Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious DLL injection detection method and device

A detection method and malicious technology, applied in the field of network security, can solve problems such as application program running failure, failure to detect malicious DLL injection in time, and application program destruction.

Inactive Publication Date: 2020-05-15
BEIJING ANBOTONG TECH CO LTD
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] This application provides a detection method and device for malicious DLL injection, which can be used to solve the technical problem that the malicious DLL injection cannot be detected in time in the prior art, thereby destroying the normal running application program and causing the application program to malfunction

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious DLL injection detection method and device
  • Malicious DLL injection detection method and device
  • Malicious DLL injection detection method and device

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0081] Example 1, if the current DLL module information only includes the file name of the DLL module, then it can be determined whether the file name of the current DLL module exists in the file name of the historical DLL module, if not, it can be determined that the application program is injected by a malicious DLL.

[0082] On the contrary, if the file name of the current DLL module exists in the file name of the historical DLL module, it can be determined that the application program is not injected by a malicious DLL.

example 2

[0083] Example 2, if the current DLL module information includes the file name of the current DLL module and the file size of the current DLL module, then you can refer to figure 2 , which exemplarily shows one of the schematic flowcharts corresponding to a method for judging whether an application is injected with a malicious DLL provided by the embodiment of the present application. Such as figure 2 As shown, specifically include the following

[0084] Step 201, judge whether the file name of the current DLL module exists in the file name of the historical DLL module, if yes, execute step 202; otherwise, execute step 204.

[0085] Step 202, judging whether the file size of the current DLL module is consistent with the file size of the historical DLL module, if they are consistent, execute step 203; otherwise, execute step 204.

[0086] In step 203, it is determined that the application program is not injected by a malicious DLL.

[0087] In step 204, it is determined th...

example 3

[0088] Example 3, if the current DLL module information includes the file name of the current DLL module, the file size of the current DLL module and the file version information of the current DLL module, then you can refer to image 3 , which exemplarily shows the second schematic flowchart corresponding to a method for judging whether an application program is injected with a malicious DLL provided by the embodiment of the present application. Such as image 3 As shown, specifically include the following

[0089] Step 301, judge whether the file name of the current DLL module exists in the file name of the historical DLL module, if yes, execute step 302; otherwise, execute step 305.

[0090] Step 302, judging whether the file size of the current DLL module is consistent with the file size of the historical DLL module, and if they are consistent, execute step 303; otherwise, execute step 305.

[0091] Step 303, judging whether the file version information of the current DL...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious DLL injection detection method and device. The method comprises the steps that process information generated when an application program runs in a current period isobtained, and the process information comprises a current process identifier and current DLL module information corresponding to the current process identifier; and then, according to the current DLLmodule information and historical DLL module information corresponding to the current process identifier, whether the application is subjected to malicious DLL injection or not is judged, the historical DLL module information is generated when the application runs in a historical period, and the historical period is a period before the current period in time dimension. Therefore, malicious DLL injection can be discovered in time, so that the problem of application running failure caused by damage of the normally running application can be avoided, and the running safety of the application is improved.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for detecting malicious DLL injection. Background technique [0002] With the rapid development of the Internet and information technology applications, network technology and information technology have been applied to various fields around the world, having an unprecedented impact on people's production and life, and becoming an indispensable part of people's lives. At the same time, network security issues have also emerged, and network security issues have become a major key issue affecting national security, economic development, and personal interests. [0003] Hook is a system mechanism provided by Windows to replace the "interrupt" under DOS. Dynamic link library (Dynamic Link Library, DLL) injection is a commonly used method of HOOK process. However, the malicious program can be injected into the currently running program through s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/552G06F21/566G06F2221/033
Inventor 李洪宇
Owner BEIJING ANBOTONG TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com