METHOD, APPARATUS AND SYSTEM FOR DETECTING MALICIOUS PROCESS BEHAVIOR
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and system for detecting a malicious process behavior. A detection apparatus monitors a process to obtain behavior information about a target process behavior, and then sends the behavior information to a server, which determines whether the target process behavior is a malicious process behavior. The detection apparatus can receive first operation indication information returned by the server according to a detection result of the target process behavior, and perform an operation on the target process behavior according to the first operation indication information. The target process behavior is subjected to a comprehensive detection by the server according to the behavior information, rather than depending on a specified feature analysis of a single sample of the target process behavior by the detection apparatus, so that malicious process behavior can be detected in time, thereby improving the security performance of the system.
-
Citations
31 Claims
-
1-11. -11. (canceled)
-
12. A method for detecting a malicious process behavior, comprising:
-
monitoring a process behavior of a process to obtain behavior information about a target process behavior; sending the behavior information to a server; receiving first operation indication information returned by the server according to a detection result of the target process behavior; and performing an operation on the target process behavior according to the first operation indication information. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus for detecting a malicious process behavior, comprising:
-
a monitoring unit for monitoring a process behavior of a process to obtain behavior information about a target process behavior; a sending unit for sending the behavior information about the target process behavior to a server, so that the server detects the target process behavior according to the behavior information about the target process behavior to determine whether the target process behavior is a malicious process behavior; a receiving unit for receiving first operation indication information returned by the server according to the detection result of the target process behavior; and an operation unit for performing an operation on the target process behavior according to the first operation indication information. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A non-volatile computer storage medium including at least one program for detecting a malicious process behavior when implemented by a processor, comprising:
-
instruction for monitoring a process behavior of a process to obtain behavior information about a target process behavior; instruction for sending the behavior information to a server; instruction for receiving first operation indication information returned by the server according to a detection result of the target process behavior; and instruction for performing an operation on the target process behavior according to the first operation indication information. - View Dependent Claims (30, 31)
-
Specification