Kernel-level malicious software detection method, system, equipment and medium

Kernel-level malicious software detection method, system, equipment and medium

The embodiment of the invention relates to the technical field of computer security, and discloses a kernel-level malicious software detection method, system and device and a medium. The method comprises the following steps: acquiring a PE file on a Windows operating system; the PE file is executed,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: HU YUECHUAN, HUANG ZIMING, LIU YUJIE, LIAO XI, DAI QIYI, LUO YAN, ZHAO JIANJIANG, JIANG TIANHAO, LI XIAOLU
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The embodiment of the invention relates to the technical field of computer security, and discloses a kernel-level malicious software detection method, system and device and a medium. The method comprises the following steps: acquiring a PE file on a Windows operating system; the PE file is executed, a system kernel level API called by the PE file in the execution process is obtained, and the system kernel level API comprises a file operation API, a network communication API, a process and thread operation API and a system service API; monitoring a file operation API (Application Program Interface), a network communication API, a process and thread operation API and a system service API based on an SSDT Hook technology so as to respectively monitor a file operation behavior, a network behavior, a process and thread behavior and a system service behavior when the PE file is executed; and detecting whether malicious software is hidden in the PE file or not through a file operation behavior, a network behavior, a