CN107967426A - A kind of detection method, defence method and the system of linux kernel Data attack - Google Patents
A kind of detection method, defence method and the system of linux kernel Data attack Download PDFInfo
- Publication number
- CN107967426A CN107967426A CN201711205897.1A CN201711205897A CN107967426A CN 107967426 A CN107967426 A CN 107967426A CN 201711205897 A CN201711205897 A CN 201711205897A CN 107967426 A CN107967426 A CN 107967426A
- Authority
- CN
- China
- Prior art keywords
- data
- linux kernel
- security
- critical
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a kind of detection method, defence method and the system of linux kernel Data attack, which includes the following steps:Spent according to linux kernel data are security-related from linux kernel extracting data security-critical data;Linux kernel data are carried out with the data flow that static analysis obtains linux kernel data;Relation obtains the data flow of security-critical data between extraction security-critical data from the data flow of linux kernel data;Critical data in linux kernel operational process is monitored, and compared with the data flow of security-critical data, if critical data deviates the data flow of security-critical data in linux kernel operational process, it is under attack then to export linux kernel data, otherwise, output linux kernel data are not affected by attack.Compared to existing kernel data attack detecting scheme, the present invention has taken into full account that the indirect branch of program data stream is intrinsic, has effectively reduced the rate of false alarm of testing result.
Description
Technical field
The invention belongs to kernel attack detecting to defend field, more particularly, to a kind of inspection of linux kernel Data attack
Survey defence method and system.
Background technology
Kernel is operating system meat and potatoes, for a safety and stablize system for, protect kernel from
The interference of other operation programs is primary.Nowadays kernel is just becoming the target of attackers, this mainly has some following reason:
First, due to the implementation of the various User space preventing mechanisms of such as ASLR, Sandbox, CFI, CPI, DEP etc., for
The attack of User space program is increasingly difficult to;
Second, the attack face of kernel is big.This is because kernel code line number is big (16.9MLOC, Linuxver4.5.4), it is
System calls more (397), and the kernel of new version also brings along new loophole and attack opportunity;
3rd, the income that attack kernel obtains is high.Kernel code is typically authorization code, and attacker would generally carry out privilege
Lifting or malicious code perform operation.The some data structures of kernel are critically important for security mechanism at the same time, distort these data
Structure causes Kernel security mechanism failure, carrys out shadow and hides the whereabouts of oneself so that attack is difficult to be found.
In recent years, the research hotspot of interior nuclear attack was gradually focused in the attack of data-only.It is this kind of attack with before
The maximum difference of attack is that data-only attacks utilize kernel data structure, no longer to change code segment, kernel function as mesh
Mark.The Attack Research for Data-only is broadly divided into two major classes both at home and abroad:Control-data is attacked and Non-control-
Data is attacked.Defence for control-data attacks is studied mainly in memory safety, kernel code integrity checking
In control stream integrity techniques, and the defence of non-control-data attacks is studied mainly in memory safety, memory
Every in discrete data stream integrity techniques.
The mode of inward-facing nuclear attack mainly experienced 3 stages.The attack of early stage towards kernel is mainly code injection
Attack, by introducing malicious code into kernel spacing, then performs this string malicious code, so as to complete to attack.For this kind of
The defence method of attack mainly has kernel code integrity protection.
As that is studied for kernel attack method gos deep into, the mode of interior nuclear attack is from code injection Evolution of Attacks to control
System stream hijack attack.This attack performs control stream by varying kernel, and most control stream guides execution malicious code at last, so that
Complete the attack to kernel.This kind of kernel attack method usually has the attack form such as ROP, JOP.For the defender of this kind of attack
Method mainly has control stream integrity protection.
There is a kind of new kernel attack pattern recent years.This kind of attack exists with interior nuclear attack difference before
Only attacked in it using the data structure in kernel, this kind of data are typically safety-related data.This kind of attack has two
Kind form:Control data are attacked and non-control-data attacks.Mainly there is control for the defence method of this kind of attack
System stream integrity protection, detection kernel data invariant and data flow integrity protection.
In conclusion the scheme of existing linux kernel attack defending system has following deficiency:
Linux kernel attack defending system based on control stream integrality is not due to accounting for attacking for kernel data
Hit, the attack towards linux kernel data can not be tackled;In addition the data flow that traditional static is analyzed can exist to dividing indirectly
Branch analysis result is inaccurate, the problem of having omission.
The content of the invention
For the disadvantages described above or Improvement requirement of the prior art, the present invention provides a kind of linux kernel Data attack
Detection method and system, do not account for kernel data its object is to solving existing kernel attack defense method and lead to not
The technical problem for the problem of tackling kernel data attack.
As an aspect of of the present present invention, the present invention provides a kind of detection method of linux kernel Data attack, including as follows
Step:
Step 1:Spent according to linux kernel data are security-related from linux kernel extracting data security-critical data;
Step 2:Linux kernel data are carried out with the data flow that static analysis obtains linux kernel data;
Step 3:Relation obtains safety-critical number between extracting security-critical data from the data flow of linux kernel data
According to data flow;
Step 4:Critical data in linux kernel operational process is monitored, and with the data flow of security-critical data
It is compared, if critical data deviates the data flow of security-critical data in linux kernel operational process, exports in Linux
Nuclear Data is under attack, and otherwise, output linux kernel data are not affected by attack.
Preferably, security-critical data includes data relevant with access rights, the relevant data of safety inspection in step 1
And the data of unique mark.
Preferably, static analysis includes the following steps in step 2:
Step 21:Linux kernel source code is translated as underlying virtual machine intermediate language;
Step 22:Alias analysis (the Alias of stream sensitive (flow-sensitive) is carried out to underlying virtual machine intermediate language
Analysis alias analysis result) is obtained;
Step 23:The data of path-sensitive (path-sensitive) are carried out using the result of alias analysis as precondition
Flow point analysis obtains the data flow of linux kernel data.
As the another aspect of invention, defence method provided by the invention includes the following steps:
Step 1:Determine whether linux kernel data are under attack by the detection method;
Step 2:When critical data is under attack in linux kernel operational process, then by linux kernel operational process
Critical data, which is rolled back to, is attacked preceding state;It is when critical data is not under attack in linux kernel operational process, then not right
Critical data is handled in linux kernel operational process.
As another aspect of the present invention, the present invention provides a kind of detecting system, including:
Data extraction module, for being pacified according to the security-related degree of linux kernel data from linux kernel extracting data
Fully closed key data;
Kernel data stream analysis module, linux kernel data are obtained for carrying out static analysis to linux kernel data
Data flow;
Critical data stream analysis module, its first input end are connected with the output terminal of kernel data stream analysis module, it
Two input terminals and the output terminal of data extraction module connect, for extracting safety-critical from the data flow of linux kernel data
Relation obtains the data flow of security-critical data between data;
Judgment module is attacked, its input terminal is connected with the output terminal of critical data stream analysis module, for linux kernel
Critical data is monitored in operational process, and compared with the data flow of security-critical data, and it is defeated according to comparative result
Go out linux kernel Data attack state.
Preferably, kernel data stream analysis module includes:
Translation unit, underlying virtual machine intermediate language is translated as with translater by linux kernel source code;
The output terminal connection of alias analysis unit, its input terminal and translation unit, for underlying virtual machine intermediate language
Carry out the sensitive alias analysis of stream and obtain alias analysis result;
Data-flow analysis unit, its input terminal are connected with the output terminal of alias analysis unit, for by the knot of alias analysis
Fruit carries out the data flow of the data-flow analysis acquisition linux kernel data of path-sensitive as precondition.
Preferably, including the defense module that is connected of output terminal input terminal with attacking judgment module, for working as linux kernel
When Data attack state is under attack, rollback processing is carried out to critical data in linux kernel operational process, is made in Linux
Critical data, which returns to, in core operational process does not attack state.
In general, by the contemplated above technical scheme of the present invention compared with prior art, it can obtain down and show
Beneficial effect:
(1) detection method of kernel data provided by the invention attack, first obtains the data flow of all kernel datas, from interior
Security-related critical data is extracted in the data flow of Nuclear Data and forms safety-related critical data stream, and monitors kernel fortune
Data flow during row, is realized to kernel data data flow attack detecting.
(2) present invention has taken into full account that the indirect branch of program data stream is intrinsic, uses the data flow point of path-sensitive
Analysis can be more accurate to the indirect branch analysis result of program, effectively reduces the rate of false alarm of testing result.On the other hand, originally
The alias analysis that invention uses stream sensitive can cause the result of data-flow analysis more accurately;Therefore inspection provided by the invention
Survey method has high accuracy.It is only capable of compared to existing kernel data attack detecting scheme, while overcomes existing detection again
The problem of kernel non-control-data attacks can not be tackled in scheme, the rate of failing to report of testing result is effectively reduced, is made
Kernel data attack can accurately be detected by obtaining the program.
(3) low overhead.The present invention is using kernel data flow graph at the same time, by the non-security-critical in kernel data flow graph
Data flow is rejected, and is avoided the problem of monitored data amount is excessively huge, is reduced the time overhead of system, is further increased and is
The execution efficiency of system.
(4) lower coupling.The present invention is connected using simple interface between various modules, and coupling is very low, can be with
Quickly complete the additions and deletions and modification of module.Allow the selection of user defined logic interface functional class, such as monitored data type.
Brief description of the drawings
Fig. 1 is the flow chart of the detection method of linux kernel Data attack provided by the invention;
Fig. 2 is that the present invention provides the principle schematic that security-critical data is extracted in detection method;
Fig. 3 is the principle schematic that the present invention provides the data flow that security-critical data is obtained in detection method;
Fig. 4 is the data flow diagram that security-critical data is obtained in detection method provided by the invention;
Fig. 5 is the functional block diagram of detecting system provided by the invention.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.As long as in addition, technical characteristic involved in each embodiment of invention described below
Not forming conflict each other can be mutually combined.
The Integral Thought of the present invention is, collects Kernel security critical data, and obtaining Kernel security by static analysis closes
The data flow diagram of key data.Linux kernel security-critical data is monitored using TSX technologies, obtains each operation for them,
Analysis obtains data flow, its data flow is compared with the datagram analyzed before, judges whether it is illegal data
Stream, if so, preventing and recovering.Finally, a detection defense mechanism towards direct interior nuclear attack, effectively detection are completed simultaneously
Defend the attack towards Kernel security critical data.
Fig. 1 is the detection method of linux kernel Data attack provided by the invention, which includes the following steps:
Step 1:Spent according to linux kernel data are security-related from linux kernel extracting data security-critical data,
As shown in Fig. 2, the quantity of security-critical data is more than the minimum data amount of generation data flow diagram
The substantial amounts of linux kernel data, for improve performance, it is necessary first to analyze linux kernel data whether with peace
Total correlation, safety-related data mainly include in linux kernel data:Data relevant with access rights, safety inspection phase
The data of pass, the data of unique mark shaped like uid, pid etc and with the relevant data of decision-making.
For the various complicated situation of data in linux kernel, filtering out with the relevant data of Kernel security at the same time, protecting
Huge data set is reduced to smaller data set by residual according to the MDS minimum data set needed for flow graph analysis.This is substantially reduced
Performance cost, while remain to the reliable accurate linux kernel data flow diagram of generation.
Step 2:Linux kernel data are carried out with the data flow diagram that static treatment obtains linux kernel data;Use static state
The method of analysis portrays the data flow of linux kernel data, with thinner granularity and more flexible pattern, can be more accurate
Really and efficiently describe the data flow diagram of linux kernel data.As Fig. 3 specifically comprises the following steps:
Step 21:Linux kernel source code is translated as first by LLVM IR (underlying virtual machine intermediate language) translater
LLVM intermediate languages;
Step 22:Then the Pass of self-defined LLVM carries out obtained LLVM intermediate languages the sensitive alias analysis of stream;
Step 23:Then the data-flow analysis that path-sensitive is carried out using the result of alias analysis as precondition obtains
The data flow diagram of linux kernel data.
Step 3:The data flow of security-related kernel data is filtered out from the data flow diagram of linux kernel data,
The final data flow diagram for being depicted as linux kernel security-critical data.
Step 4:The interface provided using IntelTSX technologies writes code realization, intercepts and captures every time for safety-critical number
According to relevant operation, obtain each state of security-critical data.
For each data to be monitored, obtain the operation each time for the data, and with step 3 in Linux
The data flow diagram of nuclear safety critical data is compared, and whether legal analyzes operation every time.
Linux kernel security-critical data in memory is monitored using IntelTSX technologies, TSX, that is, transactional synchronization expands
Exhibition, adds transaction internal memory characteristic in x86-64 instruction set.Transaction internal memory be allow in concurrent environment it is same to data structure
The technology of step and efficient access.Two kinds of interfaces that we are provided by TSX technologies:HLE(Hardware Lock Elision)
With RTM (RestrictedTransactional Memory).
Step 5:For defending the attack for linux kernel data, by the data flow of linux kernel security-critical data
It is compared with the Kernel security critical data flow graph analyzed before, judges whether the data flow of security-critical data deviates
Secure data flow.If data flow deviates the data flow diagram obtained in step (2), rollback data, recover the original shape of data
State;If data flow is normal, anything is not done.
As another aspect of the present invention, the present invention provides a kind of detecting system of linux kernel Data attack.Such as
Shown in Fig. 5, which includes data extraction module, kernel data stream analysis module, critical data stream analysis module, attack
Judgment module and defense module, wherein, first input end and the kernel data stream analysis module of critical data stream analysis module
Output terminal connection, the output terminal of the second input terminal of critical data stream analysis module and data extraction module connects, and attack judges
The input terminal of module is connected with the output terminal of critical data stream analysis module.
Data extraction module, for being pacified according to the security-related degree of linux kernel data from linux kernel extracting data
Fully closed key data;Kernel data stream analysis module, linux kernel number is obtained for carrying out static analysis to linux kernel data
According to data flow;Critical data stream analysis module be used for from the data flow of linux kernel data extract security-critical data it
Between relation obtain security-critical data data flow;Judgment module is attacked to be used for critical data in linux kernel operational process
It is monitored, and linux kernel Data attack is exported compared with the data flow of security-critical data, and according to comparative result
State, if critical data deviates the data flow of security-critical data in linux kernel operational process, exports linux kernel number
According under attack, otherwise, output linux kernel data are not affected by attack.When linux kernel Data attack state is under attack
When, defense module carries out rollback processing to critical data in linux kernel operational process, makes to close in linux kernel operational process
Key data, which returns to, does not attack state.When linux kernel Data attack state for when being not affected by attack, defense module does not work.
Above-mentioned kernel data stream analysis module includes sequentially connected translation unit, alias analysis unit and data flow point
Unit is analysed, translation unit is used to linux kernel source code being translated as underlying virtual machine intermediate language;Alias analysis unit be used for pair
Underlying virtual machine intermediate language carries out the sensitive alias analysis of stream and obtains alias analysis result;Data-flow analysis unit is used for will be other
The result of name analysis carries out the data flow of the data-flow analysis acquisition linux kernel data of path-sensitive as precondition.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to
The limitation present invention, all any modification, equivalent and improvement made within the spirit and principles of the invention etc., should all include
Within protection scope of the present invention.
Claims (8)
1. a kind of detection method of linux kernel Data attack, it is characterised in that include the following steps:
Step 1:Spent according to linux kernel data are security-related from linux kernel extracting data security-critical data;
Step 2:Linux kernel data are carried out with the data flow that static analysis obtains linux kernel data;
Step 3:Relation obtains security-critical data between extracting security-critical data from the data flow of linux kernel data
Data flow;
Step 4:Critical data in linux kernel operational process is monitored, and is carried out with the data flow of security-critical data
Compare, if critical data deviates the data flow of security-critical data in linux kernel operational process, export linux kernel number
According under attack, otherwise, output linux kernel data are not affected by attack.
2. detection method as claimed in claim 1, it is characterised in that security-critical data includes and access rights in step 1
The data of relevant data, the relevant data of safety inspection and unique mark.
3. detection method as claimed in claim 1 or 2, it is characterised in that static analysis includes the following steps in step 2:
Step 21:Linux kernel source code is translated as underlying virtual machine intermediate language;
Step 22:The sensitive alias analysis of stream is carried out to underlying virtual machine intermediate language and obtains alias analysis result;
Step 23:The data-flow analysis that path-sensitive is carried out using the result of alias analysis as precondition obtains linux kernel
The data flow of data.
4. such as claims 1 to 3 any one of them detection method, it is characterised in that realized by IntelTSX technologies to right
Critical data is monitored in linux kernel operational process.
5. a kind of defence method of the detection method based on described in claim 1, it is characterised in that include the following steps:
Step 1:Determine whether linux kernel data are under attack by the detection method;
Step 2:, then will be crucial in linux kernel operational process when critical data is under attack in linux kernel operational process
Data rewind is extremely attacked preceding state;When critical data is not under attack in linux kernel operational process, then not to Linux
Critical data is handled in kernel operational process.
A kind of 6. detecting system of the detection method based on described in claim 1, it is characterised in that including:
Data extraction module, for being closed safely from linux kernel extracting data according to the security-related degree of linux kernel data
Key data;
Kernel data stream analysis module, the data for obtaining linux kernel data for linux kernel data to be carried out with static analysis
Stream;
Critical data stream analysis module, its first input end are connected with the output terminal of kernel data stream analysis module, it is second defeated
The output terminal for entering end and data extraction module connects, for extracting security-critical data from the data flow of linux kernel data
Between relation obtain security-critical data data flow;
Judgment module is attacked, its input terminal is connected with the output terminal of critical data stream analysis module, for being run to linux kernel
During critical data be monitored, and exported compared with the data flow of security-critical data, and according to comparative result
Linux kernel Data attack state.
7. detecting system as claimed in claim 6, it is characterised in that kernel data stream analysis module includes:
Translation unit, underlying virtual machine intermediate language is translated as with translater by linux kernel source code;
The output terminal connection of alias analysis unit, its input terminal and translation unit, for being carried out to underlying virtual machine intermediate language
The sensitive alias analysis of stream obtains alias analysis result;
Data-flow analysis unit, its input terminal are connected with the output terminal of alias analysis unit, for the result of alias analysis to be made
The data flow of the data-flow analysis acquisition linux kernel data of path-sensitive is carried out for precondition.
8. detecting system as claimed in claims 6 or 7, it is characterised in that the output including input terminal with attack judgment module
Hold connection defense module, for when linux kernel Data attack state for it is under attack when, to linux kernel operational process
Middle critical data carries out rollback processing, returns in linux kernel operational process critical data and does not attack state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711205897.1A CN107967426B (en) | 2017-11-27 | 2017-11-27 | Detection method, defense method and system for Linux kernel data attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711205897.1A CN107967426B (en) | 2017-11-27 | 2017-11-27 | Detection method, defense method and system for Linux kernel data attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107967426A true CN107967426A (en) | 2018-04-27 |
| CN107967426B CN107967426B (en) | 2020-07-03 |
Family
ID=61998610
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711205897.1A Active CN107967426B (en) | 2017-11-27 | 2017-11-27 | Detection method, defense method and system for Linux kernel data attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107967426B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111666216A (en) * | 2020-06-05 | 2020-09-15 | 中国银行股份有限公司 | Intelligent contract analysis method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101473300A (en) * | 2006-06-23 | 2009-07-01 | 微软公司 | Securing software by enforcing data flow integrity |
| CN104182688A (en) * | 2014-08-26 | 2014-12-03 | 北京软安科技有限公司 | Android malicious code detection device and method based on dynamic activation and behavior monitoring |
| CN106570394A (en) * | 2016-11-10 | 2017-04-19 | 厦门安胜网络科技有限公司 | Method for detecting rogue programs |
-
2017
- 2017-11-27 CN CN201711205897.1A patent/CN107967426B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101473300A (en) * | 2006-06-23 | 2009-07-01 | 微软公司 | Securing software by enforcing data flow integrity |
| CN104182688A (en) * | 2014-08-26 | 2014-12-03 | 北京软安科技有限公司 | Android malicious code detection device and method based on dynamic activation and behavior monitoring |
| CN106570394A (en) * | 2016-11-10 | 2017-04-19 | 厦门安胜网络科技有限公司 | Method for detecting rogue programs |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111666216A (en) * | 2020-06-05 | 2020-09-15 | 中国银行股份有限公司 | Intelligent contract analysis method and device |
| CN111666216B (en) * | 2020-06-05 | 2024-01-23 | 中国银行股份有限公司 | Intelligent contract analysis method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107967426B (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xu et al. | Malware detection using machine learning based analysis of virtual memory access patterns | |
| Hu et al. | Enforcing unique code target property for control-flow integrity | |
| CN103500308A (en) | System and method for countering detection of emulation by malware | |
| Pfaff et al. | Learning how to prevent return-oriented programming efficiently | |
| KR101640479B1 (en) | Software vulnerability attack behavior analysis system based on the source code | |
| Basu et al. | Preempt: Preempting malware by examining embedded processor traces | |
| Pan et al. | Automated detection of spectre and meltdown attacks using explainable machine learning | |
| CN110647748B (en) | Code multiplexing attack detection system and method based on hardware characteristics | |
| Kollenda et al. | Towards automated discovery of crash-resistant primitives in binary executables | |
| Rajput et al. | Remote non-intrusive malware detection for plcs based on chain of trust rooted in hardware | |
| Qiu et al. | A framework for understanding dynamic anti-analysis defenses | |
| Wang et al. | Branch obfuscation using code mobility and signal | |
| CN107967426A (en) | A kind of detection method, defence method and the system of linux kernel Data attack | |
| Zhou et al. | The final security problem in IOT: Don’t count on the canary! | |
| Xing et al. | The devil is in the detail: Generating system call whitelist for Linux seccomp | |
| Jiang et al. | Efficient and trusted detection of rootkit in IoT devices via offline profiling and online monitoring | |
| Rohan et al. | Can monitoring system state+ counting custom instruction sequences aid malware detection? | |
| Albalawi et al. | Protecting Shared Virtualized Environments against Cache Side-channel Attacks. | |
| CN105005737A (en) | Branch prediction attack oriented micro-architecture level safety protection method | |
| Ding et al. | Desensitization: Privacy-aware and attack-preserving crash report | |
| Garcia-Cervigon et al. | Browser function calls modeling for banking malware detection | |
| CN115033411A (en) | Hardware detection and defense mechanism for microprocessor buffer overflow | |
| CN114647845A (en) | Detection and identification method and device for malicious sample delay codes | |
| Leon et al. | Counter-measures against stack buffer overflows in GNU/Linux operating systems | |
| KR101421630B1 (en) | system and method for detecting code-injected malicious code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |