Cluster partitioning processing method and cluster partitioning processing device for virus files

一种病毒文件、处理方法的技术,应用在电数字数据处理、计算机安全装置、仪器等方向,能够解决增加计算资源消耗、增加染毒风险等问题,达到减少资源消耗、避免染毒风险、提高聚类划分效率的效果

Active Publication Date: 2013-02-13
TENCENT TECH (SHENZHEN) CO LTD
View PDF3 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When clustering viruses, it is necessary to dynamically run virus files to check their dynamic behavior characteristics, which not only increases the consumption of a lot of time and computing resources, but also increases the risk of infection on the local computer itself by dynamically running virus files.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cluster partitioning processing method and cluster partitioning processing device for virus files
  • Cluster partitioning processing method and cluster partitioning processing device for virus files
  • Cluster partitioning processing method and cluster partitioning processing device for virus files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0024] A virus file is a type of computer file, and its expression is in the form of binary data. The invention analyzes the binary data of the virus file and the characteristics of the family characteristics of the virus file, and proposes a processing method and device for clustering and dividing the virus file that can be automatically executed by a computer.

[0025] In the Windows (WINDOWS) operating system, virus files are usually PE files. figure 1 It is a schematic diagram of the structure of the PE file, see figure 1 , the PE file generally includes a DOS header, a PE header, section table information, section data, and additional data. The DOS header, PE header, and section table information belong to PE structural data and are used to identify the structural features of the PE file. For anti-virus anti-virus files, the f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a cluster partitioning processing method and a cluster partitioning processing device for virus files. The method comprises the following steps of: (A) statically analyzing binary data of virus files to be partitioned, and analyzing portable executable (PE) structure data of the virus files from the binary data; and (B) comparing the PE structure data of the virus files to be partitioned, and partitioning the virus files with the PE structure data according with appointed similarity into the same category. The device comprises a first data analyzing module and a first cluster partitioning module, wherein the first data analyzing module is used for statically analyzing the binary data of the virus files to be partitioned and extracting the PE structure data of the virus files from the binary data; and the first cluster partitioning module is used for comparing the PE structure data of the virus files to be partitioned and partitioning the virus files with the PE structure data according with the appointed similarity into the same category. By the cluster partitioning processing method and the cluster partitioning processing device for the virus files, the cluster partitioning efficiency of the virus files of a computer can be improved, resource consumption is reduced, and the virus catching risk caused by the virus files which run dynamically is eliminated.

Description

technical field [0001] The invention relates to the technical field of computer data processing, in particular to a clustering and dividing processing method and device for clustering and dividing computer virus files. Background technique [0002] Computer viruses usually have family characteristics, and a certain computer virus will reproduce its variant virus after some evolution. The purpose of the virus change is mainly to avoid anti-virus processing for some anti-virus software. Usually such viruses and the viruses they reproduce have family characteristics. Anti-virus software will divide the virus family according to the characteristics of the virus family, and often extract the characteristic information of all viruses in the family as the basis for judging the virus, so that one record in the virus database can hit all the viruses in the family . It can be seen that an accurate virus family clustering method can greatly improve the efficiency of anti-virus softw...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/00G06F21/562G06F21/561
Inventor 于涛
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap