Script with the mode securing component of hook system component, for example, can be hooked and be
Compiling function in system component, can be with the analytical function in hook system component.At this point, obtaining system component executes the compiling
The monitoring information generated during function or the analytical function.
Preferably, the compiling function in system component under normal circumstances can also be decrypted script.Therefore, in script
In the case where for encryption script, the compiling function in component can be hooked, the monitoring information generated in this case includes compiling
Translate the plaintext for the script that script is decrypted in function.The script obtained in this way is compiled in system component in plain text
It is obtained during translating script, the mode compared to the plaintext for using script virtual machine decryption script to obtain is more excellent, for example, making
When script being decrypted with script virtual machine, the type for the encryption script that can be decrypted is extremely limited, by using system group
Function is compiled in part script is decrypted, the type for more encrypting script can be supported, to improve the effect of monitoring.
For some scripts, the relevant information for the Basic API that the available script calls by way of hook passes through
The relevant information of the Basic API is to be monitored the script, and still, there are the following problems for this monitor mode: for example, only leading to
The behavior that the script is carried out can not be immediately arrived at by crossing Basic API information sometimes.This is because the order of this kind of script is all high
The order of layer encapsulation, for example, netuse order has been used in script, a certain machine in the accessible local area network of the order.
But in Basic API, which can be converted to many functions, and it is very difficult to be reduced into netuse order by these functions,
So that analyzing the original meaning of its more difficult script function during the script.
Preferably, can be by the way of the analytical function of hook system component for the script of the above-mentioned type, and pass through
The process that syntactic analysis is carried out to script obtains the monitoring information monitored for script.The monitoring information may include system group
The system command in one or more operating systems that part is called when executing the script.System command therein is different from bottom
The readability of API, the system command obtained by syntactic analysis are stronger, convenient for the analysis to the type script.
For example, carrying out syntactic analysis to BAT script by the cmd.exe in Windows operating system for BAT script
Later, the BAT script after analysis is divided into one or more orders, and exports these lives before these orders distribute execution
It enables to be monitored to BAT script.This mode in the related technology directly to distribute execute after system API link up with
The mode of monitoring is directly monitored brought problem to the plaintext of BAT script, such as analysis difficulty causes to monitor greatly
Effect is poor, provides preferably solution.
Preferably, the processing movement of above two mode can be carried out respectively to the script before running to script, so
Selected from the monitoring information for monitoring script of output afterwards it is relatively good, to be monitored to above-mentioned script.Another ratio
Preferably embodiment is: before the compiling function or analytical function in hanging hook assembly, judging the type of script;According to foot
This type determines hook compiling function or hook analytical function.For example, the type in script is Microsoft's visualization base
In the case where plinth formula VBS script, hook compiling function;In the case where the type of script is batch processing script, hook parsing
Function.Also, the function of the type for judging script in the preferred embodiment can by the respective function in operating system Lai
It executes.
The present embodiment additionally provides a kind of script monitoring device, which can be used to implement above-mentioned script monitoring method.
Fig. 2 is according to the structural block diagram of the script monitoring device of the embodiment of the present application, as shown in Fig. 2, the device includes: to obtain module 22
With monitoring module 24, wherein module 22 is obtained, for the monitoring information that securing component generates during Run Script,
In, component is the system component in operating system;Monitoring module 24 is coupled to above-mentioned acquisition module 22, for being believed according to monitoring
Breath is monitored script.
By above-mentioned apparatus, the monitoring information generated during Run Script using acquisition 22 securing component of module,
Wherein, component is the system component in operating system;The mode that monitoring module 24 is monitored script according to monitoring information.By
This, the system component in operating system can be handled the script in Run Script.In the treatment process, it can obtain
It can be used to the monitoring information that is monitored to the script, since the monitoring information is that system component is handled to script
This dynamic process obtains, compared with static state compares the mode of script plaintext in the related technology, on the one hand, provides a kind of new
Script monitor mode, on the other hand, the monitoring information obtained in this way is less susceptible to jamming countermeasure employed in script
It influences, to can be improved monitoring effect to a certain extent
It should be understood that module involved in the present embodiment, subelement can be realized by way of software,
It can be realized by way of hardware.Wherein described module, subelement can also in the processor, for example, a kind of place
Device is managed, including obtains module 22, monitoring module 24.Wherein, these modules, the title of subelement are not constituted in some cases
Restriction to the module itself, for example, obtaining module 22 can also be described as " for securing component during Run Script
The monitoring information 22 " of generation.
Fig. 3 be according to the preferred structure block diagram one of the script monitoring device of the embodiment of the present application, as shown in figure 3, more preferably,
The acquisition module 22 includes: hook subelement 32 and acquisition subelement 34, wherein hook subelement 32, in hanging hook assembly
Compiling function or analytical function;Subelement 34 is obtained, above-mentioned hook subelement 32 is coupled to, executes volume for securing component
The monitoring information generated during translating function or analytical function.
More preferably, above-mentioned hook subelement 32 is used for the compiling letter in the case where script is to encrypt script in hanging hook assembly
Number;Wherein, monitoring information is the plaintext for compiling the script that script is decrypted in function.
More preferably, in the case where linking up with the analytical function in 32 hanging hook assembly of subelement, monitoring information is analytical function
What syntactic analysis obtained is carried out to script, monitoring information includes: one or more operation systems that component is called in perform script
System command in system.
Fig. 4 be according to the preferred structure block diagram two of the script monitoring device of the embodiment of the present application, as shown in figure 4, more preferably,
The script monitoring device further include: judgment module 42 and determining module 44, wherein judgment module 42 is coupled to determining module 44,
For judging the type of script;Determining module 44 is coupled to and obtains module 22, for determining hook compiling according to the type of script
Function or hook analytical function.
Fig. 5 be according to the preferred structure block diagram three of the script monitoring device of the embodiment of the present application, as shown in figure 5, more preferably,
Above-mentioned determining module 44 includes: that the first determining subelement 52 and second determines subelement 54, wherein and first determines subelement 52,
It is coupled to and obtains module 22, in the case where for the type in script being that Microsoft visualizes basic formula VBS script, determine
Hook compiling function;Second determines subelement 54, is coupled to and obtains module 22, is batch processing script for the type in script
In the case of, determine hook analytical function.
It should be noted that script monitoring device described in Installation practice corresponds to above-mentioned embodiment of the method,
Concrete implementation process had carried out detailed description in embodiment of the method, and details are not described herein.
In order to keep technical solution and the implementation method of the application clearer, below in conjunction with preferred embodiment in fact
Existing process is described in detail.
Preferred embodiment one
In the platform of dynamic analysis, when VBS script obtains operation, using API hook technology, links up with and be used in memory
The decryption function of script decryption, the function are located in vbscript.dll module.Wscript.exe is when executing VBS script, meeting
Vbscript.dll is loaded as enforcement engine.For being encrypted or unencrypted function (function i.e. in script), it is necessary to pass through
After the compiling of vbscript.dll, the code of the script can be just executable by a machine.
Fig. 6 is the flow chart monitored according to the VBS script of the application preferred embodiment, as shown in fig. 6, the process includes such as
Lower step:
Step S602, navigates to the function that VBS engine is responsible for compiling, which is located in COleScript::Compile.
Step S604 has one in the compiling function when the normal execution of VBS script proceeds to this compiling function
Content pointed by field is exactly the scripted code after compiling.
Step S606 is output to the content after compiling in file, the VBS script after forming a decryption.
Step S608 can report poison for the VBS scripts match virus characteristic after decryption if having virus.
Initiative type safeguard technology is realized by the API of hook system, since the api function of system compares bottom, because
This can more completely capture the operation of the progress of corresponding demand for system.
Preferred embodiment two
In the preferred embodiment, to another script file: being illustrated for autoexec.
Autoexec: being under form sequence of maneuvers system (Windows) platform, suffix is the file of .bat.Batch processing
File is explained by system process cmd.exe and is executed.
Fig. 7 is the flow chart monitored according to the BAT script of the application preferred embodiment, as shown in fig. 7, the process includes such as
Lower step:
Step S702, cmd.exe process carries out syntactic analysis to the BAT file (i.e. autoexec) needed to be implemented.
Step S704, cmd.exe process is split each instruction.
Step S706 obtains right of execution, and print log (log) when cmd.exe process distributes execution.
Step S708, cmd.exe process distributes the instruction after segmentation.
Through the above steps, the execution order of entire BAT script can be got, provides very big side for subsequent analysis
Just.
It wherein, is the letter that stdcall Dispatch (x, x) is named as at one when cmd.exe carries out distributing execution to BAT
In number (by the symbol table of Microsoft), this function is responsible for carrying out distributing execution to the execution parsed.
This function is there are two parameter, and first parameter is to indicate the type (type) of instruction, and second parameter is one
The pointer of structural body, wherein be order performed by BAT pointed by structural body member addr_cmd.In specific implementation, right
Parsing (Dispatch) function is linked up with, and when CMD normally goes to Dispatch function, is introduced into processing function.Locating
It manages in function, by the field addr_cmd field of structural body cmd_desc_t pointed by the second parameter of Dispatch function
Pointed Unicode (UNICODE) character string is written in file and is recorded.
By the technical solution of this preferred embodiment, solves and supervised similar to the process of the script of BAT by API
Control and the plaintext directly not applicable problem of matching.
In conclusion improving the effect of monitoring and virus scan according to above-described embodiment and preferred embodiment of the application
Fruit.
Obviously, those skilled in the art should be understood that each module of the above invention, each submodule or each step can
To be realized with general computing device, they be can be concentrated on a single computing device, or be distributed in multiple calculating dresses
On network composed by setting, optionally, they can be realized with the program code that computing device can perform, it is thus possible to will
They store and are performed by computing device in the storage device, or they are fabricated to each integrated circuit modules, or
Person makes multiple modules or steps in them to single integrated circuit module to realize.In this way, the present invention is not limited to appoint
What specific hardware and software combines.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (6)
1. a kind of script monitoring method characterized by comprising
The monitoring information that securing component generates during Run Script, wherein the component is the system in operating system
Component;
The script is monitored according to the monitoring information;
Wherein, obtaining the monitoring information that the component generates during running the script includes:
Link up with compiling function or the analytical function in the component;
Obtain the monitoring information generated during the component executes the compiling function or the analytical function;
Wherein, before linking up with the compiling function or the analytical function in the component, the method also includes:
Judge the type of the script;
It is determined according to the type of the script and links up with the compiling function or the hook analytical function;
Wherein, in the case where the script is encryption script, the compiling function in the component is linked up with;Wherein, the monitoring
Information is the plaintext for the script that the script is decrypted in the compiling function.
2. the method according to claim 1, wherein the case where linking up with the analytical function in the component
Under, the monitoring information is that the analytical function obtains script progress syntactic analysis, and the monitoring information includes:
The system command in the one or more operating system that the component is called when executing the script.
3. linking up with the compiling letter the method according to claim 1, wherein determining according to the type of the script
It counts or links up with the analytical function and include:
In the case where the type of the script is that Microsoft visualizes basic formula VBS script, determines and link up with the compiling
Function;
In the case where the type of the script is batch processing script, determines and link up with the analytical function.
4. a kind of script monitoring device characterized by comprising
Obtain module, the monitoring information generated during Run Script for securing component, wherein the component is operation
System component in system;
Monitoring module, for being monitored according to the monitoring information to the script;
Wherein, the acquisition module includes:
Subelement is linked up with, for linking up with compiling function or analytical function in the component;
Subelement is obtained, is generated for obtaining during the component executes the compiling function or the analytical function
The monitoring information;
Wherein, described device further include:
Judgment module, for judging the type of the script;
Determining module links up with the compiling function or the hook analytical function for determining according to the type of the script;
Wherein, the hook subelement, for linking up with the compiling in the component in the case where the script is to encrypt script
Function;Wherein, the monitoring information is the plaintext for the script that the script is decrypted in the compiling function.
5. device according to claim 4, which is characterized in that described in being linked up in the component in the hook subelement
In the case where analytical function, the monitoring information is that the analytical function obtains script progress syntactic analysis, described
Monitoring information includes: the system life in the one or more operating system that the component is called when executing the script
It enables.
6. device according to claim 4, which is characterized in that the determining module includes: the first determining subelement, is used for
In the case where the type of the script is that Microsoft visualizes basic formula VBS script, determines and link up with the compiling function;
Second determines subelement, for determining and linking up with the analytical function in the case where the type of the script is batch processing script.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310263489.7A CN104252593B (en) | 2013-06-27 | 2013-06-27 | Script monitoring method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310263489.7A CN104252593B (en) | 2013-06-27 | 2013-06-27 | Script monitoring method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104252593A CN104252593A (en) | 2014-12-31 |
CN104252593B true CN104252593B (en) | 2019-07-30 |
Family
ID=52187479
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310263489.7A Expired - Fee Related CN104252593B (en) | 2013-06-27 | 2013-06-27 | Script monitoring method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104252593B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105303073B (en) * | 2015-11-26 | 2018-07-06 | 北京深思数盾科技股份有限公司 | Software code guard method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1983295A (en) * | 2005-12-12 | 2007-06-20 | 北京瑞星国际软件有限公司 | Method and device for recognizing virus |
CN101667230A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for monitoring script execution |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7636945B2 (en) * | 2000-07-14 | 2009-12-22 | Computer Associates Think, Inc. | Detection of polymorphic script language viruses by data driven lexical analysis |
CN100389391C (en) * | 2005-11-24 | 2008-05-21 | 北京中星微电子有限公司 | System and method for calling host software functions by using script and its compiler |
CN101587522B (en) * | 2009-06-17 | 2011-03-23 | 北京东方微点信息技术有限责任公司 | Method and system for identifying script virus |
-
2013
- 2013-06-27 CN CN201310263489.7A patent/CN104252593B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1983295A (en) * | 2005-12-12 | 2007-06-20 | 北京瑞星国际软件有限公司 | Method and device for recognizing virus |
CN101667230A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for monitoring script execution |
Also Published As
Publication number | Publication date |
---|---|
CN104252593A (en) | 2014-12-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10698668B1 (en) | Custom code transformations during compilation process | |
US10402179B1 (en) | Application randomization mechanism | |
US9471288B2 (en) | Compile based obfuscation | |
EP3097509B1 (en) | Intercepting and supervising calls to transformed operations and objects | |
US20140344569A1 (en) | Protecting data | |
EP3502944B1 (en) | Detecting script-based malware cross reference to related applications | |
US20170286644A1 (en) | Protection Method and Device for Application Data | |
Meyerovich et al. | Object views: Fine-grained sharing in browsers | |
CN109347882B (en) | Webpage Trojan horse monitoring method, device, equipment and storage medium | |
CN105022936A (en) | Class file encryption and decryption method and class file encryption and decryption device | |
EP2972828B1 (en) | Operating system support for contracts | |
CN104252594A (en) | Virus detection method and device | |
Soliman et al. | Taxonomy of malware analysis in the IoT | |
US11609985B1 (en) | Analyzing scripts to create and enforce security policies in dynamic development pipelines | |
CN103514405B (en) | The detection method of a kind of buffer overflow and system | |
WO2022078366A1 (en) | Application protection method and apparatus, device and medium | |
CN113779578B (en) | Intelligent confusion method and system for mobile terminal application | |
US10242200B1 (en) | Static analysis of vulnerabilities in application packages | |
KR101557455B1 (en) | Application Code Analysis Apparatus and Method For Code Analysis Using The Same | |
Sayed et al. | If-transpiler: Inlining of hybrid flow-sensitive security monitor for JavaScript | |
CN104252593B (en) | Script monitoring method and device | |
Feichtner | A comparative study of misapplied crypto in Android and iOS applications | |
Jones et al. | A service-oriented approach to mobile code security | |
US10200401B1 (en) | Evaluating results of multiple virtual machines that use application randomization mechanism | |
CN115174192A (en) | Application security protection method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190730 Termination date: 20200627 |