Unlock instant, AI-driven research and patent intelligence for your innovation.

A Virus Detection System Based on Virtual Execution

A virus detection and virtual execution technology, applied in the field of computer systems, which can solve the problems of virus detection and killing lag, virus detection speed slowdown, polymorphic blurring, etc.

Active Publication Date: 2015-10-28
CHANGSHA WENDUN INFORMATION TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This technology is simple, effective, safe and thorough, but there are the following problems: (1) virus detection and killing always lags behind the prevalence of viruses; (2) the huge signature database will cause the speed of virus detection to drop
However, virus analysis becomes helpless when faced with some hidden techniques, such as polymorphism and obfuscation.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Virus Detection System Based on Virtual Execution
  • A Virus Detection System Based on Virtual Execution
  • A Virus Detection System Based on Virtual Execution

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0036] figure 1 It is a structural schematic diagram of the virus detection system according to the first embodiment of the present invention, refer to below figure 1 To describe in detail the various components and functions of the system.

[0037] Such as figure 1 As shown, the system includes a virus sample collector 10 , a virtual machine 20 and a behavior analyzer 30 . Among them, the function of the virus sample collector 10 is to collect virus samples (including training samples and test samples, i.e. known viruses and unknown viruses); the function of the virtual machine 20 is to perform virtual execution on the collected virus samples, obtain and execute the Execution behavior information at the time of the sample, and generate execution behavior reports. The function of the behavior analyzer 30 includes two aspects, one is to analyze the report generated after the virtual execution of the training sample to generate a classifier, and the other is to analyze the re...

no. 2 example

[0077] Figure 5 It is a schematic structural diagram of a virus detection system according to the second embodiment of the present invention, refer to below Figure 5 To illustrate the various components and functions of the system.

[0078] For ease of description, the same parts as those of the foregoing embodiments will not be described in detail, but only the differences from the foregoing embodiments will be highlighted. exist figure 1 with 5 In the same or similar steps as those in the foregoing embodiments, the same reference numerals are used.

[0079]According to the long-term experience in the anti-virus industry, we know that there is a common pattern in the execution behavior of malicious programs of the same family, which is called Behavior Pattern. For example, all variants of the Allaple worm acquire and lock specific semaphores on the infected system. In fact, the process of constructing a classifier with feature vectors is the process of mining this beha...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a virus detection system adopting a virtual execution technology, which comprises a virus sample collector collecting unknown viruses, a virtual machine executing the unknown viruses and obtaining execution behavior reports when executing the unknown viruses, and a behavior analyzer analyzing the execution behavior reports when the unknown viruses are executed according to virus behavior patterns of known viruses so as to judge whether the unknown viruses are viruses. According to the virus detection system, the virtual execution technology is applied based on the current virus analysis technology, virus execution behavior information is provided for virus analysis, the virus detection system can obtain virus execution behaviors and causes no harm to a system, and the current virus analysis and detection algorithm is improved for active defense politics of normal behavior patterns of users.

Description

technical field [0001] The invention relates to the field of computer systems, in particular to a virus detection system based on virtual execution. Background technique [0002] The security protection of the current computer system largely depends on the update of the virus database of commercial anti-virus products, which is the so-called signature scanning. The main idea of ​​this method is to analyze the characteristic virus codes of the virus and store them in the virus code library file centrally. When scanning, the scanned object is compared with the characteristic code library. If they match, it is judged to be infected with the virus. This technology is simple, effective, safe and thorough, but there are the following problems: (1) virus detection and killing always lags behind the prevalence of viruses; (2) the huge signature code database will cause the speed of virus detection to drop. [0003] At present, the intelligent engine technology has solved the proble...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F9/455
Inventor 任双春
Owner CHANGSHA WENDUN INFORMATION TECH