CN115023699A - 恶意进程的检测方法、装置、电子设备及存储介质 - Google Patents

恶意进程的检测方法、装置、电子设备及存储介质 Download PDF

Info

Publication number
CN115023699A
CN115023699A CN202080094694.3A CN202080094694A CN115023699A CN 115023699 A CN115023699 A CN 115023699A CN 202080094694 A CN202080094694 A CN 202080094694A CN 115023699 A CN115023699 A CN 115023699A
Authority
CN
China
Prior art keywords
candidate
socket
target
processes
malicious
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080094694.3A
Other languages
English (en)
Inventor
郭子亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Huantai Technology Co Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Huantai Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd, Shenzhen Huantai Technology Co Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN115023699A publication Critical patent/CN115023699A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

本申请实施例公开了一种恶意进程的检测方法、装置、电子设备及存储介质,涉及网络安全技术领域。该方法包括:获取请求网络连接的目标进程;获取所述目标进程的***调用操作;若所述***调用操作与目标***调用操作匹配,确定所述目标进程为恶意进程。本申请实施例通过先根据是否存在对外的网络连接来确定目标进程,再根据目标进程的***调用操作来确定目标进程是否为恶意进程,不仅可检测出由***自带的命令解释器所建立的恶意进程,还可检测出不按***规则建立的恶意进程,从而大大降低对恶意进程的漏报率,实现更有效的检测。

Description

PCT国内申请,说明书已公开。

Claims (20)

  1. PCT国内申请,权利要求书已公开。
CN202080094694.3A 2020-03-24 2020-03-24 恶意进程的检测方法、装置、电子设备及存储介质 Pending CN115023699A (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/080922 WO2021189257A1 (zh) 2020-03-24 2020-03-24 恶意进程的检测方法、装置、电子设备及存储介质

Publications (1)

Publication Number Publication Date
CN115023699A true CN115023699A (zh) 2022-09-06

Family

ID=77890894

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080094694.3A Pending CN115023699A (zh) 2020-03-24 2020-03-24 恶意进程的检测方法、装置、电子设备及存储介质

Country Status (2)

Country Link
CN (1) CN115023699A (zh)
WO (1) WO2021189257A1 (zh)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285621A (zh) * 2021-12-20 2022-04-05 北京安天网络安全技术有限公司 一种网络威胁监测方法、装置及电子设备
CN115002186B (zh) * 2022-05-17 2024-07-09 深信服科技股份有限公司 网络信息采集方法、装置、电子设备及可读存储介质
CN116484364B (zh) * 2023-02-03 2024-01-26 安芯网盾(北京)科技有限公司 一种基于Linux内核的隐藏端口检测方法及装置
CN116112295B (zh) * 2023-04-12 2023-07-04 北京长亭未来科技有限公司 一种外连类攻击结果研判方法及装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350052B (zh) * 2007-10-15 2010-11-03 北京瑞星信息技术有限公司 发现计算机程序的恶意行为的方法和装置
CN103023912A (zh) * 2012-12-26 2013-04-03 蓝盾信息安全技术股份有限公司 一种防止基于虚拟机进行网络攻击的方法
CN103839005B (zh) * 2013-11-22 2016-09-28 北京智谷睿拓技术服务有限公司 移动操作***的恶意软件检测方法和恶意软件检测***
CN106033511A (zh) * 2015-03-17 2016-10-19 阿里巴巴集团控股有限公司 防止网站数据泄露的方法及设备
US20180357413A1 (en) * 2017-05-31 2018-12-13 Paul A. Rivera Methods and Systems for the Active Defense of a Computing System Against Malware
CN110493165A (zh) * 2018-06-29 2019-11-22 厦门白山耘科技有限公司 自动确定恶意网络进程的方法、装置及网络入侵检测***

Also Published As

Publication number Publication date
WO2021189257A1 (zh) 2021-09-30

Similar Documents

Publication Publication Date Title
WO2021189257A1 (zh) 恶意进程的检测方法、装置、电子设备及存储介质
US10552348B2 (en) USB device access method, apparatus and system, a terminal, and a server
CN108763031B (zh) 一种基于日志的威胁情报检测方法及装置
CN110391937B (zh) 一种基于soap服务模拟的物联网蜜网***
CN108664793B (zh) 一种检测漏洞的方法和装置
US9331915B1 (en) Dynamic network traffic mirroring
CN107135249B (zh) 数据下载方法及装置
US10623450B2 (en) Access to data on a remote device
CN111193633B (zh) 异常网络连接的检测方法及装置
WO2024148833A1 (zh) 一种容器多网卡网络配置方法、装置、设备及存储介质
CN114124929A (zh) 跨网络的数据处理方法和装置
CN111464513A (zh) 数据检测方法、装置、服务器及存储介质
CN111740868A (zh) 告警数据的处理方法和装置及存储介质
CN114726633B (zh) 流量数据处理方法及装置、存储介质及电子设备
CN111447201A (zh) 一种扫描行为识别方法、装置及电子设备和存储介质
CN113761527A (zh) 一种反弹shell进程检测方法、装置、设备及存储介质
CN110881224B (zh) 一种网络长连接方法、装置、设备及存储介质
CN108512889B (zh) 一种基于http的应用响应推送方法及代理服务器
CN111371783B (zh) 一种sql注入攻击检测方法、装置、设备和存储介质
CN115941224A (zh) 一种网络访问信息管理方法、装置和计算机可读存储介质
CN116582365B (zh) 网络流量的安全控制方法、装置及计算机设备
WO2021097713A1 (zh) 分布式安全检测***、方法、设备及存储介质
EP3010194B1 (en) Method of tracing a transaction in a network
JP6412641B2 (ja) 通信リンクの送信方法、装置及び端末
CN109327433B (zh) 基于运行场景分析的威胁感知方法及***

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination