Windows concealed malevolence software detection method

Redirection method and device for real time monitoring network activities

A re-direction method for detecting network activity at real time comprises the following steps: A. the active IP in a local area network is obtained by monitoring and analyzing the network activities and is recorded in a active IP address list; besides, a timed task confirms whether the IP, the survival time of which is reduced to zero, is really not active and delete the IP address which is no longer active from the IP address list; B. whether the to-be-transferred data packet satisfies the re-direction demands is judged and the to-be-transferred data packet is released or re-directed according to the query results. The device to realize the method comprises a network activity detecting module which is used for detecting and recording the active IP address and a re-direction module which is used for re-directing communication connection according to the real-time detection results of the network activity detecting module. The invention realizes the detection for the active IP address ...

Heapspray detection method based on intermediate command dynamic instrumentation

The invention discloses a Heapspray detection method based on intermediate command dynamic instrumentation, belonging to the technical field of computer security. The method comprises the following steps of: (1) setting a virtual machine used for explaining and implementing webpage dynamic script into a single-step operating state; (2) judging whether an intermediate command to be implemented currently is an assignment type intermediate command or not; (3) if so, then judging whether a rvalue parameter type in command parameters is a alphabetic string type or not; if the rvalue parameter is the alphabetic string type and a value thereof is less than a set threshold value P, then checking whether shellcode exists or not; if the rvalue parameter is larger than the set threshold value P, then calculating an information entropy value thereof; and (4) taking a next intermediate command and repeating the step (2) and the step (3); if a rvalue parameter of an assignment type intermediate command ...

Simulated webpage Trojan detecting method based on ActiveX component

The invention discloses a simulated webpage Trojan detecting method based on an ActiveX component, comprising the following steps: (1) build an ActiveX component M, an object instance m of the ActiveX component M is used for simulating a component N which is missed in a target webpage; (2) write a dynamic link library to hook an API which is in charge of creating the component M in a WINDOWS system, record the corresponding relationship between the entry address of the object instance m of the component M and the component name of the component N; (3) invoke a browser to browse the target webpage, when the target webpage requests to create the missed component N, record the component name, functions in the component and parameter information which are visited by the target webpage to a log file by the object instance m; (4) analyze the log file, judge whether the target webpage is a webpage Trojan or not. The simulated webpage Trojan detecting method based on the ActiveX component can simulate ...

Redirection method and device for real time monitoring network activities

A re-direction method for detecting network activity at real time comprises the following steps: A. the active IP in a local area network is obtained by monitoring and analyzing the network activitiesand is recorded in a active IP address list; besides, a timed task confirms whether the IP, the survival time of which is reduced to zero, is really not active and delete the IP address which is no longer active from the IP address list; B. whether the to-be-transferred data packet satisfies the re-direction demands is judged and the to-be-transferred data packet is released or re-directed according to the query results. The device to realize the method comprises a network activity detecting module which is used for detecting and recording the active IP address and a re-direction module whichis used for re-directing communication connection according to the real-time detection results of the network activity detecting module. The invention realizes the detection for the active IP addressin ...

Disc conveyer device

The invention relates to a case tray delivery mechanism which comprises a delivery platform, a feed push rod, an actuating push rod and an output platform. The delivery platform comprises a buffer and an actuating zone; the feed push rod is arranged on the delivery platform and used for pushing and rejecting the case tray positioned in the buffer to move on the delivery platform; the actuating push rod is arranged on the delivery platform and used for pushing and rejecting the case tray positioned in the actuating zone to move on the delivery platform; the output platform is used for bearing the case tray which is output by the delivery platform; wherein, the feed push rod and the actuating push rod actions together; when the actuating push rod pushes and rejects the case tray positioned in the actuating zone to the output platform, the feed push rod can push and reject the case tray positioned in the buffer to the actuating zone.

Method and equipment in use for communication connection of redirecting network

Simulated webpage Trojan detecting method based on ActiveX component

The invention discloses a simulated webpage Trojan detecting method based on an ActiveX component, comprising the following steps: (1) build an ActiveX component M, an object instance m of the ActiveX component M is used for simulating a component N which is missed in a target webpage; (2) write a dynamic link library to hook an API which is in charge of creating the component M in a WINDOWS system, record the corresponding relationship between the entry address of the object instance m of the component M and the component name of the component N; (3) invoke a browser to browse the target webpage, when the target webpage requests to create the missed component N, record the component name, functions in the component and parameter information which are visited by the target webpage to a log file by the object instance m; (4) analyze the log file, judge whether the target webpage is a webpage Trojan or not. The simulated webpage Trojan detecting method based on the ActiveX component cansimulate ...

Disc conveyer device

The invention relates to a case tray delivery mechanism which comprises a delivery platform, a feed push rod, an actuating push rod and an output platform. The delivery platform comprises a buffer and an actuating zone; the feed push rod is arranged on the delivery platform and used for pushing and rejecting the case tray positioned in the buffer to move on the delivery platform; the actuating push rod is arranged on the delivery platform and used for pushing and rejecting the case tray positioned in the actuating zone to move on the delivery platform; the output platform is used for bearing the case tray which is output by the delivery platform; wherein, the feed push rod and the actuating push rod actions together; when the actuating push rod pushes and rejects the case tray positioned in the actuating zone to the output platform, the feed push rod can push and reject the case tray positioned in the buffer to the actuating zone.

Automatic optical detector

The invention relates to an automatic optical inspection device which is used for detecting surface defects of an integrated circuit. The automatic optical inspection device comprises a box disc conveyor which is used for conveying and bearing the box disc of at least one integrated circuit and provided with at least one holding part, a clamping mechanism which is used for clamping the holding part so that the box disc can be fixed on the box disc conveyor, and an image capturing device which is used for capturing an image of the surface of the integrated circuit; wherein, the image can be analyzed to detect the surface defects of the integrated circuit.

Automatic optical detector

The invention relates to an automatic optical inspection device which is used for detecting surface defects of an integrated circuit. The automatic optical inspection device comprises a box disc conveyor which is used for conveying and bearing the box disc of at least one integrated circuit and provided with at least one holding part, a clamping mechanism which is used for clamping the holding part so that the box disc can be fixed on the box disc conveyor, and an image capturing device which is used for capturing an image of the surface of the integrated circuit; wherein, the image can be analyzed to detect the surface defects of the integrated circuit, wherein the box disc conveyor includes a pick-up head for classifying the integrated circuit, the pick-up head picks up the integrated circuit which does not pass the test from the box disc and places in a box disc which does not pass the test, and the pick-up head picks up the integrated circuit which does not pass the test from the next ...

Malevolence code automatic recognition method

Multi-layer honey network data transmission method and system

The invention relates to multilayer honey-net data transmission method and system, and the gateway of honey-net receives the data flow of external network; the gateway of honey-net detects the network intrusion for the received data flow; the normal data flow can pass, which is sent to the target host computer; and the informal data flow is divide into high, middle and low according to dangerous level; and the data flow with high level is sent to physical honey-tank system, the data flow with middle level is sent to virtual machine honey-tank system, and the data floe with low level is sent to virtual honey-tank system. The invention can utilize the advantages of low interactive honey-tank system and high interactive honey-tank system, save system source, and improve the covering area of honey-tank system and the ability of obtaining the movable information of network attack and capturing the malice code; it can defeat the anti-honey tank technique. And it can be used in security field ...

Malevolence code automatic recognition method

The invention belongs to the field of malicious code automatic analysis, and a malicious code automatic identification method. The invention first dismantles an executable program sample under analysis into components under analysis; then, compare a component under analysis with a component affected by known malicious behaviors, in order to automatically determine whether the sample under analysis is a malicious code. The invention has advantages of broad analysis coverage scope, high analysis speed on malicious samples, and updating malicious code behavior component library.

Reversible database watermark embedding and extracting method

The invention discloses a reversible database watermark embedding and extracting method, and belongs to the field of digital watermarking, the embedding method comprises the following steps: S1, preprocessing database data, carrying out row scrambling on database tuples, and uniformly grouping the tuples after row scrambling; s2, dividing the database into a blank set and a shadow set in each group, and executing a diamond predictor on the attribute value of the shadow set to obtain a prediction error value; s3, counting the frequency of the absolute value of the prediction error value of the shadow set, and constructing a prediction error histogram of the shadow set; s4, for the prediction error histogram of the shadow set, determining an embedded carrier and embedded watermark information thereof; s5, watermark embedding and attribute value modification are carried out through a histogram translation method; and S6, repeating the steps S1 to S5 for the blank set in the second layer embedding ...

Task scheduling method under cloud computing environment

The invention discloses a task scheduling method under a cloud computing environment, and belongs to the technical field of computer application. The method of the invention comprises the following steps that: computer nodes register node information from a data center node; the computer nodes transmit health states thereof to a task scheduler through a health state reporting mechanism; the task scheduler allocates tasks to the computer nodes according to the node information, wherein during allocation, the difference between the computer nodes is not considered; computer nodes report the completion of the task to the data center node after each task is completed; the task scheduler allocates a new task to balance the task load between the computer nodes according to the task completion condition of each computer node; the data center node deletes the node information thereof when an abnormal computer node is found, and reallocates the task which is not completed by the node and serves ...

Method and system for detecting large-scale malicious web pages

The invention discloses a method and a system for detecting large-scale malicious web pages by using a three-layer parallel architecture and a layered control guarantee method: in the first layer, a plurality of detection servers interconnected via networks are arranged in parallel, so as to construct a detection server cluster, and a task set to be analyzed is set up on one detection server; in the second layer, a plurality of analysis nodes are arranged in parallel in each detection server, and a node cluster monitoring module is arranged so as to monitor and analyze the operating condition of the nodes; and in the third layer, a sandbox environment is constructed in parallel in each analysis node, so as to achieve the paralleled detection of the task to be analyzed. The architecture of the invention ensures the mutual independence and self-maintenance among the detection servers and among the analysis nodes, the overall operation of the system is free from the dynamic expansion of physical ...

Method for constructing lightweight webpage dynamic view

The invention discloses a method for constructing a lightweight webpage dynamic view, and belongs to the technical field of computer application. The method comprises the steps of: 1) extracting a local script and a static embedded link of a webpage to be analyzed; 2) extracting a static embedded script from the static embedded link; 3) executing the local script and the static embedded script dynamically by utilizing a script executing engine to recognize a dynamic embedded link of the webpage; 4) constructing an embedded document set by a document pointed by the dynamic embedded link and a document pointed by the static embedded link; 5) extracting a quoting-quoted relation of the webpage and the document in the embedded document set; and 6) respectively taking the recognized static embedded webpage and dynamic embedded webpage as webpages to be analyzed, repeating the steps from 1) to 5), and establishing the webpage dynamic view according to the embedded document set acquired every ...

Method and system for detecting large-scale malicious web pages

The invention discloses a method and a system for detecting large-scale malicious web pages by using a three-layer parallel architecture and a layered control guarantee method: in the first layer, a plurality of detection servers interconnected via networks are arranged in parallel, so as to construct a detection server cluster, and a task set to be analyzed is set up on one detection server; in the second layer, a plurality of analysis nodes are arranged in parallel in each detection server, and a node cluster monitoring module is arranged so as to monitor and analyze the operating conditionof the nodes; and in the third layer, a sandbox environment is constructed in parallel in each analysis node, so as to achieve the paralleled detection of the task to be analyzed. The architecture ofthe invention ensures the mutual independence and self-maintenance among the detection servers and among the analysis nodes, the overall operation of the system is free from the dynamic expansion of physical ...

Multi-layer honey network data transmission method and system

The invention relates to multilayer honey-net data transmission method and system, and the gateway of honey-net receives the data flow of external network; the gateway of honey-net detects the network intrusion for the received data flow; the normal data flow can pass, which is sent to the target host computer; and the informal data flow is divide into high, middle and low according to dangerous level; and the data flow with high level is sent to physical honey-tank system, the data flow with middle level is sent to virtual machine honey-tank system, and the data floe with low level is sent to virtual honey-tank system. The invention can utilize the advantages of low interactive honey-tank system and high interactive honey-tank system, save system source, and improve the covering area of honey-tank system and the ability of obtaining the movable information of network attack and capturing the malice code; it can defeat the anti-honey tank technique. And it can be used in security field ...

Method for improving carbon sequestration capacity of soil of abandoned land of loess plateau

The invention relates to the technical field of carbon sequestration, and particularly discloses a method for improving the soil carbon sequestration capacity of abandoned land of loess plateau, which comprises the steps of carbon sequestration agent preparation and plant community structure adjustment. The carbon sequestration agent is prepared from biochar, crushed straw and a complex microbial inoculant according to the dosage ratio of (4-6) g: (2-3) g: (6-10) mL. The complex microbial inoculant is prepared by mixing nitrified brevibacillus vv6, nitrobacter winogradsky XY-01, authigenic nitrogen-fixing bacteria MBC5 and bradyrhizobium Qian2 according to the volume ratio of 1: 1: (2-3): (2-4); the plant community structure adjustment comprises reseeding indigenous leguminous plants and gramineous plants, and reducing the number of dominant species of compositae plants. By applying the carbon reinforcing agent and optimizing the plant community, the carbon sequestration capability of the ...

Windows concealed malevolence software detection method

Heapspray detection method based on intermediate command dynamic instrumentation

The invention discloses a Heapspray detection method based on intermediate command dynamic instrumentation, belonging to the technical field of computer security. The method comprises the following steps of: (1) setting a virtual machine used for explaining and implementing webpage dynamic script into a single-step operating state; (2) judging whether an intermediate command to be implemented currently is an assignment type intermediate command or not; (3) if so, then judging whether a rvalue parameter type in command parameters is a alphabetic string type or not; if the rvalue parameter is the alphabetic string type and a value thereof is less than a set threshold value P, then checking whether shellcode exists or not; if the rvalue parameter is larger than the set threshold value P, then calculating an information entropy value thereof; and (4) taking a next intermediate command and repeating the step (2) and the step (3); if a rvalue parameter of an assignment type intermediate command ...