Game plug-in detection method based on HTTP flow HOST field features

A detection method and field technology, applied in the field of game plug-in detection based on the characteristics of the HTTP traffic HOST field, to achieve the effects of wide application, improved accuracy, and increased difficulty in anti-detection and anti-monitoring

Inactive Publication Date: 2019-11-05
福建天晴在线互动科技有限公司
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The above-mentioned existing game plug-in behavior monitoring scheme may be bypassed by the plug-in using process hiding technology, memory polymorphism and other methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Game plug-in detection method based on HTTP flow HOST field features

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The present invention will be further described below in conjunction with the accompanying drawings.

[0035] see figure 1 As shown, a game plug-in detection method based on the HTTP traffic HOST field feature of the present invention, the present invention is based on Microsoft's WFP network filter driver framework, and captures the network request behavior of the plug-in by installing a network filter at the bottom of the system. The method includes the following steps: step S1, the client of the Windows system application layer creates a network filter driver at the driver layer;

[0036]Step S2, establish a HOST blacklist, the HOST blacklist stores the HOST domain name string contained in the HTTP packet sent by the plug-in; the step S2 is further specifically: in the process of creating a network filter driver, the plug-in is carried out in the network interaction process The HOST domain name that will be accessed in the network is written into the file of the net...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a game plug-in detection method based on HTTP flow HOST field features. The method includes the following steps that S1, a network filtering drive is created in a driving layerthrough a client side in an application layer of a Windows system; S2, a HOST blacklist is established, wherein the HOST blacklist stores HOST domain name character strings contained in an HTTP pack sent out by a plug-in; S3, all TCP data packs are captured in a dataflow layer by the network filtering drive, HOST domain name parameters required to be analyzed by the TCP data packs are compared with the HOST blacklist for judging, and if the domain name parameters are the same as any one domain name character string in the HOST blacklist, it is judged that a game player has a plug-in using behavior; and S4, process ID information and process path information of a plug-in process are obtained from context dataflow which is transmitted to the dataflow layer from a dataflow establishment layerof the Windows system, and are written into a plug-in detection log file. The method can be used for efficiently detecting using behaviors of plug-ins with known HTTP flow features and collecting plug-in information.

Description

technical field [0001] The present invention relates to the field of computer system communication technology, software security, and game plug-in detection, especially a method for game plug-in detection and plug-in information collection based on HTTP traffic HOST field characteristics, especially a game based on HTTP traffic HOST field characteristics Plug-in detection method. Background technique [0002] Existing cheating behavior monitoring modules usually use a detection method based on process memory scanning, such as scanning the memory space of a process to determine whether a cheating feature code is included, etc. There is no public feature based on the HTTP traffic HOST field, and the existing cheating detection block usually Use a detection method based on process memory scanning, such as scanning the memory space of a process to determine whether it contains cheating signatures, etc. [0003] The above-mentioned existing game plug-in behavior monitoring schem...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): A63F13/75H04L29/06
CPCA63F13/75H04L63/1425
Inventor 刘德建任佳伟陈宏展
Owner 福建天晴在线互动科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap