Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, apparatus and network device for identifying virus document

A virus file and file technology, applied in computer security devices, electrical components, instruments, etc., can solve problems such as system damage, virus analysis process extension, and anti-virus product upgrade cycle, so as to achieve fast recovery, improve efficiency, and save money. Analyzing the effect of time

Active Publication Date: 2009-01-21
KINGSOFT
View PDF0 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The weak point of above-mentioned virus analysis method is, in this method, suspicious file runs in computer system, if this suspicious file is virus, can cause damage to system, in virus analysis process, in order to reduce the harmfulness of virus, need Restart the system to restore and repair the system, and the restart action greatly prolongs the virus analysis process, thus affecting the upgrade cycle of anti-virus products; in addition, if the virus crashes the system, the system needs to be reinstalled, which will further prolong the anti-virus product upgrade cycle. Product upgrade cycle

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, apparatus and network device for identifying virus document
  • Method, apparatus and network device for identifying virus document

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] In the process of virus analysis, to identify whether a suspicious file is a virus file is usually to analyze the running behavior of the file, so as to confirm whether it is a virus file. see figure 1 , the present invention provides a kind of method of identification virus file, at first construct virtual system (S101) in the system, when suspicious file is found, make suspicious file run in this virtual system, and record the behavior information of suspicious file (S102); And compare (S103) the behavior information and virus behavior feature database, judge whether described suspicious file is virus file (S104), if so, then described suspicious file is identified as virus file (S105); Otherwise, all The suspicious file is identified as a safe file (S106).

[0022] For step S101, the virtual system can build a virtual framework by using computer programs to monitor key APIs of the system and simulate some functions of the real system. It can simulate the process of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for identifying viral files, which comprises: firstly, establishing a virtual system, operating a suspicious file in the virtual system, recording behavior information of the suspicious file, judging whether the suspicious file is the viral file or not according to the behavior information and a virus behavior feature library, marking the suspicious file to be the viral file if the suspicious file is the viral file, and otherwise marking the suspicious file to be a safe file. The invention also provides a device for identifying the viral files, which comprises a virtual system module which is used to establish the virtual system, to orient behaviors of the suspicious file to the virtual system, and to operate the suspicious file, a behavior information collecting module which is used to record the behavior information of the suspicious file, and a behavior characteristic analyzing module which is used to mark the suspicious file to be virus when the suspicious file is judged to be the virus according to the behavior information and the virus behavior feature library and is used to mark the suspicious file to be the safe file when the suspicious file is judged to be the safe file.

Description

technical field [0001] The invention relates to the technical field of computer anti-virus. Background technique [0002] In recent years, the viruses and Trojan horses popular on the Internet are usually not a single attack, but a large number of variants are active on the Internet, and can be upgraded frequently, so it is easy for a large number of viruses or Trojan horses to break out. This puts forward higher requirements on the upgrade cycle of anti-virus products, and the upgrade speed of anti-virus products plays an important role in whether it can effectively prevent and kill a large number of viruses and Trojan horses. [0003] One of the most mature anti-virus technologies is signature method. Signature methods generally include processes such as virus analysis, feature extraction, virus database creation and upgrade, and among these processes, the virus analysis process of identifying whether a suspicious file is a virus is one of the most time-consuming processe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/22H04L29/06G06F21/56
Inventor 姚辉赵闽李敏肖凯李伟健
Owner KINGSOFT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com