Document macro security detection method and device, electronic equipment and storage medium

A technology of security detection and documentation, applied in the field of computer security, can solve the problems of low user threshold, low detection rate, simple code confusion, etc., and achieve the effect of good anti-attack measures and reduced losses

Pending Publication Date: 2022-08-05
珠海豹好玩科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the macro code itself is a scripting language with low threshold for users, simple code obfuscation, and various changes. Using traditional security detection methods, the detection rate is low and detection is difficult

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Document macro security detection method and device, electronic equipment and storage medium
  • Document macro security detection method and device, electronic equipment and storage medium
  • Document macro security detection method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0069] Example 1. Xiao Wang received the XXX Daily.xlsx from his colleague Xiao Li (this document has been infected with an infectious virus). The company purchased the data statistics plug-in integrated in the document, and macros have been enabled by default.

[0070] Step 1: Xiao Wang double-clicks to open the daily newspaper, and the malicious macro code in the infected document starts to execute immediately.

[0071] Step 2: After the malicious macro code is executed, it starts to traverse other documents under the system to infect, which must involve the writing of files. At this time, the protection module will pop up a window to remind the user that the document is writing to other documents. Whether to intercept. (If yes, skip directly to step 4)

[0072] Step 3: The malicious behavior is not terminated, the file is written successfully, and the written data contains known infection-type file characteristics, which can be warned by the protection module later.

[00...

example 2

[0074] Example 2. The user opens the phishing document (XXXXXXX).

[0075] Step 1: There are words in the document that lure users to enable macros, and the user clicks to enable macros.

[0076] Step 2: The malicious macro code starts to execute automatically. When the process starts, it will execute the protection module initialization monitoring logic, and start monitoring the access interface that the preset malicious behavior depends on.

[0077] Step 3: The document starts to access the malicious IP (91.240.118.172), and during the process of downloading the core file to the local execution, the protection module will detect the malicious IP, block its access interface calling process and return an error.

[0078] Step 4: An error occurs in the initialization logic of the malicious macro code, the core file cannot be downloaded, and subsequent malicious behavior cannot be generated.

[0079] Correspondingly, the embodiment of the present invention also provides a docume...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a document macro security detection method and device, electronic equipment and a storage medium, and the method comprises the steps: monitoring a behavior when a macro code in a document is executed; after the monitored behavior belongs to the preset sensitive behavior, acquiring feature information of the behavior; and based on the obtained feature information, identifying whether the document macro has a potential safety hazard. The technical scheme provided by the embodiment of the invention can be suitable for a document macro security detection scene, and the effectiveness and accuracy of detection can be improved.

Description

technical field [0001] The present invention relates to the field of computer security, in particular to a document macro security detection method, device, electronic device and storage medium. Background technique [0002] Office is a common office document on Windows. It has a huge user base and spreads rapidly, so it has become the mainstream attack vector for hackers. Macro is an advanced script that comes with Office. It uses VBA (Visual Basic for Applications) language code to complete a specific task in Office without repeating the same action. The purpose is to automate some tasks in Office documents. The macro virus is a computer virus registered in the macro of the document or template, and the macro is called malicious macro at this time. Once an Office document with malicious macros runs, the built-in macro commands are executed, and the macro virus will be activated, followed by malicious behavior, which will cause huge losses to enterprises, governments, and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 曹铭威
Owner 珠海豹好玩科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap