A malicious program intelligent defense system and defense method in cloud computing environment

Abstract

An intelligent defense system against malicious programs in a cloud computing environment comprises a cloud computing platform, a sample collection subsystem, an isolation analysis subsystem and a computing server. A plurality of different anti-virus engines are arranged on the cloud computing platform in parallel, and the different anti-virus engines can perform scanning oriented to different types of viruses. The sample collection subsystem is used for collecting data relevant to security vulnerability attacks. The isolation analysis subsystem is a set of multiple malicious program behavior analysis engines, and behavior monitoring results different in emphasis are obtained through analysis by the isolation analysis subsystem. The computing server is used for collecting data of the sample collection subsystem and data of the isolation analysis subsystem, and behavior data are analyzed by the computing server to generate a behavior characteristic knowledge base.

Description

technical field [0001] The invention is an intelligent defense method for malicious programs in a cloud computing environment. It is a method for designing and implementing a virus defense mechanism for detecting malicious code (including unknown viruses) in a cloud computing environment by combining honeypot technology with intelligent program behavior analysis technology. Background technique [0002] With the development of computer viruses in combination with hacker technology, more destructive, more transmission channels, faster transmission speed, more variants, and encryption of original programs, traditional virus detection and killing technologies have become more difficult to implement in application Defense against viruses. With the emergence of new computing models such as distributed computing, grid computing, and cloud computing, new malicious program detection applications have also begun to appear, such as the "cloud scanning and killing" that people are gra...

AI Technical Summary

Problems solved by technology

But at present, most anti-virus solutions face the problems of lag and limitation, as follows: (1) Under the trend of exponentially growing viruses, there is a significant lag in the update and upgrade of traditional anti-virus software;

[0003] (2) Users often only install a set of anti-virus software in a stand-alone application environment, which has the limitation of single-point defense;

[0004] (3) Without upgrading the anti-virus software, it is impossible to detect and kill newly written viruses, and it is impossible to detect and kill old viruses that have been processed without anti-virus;

[0005] (4) When collecting data, honeypot technology, user reporting, and self-established laboratory research and development are used to collect data. The cost is high and the number of samples collected is limited;

[0006] (5) Some existing cloud scanning and killing engines simply put the server in the cloud, and still use the traditional mode of signature comparison, which cannot detect unknown viruses;

[0007] (6) The parallel work of multiple engines on the cloud server is just a combination of engines from different manufacturers, which is limited by the technical level and product targeting of different manufacturers.

Images