CN105653940B - 一种基于pe文件分析攻击者来源的方法及系统 - Google Patents
一种基于pe文件分析攻击者来源的方法及系统 Download PDFInfo
- Publication number
- CN105653940B CN105653940B CN201510409741.XA CN201510409741A CN105653940B CN 105653940 B CN105653940 B CN 105653940B CN 201510409741 A CN201510409741 A CN 201510409741A CN 105653940 B CN105653940 B CN 105653940B
- Authority
- CN
- China
- Prior art keywords
- attacker
- file
- time
- stamp data
- zone boundary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 239000000284 extract Substances 0.000 claims abstract description 5
- 238000001914 filtration Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 5
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510409741.XA CN105653940B (zh) | 2015-07-14 | 2015-07-14 | 一种基于pe文件分析攻击者来源的方法及系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510409741.XA CN105653940B (zh) | 2015-07-14 | 2015-07-14 | 一种基于pe文件分析攻击者来源的方法及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105653940A CN105653940A (zh) | 2016-06-08 |
CN105653940B true CN105653940B (zh) | 2019-02-26 |
Family
ID=56482093
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510409741.XA Active CN105653940B (zh) | 2015-07-14 | 2015-07-14 | 一种基于pe文件分析攻击者来源的方法及系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105653940B (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108073808B (zh) * | 2017-12-21 | 2021-10-15 | 安天科技集团股份有限公司 | 基于pdb调试信息生成攻击者画像的方法及系统 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103886229A (zh) * | 2014-03-10 | 2014-06-25 | 珠海市君天电子科技有限公司 | 一种提取pe文件特征的方法及装置 |
CN104239448A (zh) * | 2014-09-01 | 2014-12-24 | 北京优特捷信息技术有限公司 | 一种时间序列数据的时间戳的获取方法及装置 |
CN104462968A (zh) * | 2014-12-16 | 2015-03-25 | 北京奇虎科技有限公司 | 恶意应用程序的扫描方法、装置和系统 |
CN104579662A (zh) * | 2013-10-21 | 2015-04-29 | 航天信息股份有限公司 | 基于wpki和时间戳的移动终端身份认证方法和系统 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060156397A1 (en) * | 2005-01-13 | 2006-07-13 | Steven Dai | A New Anti-spy method without using scan |
-
2015
- 2015-07-14 CN CN201510409741.XA patent/CN105653940B/zh active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104579662A (zh) * | 2013-10-21 | 2015-04-29 | 航天信息股份有限公司 | 基于wpki和时间戳的移动终端身份认证方法和系统 |
CN103886229A (zh) * | 2014-03-10 | 2014-06-25 | 珠海市君天电子科技有限公司 | 一种提取pe文件特征的方法及装置 |
CN104239448A (zh) * | 2014-09-01 | 2014-12-24 | 北京优特捷信息技术有限公司 | 一种时间序列数据的时间戳的获取方法及装置 |
CN104462968A (zh) * | 2014-12-16 | 2015-03-25 | 北京奇虎科技有限公司 | 恶意应用程序的扫描方法、装置和系统 |
Non-Patent Citations (1)
Title |
---|
一种基于PE文件的信息隐藏方法的研究与实现;杨小龙等;《学术技术》;20141118;第9卷(第2014期);全文 |
Also Published As
Publication number | Publication date |
---|---|
CN105653940A (zh) | 2016-06-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107145779B (zh) | 一种离线恶意软件日志的识别方法和装置 | |
CN104753946A (zh) | 一种基于网络流量元数据的安全分析框架 | |
CN106096040B (zh) | 基于搜索引擎的机构网站归属地判别方法及其装置 | |
CN109462575B (zh) | 一种webshell检测方法及装置 | |
CN104506484A (zh) | 一种私有协议分析与识别方法 | |
CN104699835A (zh) | 用于确定网页页面中包括兴趣点poi数据的方法及装置 | |
CN110691080B (zh) | 自动溯源方法、装置、设备及介质 | |
CN110868409A (zh) | 一种基于tcp/ip协议栈指纹的操作系统被动识别方法及系统 | |
CN102799814A (zh) | 一种钓鱼网站查找系统及方法 | |
CN110245273B (zh) | 一种获取app业务特征库的方法及相应的装置 | |
CN106776901B (zh) | 数据提取方法、装置及系统 | |
CN105577528B (zh) | 一种基于虚拟机的微信公众号数据采集方法及装置 | |
CN102222035A (zh) | 基于符号执行技术的软件行为检测系统及检测方法 | |
CN109655529A (zh) | 一种鉴别卷烟真伪的方法 | |
CN109063482B (zh) | 宏病毒识别方法、装置、存储介质及处理器 | |
CN110213124A (zh) | 基于tcp多会话的被动操作系统识别方法及装置 | |
EP3242240B1 (en) | Malicious communication pattern extraction device, malicious communication pattern extraction system, malicious communication pattern extraction method and malicious communication pattern extraction program | |
CN104601573A (zh) | 一种Android平台URL访问结果验证方法及装置 | |
CN106169050B (zh) | 一种基于网页知识发现的PoC程序提取方法 | |
CN107733886A (zh) | 一种基于逻辑回归的应用层DDoS攻击检测方法 | |
CN108521392A (zh) | 一种双向流量的sql注入攻击检测方法 | |
CN105989149A (zh) | 一种用户设备指纹的提取和识别方法及系统 | |
CN105653940B (zh) | 一种基于pe文件分析攻击者来源的方法及系统 | |
CN110572325A (zh) | 一种nat路由器流量识别方法 | |
CN102984242B (zh) | 一种应用协议的自动识别方法和装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for analyzing attacker source based on PE files Effective date of registration: 20190828 Granted publication date: 20190226 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: Y2019230000002 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
CP01 | Change in the name or title of a patent holder |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20190226 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: Y2019230000002 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right |