Trojan horse detection method based on computer memory analysis technology

A technology of memory analysis and detection method, which is applied in the field of Trojan horse detection based on computer memory analysis technology, detection of information security incidents and various computer attack incidents, and can solve problems such as difficulty in finding malicious code, high false alarm rate, and difficulty in detection , to achieve the effect of preventing the influence of Trojan horse detection results and reliable detection results

Active Publication Date: 2018-12-18
SHANDONG COMP SCI CENTNAT SUPERCOMP CENT IN JINAN
View PDF4 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0024] With the continuous development and maturity of malicious code detection technology, many malicious code detection methods have emerged. However, these methods have their limitations in the detection of special Trojans: signature scanning and broad-spectrum feature methods are difficult to find unknown malicious code. ; The heuristic method has a high false positive rate and is difficult to apply; the sandbox method is easily detected and circumvented by malicious code; the full traffic analysis method is difficult to detect unknown Trojans encrypted by communication

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trojan horse detection method based on computer memory analysis technology
  • Trojan horse detection method based on computer memory analysis technology
  • Trojan horse detection method based on computer memory analysis technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0051] Such as figure 1 As shown, a schematic diagram of the composition of the Trojan horse detection method based on the computer memory analysis technology of the present invention is provided. The Trojan horse detection method based on the memory analysis technology of the present invention includes behavior monitoring, malicious code detection, comprehensive analysis of disk information, and comprehensive correlation analysis. , The test result presents five parts.

[0052] The behavior monitoring part of the present invention includes four sub-parts: process operation behavior monitoring, registry behavior monitoring, file operation behavior monitoring, and network data monitoring; the malicious code detection part is based on memory analysis technology detection, including dynamic link library detection, malicious process Detection, hidden proce...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Trojan horse detection method based on computer memory analysis technology, which comprises the following steps: behavior monitoring, malicious code detection, comprehensiveanalysis of disk information, comprehensive correlation analysis, and detection result presentation. Behavior monitoring includes process operation, registry operation, file operation and network datamonitoring. Malicious code detection includes dynamic link library detection, malicious process detection, hidden process detection, driver detection. Disk information comprehensive analysis includesregistry startup key, file scanning, PE file parsing. The detection method of the trojan horse of the invention can effectively prevent the influence of the rootkit attack on the detection result ofthe trojan horse by using the technology to detect such malicious code without decryption.

Description

technical field [0001] The present invention relates to a method for detecting a Trojan horse, more specifically, to a method for detecting a Trojan horse based on computer memory analysis technology. This method will be applied in the field of information security, mainly for the detection of information security incidents and various computer attack incidents. Background technique [0002] a). Trojan horse; [0003] The name comes from the "Trojan horse" in ancient Greek mythology, because this type of malicious program, like the Trojan horse, is characterized by strong concealment and is not easy to be found. Here it specifically refers to a type of spy code that lurks after entering the host computer and sends information about the host computer to the Trojan horse operator. Once entering the computer, the Trojan horse program will actively search for system resources, obtain necessary legal conditions for existence, or avoid being captured and killed. After that, the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/55G06F21/56
Inventor 徐丽娟王连海徐淑奖韩晓晖张睿超周洋
Owner SHANDONG COMP SCI CENTNAT SUPERCOMP CENT IN JINAN
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap