Method for monitoring and eliminating generalized unknown virus

A technology of unknown viruses and viruses, which is applied in the directions of instruments, electronic digital data processing, platform integrity maintenance, etc., can solve the problems of narrowing the critical conditions of viruses, unavoidable false alarm rate, and the decrease of unknown virus range and quantity, so as to maintain The effect of generalization, increasing the number and scope, and reducing the false positive rate

Inactive Publication Date: 2008-07-23
江启煜
View PDF1 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Although the patented invention 200510007682.X has provided a method of judging whether it is a virus through program behavior analysis, it has defended against unknown viruses to a certain extent, but virus behavior is relative, and a small number of normal programs will also oc

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for monitoring and eliminating generalized unknown virus
  • Method for monitoring and eliminating generalized unknown virus

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0073] The main innovative idea of ​​the present invention is to determine whether a program belongs to a generalized virus through a method of bidirectional database analysis and judgment. And the specificity of the two databases can be adjusted according to the given set point. One direction is to construct a virus behavior database based on a critical setting point, which is mainly used to determine whether a program is a virus; the other direction is to construct normal program-like virus behavior based on normal programs that have "pseudo-virus behavior". Database, the database is mainly used to determine whether a program is a normal program. Through the judgment of the bidirectional database, the present invention not only achieves highly specific identification of unknown viruses, reduces the false alarm rate of behavior analysis, but also maintains the broadness of the identification range, and increases the number and range of unknown viruses that can be identified.

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method to monitor and eliminate general unknown viruses, which comprises: inducing virus basic behaviors composted of a plurality of behavior factors through analysis and research on large amount of computer virus, determining specificity of each behavior factor and each basic virus behavior and forming a specificity-adjusting virus behaviors database which is used to judge whether a program belongs to a virus; simultaneously forming an adjustable normal program false-virus behaviors database according to false-virus behaviors generated on normal programs, wherein the database is used to judge whether a program belongs to a normal program; sorting and processing the viruses which are detected by the above method. The invention can improve the specificity of unknown virus and reduce the error report rate of behavior analysis, ensures the adjusting properties of virus behaviors specificity, increases quantity and range of unknown viruses detecting, and has distinctive advantages compared with prior computer virus monitor technique.

Description

technical field [0001] The invention relates to a method for monitoring and eliminating generalized unknown viruses. Compared with the existing anti-computer virus technology, the invention not only can monitor and eliminate known viruses, but also can highly specifically monitor and eliminate unknown viruses in a broad sense. Background technique [0002] In today's rapid development of information technology, although many anti-computer virus products have appeared, they have indeed played a certain role in the prevention and treatment of known computer viruses, but they cannot effectively fight against unknown viruses. major threat to security. [0003] Existing anti-computer virus monitoring technologies mainly include feature code comparison monitoring detection technology and HIPS active defense technology. [0004] (1) Signature code comparison monitoring and detection technology: By monitoring whether a certain virus signature string in the virus database exists in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/56
Inventor 江启煜
Owner 江启煜
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap