Active defense method based on cloud platform

Abstract

The invention discloses an active defense method based on a cloud platform. The active defense method comprises the following steps of: intercepting progress establishment by a client to acquire a program file route of a progress; calculating a characteristic value of a program file according to the program file route; judging whether the characteristic value of the program file exists in a local database; if the characteristic value of the program file does not exist in the local database, sending the characteristic value of the program file to a cloud end; judging whether the characteristic value of the program file exists in a database of the cloud end; if the characteristic value of the program file does not exist in the database of the cloud end, judging whether cloud end analysis is required to be performed on the program file; if the cloud end analysis is required to be performed on the program file, sending the program file to the cloud end; executing a command in the program file by the cloud end; judging whether the residual commands in the program file do not comprise commands related to a user environment; if the residual commands in the program file do not comprise commands related to the user environment, executing the residual commands; and detecting the security of the program file according to a behavior record of the program file, and returning a detection result back to the client.

Description

technical field [0001] The present invention relates to the field of information security, and more specifically, the present invention relates to an active defense method based on a cloud platform. Background technique [0002] Computer viruses have been threatening the data security of computer systems for a long time. The concealment, infectivity and destructiveness of computer viruses have seriously interfered with the normal operation of computers and caused huge losses to human beings. With the rapid development of computer networks and their applications, the channels, forms of transmission and life cycles of viruses have also undergone qualitative changes. At present, most of the newly generated viruses come from the network, spread through the network, automatically download new viruses or automatically update variants, and continue to spread. [0003] In recent years, the idea of ​​"cloud security" has been proposed. The main technical method is to monitor the ab...

AI Technical Summary

Problems solved by technology

[0004] Existing cloud security solutions expand the acquisition channels of malware samples, enabling antivirus software vendors to obtain new samples faster, but there are still some limitations: First, malicious code may resist cloud security analysis, such as increasing its own size against upload, or expose its malicious behavior only under certain conditions; secondly, due to the limitations of current automatic malware analysis technology, antivirus software vendors are still unable to analyze new samples in real time and respond quickly

A large number of users will still be infected by malware within the time difference between the appearance of new virus samples and the identification by antivirus software vendors, which is the problem of the first batch of victims in cloud security; finally, even when cloud security solutions are adopted on the server side, customers The client still needs to install anti-virus software, which consumes a lot of client resources.

Images