Unknown virus retrieval method

A technology of unknown virus and behavior, applied in special data processing applications, instruments, electronic digital data processing, etc., can solve the problems of inability to adjust the virus database, easy false positives, increased time for virus detection and anti-virus, etc., to improve the efficiency of virus detection , reduce the effect of unnecessary analysis process

Active Publication Date: 2014-02-19
科来网络技术股份有限公司
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Although there are many behavior-based detection methods for unknown viruses, due to the diversity of virus behaviors, it is easy to misreport, especially the one-by-one comparative analysis of all operation behaviors, occupying computer operating resources, and increasing the time for virus detection and antivirus At t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unknown virus retrieval method
  • Unknown virus retrieval method
  • Unknown virus retrieval method

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0033] (1) Read the basic behavior report of the file extracted by the behavior extraction module, and filter out the behavior operations that do not need to be analyzed according to the filtering operation configuration;

[0034] (2) Read a suspicious behavior configuration from the suspicious behavior list in the comparison library, and find all operations of the suspicious behavior from the file basic behavior operation report, if all operations of the suspicious behavior can be found in the suspicious behavior configuration in the comparison library If it is found in the relevant operation behavior of the suspicious behavior, go to step (3). If one of the basic operational behaviors of the suspicious behavior cannot be found, the matching of the suspicious behavior will fail.

[0035] (3) After the suspicious behavior is successfully matched, continue to match the correctable behavior for the behavior, and judge whether all the operation behaviors in the suspicious operatio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An unknown virus retrieval method includes the steps of comparison library configuration, behavior extraction and behavior analysis. The behavior analysis comprises Trojan recognition and suspicious behavior recognition. A comparison library is set in advance so as to divide basic behaviors into at least three levels, namely Trojan behaviors, suspicious behaviors and correctable behaviors according to danger levels. The behavior analysis includes Trojan recognition and suspicious behavior recognition and further comprises a suspicious behavior correction step and a filter step, wherein the suspicious behaviors are corrected in the mode that the suspicious behaviors are recognized and classified to be the correctable behaviors according to correctable comparison files in the comparison library set in advance. According to the unknown virus retrieval method and device, users can configure behaviors corresponding to the danger levels by themselves, different requirements of the different users can be met, configuration of the suspicious behaviors or the Trojan behaviors is reduced, and accordingly the unnecessary analysis process is reduced, and the virus searching efficiency is improved.

Description

technical field [0001] The invention belongs to the field of computer applications, and relates to identification and prevention of computer viruses, in particular to an unknown virus retrieval method and device. Background technique [0002] A computer virus refers to a set of computer instructions or program codes that are inserted into a computer program by the compiler to destroy computer functions or data, affect computer use, and are capable of self-replication. A computer virus lurks in the computer's storage medium (or program) through some means, and is activated when a certain condition is met, and puts its exact copy or possibly evolved form into other programs by modifying other programs. thereby infecting other programs. [0003] Computer virus is a major threat to computer security. The ability of computer virus to mutate is increasing day by day, and the speed of new virus generation is accelerating. At present, most anti-virus software still use the virus f...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F17/30
CPCG06F21/566
Inventor 罗鹰赵劲松林康侯勇军伍宏宁
Owner 科来网络技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap