Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Trojan detection method and device based on Linux system

A detection method and detection device technology, applied in the direction of computer security devices, instruments, electrical digital data processing, etc., can solve the problems of a large number of data comparison, low efficiency, large system resources, etc., and achieve high efficiency without data comparison Effect

Active Publication Date: 2017-02-15
TENCENT TECH (SHENZHEN) CO LTD
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, many methods for detecting Trojan horses have appeared successively. In the prior art, whether there is a Trojan horse is judged by comparing the abnormal behavior of the system, but this method often requires a large amount of data comparison, takes up a lot of system resources, and is inefficient.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trojan detection method and device based on Linux system
  • Trojan detection method and device based on Linux system
  • Trojan detection method and device based on Linux system

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0036] The present embodiment provides a kind of Trojan detection method based on Linux system, and the method of the present embodiment can be used for figure 1 As shown in the electronic terminal 100, such as figure 2 As shown, the method of the present embodiment includes the following steps:

[0037] Step S101. Receive a file read request triggered by a specified method, the file read request is a request to read a specified virtual file, and the specified virtual file is a file created by a kernel module of the Linux system.

[0038] The specified method may be to trigger a specified button in the security guard's Trojan killing function interface, such as the "quick scan" or "full scan" button in the interface, thereby triggering the file read request. In detail, the virtual file is the / proc / ps_list virtual file created by the kernel module of the Linux system. The virtual files constitute a virtual system VFS (Virtual File System), and the VFS is also called a virtu...

no. 2 example

[0056] This embodiment provides a method for detecting a Trojan horse based on a Linux system. This embodiment is similar to the first embodiment, the difference is that please refer to image 3 or Figure 4 , the method of this embodiment includes:

[0057] Step S101 may specifically include:

[0058] Step S1011 , receiving the operation of the Trojan horse detection button on the Trojan horse detection and killing software interface triggered by the user, and triggering the file read request.

[0059] Alternatively, step S1012, receiving a preset time interval set by the user to perform Trojan horse scanning and killing operations, the preset time interval automatically triggering the file read request.

[0060] In detail, the application background of the first embodiment may be a software for detecting and killing Trojan horses. image 3 It is a flow chart of a method in an embodiment manner of this embodiment. The receiving of the file reading request triggered by a s...

no. 3 example

[0069] This embodiment provides a method for detecting a Trojan horse based on a Linux system. This embodiment is similar to the first embodiment, the difference is that please refer to Figure 5 , the method of this embodiment includes:

[0070] Step S101. Receive a file read request triggered by a specified method, the file read request is a request to read a specified virtual file, and the specified virtual file is a file created by a kernel module of the Linux system.

[0071] Step S102 , after receiving the file read request, start a preset macro to read the kernel process link list, and the kernel process link list includes at least one process.

[0072] Further, the processes in the kernel process linked list are the processes currently running in the electronic terminal 100 .

[0073] Step S103, including:

[0074] Step S1031, read the processes in the kernel process linked list one by one.

[0075] Specifically, the process ID can uniquely identify a process, and t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a Trojan detection method and device based on a Linux system. In one embodiment, the method comprises the following steps of: receiving a file reading request triggered through an appointed way, wherein the file reading request is a request for reading an appointed virtual file, and the appointed virtual file is a file created by the kernel module of the Linux system; after the file reading request is received, starting a preset macro to read a kernel process linked list, wherein the kernel process linked list comprises at least one process; according to the kernel process listed link, enumerating a process base layer file corresponding to the process in the process linked list; and if the process base layer file corresponding to the process in the process linked list fails to be enumerated, judging that the process is a Trojan process. By use of the Trojan detection method and device, which is provided by the invention, based on a Linux system, Trojan can be effectively detected and identified, and the safety of an electronic terminal is improved.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method and device for detecting a Trojan horse based on a Linux system. Background technique [0002] With the development of computer technology, the functions of computers are also increasing, which also leads to more and more hackers planting Trojan horses in users' computers to achieve their own purposes. The Trojan horse controls another computer through a specific program (Trojan horse program), and the Trojan horse takes a concealment method in order to prevent being found by a local user, that is, the Trojan horse core code is hidden. Therefore, many methods for detecting Trojan horses have appeared successively. In the prior art, whether there is a Trojan horse is judged by comparing the abnormal behavior of the system, but this method often requires a large amount of data comparison, takes up a lot of system resources, and is inefficient. Contents of the invention ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/56G06F21/563G06F2221/033
Inventor 江虎
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com