Cloud-based sample database dynamic maintaining method

Abstract

The invention provides a cloud-based sample database dynamic maintaining method comprising the following steps of: firstly, collecting program characteristics and program behaviors corresponding to the program characteristics and transmitting the program characteristics and the program behaviors corresponding to the program characteristics to a server end by a client computer; secondly, recordingdifferent program characteristics and the program behaviors corresponding to the program characteristics in a server end database and a black / white list; and finally analyzing unknown program characteristics and the program behaviors by combining with the program characteristics and the program behaviors corresponding to the program characteristics in the existing black / white list so as to updatethe black / white list. By collecting the program behaviors and linking to the program characteristics through a client, the invention can be used for recording the program characteristics and the program behaviors corresponding to the program characteristics in the database, analyzing and inducting a sample in the database according to the linking relationship between the collected program behaviors and the program characteristics, thereby being beneficial to classifying and discriminating black software or programs from white software or programs. In addition, the invention can be used for formulating corresponding clearing or restoring measures aiming at malicious software in a blacklist.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method for dynamically maintaining a sample database based on cloud security. Background technique [0002] With the widespread use of computer technology in various fields of social life, malicious programs (Malwar, malicious software, refers to any software program deliberately created to perform unauthorized and usually harmful behaviors) have also followed one after another like its appendages. . Due to the infectivity, replicability and destructiveness of these malicious programs, they have become a major problem that plagues computer use. Therefore, in today's soaring network threats, updating virus signatures has become a must-have job for enterprises and Internet users every day. From once a week to once a day, until it is updated all the time, while the traditional anti-virus software puts the virus database on the client computer, analyzes the files on t...

AI Technical Summary

Problems solved by technology

Due to the infectivity, replicability and destructiveness of these malicious programs, they have become a major problem that plagues computer use. Therefore, in today's soaring network threats, updating virus signatures has become a daily must for enterprises and Internet users. From once a week to once a day, until it is updated all the time, while the traditional antivirus software puts the virus database on the client computer, analyzes the files on the client, and repeatedly compares it with the local virus database during the scanning process. It takes up a lot of system resources, and with the continuous upgrade of the virus database, the capacity of the virus database is getting larger and larger, and the time spent analyzing files is also getting longer and longer, making the client computer slower and slower. Therefore, the anti-virus industry New technological breakthroughs must be found

Images