CN115589330B - Safety detection device and method - Google Patents
Safety detection device and method Download PDFInfo
- Publication number
- CN115589330B CN115589330B CN202211395611.1A CN202211395611A CN115589330B CN 115589330 B CN115589330 B CN 115589330B CN 202211395611 A CN202211395611 A CN 202211395611A CN 115589330 B CN115589330 B CN 115589330B
- Authority
- CN
- China
- Prior art keywords
- security detection
- behavior
- detection
- security
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephone Function (AREA)
Abstract
The application provides a safety detection device and a method. The device comprises: the strategy selection unit is configured to formulate a security detection strategy according to a security detection target of the terminal equipment; a functional unit configured to perform a security detection action according to the security detection policy; a determination unit configured to determine that the terminal device passes security detection in response to determining that the terminal device is capable of operating normally under the security detection behavior. By the device, more comprehensive and deeper safety detection can be performed on the terminal equipment.
Description
Technical Field
The present application relates to the field of device security technologies, and in particular, to a security detection apparatus and method.
Background
The development of the Leso application at present has the characteristics of quick technical development and change, quick propagation and many varieties. In order to protect the terminal device from the strolling application, a technician is required to regularly maintain the device system and perform a security performance test.
In the related art, the safety performance of the equipment is mainly tested by identifying and detecting a specific Lesog application. However, in the face of fast-changing or technically complex ransom applications, there is still a lack of comprehensive security vulnerability identification for the system in the related art.
Disclosure of Invention
In view of the above, the present application is directed to a security detection apparatus and method.
Based on the above-mentioned purpose, this application provides a safety inspection device, includes:
the strategy selection unit is configured to formulate a security detection strategy according to a security detection target of the terminal equipment;
a functional unit configured to perform a security detection action according to the security detection policy;
a determination unit configured to determine that the terminal device passes security detection in response to determining that the terminal device is capable of operating normally under the security detection behavior.
Optionally, the functional unit includes:
the activation module is configured to perform activation behavior of the security detection application according to a preset detection code and the security detection strategy;
the equipment safety detection module is configured to utilize the activated safety detection application to carry out at least one of equipment forbidding action and auxiliary action according to the safety detection strategy;
the data security detection module is configured to utilize the activated security detection application to perform data encryption according to the security detection strategy;
and the communication security detection module is configured to conduct communication interference behaviors according to the security detection strategy.
Optionally, the activation module is configured to:
and downloading the preset detection code through one of a loading mode, a recovery mode and a disguise mode according to the security detection strategy to carry out the activation behavior of the security detection application.
Optionally, the device disabling behavior comprises: at least one of a device lock hijacking behavior and a screen resource hijacking behavior.
Optionally, the auxiliary behavior includes: at least one of a disable button behavior, a disable universal serial bus behavior, and a disable power key.
Optionally, the data encryption behavior includes: at least one of file encryption behavior and information stealing behavior.
Optionally, the information stealing behavior includes information stealing behavior based on a DNS hidden channel or information stealing behavior based on man-in-the-middle attack.
Optionally, the communication interference behavior includes a DNS hijacking based communication hijacking behavior.
Optionally, the DNS hijacking-based communication hijacking behavior includes an access website domain name modification behavior.
Based on the same inventive concept, the application also provides a safety detection method, which comprises the following steps:
utilizing a strategy selection unit to make a security detection strategy according to a security detection target of the terminal equipment;
utilizing a functional unit to perform security detection action according to the security detection strategy;
and utilizing a judging unit to respond to the fact that the terminal equipment can normally operate under the safety detection behavior, and determining that the terminal equipment passes the safety detection.
From the above, it can be seen that the security detection apparatus and method provided by the present application customize the security detection apparatus according to the performance configuration of the terminal device and the detection requirement for the security performance of the terminal device. Through the user-defined safety detection device, the equipment is more comprehensively and deeply detected in safety performance.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the related art, the drawings needed to be used in the description of the embodiments or the related art will be briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of an embodiment of the present application;
fig. 2 is a schematic diagram of an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is further described in detail below with reference to the accompanying drawings in combination with specific embodiments.
It should be noted that technical terms or scientific terms used in the embodiments of the present application should have a general meaning as understood by those having ordinary skill in the art to which the present application belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the present application do not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
As described in the background, the current lasso application has the characteristics of fast multiplication and multiple varieties, and the lasso technology has the characteristic of fast development and change.
In order to prevent the terminal device and the device system from being damaged by the lasso application, the lasso application can be identified and detected by placing a corresponding device into the system or by a specific method. Correspondingly, the test of the security performance of the terminal equipment can be realized by checking security holes. In the related art, the security hole is usually checked by aiming at the characteristics of a specific lasso application. However, this kind of troubleshooting method can only be used for a specific ransom application or a specific ransom technology, and has the problem of troubleshooting problem lists and the like.
Therefore, the application provides a safety detection device, which can define a detection target according to the performance configuration of the terminal equipment and formulate a detection strategy according to the target. The detection strategy may include a variety of detection content, and detection techniques. The terminal equipment can be subjected to deeper and more comprehensive security detection.
The technical solutions of one or more embodiments of the present application are described in detail below with reference to specific embodiments.
Referring to fig. 1, a safety detection device according to one or more embodiments of the present application includes the following units: policy selecting section 11, functional section 12, and determining section 13.
And the strategy selection unit 11 is configured to make a security detection strategy according to the security detection target of the terminal equipment.
The unit can generate a security detection strategy according to manual setting, and can also obtain a security detection target according to information such as performance and configuration of the terminal equipment by utilizing an automation technology, and then obtain the security detection strategy according to the security detection target.
A functional unit 12 configured to perform a security detection action according to the security detection policy.
And performing security detection action from at least one aspect of equipment security, data security and communication security according to the security detection policy obtained by the policy selection unit 11.
The functional unit 12 includes an activation module 121, a device security detection module 122, a data security detection module 123, and a communication security detection module 124. The activation module 121 first activates a preset security detection application according to the security detection policy. In some embodiments, application activation may be performed in one of a load mode, a restore mode, and a disguise mode, as required by a security detection policy.
The loading mode is to store the detection code in the server and ensure that the detection code is not loaded before the security detection application is activated. When the preset activation condition is met, the security detection application triggers DexClassLoader and downloads the detection code from the server. In some embodiments, the activation condition may be set to activate a predetermined application or to trigger a predetermined key. In some embodiments, the security detection application may save the detection code locally and activate the security detection application by creating a new embodiment to reload the jar file or the dex file. By activating the security detection application in this mode, the static detection method of the legend application can be circumvented. If the system of the terminal equipment only sets the static detection method for the lasso application, the system still has security holes through the detection, and if the lasso application activated by the method is encountered, effective identification and interception cannot be realized.
The recovery mode is to separate the detection code and disguise it as another file, such as a jpg format file, to avoid the troubleshooting of the Legioner software using the file format. In some embodiments, when the security detection software is triggered, the disguised file is restored to a. Dex file or a. Dex file, and then the security detection software may trigger DexClassLoader and load the. Dex file or. Dex file, activating the security detection application. By activating the security detection application in this mode, a method of performing extant application troubleshooting according to a file format can be avoided. If the system of the terminal equipment cannot pass the detection, the effective identification and interception of the lasso application cannot be realized.
The disguised mode is that the security detection application disguises itself as a non-security detection application and then obtains the ROOT authority of the terminal equipment in a deception manner. When the predetermined activation condition is satisfied, the application may determine whether the required permission is obtained by calling onRequestPermissionsResult. And activates the security detection application upon obtaining the required rights.
In addition to performing a troubleshooting on the lasso application or the file of the device, in some embodiments, the activation module 121 may activate the security monitoring application to perform a subsequent security vulnerability troubleshooting.
The device security detection module 122 may perform at least one of a disabling action and an auxiliary action according to a security detection policy using the activated security detection software. The disabling behavior and the auxiliary behavior are used for simulating the device hijacking behavior or the screen resource occupation behavior of the Lego application. The forbidden behavior means that the device is in a locked state or grazes screen resources by encrypting the device by simulating lasso application, so that a user cannot normally use the device. In some embodiments, at least one of a device lock hijacking behavior, a screen resource hijacking behavior is included. The device locking hijacking behavior is that the account password set by the user is forcibly deleted by imitating a lasso application, the new password is reset, and the device is locked. In some embodiments in which the terminal device is an android 4 system or an android 5 system, the device lock hijacking behavior may be performed by devicepolicymanager. In some embodiments of the system where the end device is android 6, device lock hijacking may be performed by devicepolicymanager. In some embodiments of the system where the terminal device is android 7, the device may be locked by a method of setting an initial password for a password-less device by devicepolicymanager. The screen resource hijacking behavior means that the strange application is simulated, and the interface of the security detection application is displayed as the uppermost interface of the equipment, so that a user cannot normally use the equipment. In some embodiments in which the terminal device is an android 4 SYSTEM, the permission may be applied first through SYSTEM _ ALERT _ WINDOW, and then the WINDOW of the security detection application may be set to the top through a high-level WINDOW such as TYPE _ SYSTEM _ ALERT, TYPE _ SYSTEM _ ERROR, or the like. In other embodiments in which some terminal devices are android 4 systems, the popup may be completed by three methods, namely getringing tasks, getringing appprocesses, and getAppTasks. In some embodiments in which the terminal device is an android 5 SYSTEM, the permission may be applied first through SYSTEM _ ALERT _ WINDOW, and then the screen resource hijacking may be completed through Accessibility. In some embodiments in which the terminal device is an android 6 SYSTEM or an android 7 SYSTEM, the screen resource hijacking behavior may be implemented by SYSTEM _ ALERT _ WINDOW under the condition of obtaining user authorization. In some embodiments in which the terminal device is an android 8 system, the screen resource hijacking behavior may be implemented by TYPE _ APPLICATION _ override.
The auxiliary behavior is to simulate lasso application, provide services such as key shielding and function disabling, and prevent the user from recovering the device and screen resources autonomously. In some embodiments, at least one of disabling button behavior, disabling universal serial bus behavior, disabling power key is included. The auxiliary behavior is to simulate lasso application and prevent the user from successfully exiting the interface of the security detection application. In some embodiments, the secondary behavior always occurs simultaneously with screen resource hijacking. In some embodiments, when the security detection application sets its Activity to the top of the stack to hijack screen resources, it always disables the Home button and Back button to avoid the user from exiting the current interface. To avoid the user recovering the hijacked device with the help of the ADB, the security detection application disables the USB interface of the device to ensure that the user cannot recover the device with the help of other terminals until the password is given. By the equipment security detection module, the activated security detection application is used for simulating the lasso application, so that whether the security protection measures of the current system have security holes or not can be checked.
For the forbidden button behavior, in some embodiments in which the terminal device is an android 4 system, the Home key mask may be implemented by decompiling the source code of the android system, the Back key mask may be implemented by rewriting onKeyDown, and the POWER key mask may be implemented by the code < android: name = "android. In some embodiments where the terminal device is an android 5 system, back key masking may be implemented by overwriting onKeyDown.
The data security detection module 123 may perform a data encryption action according to the security detection policy by using the activated security detection application. Through the data security detection module, the activated security detection application is utilized, and file encryption or information stealing behaviors of files stored in the equipment can be performed by imitating a lasso application. The file encryption behavior means that all files suspected to be actively stored for a user on the terminal equipment are traversed according to a self-defined traversal method, and encryption operation is carried out on the files, so that the files are in a state that the files cannot be normally opened. In some embodiments in which the terminal device is from an android 4 system to an android 6 system, the file encryption behavior may be implemented by applying WRITE _ exterior _ STORAGE permission to WRITE to an EXTERNAL STORAGE. In some embodiments in which the terminal device is an android 7 system to an android 10 system, the application for creating the writable DIRECTORY in the EXTERNAL storage may be performed through an OPEN _ extra _ direct behavior, and then the write operation is performed on the EXTERNAL storage to implement a file encryption behavior.
In order to prevent a user from obtaining a key and recovering a file through a reverse operation or the like, the file encryption behavior is usually accompanied by information stealing behavior. The implementation means of the information stealing behavior comprises the information stealing behavior based on a DNS hidden channel and the information stealing behavior based on man-in-the-middle attack. In some embodiments, the information stealing behavior based on the DNS covert channel can be implemented by: firstly, a DNS hidden channel is established between malicious application of a client and a domain name server, and tools such as Andlodine and the like can be used for specific realization; secondly, the client constructs the encrypted stealing information in a DNS request string and sends the stealing information to a corresponding domain name server according to the port number; then, the domain name server can forward the information to other service terminals according to the port; and finally, the server side decrypts the stolen information to obtain the desired data content, so that the data transmission based on the DNS hidden channel is realized, and the data hijacking based on the DNS channel is completed.
In some embodiments, the above-mentioned information stealing behavior based on man-in-the-middle attack can be implemented by the following steps: firstly, forwarding a network address translation data packet through an Iptables, which is mainly realized in a startHttpproxy method of a Proxyservice class; secondly, an attacker opens a port for forwarding, so that the host is allowed to forward a data packet, and the method is mainly realized in an onStartCommand method of the ArpService class; in addition, an attacker carries out unidirectional ARP virus putting, claims to be the client and is mainly realized in an onstartCommand method of ArpService class; and finally, the attacker enables the Socket to establish a WebServer, so that a request sent to the attacker by the attacker is obtained. After session hijacking is completed, the attacked host sends data originally sent to the client to the attacker host, the attacker modifies the source IP of a data packet by using an NAT mechanism, the client returns the responded data packet to the attacker host, and the attacker redirects the data packet to the attacked host by using an ANT mechanism, so that data hijacking based on man-in-the-middle attack is completed.
In some embodiments in which the terminal device is an android 4 system to an android 6 system, the information stealing behavior can be realized by applying for GET _ ACCOUNTS to obtain account information on the device. In some embodiments in which the terminal device is an android 7 system to an android 9 system, the information stealing behavior may be implemented by acquiring account information on the device by a getAccounts () method of an AccountManager. In some embodiments in which the terminal device is an android 7 system to an android 9 system, the information stealing behavior may be implemented by acquiring account information on the device by a getAccounts () method of an AccountManager.
The communication security detection module 124 performs a communication interference behavior according to the security detection policy. In some embodiments, the communication disruption behavior comprises a DNS hijacking-based communication hijacking behavior. In some embodiments, the DNS hijacking-based communication hijacking behavior may be implemented by: intercepting a DNS interception request sent by an attacker through functions such as addDnsServer and the like; then, the attacker processes the intercepted data packet, analyzes the data packet and constructs a corresponding packet; an attacker analyzes the DNS request and constructs a loopback packet containing a fake ip; and finally, the attacker writes back the return packet through a write function and returns the return packet to the attacked false packet, so that the communication hijacking based on the DNS hijacking is completed.
In some embodiments, the DNS hijacking based communication hijacking behavior described above includes an access website domain name modification behavior. The website domain name access modification behavior specifically means that the domain name of a website accessed by a user is analyzed and modified to access a fictitious specific domain name of an attacker, namely, the attacker hijacks all network accesses of the user and redirects the network accesses to the fictitious domain name, so that the user cannot normally access the network.
A determination unit 13 configured to determine that the terminal device passes the security detection in response to determining that the terminal device is capable of operating normally under the security detection behavior.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations as the present application.
Based on the same inventive concept, the application also provides a safety detection method corresponding to any embodiment of the device.
Taking fig. 2 as an example, the security detection method according to one or more embodiments of the present application includes the following steps:
step S101: utilizing a strategy selection unit to make a safety detection strategy according to a safety detection target of the terminal equipment;
step S102: utilizing a functional unit to perform security detection behaviors according to the security detection strategy;
step S103: and utilizing a judging unit to respond to the fact that the terminal equipment can normally operate under the safety detection behavior, and determining that the terminal equipment passes the safety detection.
It should be noted that the method of the embodiment of the present application may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the multiple devices may only perform one or more steps of the method of the embodiment, and the multiple devices interact with each other to complete the method.
It should be noted that the above describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The method for the above embodiment and the foregoing safety detection apparatus have the advantages of the corresponding method embodiments, and are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the context of the present application, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the application. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the application are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that the embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures, such as Dynamic RAM (DRAM), may use the discussed embodiments.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present application are intended to be included within the scope of the present application.
Claims (9)
1. A security detection device, comprising:
the policy selection unit is configured to formulate a security detection policy according to a security detection target of the terminal device;
a functional unit configured to perform a security detection action according to the security detection policy;
a determination unit configured to determine that the terminal device passes security detection in response to determining that the terminal device is capable of operating normally under the security detection behavior;
wherein the functional unit includes: the activation module is configured to perform activation behavior of the security detection application according to a preset detection code and the security detection strategy;
the equipment safety detection module is configured to utilize the activated safety detection application to carry out at least one of equipment forbidden behaviors and auxiliary behaviors according to the safety detection strategy;
the data security detection module is configured to utilize the activated security detection application to perform data encryption according to the security detection strategy;
and the communication security detection module is configured to conduct communication interference behaviors according to the security detection strategy.
2. The security detection apparatus of claim 1, wherein the activation module is configured to:
and downloading the preset detection code through one of a loading mode, a recovery mode and a disguise mode according to the security detection strategy to carry out the activation behavior of the security detection application.
3. The security detection apparatus of claim 1, wherein the device disabling behavior comprises: at least one of a device lock hijacking behavior and a screen resource hijacking behavior.
4. The security detection apparatus of claim 1, wherein the secondary action comprises: at least one of a disable button behavior, a disable universal serial bus behavior, and a disable power key.
5. The security detection apparatus of claim 1, wherein the data encryption behavior comprises: at least one of file encryption behavior and information stealing behavior.
6. The security detection apparatus of claim 5, wherein the information stealing behavior comprises a DNS covert channel-based information stealing behavior or a man-in-the-middle attack-based information stealing behavior.
7. The security detection apparatus of claim 1, wherein the communication disruption behavior comprises a DNS hijacking behavior based on DNS hijacking.
8. The security detection apparatus according to claim 7, wherein the DNS hijacking based communication hijacking behavior comprises a visiting website domain name modification behavior.
9. A security detection method using the apparatus of any one of claims 1-8, comprising:
a strategy selection unit is utilized to make a security detection strategy according to a security detection target of the terminal equipment;
utilizing a functional unit to perform security detection behaviors according to the security detection strategy;
determining, by a determination unit, that the terminal device passes security detection in response to determining that the terminal device is capable of operating normally under the security detection behavior;
wherein the functional unit includes: the activation module is configured to perform activation of the security detection application according to a preset detection code and the security detection policy;
the equipment safety detection module is configured to utilize the activated safety detection application to carry out at least one of equipment forbidden behaviors and auxiliary behaviors according to the safety detection strategy;
the data security detection module is configured to utilize the activated security detection application to perform data encryption according to the security detection strategy;
and the communication security detection module is configured to conduct communication interference behaviors according to the security detection strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211395611.1A CN115589330B (en) | 2022-11-09 | 2022-11-09 | Safety detection device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211395611.1A CN115589330B (en) | 2022-11-09 | 2022-11-09 | Safety detection device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115589330A CN115589330A (en) | 2023-01-10 |
| CN115589330B true CN115589330B (en) | 2023-03-24 |
Family
ID=84781268
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211395611.1A Active CN115589330B (en) | 2022-11-09 | 2022-11-09 | Safety detection device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115589330B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113312620A (en) * | 2021-06-01 | 2021-08-27 | 海光信息技术股份有限公司 | Program safety detection method and device, processor chip and server |
| CN113961920A (en) * | 2021-10-13 | 2022-01-21 | 安天科技集团股份有限公司 | Suspicious process processing method and device, storage medium and electronic equipment |
| CN114338102A (en) * | 2021-12-14 | 2022-04-12 | 北京安天网络安全技术有限公司 | Security detection method and device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2505284B (en) * | 2013-06-17 | 2014-07-23 | F Secure Corp | Anti-Malware Tool for Mobile Apparatus |
-
2022
- 2022-11-09 CN CN202211395611.1A patent/CN115589330B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113312620A (en) * | 2021-06-01 | 2021-08-27 | 海光信息技术股份有限公司 | Program safety detection method and device, processor chip and server |
| CN113961920A (en) * | 2021-10-13 | 2022-01-21 | 安天科技集团股份有限公司 | Suspicious process processing method and device, storage medium and electronic equipment |
| CN114338102A (en) * | 2021-12-14 | 2022-04-12 | 北京安天网络安全技术有限公司 | Security detection method and device, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于存在勒索病毒风险的主机检测及加固工具分析与应用;叶水勇等;《国网技术学院学报》;第21卷(第3期);第39-41页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115589330A (en) | 2023-01-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Denis et al. | Penetration testing: Concepts, attack methods, and defense strategies | |
| US10666686B1 (en) | Virtualized exploit detection system | |
| CN109711171B (en) | Method, device and system for positioning software bugs, storage medium and electronic device | |
| US10503904B1 (en) | Ransomware detection and mitigation | |
| Tian et al. | Defending against malicious USB firmware with GoodUSB | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| US11374964B1 (en) | Preventing lateral propagation of ransomware using a security appliance that dynamically inserts a DHCP server/relay and a default gateway with point-to-point links between endpoints | |
| CN101667232B (en) | Terminal credible security system and method based on credible computing | |
| US10769275B2 (en) | Systems and methods for monitoring bait to protect users from security threats | |
| CN108259514A (en) | Leak detection method, device, computer equipment and storage medium | |
| CN106778243A (en) | Kernel Hole Detection document protection method and device based on virtual machine | |
| CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
| CN106778244A (en) | Kernel Hole Detection process protection method and device based on virtual machine | |
| CN113037713B (en) | Network attack resisting method, device, equipment and storage medium | |
| US8978150B1 (en) | Data recovery service with automated identification and response to compromised user credentials | |
| Al Sukkar et al. | Address resolution protocol (ARP): Spoofing attack and proposed defense | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| Rahman et al. | Holistic approach to arp poisoning and countermeasures by using practical examples and paradigm | |
| US20150172310A1 (en) | Method and system to identify key logging activities | |
| CN115589330B (en) | Safety detection device and method | |
| US10372905B1 (en) | Preventing unauthorized software execution | |
| CN114285608B (en) | Network attack trapping method and device, electronic equipment and storage medium | |
| Pallavi et al. | An analysis on network security tools and systems | |
| Sharma et al. | Smartphone security and forensic analysis | |
| Xu et al. | Security enhancement of secure USB debugging in Android system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |