Cross-platform detection method and system for malicious files in cloud environment

Abstract

The invention relates to a cross-platform detection method and system for malicious files in a cloud environment. The detection method includes the steps: 1) acquiring original suspicious malicious files, storing the original suspicious malicious files in a distributed storage cluster in the cloud environment and isolating the malicious files; 2) manufacturing file copies of the malicious files, recognizing formats of the filename extension of the file copy of each malicious file and uploading the recognized file copy of each malicious file to a WEB end; 3) only downloading the copies of the malicious files from the WEB end according to different operating system types to security sandbox virtual machines corresponding to respective systems, and detecting characteristics and / or running behaviors of the malicious files; 4) submitting and summarizing detection results of the malicious files in the security sandbox virtual machines, associating the detection results with the original malicious files and then detecting cross-platform malicious files. Universality and automation degree of malicious file detection are improved, the malicious files can be preprocessed in batch by the aid of cloud platform technology, and the processing efficiency of malicious file detection is greatly improved.

Description

technical field [0001] The invention relates to a malicious file detection method and system, in particular to a malicious file cloud environment cross-platform detection method and system, belonging to the field of computer network security. Background technique [0002] Malicious files, also known as malicious code and malware, usually refer to software that is installed and run on the user's computer or other terminals (such as smartphones) without explicitly prompting the user or without the user's permission, damaging the system and stealing user information document. Typical malicious files include viruses, Trojan horses, worms, remote control software, keylogger software, JS scripts for hanging horses, webshell backdoors, mobile phone call monitoring, address book theft, rogue software, and so on. [0003] The detection and analysis of malicious files is an indispensable part of security research and security product development, which is of great significance. Trad...

AI Technical Summary

Problems solved by technology

However, a single security sandbox or a single security virtual machine cannot meet the universal requirements, so it is necessary to combine the operating system (window series version, linux series version, UNIX, MAC OS, IOS, Android, etc.) file execution program, anti-virus software, etc.), establish a multi-platform security sandbox

[0005] Due to the diversity and complexity of malicious files, it is difficult for a single detection method and platform software to meet the detection requirements for arbitrary malicious files

Therefore, convenient and fast multi-platform malicious file detection cannot be applied to devices

Unified cross-platform malicious file detection still faces many technical challenges: because malicious files are highly destructive and unknown, it is necessary to ensure the safe storage of malicious file samples for malicious code detection; malicious file detection platforms such as Huoyan can only accept One file, and there are clear requirements for the file extension, it is impossible to correct the error of the file, and it is also impossible to effectively analyze files with unknown extensions; the problem of convenient distribution of malicious file copies under multiple platforms is also a big challenge

Images