Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Scanning method and scanning device for malicious programs

A malicious program and scanning method technology, applied in the Internet field, can solve the problems of no malicious program scanning method, no malicious program scanning, malicious consumption of traffic, etc.

Active Publication Date: 2014-04-30
北京鸿享技术服务有限公司
View PDF6 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In ordinary computers, such as Windows systems, the proliferation of viruses has caused great troubles to users, but the antivirus technology in ordinary computers is also very advanced
For ARM-based mobile terminals, malicious programs have also shown an increasing trend in recent years, but due to the particularity of mobile terminals, there is no effective scanning method for malicious programs.
[0004] For example, in mobile terminals, there will be behaviors such as charging calls, sending fee-deducting text messages, and maliciously consuming traffic. These malicious behaviors do not exist on ordinary computers, but they often cause greater losses to users.
[0005] In order to avoid the normal use of users, before the mobile terminal performs malicious behavior, the scanning program often cannot judge whether a behavior is a malicious behavior. Therefore, there is currently no effective method for scanning malicious programs on mobile terminals based on the ARM platform. , users face the threat of being compromised by malicious programs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Scanning method and scanning device for malicious programs
  • Scanning method and scanning device for malicious programs
  • Scanning method and scanning device for malicious programs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0093] The embodiment of the present invention provides a malicious program scanning method. The method improves the malicious program scanning device. The malicious program scanning device in this embodiment may be installed on a user client, for example, the client may be a user terminal such as a PC (Personal Computer, personal computer), a mobile phone, or a handheld computer.

[0094] figure 1 It is a flowchart of a malicious program scanning method according to an embodiment of the present invention, and the method includes steps S102 to S108.

[0095] S102, creating a virtual operating system environment for virus checking in the operating system of the ARM platform.

[0096] S104. Import the program module to be scanned into the virtual operating system environment, and run the program module to be scanned.

[0097] S106, monitor and acquire the behavior of the program module to be scanned in the virtual operating system environment.

[0098] S108. Determine whethe...

Embodiment 2

[0101] This embodiment is a specific application scenario of the first embodiment above. Through this embodiment, the method provided by the present invention can be described more clearly and specifically.

[0102] Wherein, the method provided in this embodiment can be implemented in the mobile terminal based on the ARM platform in the form of driver or antivirus software.

[0103] figure 2 It is a flowchart of a specific scanning method for a malicious program according to an embodiment of the present invention, and the method includes steps S201 to S207.

[0104] S201. Establish a virtual machine in the operating system of the ARM platform.

[0105] Taking a mobile phone running the Android system as an example, this step is to create a virtual machine in the Android system running on the mobile phone. The virtual machine can be a complete system, which simulates a complete hardware system function and runs in a completely isolated environment. A complete computer system...

Embodiment 3

[0167] image 3 It is a structural block diagram of a malicious program scanning device provided by an embodiment of the present invention, and the device 300 includes:

[0168] Build a module 310, configured to create a virtual operating system environment for virus checking in the operating system of the ARM platform;

[0169] The running module 320 is configured to import the program module to be scanned into the virtual operating system environment, and run the program module to be scanned;

[0170] The monitoring module 330 is configured to monitor and obtain the behavior of the program module to be scanned in the virtual operating system environment;

[0171] The determination module 340 is configured to determine whether the program module is a malicious program according to the occurred behavior.

[0172] Optionally, the establishment module 310 includes:

[0173] The virtual machine establishment unit 311 is configured to establish a virtual machine in the operatin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a scanning method and a scanning device for malicious programs. The scanning method includes creating a virtual operating system environment used for virus scanning in an operating system of an ARM (acorn reduced-instruction-set-computer machine) platform, importing to-be-scanned program modules into the virtual operating system environment, running the to-be-scanned program modules, monitoring and acquiring behaviors of the to-be-scanned program modules in the virtual operating system environment, and determining whether the program modules are the malicious programs or not according to the behaviors. By the scanning method and the scanning device, the problem of incapability of scanning the malicious programs in the ARM platform due to mechanism characteristics is solved; the to-be-scanned program modules are embedded into the virtual operating system environment to run, so that whether the to-be-scanned program modules are the malicious programs or not can be judged according to the behaviors of the to-be-scanned program modules, and safety of a real operating system of a user is not affected.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a malicious program scanning method and device. Background technique [0002] ARM (Acorn RISC Machine, reduced computer instruction set machine) processor is a microprocessor designed by Acorn Computer Co., Ltd. for the low-budget market. Because of its small size, it is suitable for JAVA programming technology, and its application in mobile terminals is excellent. Therefore, current mobile terminals, such as mobile phones and tablet computers, are almost all based on ARM chips. [0003] In ordinary computers, such as Windows systems, the spread of viruses has caused great troubles to users, but the antivirus technology in ordinary computers is also very advanced. For ARM-based mobile terminals, malicious programs also show an increasing trend in recent years, but due to the particularity of mobile terminals, there is no effective method for scanning malicious programs. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 唐海陈卓
Owner 北京鸿享技术服务有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products