Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious program judging method based on cloud security

A malicious program and security technology, applied in the computer field, can solve the problems of large attack harm, contradictory number of signatures, limited detection coverage, etc., to reduce performance overhead, ensure diversity, and improve coverage.

Inactive Publication Date: 2012-02-08
海南意源高科技有限公司 +1
View PDF2 Cites 60 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The mainstream anti-virus software is based on virus signatures, and the update speed of signatures is far behind the speed of new viruses.
[0004] (2) The contradiction between the limited resources of the terminal and the huge number of malicious program signatures
However, with the increase of the terminal virus database, more storage space is required, and a large amount of computing resources are consumed for antivirus, which affects the running speed of the computer.
[0005] (3) The malicious attack lasts for a long time, and the individual attack behavior is not obvious
[0006] (4) Malicious attackers are widely distributed, and the attacks are very harmful
However, each detection engine has a certain false positive rate. Although this method can improve the efficiency of detection, it cannot improve the accuracy of detection.
Also, since a single type of engine may have some inherent flaws that are very effective against some malicious programs, its detection coverage is very limited
At the same time, with the increase of the client virus database, more storage space is required, and a large amount of computing resources are consumed for antivirus, which affects the running speed of the client computer

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious program judging method based on cloud security
  • Malicious program judging method based on cloud security
  • Malicious program judging method based on cloud security

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0036] Example: such as figure 2 As shown, a method for judging malicious programs based on cloud security of the present invention, the steps are:

[0037](1) Deploy at least two different types of detection engines in the cloud. These detection engines can be deployed in physical machines or virtual machines. Deploying in virtual machines can improve resource utilization; the detection engine we use Refers to open source antivirus software that scans and kills malicious programs.

[0038] (2) The client intercepts the execution of the program, and calculates the unique identifier of the program, which can be obtained by hash calculation using the MD5 algorithm, or by using similar algorithms such as SHA1;

[0039] (3) If the unique identification value of the program exists in the local buffer, then directly return the final judgment result, and turn to step (9). Otherwise, send a query message to the cloud. After receiving the query message, the cloud will search in the ...

example

[0058] The configuration situation in the implementation process of this method is illustrated below with an example.

[0059] In order to improve resource utilization, all detection engines are deployed in virtual machines, of course, they can also be deployed in physical machines. First, install the virtual machine manager-Xen on two physical nodes, and the hardware and system configuration of each physical node are shown in Table 1.

[0060] physical node

CPU

Memory

hard disk

operating system

virtual machine manager

Node1

2 Intel Xeon E5310

4GB

160GB

Fedora Core 8

Xen

Node2

2 Intel Xeon E5310

4GB

160GB

Fedora Core 8

Xen

[0061] Table 1 Hardware and system configuration of the physical platform

[0062] One management domain and two virtual machines are deployed on each physical node, and one detection engine is deployed in each virtual machine. The basic configuration of each de...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the computer field, and particularly relates to a malicious program judging method based on cloud security. In the invention, various detection engines of different types are arranged on a cloud end to perform parallel detection on the file submitted by a user. As the detection engines are different in accuracy, the detection results are possibly different from each other. The cloud end performs comprehensive judgment on the detection results with a comprehensive judgment algorithm. In order to improve the detection efficiency, a file detection result buffer area is established locally, and a file detection result database is established at the cloud end. Generally, in the invention, the correctness of the detection result is improved by a comprehensive judgment method using multiple detection engines; and meanwhile, a client utilizes the buffer area and the cloud end utilizes buffer a database to buffer the file detection results so as to improve the high efficiency of the detection process.

Description

technical field [0001] The invention belongs to the field of computers, and in particular relates to a method for judging malicious programs based on cloud security. Background technique [0002] With the rapid development of computers and their applications and the complexity of network structures, the weaknesses and vulnerabilities of computing systems will tend to be distributed. With the improvement of the level of hacker intrusion, its attack behavior is no longer a single behavior, and a single network security defense tool appears to be very weak when dealing with distributed, coordinated, and complex patterns of attack behavior. The typical characteristics of the current network attack behavior are: [0003] (1) The number of malicious codes is growing explosively. At present, there are more than 11 million malicious programs in the world, and this data is still growing. In 2005, only about 50 malicious program signatures were added to the signature database every...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F17/30G06F21/56
Inventor 王振江金海
Owner 海南意源高科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com