CN104766011B - 基于主机特征的沙箱检测告警方法和*** - Google Patents
基于主机特征的沙箱检测告警方法和*** Download PDFInfo
- Publication number
- CN104766011B CN104766011B CN201510134971.XA CN201510134971A CN104766011B CN 104766011 B CN104766011 B CN 104766011B CN 201510134971 A CN201510134971 A CN 201510134971A CN 104766011 B CN104766011 B CN 104766011B
- Authority
- CN
- China
- Prior art keywords
- detected
- alarm
- unknown program
- program
- unknown
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 127
- 238000001514 detection method Methods 0.000 title claims abstract description 112
- 244000035744 Hura crepitans Species 0.000 title claims abstract description 55
- 230000008569 process Effects 0.000 claims description 74
- 230000006399 behavior Effects 0.000 claims description 24
- 230000015654 memory Effects 0.000 claims description 12
- 230000003542 behavioural effect Effects 0.000 claims description 11
- 230000004048 modification Effects 0.000 claims description 10
- 238000012986 modification Methods 0.000 claims description 10
- 230000001960 triggered effect Effects 0.000 claims description 10
- 230000009471 action Effects 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 8
- 230000008570 general process Effects 0.000 claims description 4
- 239000011800 void material Substances 0.000 claims description 4
- 230000002547 anomalous effect Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000012512 characterization method Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 3
- 238000002347 injection Methods 0.000 claims description 3
- 239000007924 injection Substances 0.000 claims description 3
- 230000001235 sensitizing effect Effects 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 10
- 230000006872 improvement Effects 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 7
- 230000000694 effects Effects 0.000 description 5
- 230000006378 damage Effects 0.000 description 4
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000011895 specific detection Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 239000004576 sand Substances 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510134971.XA CN104766011B (zh) | 2015-03-26 | 2015-03-26 | 基于主机特征的沙箱检测告警方法和*** |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510134971.XA CN104766011B (zh) | 2015-03-26 | 2015-03-26 | 基于主机特征的沙箱检测告警方法和*** |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104766011A CN104766011A (zh) | 2015-07-08 |
CN104766011B true CN104766011B (zh) | 2017-09-12 |
Family
ID=53647833
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510134971.XA Expired - Fee Related CN104766011B (zh) | 2015-03-26 | 2015-03-26 | 基于主机特征的沙箱检测告警方法和*** |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104766011B (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210209227A1 (en) * | 2017-09-20 | 2021-07-08 | Twistlock, Ltd. | System and method for defending applications invoking anonymous functions |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105656872A (zh) * | 2015-07-17 | 2016-06-08 | 哈尔滨安天科技股份有限公司 | 一种基于骨干网的攻击者追踪方法及*** |
CN105718792A (zh) * | 2015-08-13 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | 一种基于沙箱的二维码检测方法及*** |
CN106611122A (zh) * | 2015-10-27 | 2017-05-03 | 国家电网公司 | 基于虚拟执行的未知恶意程序离线检测*** |
CN105320884A (zh) * | 2015-11-02 | 2016-02-10 | 南京安贤信息科技有限公司 | 虚拟机的安全防护方法及*** |
CN105740705A (zh) * | 2015-12-28 | 2016-07-06 | 哈尔滨安天科技股份有限公司 | 一种基于lxc容器的主机防御方法及*** |
CN105978911B (zh) * | 2016-07-15 | 2019-05-21 | 江苏博智软件科技有限公司 | 基于虚拟执行技术的恶意代码检测方法及装置 |
CN107729751A (zh) * | 2016-08-12 | 2018-02-23 | 阿里巴巴集团控股有限公司 | 数据检测方法及装置 |
CN106919837B (zh) * | 2016-10-20 | 2020-02-07 | 深圳市安之天信息技术有限公司 | 一种恶意代码未知自启动识别方法及*** |
CN106778273A (zh) * | 2016-12-28 | 2017-05-31 | 北京安天网络安全技术有限公司 | 一种验证恶意代码在受害者主机中活跃度的方法及*** |
CN106549980B (zh) * | 2016-12-30 | 2020-04-07 | 北京神州绿盟信息安全科技股份有限公司 | 一种恶意c&c服务器确定方法及装置 |
CN106878301A (zh) * | 2017-02-13 | 2017-06-20 | 国网江西省电力公司信息通信分公司 | 一种高级可持续威胁的检测方法及*** |
CN108804914B (zh) * | 2017-05-03 | 2021-07-16 | 腾讯科技(深圳)有限公司 | 一种异常数据检测的方法及装置 |
CN107392026A (zh) * | 2017-06-23 | 2017-11-24 | 北京小度信息科技有限公司 | 漏洞检测方法及装置 |
CN107403096A (zh) * | 2017-08-04 | 2017-11-28 | 郑州云海信息技术有限公司 | 一种基于文件状态分析的勒索软件检测方法 |
CN107491691A (zh) * | 2017-08-08 | 2017-12-19 | 东北大学 | 一种基于机器学习的远程取证工具安全分析*** |
CN107657176A (zh) * | 2017-09-26 | 2018-02-02 | 四川长虹电器股份有限公司 | 一种基于行为分析的未知恶意代码识别与分析方法 |
CN107566401B (zh) * | 2017-09-30 | 2021-01-08 | 北京奇虎科技有限公司 | 虚拟化环境的防护方法及装置 |
CN107733927B (zh) * | 2017-11-28 | 2021-10-19 | 深信服科技股份有限公司 | 一种僵尸网络文件检测的方法、云服务器、装置及*** |
CN110489970B (zh) * | 2018-05-14 | 2023-05-02 | 阿里巴巴集团控股有限公司 | 漏洞检测方法、装置及*** |
CN109274676B (zh) * | 2018-10-07 | 2020-12-11 | 杭州安恒信息技术股份有限公司 | 基于自学习方式获取木马控制端ip地址的方法、***和存储设备 |
CN109327451B (zh) * | 2018-10-30 | 2021-07-06 | 深信服科技股份有限公司 | 一种防御文件上传验证绕过的方法、***、装置及介质 |
CN111368289B (zh) * | 2018-12-26 | 2023-08-29 | 中兴通讯股份有限公司 | 一种恶意软件检测方法和装置 |
CN111444510A (zh) * | 2018-12-27 | 2020-07-24 | 北京奇虎科技有限公司 | 基于虚拟机实现的cpu漏洞检测方法及*** |
CN109948336A (zh) * | 2019-01-29 | 2019-06-28 | 北京中安兴坤科技有限公司 | 恶意代码检测方法以及装置 |
CN110417768B (zh) * | 2019-07-24 | 2021-10-08 | 绿盟科技集团股份有限公司 | 一种僵尸网络的跟踪方法及装置 |
CN111680296A (zh) * | 2020-06-15 | 2020-09-18 | 杭州安恒信息技术股份有限公司 | 一种工业控制***中恶意程序的识别方法、装置及设备 |
CN113672918A (zh) * | 2021-08-04 | 2021-11-19 | 安天科技集团股份有限公司 | 恶意代码检测方法、装置、存储介质及电子设备 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1737722A (zh) * | 2005-08-03 | 2006-02-22 | 珠海金山软件股份有限公司 | 一种检测和防御计算机恶意程序的***和方法 |
CN1801031A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 运用程序行为知识库判断已知程序被攻击的方法 |
CN1845120A (zh) * | 2006-05-16 | 2006-10-11 | 北京启明星辰信息技术有限公司 | 一种恶意代码自动分析***及方法 |
CN102034050A (zh) * | 2011-01-25 | 2011-04-27 | 四川大学 | 基于虚拟机和敏感Native API调用感知的恶意软件动态检测方法 |
CN102682229A (zh) * | 2011-03-11 | 2012-09-19 | 北京市国路安信息技术有限公司 | 一种基于虚拟化技术的恶意代码行为检测方法 |
-
2015
- 2015-03-26 CN CN201510134971.XA patent/CN104766011B/zh not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801031A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 运用程序行为知识库判断已知程序被攻击的方法 |
CN1737722A (zh) * | 2005-08-03 | 2006-02-22 | 珠海金山软件股份有限公司 | 一种检测和防御计算机恶意程序的***和方法 |
CN1845120A (zh) * | 2006-05-16 | 2006-10-11 | 北京启明星辰信息技术有限公司 | 一种恶意代码自动分析***及方法 |
CN102034050A (zh) * | 2011-01-25 | 2011-04-27 | 四川大学 | 基于虚拟机和敏感Native API调用感知的恶意软件动态检测方法 |
CN102682229A (zh) * | 2011-03-11 | 2012-09-19 | 北京市国路安信息技术有限公司 | 一种基于虚拟化技术的恶意代码行为检测方法 |
Non-Patent Citations (1)
Title |
---|
韩奕.基于行为分析的恶意代码检测与评估研究.《中国优秀硕士学位论文全文数据库 信息科技辑 》.2014,全文. * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210209227A1 (en) * | 2017-09-20 | 2021-07-08 | Twistlock, Ltd. | System and method for defending applications invoking anonymous functions |
Also Published As
Publication number | Publication date |
---|---|
CN104766011A (zh) | 2015-07-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104766011B (zh) | 基于主机特征的沙箱检测告警方法和*** | |
US8479276B1 (en) | Malware detection using risk analysis based on file system and network activity | |
CN106682495A (zh) | 安全防护方法及安全防护装置 | |
Sabhadiya et al. | Android malware detection using deep learning | |
Stallard et al. | Automated analysis for digital forensic science: Semantic integrity checking | |
CN106687971A (zh) | 用来减少软件的攻击面的自动代码锁定 | |
CN106341282A (zh) | 一种恶意代码行为分析装置 | |
CN105956468B (zh) | 一种基于文件访问动态监控的Android恶意应用检测方法及*** | |
CN104283889A (zh) | 基于网络架构的电力***内部apt攻击检测及预警*** | |
CN106982231A (zh) | 一种基于Agent的内部威胁实时检测方法 | |
CN106228067A (zh) | 恶意代码动态检测方法及装置 | |
Fisk | Cyber security, building automation, and the intelligent building | |
CN111191243A (zh) | 一种漏洞检测方法、装置和存储介质 | |
CN103218561A (zh) | 一种保护浏览器的防篡改方法和装置 | |
Wang et al. | Using ontologies to perform threat analysis and develop defensive strategies for mobile security | |
CN112637108A (zh) | 一种基于异常检测和情感分析的内部威胁分析方法及*** | |
CN116340943A (zh) | 应用程序保护方法、装置、设备、存储介质和程序产品 | |
CN103646213B (zh) | 一种恶意软件的分类方法和装置 | |
Karabacak et al. | Zero Trust and Advanced Persistent Threats: Who Will Win the War? | |
Tan et al. | Attack provenance tracing in cyberspace: Solutions, challenges and future directions | |
Prabhavathy et al. | Permission and API Calls Based Hybrid Machine Learning Approach for Detecting Malicious Software in Android System. | |
Yu et al. | Minergate: A novel generic and accurate defense solution against web based cryptocurrency mining attacks | |
Raihan et al. | Detecting intrusions specified in a software specification language | |
Cai et al. | Medical big data intrusion detection system based on virtual data analysis from assurance perspective | |
Zhao | [Retracted] Naive Bayes Algorithm Mining Mobile Phone Trojan Crime Clues |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
CB03 | Change of inventor or designer information |
Inventor after: Liu Zhiyong Inventor after: Wang Hongkai Inventor after: Zhang Xudong Inventor after: Xia Zhengmin Inventor after: Wu Jun Inventor after: Dai Bo Inventor after: Gong Xiaogang Inventor after: Li Jianhua Inventor before: Liu Zhiyong Inventor before: Wang Hongkai Inventor before: Xia Zhengmin Inventor before: Wu Jun Inventor before: Su Yating Inventor before: Li Jianhua |
|
COR | Change of bibliographic data | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20160302 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: Information communication branch office of Guo Wang Zhejiang Electric Power Company Applicant after: Beijing Guodiantong Network Technology Co., Ltd. Applicant after: Shanghai Jiao Tong University Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: Beijing Guodiantong Network Technology Co., Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170912 Termination date: 20180326 |