Unlock instant, AI-driven research and patent intelligence for your innovation.

How to tell if a program is malicious

A program and malicious technology, applied in the field of network security, can solve problems such as the difficulty of determination, the difficulty of killing or cleaning malicious programs, etc.

Active Publication Date: 2017-03-08
BEIJING QIHOO TECH CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In addition, in recent years, with the application of anti-killing technology by malicious program creators, more and more methods have appeared by packing malicious programs or modifying the signature codes of the malicious programs; and many Trojan horse programs have adopted more and more Frequent and rapid automatic transformations make it more and more difficult to judge malicious programs based on malicious behavior and / or malicious characteristics, thus causing difficulty in killing or cleaning malicious programs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • How to tell if a program is malicious
  • How to tell if a program is malicious
  • How to tell if a program is malicious

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The following describes the implementation of the present invention in detail with the drawings and embodiments, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.

[0029] The core idea of ​​the present invention is: the database on the server side establishes a whitelist of legal programs and collects and updates them; the client terminal collects the program characteristics and / or program behavior of a program and sends them to the server side for query, and the server side according to the program The characteristics and / or program behaviors are analyzed and compared in the white list, and the program is determined according to the comparison result and fed back to the client.

[0030] The method for detecting malicious programs in the whitelist in the cloud security mode formed by a large number of client computers 102-server 104 is described below...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for judging whether a program is malicious or not. The method comprises the following steps: establishing a white list of a legal program by a database of a server end, and collecting and updating; collecting program characteristics and / or program behaviors of one program by a client, and sending the program characteristics and / or the program behaviors to the server end to be inquired; carrying out analysis and comparison in the white list by the server end according to the program characteristics and / or the program behaviors; and judging the validity or a trust value of the program according to a comparing result and feeding back to the client. According to the method for judging whether the program is malicious or not, the legal program is judged by using the white list so as to judge an illegal program which does not belong to a white list range to be a malicious program and carry out judgment, searching and killing of the malicious program from the other angle.

Description

[0001] The present invention patent application is a divisional application of a Chinese invention patent application with the filing date of August 18, 2010, the application number being 201010256973.3, and the title "A method for detecting malicious programs based on a whitelist". Technical field [0002] The invention belongs to the field of network security, and specifically relates to a method for judging whether a program is malicious. Background technique [0003] The traditional anti-killing of malicious programs mainly relies on the signature database model. The signature library is composed of the signature codes of malicious program samples collected by the manufacturer, and the signature is the analysis engineer finds the difference between the malicious program and the legitimate software, and intercepts a section of program code similar to "search keywords". During the scanning and killing process, the engine will read the file and match it with all the feature code ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 周鸿祎齐向东
Owner BEIJING QIHOO TECH CO LTD