CN107025407A - The malicious code detecting method and system of a kind of office document files - Google Patents
The malicious code detecting method and system of a kind of office document files Download PDFInfo
- Publication number
- CN107025407A CN107025407A CN201710175347.3A CN201710175347A CN107025407A CN 107025407 A CN107025407 A CN 107025407A CN 201710175347 A CN201710175347 A CN 201710175347A CN 107025407 A CN107025407 A CN 107025407A
- Authority
- CN
- China
- Prior art keywords
- document files
- detected
- files
- macrodoce
- office
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
Abstract
The invention discloses a kind of malicious code detecting method of office document files, document files to be detected is put into virtual sandbox first to perform, and monitor whether there is abnormal behaviour, if judging document files to be detected in the presence of if as doubtful spilling document files, and further detected;Then the macrodoce of document files to be detected is extracted, the macrodoce is matched with malice macrodoce feature database, judge document files to be detected as macrovirus document files if the match is successful, otherwise the macrodoce is run, and monitor whether there is networking behavior, further detected if in the presence of if, this method is applied to enterprise product, can effectively prevent malice office document files from entering custom system and then perform malicious act.
Description
Technical field
The present invention relates to technical field of network security, specially a kind of malicious code detecting method of office document files
And system.
Background technology
Malice office document files generally includes two kinds of situations, on the one hand grand for malice, on the other hand for spilling
The malice office files of behavior.
Macrovirus is an ancient and fashionable for a time virus, and it can infect EXE files, grand disease unlike street virus
Poison can infect office document files, there is cross-platform ability, and infect the document danger close of macrovirus, and its destructiveness is complete
All dependent on the imagination of virus authors.Macrovirus is popular when the eighties of last century nineties, later considerably long one
Make no public appearances, slowly faded out " safety loop " in the section time.Nearly 2 years, macrovirus occurred again, coordinated fishing mail, social worker's hand
The modes such as section have the imposing manner staged a comeback again.
The document for having spilling behavior is typically to be given birth to office " leak ", and word document can be allowed by using leak
Silently in other PE files of backstage, " APT " Advanced threat received much concern for nearly 2 years be generally also by hides using leakage
In the office documents in hole, then coordinating what spear type fishing mail was propagated, therefore overflow the threat ability of document to infer.Institute
It can be converted into various excessive risks according to different situations, different samples, distinct methods with the threat of Office document formats and threaten.
Nearly 2 years office document files virus is high, because common executable file can enjoy various protection systems
System, antivirus software are of interest, and take method viral built in document files to hoodwink people and obtain more efficient infection mesh
's.Such as nearly 2 years popular blackmailer's virus, powershell viruses can infect user in built-in office document files
System.
The content of the invention
In order to overcome the shortcomings of prior art, the present invention provides a kind of Malicious Code Detection of office document files
Method, by combining the multiple technologies means such as sandbox judgement, static nature are matched, chain of processes judges, final effectively recognize is overflowed
Class document files and macrovirus class document files, finally effectively prevent malice office document files from performing evil into custom system
Meaning behavior.
The technical solution adopted for the present invention to solve the technical problems is:A kind of malicious code inspection of office document files
Survey method, comprises the following steps:
(S10) document files to be detected is put into virtual sandbox to perform, and monitors whether there is abnormal behaviour, if in the presence of if
Document files to be detected is judged as doubtful spilling document files, and is further detected;
(S20) macrodoce of document files to be detected is extracted, the macrodoce is matched with malice macrodoce feature database, if
The match is successful then judges that document files to be detected, as macrovirus document files, otherwise runs the macrodoce, and monitor whether to deposit
In networking behavior, further detected if in the presence of if.
As a kind of preferred technical scheme of the present invention, document files to be detected is put into virtually in the step (S10)
It is to monitor whether to have abnormal behaviour by running the office softwares of each popular version after sandbox.
As a kind of preferred technical scheme of the present invention, monitor whether that there is abnormal behaviour includes in the step (S10):
With the presence or absence of suspicious EXE chain of processes, further detected if extracting correlation EXE files in the presence of if;
With the presence or absence of networking behavior, if judging in the presence of if, whether network matches with white list involved by networking behavior, if
With normal file is then determined as, otherwise extracts correlation EXE files and further detected.
As a kind of preferred technical scheme of the present invention, the method that extraction correlation EXE files are further detected is specific
For:EXE files are matched with file white list, are determined as normal file if the match is successful, otherwise according to existing strategy to institute
State EXE files and carry out Malicious Code Detection.
It is used as a kind of preferred technical scheme of the present invention, if the networking behavior is present, its method further detected
Including:
If networking involved by networking behavior is active, executable code is downloaded to local, and can described in determining whether
Whether maliciously to perform code;
If network involved by networking behavior has been inactivated, involved network is matched with network white list, if it fails to match
Then alarm and be determined as doubtful macrovirus document files.
The other present invention have also been devised a kind of malicious code detection system of office document files, including:
Spill file detection module, is performed for document files to be detected to be put into virtual sandbox, and monitors whether exist
Abnormal behaviour, if judging document files to be detected in the presence of if as doubtful spilling document files, and is further detected;
Macrovirus detection module, the macrodoce for extracting document files to be detected, by the macrodoce and malice grand generation
Code feature database matching, judges that document files to be detected, as macrovirus document files, otherwise runs the grand generation if the match is successful
Code, and monitor whether there is networking behavior, further detected if in the presence of if.
Compared with prior art, the beneficial effects of the invention are as follows:The present invention provides a kind of malice of office document files
Code detection method and system, on the one hand whether there is spilling behavior by monitoring document files to be detected, including:Input is virtual
Sandbox performs and judges whether abnormal behaviour;On the other hand for possessing grand document files, then document to be detected is extracted
Macrodoce in file, carries out static nature matching first, if it fails to match, macrodoce described in virtual operation, and mainly supervises
Its networking behavior is controlled, the document files for possessing malicious code is finally determine whether by the further analysis to behavior of networking.
Technical scheme of the present invention is directed to the most malice documents that presently, there are and all possesses preferably detection effect, can not only detect
Possess the malice document files of spilling behavior, while the document files containing malice macrovirus can be effectively detected, and then effectively
Prevent malice office document files from entering system, the system to user causes safely bigger threat.
Brief description of the drawings
A kind of malicious code detecting method embodiment flow chart for office document files that Fig. 1 provides for the present invention;
A kind of malicious code detection system example structure figure for office document files that Fig. 2 provides for the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
Embodiment:
As shown in figure 1, a kind of malicious code detecting method of office document files, including:
S101:Document files to be detected is put into virtual sandbox to perform, and monitors whether there is abnormal behaviour, if in the presence of if
Document files to be detected is judged as doubtful spilling document files, and is further detected.
Wherein, it is described that document files to be detected is put into virtual sandbox execution, and monitor whether there is abnormal behaviour, specifically
For:Document files to be detected is put into virtual sandbox, and runs the office softwares of each popular version, and monitors whether to exist different
Chang Hangwei.Wherein, document files to be detected is run on the office softwares of each popular version, and then monitors operation result, is made
Obtain testing result more comprehensive.
Wherein, it is described to monitor whether that there is abnormal behaviour includes but are not limited to:
With the presence or absence of suspicious EXE chain of processes, i.e., whether include suspicious EXE below female process of document files to be detected
Process, is further detected if extracting correlation EXE files in the presence of if;Then it can consider when discovery has suspicious EXE subprocess
There is the behavior for overflowing executable file in document files to be detected;
With the presence or absence of networking behavior, if judging in the presence of if, whether network matches with white list involved by networking behavior, if
With normal file is then determined as, otherwise extracts correlation EXE files and further detected.Specific implementation method can be:Will connection
The IP address of network is matched with domain name with white list involved by net behavior, and judges whether matching, is determined as if it fails to match
There is doubtful spilling networking behavior, then can further extract related EXE files and further be detected.
Wherein, the extraction correlation EXE files are further detected, are specially:
EXE files are matched with file white list, are determined as normal file if the match is successful, otherwise according to existing strategy
Malicious Code Detection is carried out to the EXE files.
S102:The macrodoce of document files to be detected is extracted, the macrodoce is matched with malice macrodoce feature database, if
The match is successful then judges that document files to be detected, as macrovirus document files, otherwise performs S103.
Wherein, step S102 can first judge whether macrodoce passes through encryption, if by encryption, directly holding
Row S103.
S103:The macrodoce is run, and monitors whether there is networking behavior, is further detected if in the presence of if.Remove
Monitor whether to there is networking behavior, can also monitor whether there is malicious act, include but is not limited to:Delete file, encryption
The obvious malicious operation such as user file, if so, then can directly be determined as macrovirus document files.
Wherein, it is described to monitor whether there is networking behavior, further detected if in the presence of if, specifically include but do not limit
In:
If networking involved by networking behavior is active, executable code is downloaded to local, and can described in determining whether
Whether maliciously to perform code;
If network involved by networking behavior has been inactivated, involved network is matched with network white list, if it fails to match
Then alarm and be determined as doubtful macrovirus document files.Wherein, it is described by involved network matched with network white list can with but
It is not limited to:The IP or domain name of involved network are matched with corresponding white list.
As shown in Fig. 2 the invention provides a kind of malicious code detection system of office document files, including:
Spill file detection module 201, is performed, and monitor whether to deposit for document files to be detected to be put into virtual sandbox
In abnormal behaviour, if judging document files to be detected in the presence of if as doubtful spilling document files, and further detected;
Macrovirus detection module 202, the macrodoce for extracting document files to be detected is grand by the macrodoce and malice
Code characteristic storehouse is matched, and judges that document files to be detected, as macrovirus document files, is otherwise run described grand if the match is successful
Code, and monitor whether there is networking behavior, further detected if in the presence of if.
Each embodiment in this specification is described by the way of progressive, same or analogous between each embodiment
Part is mutually referring to what each embodiment was stressed is the difference with other embodiment.Especially for system
For embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is implemented referring to method
The part explanation of example.
As described above, the malicious code detecting method and system that above-described embodiment gives a kind of office document files are real
Example is applied, is detected by the malicious code for two common at present classes for office document files, a class is to overflow class
Document files, another kind of is macrovirus document files, and above-described embodiment is provided to possess and is directed to for the characteristic of two class malicious codes
Property detection scheme, Static Detection and dynamic effective monitoring are combined and then the document files that can pinpoint the problems in time, effectively resistance
Only malice office document files causes further loss into custom system.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit is required rather than described above is limited, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the present invention.Any reference in claim should not be considered as to the claim involved by limitation.
Claims (6)
1. a kind of malicious code detecting method of office document files, it is characterised in that:Comprise the following steps:
(S10) document files to be detected is put into virtual sandbox to perform, and monitors whether there is abnormal behaviour, if judging in the presence of if
Document files to be detected is doubtful spilling document files, and is further detected;
(S20) macrodoce of document files to be detected is extracted, the macrodoce is matched with malice macrodoce feature database, if matching
It is successful then judge document files to be detected as macrovirus document files, the macrodoce is otherwise run, and monitor whether there is connection
Net behavior, is further detected if in the presence of if.
2. a kind of malicious code detecting method of office document files according to claim 1, it is characterised in that:It is described
Document files to be detected is put into after virtual sandbox in step (S10), be by run the office softwares of each popular version come
Monitor whether there is abnormal behaviour.
3. a kind of malicious code detecting method of office document files according to claim 1, it is characterised in that:It is described
Monitor whether that there is abnormal behaviour includes in step (S10):
With the presence or absence of suspicious EXE chain of processes, further detected if extracting correlation EXE files in the presence of if;
With the presence or absence of networking behavior, if judging in the presence of if, whether network matches with white list involved by networking behavior, if matching
It is determined as normal file, otherwise extracts correlation EXE files and further detected.
4. a kind of malicious code detecting method of office document files according to claim 3, it is characterised in that:Extract
The method that related EXE files are further detected is specially:EXE files are matched with file white list, if the match is successful
It is determined as normal file, Malicious Code Detection otherwise is carried out to the EXE files according to existing strategy.
5. a kind of Novel lifesaving hammer according to claim 3, it is characterised in that if the networking behavior is present, it enters
The method of one step detection includes:
If networking involved by networking behavior is active, executable code is downloaded to local, and determine whether described can perform
Maliciously whether code;
If network involved by networking behavior has been inactivated, involved network is matched with network white list, reported if it fails to match
Warn and be determined as doubtful macrovirus document files.
6. a kind of malicious code detection system of office document files, it is characterised in that including:
Spill file detection module, is performed for document files to be detected to be put into virtual sandbox, and monitors whether there is exception
Behavior, if judging document files to be detected in the presence of if as doubtful spilling document files, and is further detected;
Macrovirus detection module, the macrodoce for extracting document files to be detected is special by the macrodoce and malice macrodoce
Storehouse matching is levied, judges that document files to be detected, as macrovirus document files, otherwise runs the macrodoce if the match is successful, and
Monitor whether there is networking behavior, further detected if in the presence of if.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710175347.3A CN107025407A (en) | 2017-03-22 | 2017-03-22 | The malicious code detecting method and system of a kind of office document files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710175347.3A CN107025407A (en) | 2017-03-22 | 2017-03-22 | The malicious code detecting method and system of a kind of office document files |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107025407A true CN107025407A (en) | 2017-08-08 |
Family
ID=59525724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710175347.3A Pending CN107025407A (en) | 2017-03-22 | 2017-03-22 | The malicious code detecting method and system of a kind of office document files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107025407A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108182363A (en) * | 2017-12-25 | 2018-06-19 | 哈尔滨安天科技股份有限公司 | Detection method, system and the storage medium of embedded office documents |
| CN108197472A (en) * | 2017-12-20 | 2018-06-22 | 北京金山安全管理系统技术有限公司 | macro processing method, device, storage medium and processor |
| CN108804921A (en) * | 2018-05-29 | 2018-11-13 | 中国科学院信息工程研究所 | The going of a kind of PowerShell codes obscures method and device |
| CN109033831A (en) * | 2018-06-22 | 2018-12-18 | 珠海市君天电子科技有限公司 | A kind of method for detecting virus, device, electronic equipment and storage medium |
| CN109104429A (en) * | 2018-09-05 | 2018-12-28 | 广东石油化工学院 | A kind of detection method for network fraud information |
| CN109918622A (en) * | 2019-02-27 | 2019-06-21 | 中国地质大学(武汉) | The method and system converted from Word document to LaTeX document are realized based on JAVA |
| CN110648118A (en) * | 2019-09-27 | 2020-01-03 | 深信服科技股份有限公司 | Fish fork mail detection method and device, electronic equipment and readable storage medium |
| CN110737894A (en) * | 2018-12-04 | 2020-01-31 | 哈尔滨安天科技集团股份有限公司 | Composite document security detection method and device, electronic equipment and storage medium |
| CN110858170A (en) * | 2018-08-23 | 2020-03-03 | 阿里巴巴集团控股有限公司 | Sandbox component, data abnormity monitoring method, equipment and storage medium |
| CN110866256A (en) * | 2019-11-12 | 2020-03-06 | 深信服科技股份有限公司 | Macro code detection method, device, equipment and storage medium |
| CN111723373A (en) * | 2019-03-19 | 2020-09-29 | 国家计算机网络与信息安全管理中心 | Vulnerability exploitation file detection method and device of composite binary document |
| CN113515744A (en) * | 2021-03-24 | 2021-10-19 | 杭州安恒信息技术股份有限公司 | Malicious document detection method, device and system, electronic device and storage medium |
| CN113742475A (en) * | 2021-09-10 | 2021-12-03 | 绿盟科技集团股份有限公司 | Office document detection method, apparatus, device and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102841999A (en) * | 2012-07-16 | 2012-12-26 | 北京奇虎科技有限公司 | Method and device for detecting macro virus of files |
| CN103246847A (en) * | 2013-05-13 | 2013-08-14 | 腾讯科技(深圳)有限公司 | Method and device for scanning and killing macro viruses |
| CN103500309A (en) * | 2013-09-26 | 2014-01-08 | 北京奇虎科技有限公司 | Method and device for detecting and killing macro virus |
| CN103970574A (en) * | 2014-05-22 | 2014-08-06 | 北京奇虎科技有限公司 | Office program running method and device and computer system |
| CN104794397A (en) * | 2014-01-22 | 2015-07-22 | 腾讯科技(深圳)有限公司 | Virus detection method and device |
-
2017
- 2017-03-22 CN CN201710175347.3A patent/CN107025407A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102841999A (en) * | 2012-07-16 | 2012-12-26 | 北京奇虎科技有限公司 | Method and device for detecting macro virus of files |
| CN103246847A (en) * | 2013-05-13 | 2013-08-14 | 腾讯科技(深圳)有限公司 | Method and device for scanning and killing macro viruses |
| CN103500309A (en) * | 2013-09-26 | 2014-01-08 | 北京奇虎科技有限公司 | Method and device for detecting and killing macro virus |
| CN104794397A (en) * | 2014-01-22 | 2015-07-22 | 腾讯科技(深圳)有限公司 | Virus detection method and device |
| CN103970574A (en) * | 2014-05-22 | 2014-08-06 | 北京奇虎科技有限公司 | Office program running method and device and computer system |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108197472A (en) * | 2017-12-20 | 2018-06-22 | 北京金山安全管理系统技术有限公司 | macro processing method, device, storage medium and processor |
| CN108182363A (en) * | 2017-12-25 | 2018-06-19 | 哈尔滨安天科技股份有限公司 | Detection method, system and the storage medium of embedded office documents |
| CN108182363B (en) * | 2017-12-25 | 2022-01-07 | 安天科技集团股份有限公司 | Detection method, system and storage medium of embedded office document |
| CN108804921A (en) * | 2018-05-29 | 2018-11-13 | 中国科学院信息工程研究所 | The going of a kind of PowerShell codes obscures method and device |
| CN109033831A (en) * | 2018-06-22 | 2018-12-18 | 珠海市君天电子科技有限公司 | A kind of method for detecting virus, device, electronic equipment and storage medium |
| CN110858170A (en) * | 2018-08-23 | 2020-03-03 | 阿里巴巴集团控股有限公司 | Sandbox component, data abnormity monitoring method, equipment and storage medium |
| CN110858170B (en) * | 2018-08-23 | 2023-06-30 | 阿里巴巴集团控股有限公司 | Data anomaly monitoring method and device |
| CN109104429A (en) * | 2018-09-05 | 2018-12-28 | 广东石油化工学院 | A kind of detection method for network fraud information |
| CN109104429B (en) * | 2018-09-05 | 2021-09-28 | 广东石油化工学院 | Detection method for phishing information |
| CN110737894A (en) * | 2018-12-04 | 2020-01-31 | 哈尔滨安天科技集团股份有限公司 | Composite document security detection method and device, electronic equipment and storage medium |
| CN109918622A (en) * | 2019-02-27 | 2019-06-21 | 中国地质大学(武汉) | The method and system converted from Word document to LaTeX document are realized based on JAVA |
| CN111723373A (en) * | 2019-03-19 | 2020-09-29 | 国家计算机网络与信息安全管理中心 | Vulnerability exploitation file detection method and device of composite binary document |
| CN110648118A (en) * | 2019-09-27 | 2020-01-03 | 深信服科技股份有限公司 | Fish fork mail detection method and device, electronic equipment and readable storage medium |
| CN110866256A (en) * | 2019-11-12 | 2020-03-06 | 深信服科技股份有限公司 | Macro code detection method, device, equipment and storage medium |
| CN113515744A (en) * | 2021-03-24 | 2021-10-19 | 杭州安恒信息技术股份有限公司 | Malicious document detection method, device and system, electronic device and storage medium |
| CN113742475A (en) * | 2021-09-10 | 2021-12-03 | 绿盟科技集团股份有限公司 | Office document detection method, apparatus, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107025407A (en) | The malicious code detecting method and system of a kind of office document files | |
| CN106790186B (en) | Multi-step attack detection method based on multi-source abnormal event correlation analysis | |
| CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
| CN104091121B (en) | The detection, excision and the method recovered of the malicious code of bag Malware are beaten again Android | |
| CN102841999B (en) | A kind of file method and a device for detecting macro virus | |
| EP1995929A2 (en) | Distributed system for the detection of eThreats | |
| CN103905459A (en) | Cloud-based intelligent security defense system and defense method | |
| CN106953855B (en) | Method for intrusion detection of GOOSE message of IEC61850 digital substation | |
| CN103118036A (en) | Cloud end based intelligent security protection system and method | |
| CN113422771A (en) | Threat early warning method and system | |
| CN103957205A (en) | Trojan horse detection method based on terminal traffic | |
| CN104008332A (en) | Intrusion detection system based on Android platform | |
| CN106599688A (en) | Application category-based Android malicious software detection method | |
| CN103150511A (en) | Safety protection system | |
| CN101873231B (en) | Network intrusion character configuration method and system | |
| CN101699787B (en) | Worm detection method used for peer-to-peer network | |
| CN104598820A (en) | Trojan virus detection method based on feature behavior activity | |
| CN107122659A (en) | A kind of method of malicious code or leak in quick positioning Android application software | |
| CN108171054A (en) | The detection method and system of a kind of malicious code for social deception | |
| CN105205356A (en) | APP application re-packaging detection method | |
| CN103268449A (en) | Method and system for detecting mobile phone malicious codes at high speed | |
| CN103955644B (en) | A kind of static Trojan detecting method based on terminal self-starting | |
| CN110287704A (en) | A kind of loophole software dependence construction method based on loophole map | |
| KR100688604B1 (en) | Apparatus and method for intercepting malicious executable code in the network | |
| CN106650447A (en) | Method and system for preventing PowerShell malicious code execution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170808 |
|
| RJ01 | Rejection of invention patent application after publication |