Method, apparatus and network device for identifying virus document

A virus file and file technology, applied in computer security devices, electrical components, instruments, etc., can solve problems such as system damage, virus analysis process extension, and anti-virus product upgrade cycle, so as to achieve fast recovery, improve efficiency, and save money. Analyzing the effect of time

Active Publication Date: 2009-01-21
KINGSOFT
View PDF0 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The weak point of above-mentioned virus analysis method is, in this method, suspicious file runs in computer system, if this suspicious file is virus, can cause damage to system, in virus analysis process, in order to reduce the harmfulness of virus, need Restart the system to restore and repair

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, apparatus and network device for identifying virus document
  • Method, apparatus and network device for identifying virus document

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0021] In the process of virus analysis, to identify whether a suspicious file is a virus file, usually by analyzing the file's runtime behavior to confirm whether it is a virus file. See figure 1 The present invention provides a method for identifying virus files. First, a virtual system is constructed in the system (S101). When a suspicious file is found, the suspicious file is executed in the virtual system, and the behavior information of the suspicious file is recorded (S102); The behavior information is compared with the virus behavior feature database (S103), and it is determined whether the suspicious file is a virus file (S104). If so, the suspicious file is identified as a virus file (S105); otherwise, the suspicious file is identified as a virus file (S105); The suspicious file is identified as a safe file (S106).

[0022] For step S101, the virtual system can construct a virtual framework by using computer programs to monitor key APIs of the system and simulating some...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for identifying viral files, which comprises: firstly, establishing a virtual system, operating a suspicious file in the virtual system, recording behavior information of the suspicious file, judging whether the suspicious file is the viral file or not according to the behavior information and a virus behavior feature library, marking the suspicious file to be the viral file if the suspicious file is the viral file, and otherwise marking the suspicious file to be a safe file. The invention also provides a device for identifying the viral files, which comprises a virtual system module which is used to establish the virtual system, to orient behaviors of the suspicious file to the virtual system, and to operate the suspicious file, a behavior information collecting module which is used to record the behavior information of the suspicious file, and a behavior characteristic analyzing module which is used to mark the suspicious file to be virus when the suspicious file is judged to be the virus according to the behavior information and the virus behavior feature library and is used to mark the suspicious file to be the safe file when the suspicious file is judged to be the safe file.

Description

technical field [0001] The invention relates to the technical field of computer anti-virus. Background technique [0002] In recent years, the viruses and Trojan horses popular on the Internet are usually not a single attack, but a large number of variants are active on the Internet, and can be upgraded frequently, so it is easy for a large number of viruses or Trojan horses to break out. This puts forward higher requirements on the upgrade cycle of anti-virus products, and the upgrade speed of anti-virus products plays an important role in whether it can effectively prevent and kill a large number of viruses and Trojan horses. [0003] One of the most mature anti-virus technologies is signature method. Signature methods generally include processes such as virus analysis, feature extraction, virus database creation and upgrade, and among these processes, the virus analysis process of identifying whether a suspicious file is a virus is one of the most time-consuming processe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/22H04L29/06G06F21/56
Inventor 姚辉赵闽李敏肖凯李伟健
Owner KINGSOFT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap