CN113632432A - 一种攻击行为的判定方法、装置及计算机存储介质 - Google Patents
一种攻击行为的判定方法、装置及计算机存储介质 Download PDFInfo
- Publication number
- CN113632432A CN113632432A CN201980094807.7A CN201980094807A CN113632432A CN 113632432 A CN113632432 A CN 113632432A CN 201980094807 A CN201980094807 A CN 201980094807A CN 113632432 A CN113632432 A CN 113632432A
- Authority
- CN
- China
- Prior art keywords
- specified operation
- instruction execution
- execution logic
- actual
- logic sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种攻击行为的判定方法、装置、计算机存储介质以及计算设备,该攻击行为的判定方法,包括:对指定操作的实际执行情况进行监控,获取指定操作的实际的指令执行逻辑序列;将指定操作的实际的指令执行逻辑序列与指定操作的预设的指令执行逻辑序列进行比对;若指定操作的实际的指令执行逻辑序列与指定操作的预设的指令执行逻辑序列比对不一致,则判定攻击行为在发生。本发明实施例脱离“代码特征与行为”的层次,创新性的基于指令执行逻辑序列的层次,将指定操作的预设的指令执行逻辑序列与实际的指令执行逻辑序列进行比对,在比对不一致时,判定攻击行为在发生,可以有效的发现各类攻击行为。
Description
PCT国内申请,说明书已公开。
Claims (16)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2019/105747 WO2021046811A1 (zh) | 2019-09-12 | 2019-09-12 | 一种攻击行为的判定方法、装置及计算机存储介质 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113632432A true CN113632432A (zh) | 2021-11-09 |
CN113632432B CN113632432B (zh) | 2023-09-19 |
Family
ID=74867332
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201980094807.7A Active CN113632432B (zh) | 2019-09-12 | 2019-09-12 | 一种攻击行为的判定方法、装置及计算机存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN113632432B (zh) |
WO (1) | WO2021046811A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114640529A (zh) * | 2022-03-24 | 2022-06-17 | 中国工商银行股份有限公司 | 攻击防护方法、装置、设备、存储介质和计算机程序产品 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113946869B (zh) * | 2021-11-02 | 2022-10-28 | 深圳致星科技有限公司 | 用于联邦学习和隐私计算的内部安全攻击检测方法及装置 |
CN116846571A (zh) * | 2022-03-25 | 2023-10-03 | 华为技术有限公司 | 一种处理疑似攻击行为的方法及相关装置 |
CN115514548B (zh) * | 2022-09-16 | 2023-06-09 | 北京易诚互动网络技术股份有限公司 | 一种保障互联网应用安全的方法及装置 |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801031A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 运用程序行为知识库判断已知程序被攻击的方法 |
WO2013089767A1 (en) * | 2011-12-16 | 2013-06-20 | Intel Corporation | Method and system using exceptions for code specialization in a computer architecture that supports transactions |
US20160012225A1 (en) * | 2008-08-29 | 2016-01-14 | AVG Netherlands B.V. | System and method for the detection of malware |
CN105577608A (zh) * | 2014-10-08 | 2016-05-11 | 腾讯科技(深圳)有限公司 | 网络攻击行为检测方法和装置 |
CN105791261A (zh) * | 2015-12-28 | 2016-07-20 | 华为技术有限公司 | 一种跨站脚本攻击的检测方法和检测设备 |
US9973531B1 (en) * | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US20180211038A1 (en) * | 2016-01-24 | 2018-07-26 | Minerva Labs Ltd. | Ransomware attack remediation |
CN108846287A (zh) * | 2018-06-26 | 2018-11-20 | 北京奇安信科技有限公司 | 一种检测漏洞攻击的方法及装置 |
CN109635565A (zh) * | 2018-11-28 | 2019-04-16 | 江苏通付盾信息安全技术有限公司 | 恶意程序的检测方法、装置、计算设备及计算机存储介质 |
CN109829313A (zh) * | 2019-02-28 | 2019-05-31 | 中国人民解放军战略支援部队信息工程大学 | 一种基于代码复用编程防御sgx侧信道攻击的方法及装置 |
US20190188391A1 (en) * | 2017-12-18 | 2019-06-20 | Nuvoton Technology Corporation | System and method for coping with fault injection attacks |
WO2019140274A1 (en) * | 2018-01-12 | 2019-07-18 | Virsec Systems, Inc. | Defending against speculative execution exploits |
CN110135166A (zh) * | 2019-05-08 | 2019-08-16 | 北京国舜科技股份有限公司 | 一种针对业务逻辑漏洞攻击的检测方法及系统 |
-
2019
- 2019-09-12 CN CN201980094807.7A patent/CN113632432B/zh active Active
- 2019-09-12 WO PCT/CN2019/105747 patent/WO2021046811A1/zh active Application Filing
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801031A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 运用程序行为知识库判断已知程序被攻击的方法 |
US20160012225A1 (en) * | 2008-08-29 | 2016-01-14 | AVG Netherlands B.V. | System and method for the detection of malware |
WO2013089767A1 (en) * | 2011-12-16 | 2013-06-20 | Intel Corporation | Method and system using exceptions for code specialization in a computer architecture that supports transactions |
US9973531B1 (en) * | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
CN105577608A (zh) * | 2014-10-08 | 2016-05-11 | 腾讯科技(深圳)有限公司 | 网络攻击行为检测方法和装置 |
CN105791261A (zh) * | 2015-12-28 | 2016-07-20 | 华为技术有限公司 | 一种跨站脚本攻击的检测方法和检测设备 |
US20180211038A1 (en) * | 2016-01-24 | 2018-07-26 | Minerva Labs Ltd. | Ransomware attack remediation |
US20190188391A1 (en) * | 2017-12-18 | 2019-06-20 | Nuvoton Technology Corporation | System and method for coping with fault injection attacks |
WO2019140274A1 (en) * | 2018-01-12 | 2019-07-18 | Virsec Systems, Inc. | Defending against speculative execution exploits |
CN108846287A (zh) * | 2018-06-26 | 2018-11-20 | 北京奇安信科技有限公司 | 一种检测漏洞攻击的方法及装置 |
CN109635565A (zh) * | 2018-11-28 | 2019-04-16 | 江苏通付盾信息安全技术有限公司 | 恶意程序的检测方法、装置、计算设备及计算机存储介质 |
CN109829313A (zh) * | 2019-02-28 | 2019-05-31 | 中国人民解放军战略支援部队信息工程大学 | 一种基于代码复用编程防御sgx侧信道攻击的方法及装置 |
CN110135166A (zh) * | 2019-05-08 | 2019-08-16 | 北京国舜科技股份有限公司 | 一种针对业务逻辑漏洞攻击的检测方法及系统 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114640529A (zh) * | 2022-03-24 | 2022-06-17 | 中国工商银行股份有限公司 | 攻击防护方法、装置、设备、存储介质和计算机程序产品 |
CN114640529B (zh) * | 2022-03-24 | 2024-02-02 | 中国工商银行股份有限公司 | 攻击防护方法、装置、设备、存储介质和计算机程序产品 |
Also Published As
Publication number | Publication date |
---|---|
CN113632432B (zh) | 2023-09-19 |
WO2021046811A1 (zh) | 2021-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Javaheri et al. | Detection and elimination of spyware and ransomware by intercepting kernel-level system routines | |
US10706151B2 (en) | Systems and methods for tracking malicious behavior across multiple software entities | |
US10893068B1 (en) | Ransomware file modification prevention technique | |
EP3430557B1 (en) | System and method for reverse command shell detection | |
EP3225009B1 (en) | Systems and methods for malicious code detection | |
US7530104B1 (en) | Threat analysis | |
US7779062B2 (en) | System for preventing keystroke logging software from accessing or identifying keystrokes | |
US7665139B1 (en) | Method and apparatus to detect and prevent malicious changes to tokens | |
CN113632432A (zh) | 一种攻击行为的判定方法、装置及计算机存储介质 | |
US10142343B2 (en) | Unauthorized access detecting system and unauthorized access detecting method | |
Verma et al. | A literature review on malware and its analysis | |
CN116663005B (zh) | 复合型勒索病毒的防御方法、装置、设备及存储介质 | |
TWI711939B (zh) | 用於惡意程式碼檢測之系統及方法 | |
Kono et al. | An unknown malware detection using execution registry access | |
US20190294795A1 (en) | Threat Detection System | |
Anand et al. | Comparative study of ransomwares | |
WO2020190293A1 (en) | Replayable hacktraps for intruder capture with reduced impact on false positives | |
Mishra et al. | Behavioral Study of Malware Affecting Financial Institutions and Clients | |
Hong et al. | New malware analysis method on digital forensics | |
Mirza et al. | Malicious Software Detection, Protection & Recovery Methods: A Survey | |
Manjeera et al. | Preventing Malicious Use of Keyloggers Using Anti-Keyloggers | |
KR101825699B1 (ko) | Cng를 사용한 프로그램에서 보안 개선 방법 및 이러한 방법을 수행하는 장치 | |
CN106561024B (zh) | 一种基于企业级的远程apt检测方法及高性能服务器 | |
Patel et al. | A Literature Review On Anti Virus And Its Analysis | |
CN114363038A (zh) | 网络攻击处理方法、系统及计算机设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |