CN104252593A - Script monitoring method and device - Google Patents
Script monitoring method and device Download PDFInfo
- Publication number
- CN104252593A CN104252593A CN201310263489.7A CN201310263489A CN104252593A CN 104252593 A CN104252593 A CN 104252593A CN 201310263489 A CN201310263489 A CN 201310263489A CN 104252593 A CN104252593 A CN 104252593A
- Authority
- CN
- China
- Prior art keywords
- script
- function
- monitor message
- assembly
- compiling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses a script monitoring method and a device, wherein the method comprises the following steps: acquiring monitoring information generated by a component in the process of running a script, wherein the component is a system component in an operating system; and monitoring the script according to the monitoring information. Through the method and the device, the problem that the monitoring effect of the script is poor due to the fact that the mode of adopting the plaintext to carry out virus feature matching is prone to being interfered is solved, and monitoring of the script is enhanced.
Description
Technical field
The present invention relates to computer safety field, in particular to script method for supervising and device.
Background technology
Script file, generally do not need to carry out being compiled into binary file, but by operating system with program perform, such as, Microsoft visual basic formula script version (Microsoft Visual Basic Script Edition, referred to as VBScript, be also abbreviated as VBS), this script is a kind of script based on visual basic programming language (Visual Basic).This VBS script does not need to be compiled into binary file then can directly be explained source code by host (wscript.exe such as, in operating system) and be performed.
For script file, in the related, antivirus software is generally the plaintext being carried out scan script file by characteristic information, if matched characteristic information, just prompting user is virus.But for the script of encryption, if direct expressly coupling, be coupling less than anything.The antivirus software of some large manufacturer, the script virtual machine that them can be used to research and develop voluntarily is dynamically decrypted the script of encryption, and uses the feature in the plaintext coupling virus base of the script after deciphering.Inventor finds in research process, and because this matching process is also carried out before host carries out actual operation process to this script, it remains the mode adopting expressly coupling, and therefore the result of this coupling depends on the success of deciphering.If further comprises the measure of some interference in the script of this encryption, so this matching result just may not reach expected effect.
Being vulnerable to for adopting the mode of expressly carrying out virus characteristic coupling in correlation technique disturb and the problem that causes the monitoring effect of script not good, not yet proposing effective solution at present.
Summary of the invention
This application provides a kind of script method for supervising and device, adopt the mode of expressly carrying out virus characteristic coupling to be vulnerable to disturb and the problem that causes the monitoring effect of script not good at least to solve.
According to an aspect of the application, provide a kind of script method for supervising, comprising: the monitor message that securing component produces in the process of Run Script, wherein, described assembly is the system component in operating system; According to described monitor message, described script is monitored.
Preferably, obtain described assembly described monitor message of producing in the process running described script to comprise: link up with the compiling function in described assembly or analytical function; Obtain described assembly and perform the described monitor message produced in the process of described compiling function or described analytical function.
Preferably, when described script is encryption script, the compiling function in described assembly is linked up with; Wherein, described monitor message is described compiling function is decrypted the described script obtained plaintext to described script.
Preferably, when linking up with the described analytical function in described assembly, described monitor message is that described analytical function carries out grammatical analysis to described script and obtains, and described monitor message comprises: the system command in the one or more described operating system that described assembly calls when performing described script.
Preferably, before the described compiling function linked up with in described assembly or described analytical function, described method also comprises: the type judging described script; Determine link up with described compiling function or link up with described analytical function according to the type of described script.
Preferably, determine to link up with described compiling function or link up with described analytical function to comprise according to the type of described script: when the type of described script is the visual basic formula VBS script of Microsoft, determine to link up with described compiling function; When the type of described script is batch processing script, determine to link up with described compiling function.
According to the another aspect of the application, additionally provide a kind of script supervising device, comprising: acquisition module, for the monitor message that securing component produces in the process of Run Script, wherein, described assembly is the system component in operating system; Monitoring module, for monitoring described script according to described monitor message.
Preferably, described acquisition module comprises: hook subelement, for linking up with compiling function in described assembly or analytical function; Obtaining subelement, performing for obtaining described assembly the described monitor message produced in the process of described compiling function or described analytical function.
Preferably, described hook subelement, at described script be encryption script situation lower draw-bar described in compiling function in assembly; Wherein, described monitor message is described compiling function is decrypted the described script obtained plaintext to described script.
Preferably, when linking up with the described analytical function in described assembly, described monitor message is that described analytical function carries out grammatical analysis to described script and obtains, and described monitor message comprises: the system command in the one or more described operating system that described assembly calls when performing described script.
Preferably, described device also comprises: judge module, for judging the type of described script; Determination module, links up with described compiling function for determining according to the type of described script or links up with described analytical function.
Preferably, described determination module comprises: first determines subelement, for being the visual basic formula VBS script of Microsoft in the type of described script, determines to link up with described compiling function; Second determines subelement, for when the type of described script is batch processing script, determines to link up with described compiling function.
By the application, adopt the monitor message obtaining system component and produce in the process of Run Script, according to this monitor message, this script is monitored.Solve and adopt the mode of expressly carrying out virus characteristic coupling to be vulnerable to disturb and the problem that causes the monitoring effect of script not good, strengthen the monitoring to script.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide further understanding of the present application, and form a application's part, the schematic description and description of the application, for explaining the application, does not form the improper restriction to the application.In the accompanying drawings:
Fig. 1 is the process flow diagram of the script method for supervising according to the embodiment of the present application;
Fig. 2 is the structured flowchart of the script supervising device according to the embodiment of the present application;
Fig. 3 is the preferred structure block diagram one of the script supervising device according to the embodiment of the present application;
Fig. 4 is the preferred structure block diagram two of the script supervising device according to the embodiment of the present application;
Fig. 5 is the preferred structure block diagram three of the script supervising device according to the embodiment of the present application;
Fig. 6 is the process flow diagram monitored according to the VBS script of the application's preferred embodiment;
Fig. 7 is the process flow diagram monitored according to the BAT script of the application's preferred embodiment.
Embodiment
It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.Below with reference to the accompanying drawings and describe the application in detail in conjunction with the embodiments.
It should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the process flow diagram of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.
Following examples can be applied in computing machine, such as, be applied in PC.Also can be applied in the mobile terminal that have employed at present in intelligent operating system, and be not limited to this.Operating system for computing machine or mobile terminal does not have particular/special requirement, as long as support that script runs.Such as, following examples can be applied in Windows operating system.
Present embodiments provide a kind of script method for supervising, Fig. 1 is the process flow diagram of the script method for supervising according to the embodiment of the present application, as shown in Figure 1, comprises following step:
Step S102, the monitor message that securing component produces in the process of Run Script, wherein, this assembly is the system component in operating system;
Step S104, monitors this script according to this monitor message.
System component in operating system, when Run Script, can process this script.In this processing procedure, the monitor message that can be used for monitoring this script can be obtained, because this monitor message is that this dynamic process that system component is processing script obtains, compared with the mode of comparison script plaintext static in correlation technique, on the one hand, a kind of new script monitor mode is provided, on the other hand, the monitor message obtained so is not more vulnerable to the impact of the jamming countermeasure adopted in script, thus can improve monitoring effect to a certain extent.
System component may call in Run Script following one of at least: the order of bottom, function, other associated programs.Can using the output of these recalls information and as monitor message, or the information produced when performing these orders, function by system component is as monitor message, just can realize the monitoring to script, compared to the mode monitored in correlation technique, improve the effect of monitoring.
The mode obtaining these monitor messages may have multiple, provide one preferably mode in the present embodiment: adopt the monitor message that the mode securing component of hook system assembly produces in the process of Run Script, such as, can compiling function in hook system assembly, can also analytical function in hook system assembly.Now, obtain system component and perform the monitor message produced in the process of this compiling function or this analytical function.
Preferably, the compiling function in system component generally can also be decrypted script.Therefore, when script is encryption script, can compiling function in hanging hook assembly, the monitor message produced in this case comprises compiling function is decrypted the script obtained plaintext to script.Adopting the script obtained in this way is expressly obtain in the process of system component compilation script, more excellent compared to the mode of the plaintext using script virtual machine deciphering script to obtain, such as, when using script virtual machine to be decrypted script, the type of the encryption script that can decipher is very limited, by compiling function in use system component, script being decrypted, the type of more encrypting script can being supported, thus improve the effect of monitoring.
For some script, the relevant information of the Basic API that this script calls can be obtained by the mode of hook, by the relevant information of this Basic API to monitor this script, but, there are the following problems for this monitor mode: such as, only sometimes directly cannot draw the behavior that this script carries out by Basic API information.This is that such as, employ netuse order in script, this order can access a certain machine in LAN (Local Area Network) because the order of this kind of script is all the high-rise order encapsulated.But at Basic API, this order can change into a lot of functions, is reduced into netuse order very difficult by these functions, make to analyze the original meaning compared with its script function of indigestibility in the process of this script.
Preferably, for the script of the above-mentioned type, the mode of the analytical function of hook system assembly can be adopted, and by carrying out the process of grammatical analysis to script, obtain the monitor message for script monitoring.This monitor message can comprise the system command of system component when performing this script in one or more operating systems of calling.System command is wherein different from Basic API, and the readability of the system command obtained by grammatical analysis is stronger, is convenient to the analysis to the type script.
Such as, for BAT script, after by the cmd.exe in Windows operating system grammatical analysis being carried out to BAT script, the BAT script after analyzing is divided into one or more order, and before these orders distribute execution, exports these orders to monitor BAT script.This mode directly carries out linking up with the mode of monitoring or directly monitors brought problem to the plaintext of BAT script the system API after distributing execution in correlation technique, such as analyzing difficulty causes greatly monitoring effect poor, provides preferably solution.
Preferably, the process action of above-mentioned two kinds of modes can be carried out respectively to this script before script is run, then good for Selection radio the monitor message of monitoring script from what export, to monitor above-mentioned script.Another kind of than preferably embodiment be: before the compiling function in hanging hook assembly or analytical function, judge the type of script; Hook compiling function or hook analytical function is determined according to the type of script.Such as, when the type of script is the visual basic formula VBS script of Microsoft, hook compiling function; When the type of script is batch processing script, hook compiling function.Further, the function of the type of the judgement script in this preferred implementation can be performed by the respective function in operating system.
The present embodiment additionally provides a kind of script supervising device, and this device may be used for realizing above-mentioned script method for supervising.Fig. 2 is the structured flowchart of the script supervising device according to the embodiment of the present application, as shown in Figure 2, this device comprises: acquisition module 22 and monitoring module 24, wherein, acquisition module 22, for the monitor message that securing component produces in the process of Run Script, wherein, assembly is the system component in operating system; Monitoring module 24, is coupled to above-mentioned acquisition module 22, for monitoring script according to monitor message.
By said apparatus, adopt the monitor message that acquisition module 22 securing component produces in the process of Run Script, wherein, assembly is the system component in operating system; The mode that monitoring module 24 is monitored script according to monitor message.Thus, the system component in operating system, when Run Script, can process this script.In this processing procedure, the monitor message that can be used for monitoring this script can be obtained, because this monitor message is that this dynamic process that system component is processing script obtains, compared with the mode of comparison script plaintext static in correlation technique, on the one hand, a kind of new script monitor mode is provided, on the other hand, the monitor message obtained so is not more vulnerable to the impact of the jamming countermeasure adopted in script, thus can improve monitoring effect to a certain extent
It should be noted that: module involved in the present embodiment, subelement can be realized by the mode of software, also can be realized by the mode of hardware.Module described in it, subelement also can within a processor, and such as, a kind of processor, comprises acquisition module 22, monitoring module 24.Wherein, the title of these modules, subelement does not form the restriction to this module itself in some cases, and such as, acquisition module 22 can also be described as " monitor message 22 for securing component produces in the process of Run Script ".
Fig. 3 is the preferred structure block diagram one of the script supervising device according to the embodiment of the present application, as shown in Figure 3, more preferably, this acquisition module 22 comprises: hook subelement 32 and acquisition subelement 34, wherein, hook subelement 32, for the compiling function in hanging hook assembly or analytical function; Obtain subelement 34, be coupled to above-mentioned hook subelement 32, perform the monitor message produced in the process of compiling function or analytical function for securing component.
More preferably, above-mentioned hook subelement 32 at script be encryption script situation lower draw-bar assembly in compiling function; Wherein, monitor message is compiling function is decrypted the script obtained plaintext to script.
More preferably, when linking up with the analytical function in subelement 32 hanging hook assembly, monitor message is that analytical function carries out grammatical analysis to script and obtains, and monitor message comprises: the system command in one or more operating systems that assembly calls when performing script.
Fig. 4 is the preferred structure block diagram two of the script supervising device according to the embodiment of the present application, as shown in Figure 4, more preferably, this script supervising device also comprises: judge module 42 and determination module 44, wherein, and judge module 42, be coupled to determination module 44, for judging the type of script; Determination module 44, is coupled to acquisition module 22, for determining hook compiling function or hook analytical function according to the type of script.
Fig. 5 is the preferred structure block diagram three of the script supervising device according to the embodiment of the present application, as shown in Figure 5, more preferably, above-mentioned determination module 44 comprises: first determines that subelement 54 determined by subelement 52 and second, wherein, first determines subelement 52, is coupled to acquisition module 22, for being the visual basic formula VBS script of Microsoft in the type of script, determine hook compiling function; Second determines subelement 54, is coupled to acquisition module 22, for when the type of script is batch processing script, determines hook compiling function.
It should be noted that, the script supervising device described in device embodiment corresponds to above-mentioned embodiment of the method, and its concrete implementation procedure carried out detailed description in embodiment of the method, did not repeat them here.
In order to make the technical scheme of the application and implementation method clearly, below in conjunction with preferred embodiment, its implementation procedure is described in detail.
Preferred embodiment one
In the platform of performance analysis, when VBS script obtains and runs, use API hook technology, the decryption function for script deciphering in hook internal memory, this function is arranged in vbscript.dll module.Wscript.exe, when performing VBS script, can load vbscript.dll as enforcement engine.For encryption or unencryption function (function namely in script), must after the compiling of vbscript.dll, the code of this script could be performed by machine.
Fig. 6 is the process flow diagram monitored according to the VBS script of the application's preferred embodiment, and as shown in Figure 6, this flow process comprises the steps:
Step S602, navigate to the function that VBS engine is responsible for compiling, this function is arranged in COleScript::Compile.
Step S604, the normal execution of VBS script proceed to this compiling function time, in this compiling function have the content pointed by a field be exactly compiling after scripted code.
Step S606, outputs to the content after compiling in file, forms the VBS script after a deciphering.
Step S608, for the VBS scripts match virus characteristic after deciphering, if there is virus, can report poison.
Initiative type safeguard technology is realized by the API of hook system, because the api function of system compares bottom, therefore more completely can capture the operation of the carrying out of corresponding demand for system.
Preferred embodiment two
In the preferred embodiment, to another kind of script file: autoexec is that example is described.
Autoexec: be under form sequence of maneuvers system (Windows) platform, suffix is the file of .bat.Autoexec is explained by system process cmd.exe and is performed.
Fig. 7 is the process flow diagram monitored according to the BAT script of the application's preferred embodiment, and as shown in Figure 7, this flow process comprises the steps:
Step S702, cmd.exe process carries out grammatical analysis to needing the BAT file (i.e. autoexec) performed.
Step S704, cmd.exe process splits each instruction.
Step S706, when cmd.exe process distributes execution, obtains right of execution, and prints daily record (log).
Step S708, cmd.exe process distributes the instruction after segmentation.
By above-mentioned steps, the fill order of whole BAT script can be got, for follow-up analysis provides a great convenience.
Wherein, when cmd.exe distributes execution to BAT, be named as (known by the symbol table of Microsoft) in the function of stdcall Dispatch (x, x) at one, the execution that this function is responsible for having resolved distributes execution.
This function has two parameters, and first parameter is the type (type) of presentation directives, and second parameter is the pointer of a structure, and wherein, pointed by structure member addr_cmd is order performed by BAT.In concrete enforcement, parsing (Dispatch) function is linked up with, when CMD normally performs Dispatch function, is introduced into process function.In process function, Unicode (UNICODE) character string pointed by the field addr_cmd field of the structure cmd_desc_t pointed by the second parameter of Dispatch function is written in file and carries out record.
By the technical scheme of this preferred embodiment, the process solving the script being similar to BAT is undertaken monitoring and expressly directly mating inapplicable problem by API.
In sum, according to above-described embodiment and the preferred embodiment of the application, improve the effect of monitoring and virus scan.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module, each submodule or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. a script method for supervising, is characterized in that comprising:
The monitor message that securing component produces in the process of Run Script, wherein, described assembly is the system component in operating system;
According to described monitor message, described script is monitored.
2. method according to claim 1, is characterized in that, obtains described assembly described monitor message of producing in the process running described script and comprises:
Link up with the compiling function in described assembly or analytical function;
Obtain described assembly and perform the described monitor message produced in the process of described compiling function or described analytical function.
3. method according to claim 2, is characterized in that, when described script is encryption script, links up with the compiling function in described assembly; Wherein, described monitor message is described compiling function is decrypted the described script obtained plaintext to described script.
4. method according to claim 2, it is characterized in that, when linking up with the described analytical function in described assembly, described monitor message is that described analytical function carries out grammatical analysis to described script and obtains, and described monitor message comprises: the system command in the one or more described operating system that described assembly calls when performing described script.
5. the method according to any one of claim 2 to 4, is characterized in that, before the described compiling function linked up with in described assembly or described analytical function, described method also comprises:
Judge the type of described script;
Determine link up with described compiling function or link up with described analytical function according to the type of described script.
6. method according to claim 5, is characterized in that, determines to link up with described compiling function or link up with described analytical function to comprise according to the type of described script:
When the type of described script is the visual basic formula VBS script of Microsoft, determine to link up with described compiling function;
When the type of described script is batch processing script, determine to link up with described compiling function.
7. a script supervising device, is characterized in that comprising:
Acquisition module, for the monitor message that securing component produces in the process of Run Script, wherein, described assembly is the system component in operating system;
Monitoring module, for monitoring described script according to described monitor message.
8. device according to claim 7, is characterized in that, described acquisition module comprises:
Hook subelement, for linking up with compiling function in described assembly or analytical function;
Obtaining subelement, performing for obtaining described assembly the described monitor message produced in the process of described compiling function or described analytical function.
9. device according to claim 8, is characterized in that, described hook subelement, at described script be encryption script situation lower draw-bar described in compiling function in assembly; Wherein, described monitor message is described compiling function is decrypted the described script obtained plaintext to described script.
10. device according to claim 8, it is characterized in that, when the described analytical function in described assembly linked up with by described hook subelement, described monitor message is that described analytical function carries out grammatical analysis to described script and obtains, and described monitor message comprises: the system command in the one or more described operating system that described assembly calls when performing described script.
Device according to any one of 11. according to Claim 8 to 10, is characterized in that, described device also comprises:
Judge module, for judging the type of described script;
Determination module, links up with described compiling function for determining according to the type of described script or links up with described analytical function.
12. devices according to claim 11, is characterized in that, described determination module comprises:
First determines subelement, for being the visual basic formula VBS script of Microsoft in the type of described script, determines to link up with described compiling function;
Second determines subelement, for when the type of described script is batch processing script, determines to link up with described compiling function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310263489.7A CN104252593B (en) | 2013-06-27 | 2013-06-27 | Script monitoring method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310263489.7A CN104252593B (en) | 2013-06-27 | 2013-06-27 | Script monitoring method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104252593A true CN104252593A (en) | 2014-12-31 |
| CN104252593B CN104252593B (en) | 2019-07-30 |
Family
ID=52187479
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310263489.7A Expired - Fee Related CN104252593B (en) | 2013-06-27 | 2013-06-27 | Script monitoring method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104252593B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105303073A (en) * | 2015-11-26 | 2016-02-03 | 北京深思数盾科技有限公司 | Protecting method for software codes |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1763717A (en) * | 2005-11-24 | 2006-04-26 | 北京中星微电子有限公司 | System and method for calling host software functions by using script and its compiler |
| CN1983295A (en) * | 2005-12-12 | 2007-06-20 | 北京瑞星国际软件有限公司 | Method and device for recognizing virus |
| CN101587522A (en) * | 2009-06-17 | 2009-11-25 | 北京东方微点信息技术有限责任公司 | Method and system for identifying script virus |
| US7636945B2 (en) * | 2000-07-14 | 2009-12-22 | Computer Associates Think, Inc. | Detection of polymorphic script language viruses by data driven lexical analysis |
| CN101667230A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for monitoring script execution |
-
2013
- 2013-06-27 CN CN201310263489.7A patent/CN104252593B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7636945B2 (en) * | 2000-07-14 | 2009-12-22 | Computer Associates Think, Inc. | Detection of polymorphic script language viruses by data driven lexical analysis |
| CN1763717A (en) * | 2005-11-24 | 2006-04-26 | 北京中星微电子有限公司 | System and method for calling host software functions by using script and its compiler |
| CN1983295A (en) * | 2005-12-12 | 2007-06-20 | 北京瑞星国际软件有限公司 | Method and device for recognizing virus |
| CN101667230A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for monitoring script execution |
| CN101587522A (en) * | 2009-06-17 | 2009-11-25 | 北京东方微点信息技术有限责任公司 | Method and system for identifying script virus |
Non-Patent Citations (2)
| Title |
|---|
| 伍华聪: "《ASP与网站开发实战》", 31 July 2001, 科学出版社 * |
| 吴功宜 等: "《网络安全高级软件编程技术》", 30 April 2010, 北京:清华大学出版社 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105303073A (en) * | 2015-11-26 | 2016-02-03 | 北京深思数盾科技有限公司 | Protecting method for software codes |
| CN105303073B (en) * | 2015-11-26 | 2018-07-06 | 北京深思数盾科技股份有限公司 | Software code guard method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104252593B (en) | 2019-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3610395B1 (en) | Method for application security profiling | |
| CN107832619B (en) | System and method for automatic mining of application vulnerabilities under the Android platform | |
| US9471288B2 (en) | Compile based obfuscation | |
| EP3000068B1 (en) | Protecting data | |
| CN114238948B (en) | Application program detection method, device, electronic device and storage medium | |
| Lee et al. | Design and implementation of the secure compiler and virtual machine for developing secure IoT services | |
| KR101886203B1 (en) | Apparatus and method for analyzing programs | |
| AU2020220465A1 (en) | Securing virtual-machine software applications | |
| CN112287342B (en) | Method and device for dynamically detecting firmware of Internet of things, electronic equipment and storage medium | |
| US10078510B1 (en) | Late-stage software feature reduction tool for security and performance | |
| CN107145376A (en) | A kind of active defense method and device | |
| CN118051910A (en) | Intelligent confusion method and system based on security section aiming at mobile terminal application | |
| CN109522021B (en) | Parameter callback processing method and device, electronic equipment and storage medium | |
| CN114329535A (en) | File encryption method, apparatus, electronic device and computer readable medium | |
| CN104252594A (en) | Virus detection method and device | |
| CN104252593A (en) | Script monitoring method and device | |
| CN112632547A (en) | Data processing method and related device | |
| CN110018831B (en) | Program processing method, program processing apparatus, and computer-readable storage medium | |
| Li et al. | Data flow analysis on android platform with fragment lifecycle modeling and callbacks | |
| CN111460464A (en) | Data encryption and decryption method and device, electronic equipment and computer storage medium | |
| CN114443013A (en) | Implementation method, apparatus, electronic device and readable medium for JAVA service application | |
| Baranyai et al. | Supporting Secure Coding with RefactorErl | |
| CN118246023B (en) | Large model safety test method and related equipment | |
| KR102834723B1 (en) | Obfuscation device and method for cryptographic module | |
| CN113641939B (en) | Data security processing method, browser system, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190730 Termination date: 20200627 |