CN117332417A - Lesu software detection method, apparatus, device and storage medium - Google Patents
Lesu software detection method, apparatus, device and storage medium Download PDFInfo
- Publication number
- CN117332417A CN117332417A CN202311436356.5A CN202311436356A CN117332417A CN 117332417 A CN117332417 A CN 117332417A CN 202311436356 A CN202311436356 A CN 202311436356A CN 117332417 A CN117332417 A CN 117332417A
- Authority
- CN
- China
- Prior art keywords
- file
- software
- file system
- system traversal
- traversal api
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 79
- 230000008569 process Effects 0.000 claims abstract description 39
- 238000012545 processing Methods 0.000 claims description 11
- 230000000694 effects Effects 0.000 abstract description 6
- 238000001514 detection method Methods 0.000 abstract description 4
- 239000008186 active pharmaceutical agent Substances 0.000 description 57
- 238000004590 computer program Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Abstract
The embodiment of the disclosure provides a method, a device, equipment and a storage medium for detecting lux software, which are applied to the technical field of computers. The method comprises the following steps: running a file driver; when the file driver detects that the file system traversal API is called, the file driver puts an decoy file into the file system traversal API; if the decoy file is detected to be subjected to the writing operation and/or the name changing operation, determining that software of the file system traversal API corresponding to the execution process is luxury software. In this way, when the file system traversal API is detected to be called, the decoy file is actively put into the file system traversal API, and then whether the software of the file system traversal API corresponding to the execution process is the luxury software or not is accurately determined according to whether the decoy file is executed with a writing operation and/or a name changing operation, so that the newly discovered luxury software or unknown luxury software can be effectively detected, and the detection effect of the luxury software is improved.
Description
Technical Field
The disclosure relates to the field of computer technology, and in particular relates to a method, a device, equipment and a storage medium for detecting lux software.
Background
Malware is becoming more prevalent in open network environments, where, among the various malware, luxury software occupies a significant proportion. When the device is infected with the luxury software, the luxury software encrypts the files in the device, thereby rendering the encrypted files unusable by the user.
It is known that the lux software detection is an important premise for defending the lux software. At present, a typical lux software detection scheme is based on a sample feature library of lux software for lux software detection. However, due to the update hysteresis of the sample feature library, the scheme often cannot effectively detect some newly discovered lux software or unknown lux software. Therefore, how to effectively detect newly discovered lux software or unknown lux software becomes a technical problem to be solved.
Disclosure of Invention
The embodiment of the disclosure provides a method, a device, equipment and a storage medium for detecting lux software.
In a first aspect, embodiments of the present disclosure provide a method for detecting a lux software, the method comprising:
running a file driver;
when the file driver detects that a file system traversal application program interface (Application Programming Interface, API) is called, the file driver puts an decoy file into the file system traversal API;
if the decoy file is detected to be subjected to the writing operation and/or the name changing operation, determining that software of the file system traversal API corresponding to the execution process is luxury software.
In some implementations of the first aspect, running the file driver includes:
and loading the file driver program to the uppermost layer of the file processing link of the file system through the operating system for running.
In some implementations of the first aspect, the name, time, size of the decoy file conforms to a preset rule, so that the decoy file is at the first of a plurality of files returned by the file system traversal API.
In some implementations of the first aspect, after determining that the software to which the file system traversal API corresponds to the executing process belongs is the lux software, the method further includes:
all operations of the file system traversal API corresponding execution process are intercepted.
In some implementations of the first aspect, intercepting all operations of the corresponding execution process of the file system traversal API includes:
and intercepting all operations of the corresponding execution process of the file system traversal API by utilizing the HOOK component.
In some implementations of the first aspect, after determining that the software to which the file system traversal API corresponds to the executing process belongs is the lux software, the method further includes:
and outputting prompt information to prompt a user that the software is luxury software.
In some implementations of the first aspect, the file driver masquerades as a system application.
In a second aspect, embodiments of the present disclosure provide a lux software detection device, the device comprising:
the running module is used for running the file driver;
the releasing module is used for releasing the decoy file to the file system traversal API by the file driver when the file driver detects that the file system traversal API is called;
and the determining module is used for determining that the software of the file system traversal API corresponding to the execution process belongs to the luxury software if the decoy file is detected to be subjected to the writing operation and/or the name changing operation.
In a third aspect, embodiments of the present disclosure provide an electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
In a fourth aspect, embodiments of the present disclosure provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform a method as described above.
In the embodiment of the disclosure, when the fact that the file system traversal API is called is detected, the decoy file is actively put into the file system traversal API, whether the software of the file system traversal API corresponding to the execution process is the luxury software or not is accurately determined according to whether the decoy file is executed with a writing operation and/or a name changing operation, and then the newly discovered luxury software or unknown luxury software can be effectively detected, and the detection effect of the luxury software is improved.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present disclosure, and without limiting the disclosure thereto, the same or similar reference numerals denote the same or similar elements, wherein:
FIG. 1 shows a flowchart of a method for detecting Lesu software provided by an embodiment of the present disclosure;
FIG. 2 shows a block diagram of a Lesu software detection device provided by an embodiment of the present disclosure;
fig. 3 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the disclosure, are within the scope of the disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In view of the problems occurring in the background art, embodiments of the present disclosure provide a method, an apparatus, a device, and a storage medium for detecting a lux software. Specifically, a file driver is operated; when the file driver detects that the file system traversal API is called, the file driver puts an decoy file into the file system traversal API; if the decoy file is detected to be subjected to the writing operation and/or the name changing operation, determining that software of the file system traversal API corresponding to the execution process is luxury software.
In this way, when the file system traversal API is detected to be called, the decoy file is actively put into the file system traversal API, and then whether the software of the file system traversal API corresponding to the execution process is the luxury software or not is accurately determined according to whether the decoy file is executed with the writing operation and/or the name changing operation, so that the newly discovered luxury software or unknown luxury software can be effectively detected, and the detection effect of the luxury software is improved.
The method, the device, the equipment and the storage medium for detecting the Lesu software provided by the embodiment of the disclosure are described in detail below through specific embodiments with reference to the accompanying drawings.
Fig. 1 shows a flowchart of a method for detecting a lux software according to an embodiment of the disclosure, and as shown in fig. 1, a method 100 for detecting a lux software may include the following steps:
s110, running a file driver.
In some embodiments, the file driver may be loaded by the operating system into the uppermost layer of the file processing link of the file system for execution, such that the file system traversal APIs (e.g., file directory traversal APIs and file traversal APIs) are later preferentially detected in real-time.
For example, the file driver may be disguised as a system application, so that the running file driver is more hidden and prevents a user from turning off by mistake.
S120, when the file driver detects that the file system traversal API is called, the file driver puts the decoy file into the file system traversal API.
In general, only the luxury software will call the file system traversal API to traverse all files stored in the hard disk of the device, so when the file driver detects that the file system traversal API is called, it can be temporarily determined that the software to which the corresponding process of the file system traversal API belongs is potential luxury software, in order to further determine whether the software is luxury software, at this time, the file driver needs to put a decoy file into the file system traversal API, so that the file system traversal API returns the decoy file to the software to which the corresponding executing process belongs, and further detects the reaction of the software to the decoy file.
It should be noted that the name, time and size of the decoy file need to meet a preset rule, for example, the name of the decoy file is composed of special characters (space, question mark, exclamation mark, etc.), the time of the decoy file belongs to a preset range, and the size of the decoy file belongs to a preset range, so that the decoy file is located at the first of a plurality of files returned by the file system traversal API, thereby ensuring that the decoy file is firstly operated by potential halyard software, and ensuring the security of the returned normal file. In addition, the attribute of the decoy file is set to be a hidden attribute, so that the influence on the look and feel of a user during normal file viewing is avoided.
S130, if the decoy file is detected to be subjected to the writing operation and/or the name changing operation, determining that the software of the file system traversal API corresponding to the execution process is the luxury software.
It will be appreciated that normal software does not perform write operations and/or name change operations (i.e., encryption and/or renaming) on the decoy file, and only the luxury software does perform write operations and/or name change operations on the decoy file. Therefore, if the decoy file is detected to be subjected to the writing operation and/or the name changing operation, the software of the file system traversal API corresponding to the execution process can be accurately determined to be the luxury software.
In the embodiment of the disclosure, when the fact that the file system traversal API is called is detected, the decoy file is actively put into the file system traversal API, whether the software of the file system traversal API corresponding to the execution process is the luxury software or not is accurately determined according to whether the decoy file is executed with a writing operation and/or a name changing operation, and then the newly discovered luxury software or unknown luxury software can be effectively detected, and the detection effect of the luxury software is improved.
It should be noted that, in order to immunize the lux software and protect the files stored on the hard disk, after determining that the software to which the file system traversal API corresponds to the execution process belongs is the lux software, the lux software detection method 100 may further include:
all operations of the file system traversal API corresponding execution process are intercepted.
Further, the HOOK component can be utilized to intercept all operations of the file system traversal API corresponding execution process, so that the interception efficiency is improved.
Or closing the corresponding execution process of the file system traversal API.
Meanwhile, prompt information can be output, for example, prompt short messages are sent to users, or prompt windows are popped up, prompt voices are played, and the users are prompted timely, and software of the file system traversal API corresponding to the execution process is luxury software.
The method 100 for detecting the lux software according to the embodiment of the present disclosure is described in detail below with reference to a specific embodiment, which is specifically as follows:
(1) And loading a file driver disguised as a system application program to the uppermost layer of a file processing link of the file system through the operating system to operate so as to preferentially detect the traversal API of the file system in real time.
(2) When the file driver detects that the file system traversal API is called, the file driver puts the decoy file into the file system traversal API so that the file system traversal API returns the decoy file to the software to which the corresponding execution process belongs.
(3) If the decoy file is detected to be subjected to the writing operation and/or the name changing operation, determining that software of the file system traversal API corresponding to the execution process is luxury software.
(4) And intercepting all operations of the corresponding execution process of the file system traversal API by utilizing the HOOK component.
(5) And outputting prompt information to prompt a user, wherein software of the file system traversal API corresponding to the execution process is luxury software.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present disclosure is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required by the present disclosure.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 2 illustrates a block diagram of a lux software detection device according to an embodiment of the disclosure, and as shown in fig. 2, the lux software detection device 200 may include:
an operation module 210, configured to operate the file driver.
The launching module 220 is configured to launch the decoy file into the file system traversal API when the file driver detects that the file system traversal API is called.
The determining module 230 is configured to determine that the software to which the corresponding execution process of the file system traversal API belongs is luxury software if it is detected that the decoy file is subjected to a write operation and/or a name change operation.
In some embodiments, the run module 210 is specifically configured to:
and loading the file driver program to the uppermost layer of the file processing link of the file system through the operating system for running.
In some embodiments, the name, time, size of the decoy file conforms to preset rules such that the decoy file is at the beginning of the plurality of files returned by the file system traversal API.
In some embodiments, the lux software detection device 200 further comprises:
and the interception module is used for intercepting all operations of the corresponding execution process of the file system traversal API after determining that the software of the corresponding execution process of the file system traversal API is the luxury software.
In some embodiments, the interception module is specifically configured to:
and intercepting all operations of the corresponding execution process of the file system traversal API by utilizing the HOOK component.
In some embodiments, the lux software detection device 200 further comprises:
and the output module is used for outputting prompt information after determining that the software of the file system traversal API corresponding to the execution process is the luxury software, and prompting the user that the software is the luxury software.
In some embodiments, the file driver masquerades as a system application.
It can be appreciated that each module/unit in the lux software detection device 200 shown in fig. 2 has a function of implementing each step in the lux software detection method 100 shown in fig. 1, and can achieve the corresponding technical effects, which are not repeated herein for brevity.
Fig. 3 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure. Electronic device 300 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic device 300 may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 3, the electronic device 300 may include a computing unit 301 that may perform various suitable actions and processes in accordance with a computer program stored in a Read Only Memory (ROM) 302 or a computer program loaded from a storage unit 308 into a Random Access Memory (RAM) 303. In the RAM303, various programs and data required for the operation of the electronic device 300 may also be stored. The computing unit 301, the ROM302, and the RAM303 are connected to each other by a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
Various components in the electronic device 300 are connected to the I/O interface 305, including: an input unit 306 such as a keyboard, a mouse, etc.; an output unit 307 such as various types of displays, speakers, and the like; a storage unit 308 such as a magnetic disk, an optical disk, or the like; and a communication unit 309 such as a network card, modem, wireless communication transceiver, etc. The communication unit 309 allows the electronic device 300 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 301 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 301 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 301 performs the various methods and processes described above, such as method 100. For example, in some embodiments, the method 100 may be implemented as a computer program product, including a computer program, tangibly embodied on a computer-readable medium, such as the storage unit 308. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 300 via the ROM302 and/or the communication unit 309. One or more of the steps of the method 100 described above may be performed when the computer program is loaded into RAM303 and executed by the computing unit 301. Alternatively, in other embodiments, the computing unit 301 may be configured to perform the method 100 by any other suitable means (e.g. by means of firmware).
The various embodiments described above herein may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems-on-a-chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a computer-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a computer-readable storage medium would include one or more wire-based electrical connections, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It should be noted that the present disclosure further provides a non-transitory computer readable storage medium storing computer instructions, where the computer instructions are configured to cause a computer to perform the method 100 and achieve corresponding technical effects achieved by performing the method according to the embodiments of the present disclosure, which are not described herein for brevity.
In addition, the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the method 100.
To provide for interaction with a user, the embodiments described above may be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The above-described embodiments may be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. A method for detecting lux software, the method comprising:
running a file driver;
when the file driver detects that the file system traversal API is called, the file driver puts an decoy file into the file system traversal API;
if the decoy file is detected to be subjected to the writing operation and/or the name changing operation, determining that the software of the file system traversal API corresponding to the execution process is luxury software.
2. The method of claim 1, wherein the running a file driver comprises:
and loading the file driver program to the uppermost layer of the file processing link of the file system through the operating system for running.
3. The method of claim 1, wherein the name, time, size of the decoy file conforms to a preset rule such that the decoy file is at the first of a plurality of files returned by the file system traversal API.
4. The method of claim 1, wherein after the determining that the software to which the file system traversal API corresponds to executing process belongs is lux software, the method further comprises:
and intercepting all operations of the file system traversal API corresponding to the execution process.
5. The method of claim 4, wherein intercepting all operations of the file system traversal API corresponding execution process comprises:
and intercepting all operations of the corresponding execution process of the file system traversal API by utilizing the HOOK component.
6. The method of claim 1, wherein after the determining that the software to which the file system traversal API corresponds to executing process belongs is lux software, the method further comprises:
and outputting prompt information to prompt a user that the software is luxury software.
7. The method of claim 1, wherein the file driver masquerades as a system application.
8. A lux software detection device, the device comprising:
the running module is used for running the file driver;
the releasing module is used for releasing the decoy file to the file system traversal API by the file driver when the file driver detects that the file system traversal API is called;
and the determining module is used for determining that the software of the file system traversal API corresponding to the execution process is the luxury software if the decoy file is detected to be subjected to the writing operation and/or the name changing operation.
9. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311436356.5A CN117332417A (en) | 2023-10-31 | 2023-10-31 | Lesu software detection method, apparatus, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311436356.5A CN117332417A (en) | 2023-10-31 | 2023-10-31 | Lesu software detection method, apparatus, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117332417A true CN117332417A (en) | 2024-01-02 |
Family
ID=89275580
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311436356.5A Pending CN117332417A (en) | 2023-10-31 | 2023-10-31 | Lesu software detection method, apparatus, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117332417A (en) |
-
2023
- 2023-10-31 CN CN202311436356.5A patent/CN117332417A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11431676B2 (en) | Method, apparatus, and system for detecting terminal security status | |
| US8812983B2 (en) | Automatic magnification and selection confirmation | |
| US9672493B2 (en) | Systems and methods for detecting and managing recurring electronic communications | |
| US20120266100A1 (en) | Dynamic Tile Billboard User Interface | |
| US10938858B2 (en) | Chatbot interface for network security software application | |
| US20210049262A1 (en) | Stack pivot exploit detection and mitigation | |
| JP6383445B2 (en) | System and method for blocking access to protected applications | |
| CN113657518B (en) | Training method, target image detection method, device, electronic device, and medium | |
| US20150067139A1 (en) | Agentless monitoring of computer systems | |
| CN112860566B (en) | Applet detection method, device, electronic equipment and readable medium | |
| US20190065223A1 (en) | Disabling Just-In-Time Translation For Application Functions | |
| US10021012B2 (en) | Notifying original state listeners of events in a domain model | |
| CN113312560A (en) | Group detection method and device and electronic equipment | |
| US20140181502A1 (en) | Dynamically manipulating rules for adding new devices | |
| CN117332417A (en) | Lesu software detection method, apparatus, device and storage medium | |
| CN113839944B (en) | Method, device, electronic equipment and medium for coping with network attack | |
| CN112835639B (en) | Hook realization method, device, equipment, medium and product | |
| US9940015B2 (en) | Interacting with application beneath transparent layer | |
| CN114338111B (en) | Vulnerability plugging method, device, equipment and storage medium | |
| US20220269785A1 (en) | Enhanced cybersecurity analysis for malicious files detected at the endpoint level | |
| CN114428646B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN116341023B (en) | Block chain-based service address verification method, device, equipment and storage medium | |
| CN113312050B (en) | Content display method, device, equipment and medium | |
| CN109933985B (en) | Method, device and equipment for bypassing hook and computer storage medium | |
| US20230394147A1 (en) | Using files of interest to identify similar files contained in a corpus of files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |