TWI554907B - Trojan horse detection method and device - Google Patents

Trojan horse detection method and device Download PDF

Info

Publication number
TWI554907B
TWI554907B TW101146915A TW101146915A TWI554907B TW I554907 B TWI554907 B TW I554907B TW 101146915 A TW101146915 A TW 101146915A TW 101146915 A TW101146915 A TW 101146915A TW I554907 B TWI554907 B TW I554907B
Authority
TW
Taiwan
Prior art keywords
trojan
base address
memory block
determining
memory
Prior art date
Application number
TW101146915A
Other languages
English (en)
Chinese (zh)
Other versions
TW201409272A (zh
Inventor
Wan-Quan Nie
Original Assignee
Alibaba Group Services Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Services Ltd filed Critical Alibaba Group Services Ltd
Publication of TW201409272A publication Critical patent/TW201409272A/zh
Application granted granted Critical
Publication of TWI554907B publication Critical patent/TWI554907B/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
TW101146915A 2012-08-28 2012-12-12 Trojan horse detection method and device TWI554907B (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210310462.4A CN103632088A (zh) 2012-08-28 2012-08-28 一种木马检测方法及装置

Publications (2)

Publication Number Publication Date
TW201409272A TW201409272A (zh) 2014-03-01
TWI554907B true TWI554907B (zh) 2016-10-21

Family

ID=50189431

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101146915A TWI554907B (zh) 2012-08-28 2012-12-12 Trojan horse detection method and device

Country Status (6)

Country Link
US (2) US9152788B2 (enExample)
EP (2) EP2891104B1 (enExample)
JP (2) JP5882542B2 (enExample)
CN (1) CN103632088A (enExample)
TW (1) TWI554907B (enExample)
WO (1) WO2014035857A1 (enExample)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10223530B2 (en) 2013-11-13 2019-03-05 Proofpoint, Inc. System and method of protecting client computers
US9378367B2 (en) 2014-03-31 2016-06-28 Symantec Corporation Systems and methods for identifying a source of a suspect event
WO2016186902A1 (en) * 2015-05-20 2016-11-24 Alibaba Group Holding Limited Detecting malicious files
CN106295328B (zh) 2015-05-20 2019-06-18 阿里巴巴集团控股有限公司 文件检测方法、装置及系统
US10083296B2 (en) * 2015-06-27 2018-09-25 Mcafee, Llc Detection of malicious thread suspension
CN105608377A (zh) * 2015-12-24 2016-05-25 国家电网公司 一种信息系统进程安全管理系统及管理方法
US10049214B2 (en) * 2016-09-13 2018-08-14 Symantec Corporation Systems and methods for detecting malicious processes on computing devices
CN110414230B (zh) * 2019-06-21 2022-04-08 腾讯科技(深圳)有限公司 病毒查杀方法、装置、计算机设备和存储介质
CN111552962B (zh) * 2020-03-25 2024-03-01 三六零数字安全科技集团有限公司 一种基于Windows操作系统的U盘PE格式文件病毒的拦截方法
US11874920B2 (en) * 2020-12-30 2024-01-16 Acronis International Gmbh Systems and methods for preventing injections of malicious processes in software
CN112948863B (zh) * 2021-03-15 2022-07-29 清华大学 敏感数据的读取方法、装置、电子设备及存储介质
CN113641997B (zh) * 2021-07-19 2025-03-14 卡奥斯工业智能研究院(青岛)有限公司 工业主机的安全防护方法、装置、系统及存储介质
CN114969737A (zh) * 2022-05-26 2022-08-30 深信服科技股份有限公司 一种病毒处理的方法、装置、电子设备及介质
CN115766279A (zh) * 2022-12-06 2023-03-07 北京天融信网络安全技术有限公司 网络攻击取证方法、装置、电子设备及可读取存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100043072A1 (en) * 2005-01-20 2010-02-18 William Grant Rothwell Computer protection against malware affection
CN101128832B (zh) * 2005-02-25 2010-05-19 松下电器产业株式会社 处理装置
TWI352289B (en) * 2005-03-31 2011-11-11 Intel Corp Apparatus of providing extended memory protection
US20120079596A1 (en) * 2010-08-26 2012-03-29 Verisign, Inc. Method and system for automatic detection and analysis of malware

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5812848A (en) * 1995-08-23 1998-09-22 Symantec Corporation Subclassing system for computer that operates with portable-executable (PE) modules
US7493498B1 (en) * 2002-03-27 2009-02-17 Advanced Micro Devices, Inc. Input/output permission bitmaps for compartmentalized security
KR100843701B1 (ko) * 2006-11-07 2008-07-04 소프트캠프(주) 콜 스택에 기록된 정보를 이용한 에이피아이 확인방법
US7917725B2 (en) * 2007-09-11 2011-03-29 QNX Software Systems GmbH & Co., KG Processing system implementing variable page size memory organization using a multiple page per entry translation lookaside buffer
US8578483B2 (en) * 2008-07-31 2013-11-05 Carnegie Mellon University Systems and methods for preventing unauthorized modification of an operating system
CA2806368C (en) * 2009-07-29 2019-04-30 Reversinglabs Corporation Portable executable file analysis
US8572740B2 (en) 2009-10-01 2013-10-29 Kaspersky Lab, Zao Method and system for detection of previously unknown malware
TW201137660A (en) * 2009-12-23 2011-11-01 Ibm Method and system for protecting an operating system against unauthorized modification
CN101826139B (zh) * 2009-12-30 2012-05-30 厦门市美亚柏科信息股份有限公司 一种非可执行文件挂马检测方法及其装置
US8468602B2 (en) 2010-03-08 2013-06-18 Raytheon Company System and method for host-level malware detection
US20120036569A1 (en) * 2010-04-05 2012-02-09 Andrew Cottrell Securing portable executable modules
KR101122650B1 (ko) * 2010-04-28 2012-03-09 한국전자통신연구원 정상 프로세스에 위장 삽입된 악성코드 탐지 장치, 시스템 및 방법
TW201220186A (en) * 2010-11-04 2012-05-16 Inventec Corp Data protection method for damaged memory cells
US8955132B2 (en) 2011-04-14 2015-02-10 F-Secure Corporation Emulation for malware detection
RU2487405C1 (ru) * 2011-11-24 2013-07-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ для исправления антивирусных записей
US9614865B2 (en) * 2013-03-15 2017-04-04 Mcafee, Inc. Server-assisted anti-malware client
EP2784716A1 (en) * 2013-03-25 2014-10-01 British Telecommunications public limited company Suspicious program detection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100043072A1 (en) * 2005-01-20 2010-02-18 William Grant Rothwell Computer protection against malware affection
CN101128832B (zh) * 2005-02-25 2010-05-19 松下电器产业株式会社 处理装置
TWI352289B (en) * 2005-03-31 2011-11-11 Intel Corp Apparatus of providing extended memory protection
US20120079596A1 (en) * 2010-08-26 2012-03-29 Verisign, Inc. Method and system for automatic detection and analysis of malware

Also Published As

Publication number Publication date
WO2014035857A1 (en) 2014-03-06
JP2016105310A (ja) 2016-06-09
US20140068774A1 (en) 2014-03-06
JP2015523668A (ja) 2015-08-13
EP2891104A1 (en) 2015-07-08
JP6165900B2 (ja) 2017-07-19
EP3422238A1 (en) 2019-01-02
EP3422238B1 (en) 2020-03-11
EP2891104B1 (en) 2018-10-10
US20160087998A1 (en) 2016-03-24
US9152788B2 (en) 2015-10-06
JP5882542B2 (ja) 2016-03-09
US9516056B2 (en) 2016-12-06
TW201409272A (zh) 2014-03-01
CN103632088A (zh) 2014-03-12

Similar Documents

Publication Publication Date Title
TWI554907B (zh) Trojan horse detection method and device
KR101662616B1 (ko) 저전력 상태시 메모리 영역 보호 방법 및 장치
US11675905B2 (en) System and method for validating in-memory integrity of executable files to identify malicious activity
JP2012508931A (ja) モバイル装置とコンピュータを組み合わせ、安全な個人ごとの環境を生成する装置および方法
CN107330328B (zh) 防御病毒攻击的方法、装置及服务器
TW202101262A (zh) 內核安全檢測方法、裝置、設備及儲存媒體
WO2015196982A1 (zh) 一种Android恶意程序检测和处理方法、装置及设备
CN107122663B (zh) 一种注入攻击检测方法及装置
WO2022170966A1 (zh) 在目标平台上启动应用程序的方法及装置
CN117272286A (zh) 基于tee的进程动态完整性度量方法及系统
CN106529315A (zh) 一种硬盘安全防护方法及系统
JPWO2010113282A1 (ja) 構成変更の検証機能を有した情報処理装置及びその制御方法
CN102819703B (zh) 用于防护网页攻击的方法和设备
KR20200052524A (ko) 위장 프로세스를 이용한 랜섬웨어 행위 탐지 및 방지 장치, 이를 위한 방법 및 이 방법을 수행하는 프로그램이 기록된 컴퓨터 판독 가능한 기록매체
CN113407935A (zh) 一种文件检测方法、装置、存储介质及服务器
CN116418593A (zh) 一种动态可信度量方法、电子设备及存储介质
RU85249U1 (ru) Аппаратный антивирус
US9280666B2 (en) Method and electronic device for protecting data
CN116991671A (zh) Dcs控制器及其可信启动的审计日志记录方法和系统
CN103366115A (zh) 安全性检测方法和装置
CN102467644B (zh) 系统管理中断的执行方法
WO2009048158A1 (ja) ファイルチェック装置、ファイルチェックプログラムおよびファイルチェック方法
CN106909838A (zh) 一种拦截系统调用的方法及装置
CN104408365A (zh) 一种基于密码的进程认证方法
CN113741938B (zh) 一种更新方法及电子设备

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees