CN112580036A - Optimization method and device for virus defense, storage medium and computer equipment - Google Patents
Optimization method and device for virus defense, storage medium and computer equipmentDownload PDFInfo
- Publication number
- CN112580036A CN112580036ACN201910943741.6ACN201910943741ACN112580036ACN 112580036 ACN112580036 ACN 112580036ACN 201910943741 ACN201910943741 ACN 201910943741ACN 112580036 ACN112580036 ACN 112580036A
- Authority
- CN
- China
- Prior art keywords
- defense
- feature information
- preset
- killing
- library
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Translated fromChinese
Description
Technical Field
The invention relates to the technical field of network security, in particular to a virus defense optimization method and device, a storage medium and computer equipment.
Background
With the improvement of the importance of network security, computer viruses such as viruses, trojans and the like which can cause harm to the network security gradually enter the sight of people. The virus defense for the computer such as the virus Trojan horse is realized by acquiring a virus Trojan horse sample, extracting characteristics, configuring the characteristics in a virus library as detection characteristics and issuing the detection characteristics to security software to complete the searching and killing of the virus Trojan horse.
At present, the existing defense for computer viruses only writes targeted searching and killing tools after virus characteristics are stored in a virus library, the defense requirements of novel computer viruses cannot be met quickly, the defense of a computer system is invalid, the requirements for technical personnel to write searching and killing tools are high, and the defense cost of the computer viruses is increased.
Disclosure of Invention
In view of the above, the present invention provides an optimization method and apparatus for virus defense, a storage medium, and a computer device, and mainly aims to solve the problem that the existing computer virus defense fails to meet the defense requirements of a novel computer virus because a targeted searching and killing tool is programmed only after virus characteristics are stored in a virus library, which cannot quickly meet the defense requirements of the computer virus.
According to an aspect of the present invention, there is provided a method for optimizing virus defense, comprising:
judging whether the characteristic information in the target file is matched with defense characteristic information in a preset defense characteristic library, wherein the defense characteristic information in the preset defense characteristic library is determined according to expected killing and/or repairing of suspicious files under different defense scenes;
and if the feature information is matched with the defense feature information, invoking a defense operation bound with the defense feature information, and executing the defense operation.
Further, before the determining whether the feature information in the target file matches with the defense feature information in the preset defense feature library, the method further includes:
loading suspicious files under different defense scenes according to a preset time interval;
analyzing whether an expected action executed by the suspicious file triggers a killing event and/or a repairing event;
and if a checking and killing event and/or a repairing event is triggered, determining the characteristic information in the suspicious file as defense characteristic information, and updating the defense characteristic information into the preset defense characteristic library.
Further, whether the intended action performed to parse the suspect file triggers a kill event, and/or a repair event comprises:
copying all files corresponding to the expected action executed by the suspicious file;
and executing the suspicious file and all the files in a preset execution environment, and judging whether an attack operation exists in the execution operation so as to determine whether to trigger a checking and killing event and/or a repairing event.
Further, after the feature information in the suspicious file is determined as defense feature information and updated into the preset defense feature library, the method further includes:
searching for and binding the killing codes and/or the repairing codes matched with the defense characteristic information from a killing code base and/or a repairing code base, wherein codes expected to kill different computer viruses and/or repaired codes are updated in the killing code base and/or the repairing code base.
Further, the method further comprises:
and if the characteristic information is not matched with the defense characteristic information, releasing the target file.
Further, before the determining whether the feature information in the target file matches with the defense feature information in the preset defense feature library, the method further includes:
detecting whether the version information of the preset defense feature library is matched with updated version information;
if so, executing a step of judging whether the characteristic information in the target file is matched with defense characteristic information in a preset defense characteristic library;
and if not, updating the preset defense characteristic library.
Further, the method further comprises:
and outputting a target file for executing the defense operation.
According to an aspect of the present invention, there is provided an apparatus for optimizing virus defense, comprising:
the judging module is used for judging whether the characteristic information in the target file is matched with defense characteristic information in a preset defense characteristic library, wherein the defense characteristic information in the preset defense characteristic library is determined according to expected killing and/or repairing of suspicious files under different defense scenes;
and the calling module is used for calling the defense operation bound with the defense characteristic information and executing the defense operation if the characteristic information is matched with the defense characteristic information.
Further, the apparatus further comprises:
the loading module is used for loading suspicious files under different defense scenes according to a preset time interval;
the analysis module is used for analyzing whether the expected action executed by the suspicious file triggers a checking and killing event and/or a repairing event;
and the determining module is used for determining the characteristic information in the suspicious file as defense characteristic information and updating the defense characteristic information into the preset defense characteristic library if a searching and killing event and/or a repairing event is triggered.
Further, the parsing module comprises:
the copying unit is used for copying all files corresponding to the expected actions executed by the suspicious files;
and the judging unit is used for executing the suspicious file and all the files in a preset execution environment and judging whether attack operation exists in the execution operation so as to determine whether a checking and killing event and/or a repairing event is triggered.
Further, the apparatus further comprises:
and the binding module is used for searching for and binding the searching and killing codes and/or the repairing codes matched with the defense characteristic information from the searching and killing code base and/or the repairing code base, and the searching and killing code base and/or the repairing code base are updated with codes expected to be searched and killed and/or repaired for different computer viruses.
Further, the apparatus further comprises:
and the releasing module is used for releasing the target file if the characteristic information is not matched with the defense characteristic information.
Further, the apparatus further comprises:
the detection module is used for detecting whether the version information of the preset defense feature library is matched with the updated version information;
the execution module is used for judging whether the characteristic information in the target file is matched with defense characteristic information in a preset defense characteristic library or not if the characteristic information is matched with the defense characteristic information;
and the updating module is used for updating the preset defense characteristic library if the preset defense characteristic library is not matched with the preset defense characteristic library.
Further, the apparatus further comprises:
and the output module is used for outputting the target file for executing the defense operation.
According to still another aspect of the present invention, a storage medium is provided, wherein at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to execute operations corresponding to the optimization method for virus defense.
According to still another aspect of the present invention, there is provided a computer apparatus including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the optimization method for the virus defense.
By the technical scheme, the technical scheme provided by the embodiment of the invention at least has the following advantages:
the invention provides an optimization method and device for virus defense, a storage medium and computer equipment, compared with the existing method that computer virus defense is realized by only storing virus characteristics into a virus library and compiling a targeted searching and killing tool, the embodiment of the invention judges whether characteristic information in a target file is matched with defense characteristic information determined by characteristic information in suspicious files expected to be searched and killed and/or repaired, if the characteristic information is matched with the defense characteristic information, bound defense operation is called for defense, the aim of defending rapidly changed viruses in advance is realized, the aim of searching and killing or repairing in advance is fulfilled when novel viruses are generated, the failure possibility of system defense is reduced, the operation requirement and defense cost of technical personnel are reduced, and the defense efficiency of computer viruses is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart of an optimization method for virus defense according to an embodiment of the present invention;
FIG. 2 is a flow chart of another method for optimizing virus defense provided by the embodiment of the invention;
FIG. 3 is a block diagram of an apparatus for optimizing virus defense according to an embodiment of the present invention;
FIG. 4 is a block diagram of another apparatus for optimizing virus defense provided by an embodiment of the present invention;
fig. 5 shows a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The embodiment of the invention provides an optimization method for virus defense, as shown in fig. 1, the method comprises the following steps:
101. and judging whether the characteristic information in the target file is matched with defense characteristic information in a preset defense characteristic library or not.
In the embodiment of the invention, the target file is a virus Trojan file to be defended, when the current system detects that an unknown file needs to run a program, the unknown file is used as the target file to judge whether the characteristic information in the target file is matched with the defense characteristic information in the preset defense characteristic library. The defense characteristic information in the preset defense characteristic library is determined according to expected killing and/or repair of suspicious files under different defense scenes, and the characteristic information is characteristics corresponding to execution code logic in the target file, such as logic parameters, configuration items, character strings and the like.
It should be noted that the defense scenarios in the embodiment of the present invention include scenarios to be subjected to security protection in all networks, such as system protection, file protection, and the like, and for different protection scenarios, the feature information that may generate network security hidden danger is preset as the defense feature information, for example, in a file protection scenario, the feature information in the file 1 expected to be killed is determined as the protection feature information, so that when a target file is protected, the defense feature information in the preset protection feature library is used for matching.
102. And if the feature information is matched with the defense feature information, invoking a defense operation bound with the defense feature information, and executing the defense operation.
In the embodiment of the invention, when the characteristic information is matched with the defense characteristic information, the possibility that the target file is attacked as a virus is shown, in order to improve the defense efficiency of the virus, the defense operation bound with the defense characteristic information is called, and the target file is defended by utilizing the defense operation, so that whether the target file is safe or malicious or not is determined. The bound defense operation is an operation code for searching, killing or repairing the characteristic information in the suspicious file in advance, and the characteristic information matched with the defense characteristic information is searched, killed or repaired through the binding relation, so that the searching, killing or repairing of the target file is completed, and specifically, all target objects matched with the defense characteristic information, such as files, system configuration, software and the like, can be repaired and killed.
The invention provides an optimization method for virus defense, which is compared with the prior method that computer virus defense is realized by only storing virus characteristics into a virus library and compiling a targeted searching and killing tool.
The embodiment of the present invention provides another optimization method for virus defense, as shown in fig. 2, the method includes:
201. and loading suspicious files under different defense scenes according to a preset time interval.
In the embodiment of the invention, in order to enable the virus defense to have frontier performance, the unknown files can be quickly checked, killed or repaired, and suspicious files under different defense scenes are loaded according to the preset time interval. The preset time interval may be 1 day and 1 week, the different defense scenarios include scenarios to be subjected to security protection in all networks, such as system protection, file protection, and the like, and for the different defense scenarios, feature information that may generate network security risks is preset as defense feature information, which is not specifically limited in the embodiment of the present invention. For suspicious files, in the embodiment of the present invention, the security of the file is determined by the recorded file defense mode, and if the protected and secure file is directly determined as secure, all the remaining files are determined as suspicious files, so that the suspicious files under different defense scenarios can be directly loaded during loading, which is not specifically limited in the embodiment of the present invention.
202. Parsing whether an expected action performed by the suspect file triggers a kill event, and/or a repair event.
For the embodiment of the invention, in order to realize that the system automatically determines whether the characteristic information in the suspicious file is the basis of the searching and killing or repairing, whether the expected action executed by the suspicious file triggers the searching and killing event or the repairing event is analyzed, so that whether the characteristic information in the suspicious file is determined to be the defense characteristic information is determined.
For further limitation and explanation, step 202 may be: copying all files corresponding to the expected action executed by the suspicious file; and executing the suspicious file and all the files in a preset execution environment, and judging whether an attack operation exists in the execution operation so as to determine whether to trigger a checking and killing event and/or a repairing event.
All files of expected actions executed by the suspicious file are copied to a virtual defense scene, such as a virtual machine, and the suspicious file and all related files are executed under the virtual defense scene, so that whether the simulated suspicious file is a virus or not is expected. Further, it is determined whether an attack operation exists in the execution operation, for example, a part of files in all the files is destroyed, or the content of the restricted class in all the files is monitored, so as to determine whether to trigger a killing event or a repair event, which is not specifically limited in the embodiment of the present invention.
203. And if a checking and killing event and/or a repairing event is triggered, determining the characteristic information in the suspicious file as defense characteristic information, and updating the defense characteristic information into the preset defense characteristic library.
When a killing event and/or a repairing event is triggered, determining the characteristic information in the suspicious file as defense characteristic information, and updating the defense characteristic information into a preset defense characteristic library so as to judge whether the characteristic information in the target file is a virus characteristic according to the defense characteristic information in the preset defense characteristic library, thereby judging whether to defend.
204. Searching for the killing code and/or the repair code matched with the defense characteristic information from the killing code base and/or the repair code base, and binding.
In the embodiment of the invention, in order to search, kill and repair the target file which is required to be searched, killed and/or repaired, after the defense characteristic information is determined, the searching and killing code and/or the repair code which are matched with the defense characteristic information are searched from the searching and killing code base and the repair code base, and the defense characteristic information is bound, so that when the characteristic information in the target file is determined to be matched with the defense characteristic information, the defense operation is called by utilizing the binding relationship. And updating codes for killing and/or repairing different computer viruses in the killing code base and/or repairing code base.
205. And judging whether the characteristic information in the target file is matched with defense characteristic information in a preset defense characteristic library or not.
This step is the same asstep 101 shown in fig. 1, and is not described herein again.
For the embodiment of the present invention, since the current virus defense may be deployed in a terminal, a cloud, and the like for operation, in order to adapt the defense target to the rapid update of the virus, step 205 may further include: detecting whether the version information of the preset defense feature library is matched with updated version information; if so, executing a step of judging whether the characteristic information in the target file is matched with defense characteristic information in a preset defense characteristic library; and if not, updating the preset defense characteristic library.
The preset feature library can be version-upgraded according to a specific time to adapt to the latest virus change, so that whether the version information of the preset defense feature library matches with the updated version information is detected, for example, the updated version is 2.3 version, if the version information of the current preset feature library is 2.2 version, the current preset defense feature library is not matched, the current preset defense feature library is updated, and if the version information of the current preset feature library is 2.3 version, the current preset defense feature library is matched, and the judgment is performed by using the current preset defense feature library.
206a, if the feature information is matched with the defense feature information, calling a defense operation bound with the defense feature information, and executing the defense operation.
This step is the same asstep 102 shown in fig. 1, and is not described herein again.
For the embodiment of the present invention, instep 206b, which is parallel to step 206a, if the feature information does not match the defense feature information, the target file is released.
If the target file is not matched, the target file is safe, and defense is not needed, so that the target file is released.
For the embodiment of the present invention, in order to count the files belonging to the suspicious viruses, the method may further include: and outputting a target file for executing the defense operation.
Specifically, the output may be performed according to a specific time or according to a request, and the output mode may be in a data stream form or a total table form, which is not specifically limited in the embodiment of the present invention.
The invention provides another optimization method for virus defense, and the embodiment of the invention judges whether the characteristic information in the target file is matched with defense characteristic information determined by the characteristic information in suspicious files expected to be searched and killed and/or repaired, if so, calls the bound defense operation for defense, realizes the purpose of defending the rapidly changing virus in advance, meets the purpose of searching and killing or repairing in advance when a novel virus is generated, reduces the failure possibility of system defense, reduces the operation requirement and defense cost of technical personnel, and thus improves the defense efficiency of computer viruses.
Further, as an implementation of the method shown in fig. 1, an embodiment of the present invention provides an apparatus for optimizing virus defense, as shown in fig. 3, the apparatus includes: a judgingmodule 31 and a callingmodule 32.
The judgingmodule 31 is configured to judge whether feature information in the target file matches defense feature information in a preset defense feature library, where the defense feature information in the preset defense feature library is determined according to expected killing and/or repair of suspicious files in different defense scenes;
and the invokingmodule 32 is configured to invoke the defense operation bound with the defense characteristic information and execute the defense operation if the characteristic information is matched with the defense characteristic information.
The invention provides an optimization device for virus defense, which is compared with the prior art that computer virus defense is realized by only storing virus characteristics into a virus library and then compiling a targeted searching and killing tool, the embodiment of the invention calls bound defense operation for defense by judging whether characteristic information in a target file is matched with defense characteristic information determined by characteristic information in suspicious files expected to be searched and killed and/or repaired, if so, realizes the purpose of defending rapidly-changed viruses in advance, meets the aim of searching and killing or repairing in advance when novel viruses are generated, reduces the failure possibility of system defense, reduces the operation requirement and defense cost of technicians, and improves the defense efficiency of computer viruses.
Further, as an implementation of the method shown in fig. 2, another optimization device for virus defense is provided in an embodiment of the present invention, as shown in fig. 4, the device includes: the device comprises a judgingmodule 41, a callingmodule 42, aloading module 43, an analyzingmodule 44, a determiningmodule 45, a bindingmodule 46, a releasingmodule 47, a detectingmodule 48, an executingmodule 49, an updatingmodule 410 and anoutputting module 411.
The judgingmodule 41 is configured to judge whether feature information in the target file matches defense feature information in a preset defense feature library, where the defense feature information in the preset defense feature library is determined according to expected killing and/or repair of suspicious files in different defense scenes;
and the invokingmodule 42 is configured to invoke the defense operation bound with the defense characteristic information and execute the defense operation if the characteristic information matches the defense characteristic information.
Further, the apparatus further comprises:
theloading module 43 is configured to load suspicious files in different defense scenarios according to a preset time interval;
aparsing module 44 for parsing whether an expected action performed by the suspicious file triggers a killing event, and/or a repair event;
and the determiningmodule 45 is configured to determine the feature information in the suspicious file as defense feature information if a searching and killing event and/or a repairing event is triggered, and update the defense feature information to the preset defense feature library.
Further, the parsingmodule 44 includes:
acopying unit 4401, configured to copy all files corresponding to the expected actions performed by the suspicious file;
a determiningunit 4402, configured to execute the suspicious file and all the files in a preset execution environment, and determine whether an attack operation exists in the execution operation, so as to determine whether to trigger a killing event and/or a repair event.
Further, the apparatus further comprises:
and the bindingmodule 46 is used for searching and binding the killing codes and/or the repairing codes matched with the defense characteristic information from a killing code base and/or a repairing code base, wherein codes expected to kill different computer viruses and/or repaired codes are updated in the killing code base and/or the repairing code base.
Further, the apparatus further comprises:
and a releasingmodule 47, configured to release the target file if the feature information does not match the defense feature information.
Further, the apparatus further comprises:
adetection module 48, configured to detect whether the version information of the preset defense feature library matches updated version information;
theexecution module 49 is used for executing the step of judging whether the feature information in the target file is matched with the defense feature information in the preset defense feature library or not if the feature information in the target file is matched with the defense feature information in the preset defense feature library;
and anupdating module 410, configured to update the preset defense feature library if the preset defense feature library does not match.
Further, the apparatus further comprises:
theoutput module 411 is configured to output a target file for executing the defense operation.
The invention provides another virus defense optimization device, the embodiment of the invention judges whether the characteristic information in the target file is matched with defense characteristic information determined by the characteristic information in the suspicious file expected to be searched and killed and/or repaired, if so, bound defense operation is called to carry out defense, the purpose of defending the rapidly changing virus in advance is realized, the purpose of searching and killing or repairing in advance when a novel virus is generated is met, the failure possibility of system defense is reduced, the operation requirement and defense cost of technical personnel are reduced, and the defense efficiency of computer viruses is improved.
According to an embodiment of the present invention, a storage medium is provided, the storage medium storing at least one executable instruction, the computer executable instruction being capable of executing the method for optimizing virus defense in any of the above method embodiments.
Fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computer device.
As shown in fig. 5, the computer apparatus may include: a processor (processor)502, aCommunications Interface 504, a memory 506, and a communication bus 508.
Wherein: the processor 502,communication interface 504, and memory 506 communicate with one another via a communication bus 508.
Acommunication interface 504 for communicating with network elements of other devices, such as clients or other servers.
The processor 502 is configured to execute the program 510, and may specifically execute the relevant steps in the above-described optimization method for virus defense.
In particular, program 510 may include program code that includes computer operating instructions.
The processor 502 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement an embodiment of the present invention. The computer device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 506 for storing a program 510. The memory 506 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may specifically be used to cause the processor 502 to perform the following operations:
judging whether the characteristic information in the target file is matched with defense characteristic information in a preset defense characteristic library, wherein the defense characteristic information in the preset defense characteristic library is determined according to expected killing and/or repairing of suspicious files under different defense scenes;
and if the feature information is matched with the defense feature information, invoking a defense operation bound with the defense feature information, and executing the defense operation.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be appreciated by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of the asset data management method and apparatus according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (10)
Translated fromChinesePriority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910943741.6ACN112580036B (en) | 2019-09-30 | 2019-09-30 | Virus defense optimization method and device, storage medium and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910943741.6ACN112580036B (en) | 2019-09-30 | 2019-09-30 | Virus defense optimization method and device, storage medium and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112580036Atrue CN112580036A (en) | 2021-03-30 |
| CN112580036B CN112580036B (en) | 2024-01-30 |
Family
ID=75116471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910943741.6AActiveCN112580036B (en) | 2019-09-30 | 2019-09-30 | Virus defense optimization method and device, storage medium and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112580036B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115062305A (en)* | 2022-06-28 | 2022-09-16 | 珠海豹趣科技有限公司 | Luajit-based virus infection processing method and device |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012022225A1 (en)* | 2010-08-18 | 2012-02-23 | 北京奇虎科技有限公司 | Active defence method on the basis of cloud security |
| CN103679026A (en)* | 2013-12-03 | 2014-03-26 | 西安电子科技大学 | Intelligent defense system and method against malicious programs in cloud computing environment |
| CN104134039A (en)* | 2014-07-24 | 2014-11-05 | 北京奇虎科技有限公司 | Virus checking and killing method, virus checking and killing client, virus checking and killing server and virus checking and killing system |
| US20150052612A1 (en)* | 2012-03-21 | 2015-02-19 | Beijing Qihod Technology Company Limited | Method and device for identifying virus apk |
| CN107330328A (en)* | 2017-06-30 | 2017-11-07 | 北京奇虎科技有限公司 | Method, device and server for defending against virus attack |
| WO2018095099A1 (en)* | 2016-11-24 | 2018-05-31 | 北京奇虎科技有限公司 | Method and device for processing suspicious samples |
| CN108280347A (en)* | 2017-12-25 | 2018-07-13 | 北京奇安信科技有限公司 | A kind of method and device of virus scan |
| US20180262521A1 (en)* | 2017-03-13 | 2018-09-13 | Molbase (Shanghai) Biotechnology Co., Ltd | Method for web application layer attack detection and defense based on behavior characteristic matching and analysis |
| CN108762888A (en)* | 2018-05-17 | 2018-11-06 | 湖南文盾信息技术有限公司 | A kind of virus detection system examined oneself based on virtual machine and method |
| CN109302420A (en)* | 2018-11-22 | 2019-02-01 | 杭州安恒信息技术股份有限公司 | Network data security transmission method, system and electronic equipment |
- 2019
- 2019-09-30CNCN201910943741.6Apatent/CN112580036B/enactiveActive
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012022225A1 (en)* | 2010-08-18 | 2012-02-23 | 北京奇虎科技有限公司 | Active defence method on the basis of cloud security |
| US20150052612A1 (en)* | 2012-03-21 | 2015-02-19 | Beijing Qihod Technology Company Limited | Method and device for identifying virus apk |
| CN103679026A (en)* | 2013-12-03 | 2014-03-26 | 西安电子科技大学 | Intelligent defense system and method against malicious programs in cloud computing environment |
| CN104134039A (en)* | 2014-07-24 | 2014-11-05 | 北京奇虎科技有限公司 | Virus checking and killing method, virus checking and killing client, virus checking and killing server and virus checking and killing system |
| WO2018095099A1 (en)* | 2016-11-24 | 2018-05-31 | 北京奇虎科技有限公司 | Method and device for processing suspicious samples |
| US20180262521A1 (en)* | 2017-03-13 | 2018-09-13 | Molbase (Shanghai) Biotechnology Co., Ltd | Method for web application layer attack detection and defense based on behavior characteristic matching and analysis |
| CN107330328A (en)* | 2017-06-30 | 2017-11-07 | 北京奇虎科技有限公司 | Method, device and server for defending against virus attack |
| CN108280347A (en)* | 2017-12-25 | 2018-07-13 | 北京奇安信科技有限公司 | A kind of method and device of virus scan |
| CN108762888A (en)* | 2018-05-17 | 2018-11-06 | 湖南文盾信息技术有限公司 | A kind of virus detection system examined oneself based on virtual machine and method |
| CN109302420A (en)* | 2018-11-22 | 2019-02-01 | 杭州安恒信息技术股份有限公司 | Network data security transmission method, system and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 何祥锋;: "浅谈蜜罐技术在网络安全中的应用", 网络安全技术与应用, no. 01* |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115062305A (en)* | 2022-06-28 | 2022-09-16 | 珠海豹趣科技有限公司 | Luajit-based virus infection processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112580036B (en) | 2024-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105320883B (en) | File security loads implementation method and device | |
| JP6644001B2 (en) | Virus processing method, apparatus, system, device, and computer storage medium | |
| RU2454705C1 (en) | System and method of protecting computing device from malicious objects using complex infection schemes | |
| CN103077353B (en) | The method and apparatus of Initiative Defense rogue program | |
| CN103942073B (en) | Realize the method and device of system hot patch | |
| CN102882875B (en) | Active defense method and device | |
| US8301433B2 (en) | Software behavior modeling apparatus, software behavior monitoring apparatus, software behavior modeling method, and software behavior monitoring method | |
| WO2020108357A1 (en) | Program classification model training method, program classification method, and device | |
| CN104537308B (en) | System and method using security audit function is provided | |
| WO2015007224A1 (en) | Malicious program finding and killing method, device and server based on cloud security | |
| CN103279707A (en) | Method, device and system for actively defending against malicious programs | |
| CN106844097A (en) | A kind of means of defence and device for malice encryption software | |
| CN112910895A (en) | Network attack behavior detection method and device, computer equipment and system | |
| WO2014044187A2 (en) | A method and device for checking and removing computer viruses | |
| CN102984134B (en) | Safety defense system | |
| CN102984135B (en) | Security defense method, device and system | |
| CN102857519B (en) | Active defensive system | |
| CN109800581B (en) | Software behavior security protection method and device, storage medium, computer equipment | |
| CN112580036B (en) | Virus defense optimization method and device, storage medium and computer equipment | |
| CN108256327B (en) | File detection method and device | |
| CN103095698B (en) | Client software repair method, device and communication system | |
| CN104239801B (en) | The recognition methods of 0day leaks and device | |
| CN112307482A (en) | Intrusion kernel detection method and device based on target range and computing equipment | |
| CN112395593B (en) | Instruction execution sequence monitoring method and device, storage medium, computer equipment | |
| CN105791221B (en) | Method and device for issuing rules |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |