Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and system for searching for final virus parent

A virus and matrix technology, applied in the field of communication, can solve problems such as poor search results, inability to submit information, consume a lot of manpower, material resources, and time, and achieve the effect of improving search results, avoiding mistakes, and saving manpower, material resources, and time

Active Publication Date: 2014-08-20
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] During the research and practice of the prior art, the inventors of the present invention have found that users often cannot submit valid information because users know very little about viruses. time, and it doesn't look very well

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for searching for final virus parent
  • Method and system for searching for final virus parent
  • Method and system for searching for final virus parent

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] In this embodiment, description will be made from the perspective of a virus final parent search system, and the virus final parent search system may specifically be integrated in a computer.

[0033] A method for finding the final parent of a virus, comprising: obtaining a pseudo-random system program; generating a hash value of the pseudo-random system program according to the pseudo-random system program, adding an index and a generation time to the hash value, and obtaining a processed hash value; filter the processed hash value to obtain the filtered hash value; establish a query table with index and time as the dimension according to the filtered hash value; obtain the hash value analysis sample according to the query table; run the Hash value analysis sample, and record the hash value information of all files released by the hash value analysis sample to generate a behavior log file; analyze the behavior log file to determine the final parent of the virus.

[003...

Embodiment 2

[0057] According to the method described in Embodiment 1, an example will be given below for further detailed description.

[0058] In this embodiment, the search system for the final parent of the virus specifically includes an information processing subsystem, a honeypot subsystem and an analysis subsystem, see Figure 2a , the details can be as follows:

[0059] 1. Information processing subsystem;

[0060] The information processing subsystem may include a sample behavior generation module, a whitelist filtering module and a data processing module, as follows:

[0061] The sample behavior generation module is mainly used to obtain the pseudo-random system program, generate the hash value of the pseudo-random system program according to the obtained pseudo-random system program, and add an index and generation time to the hash value to obtain the processed hash value, Output the processed hash value to the whitelist filtering module.

[0062] The whitelist filtering modu...

Embodiment 3

[0090] Correspondingly, the embodiment of the present invention also provides a search system for the final parent of the virus, such as image 3 As shown, the search system for the final parent of the virus includes a program acquisition unit 301, a generation unit 302, a filter unit 303, an establishment unit 304, a sample acquisition unit 305, an operation unit 306 and an analysis unit 307;

[0091] A program acquisition unit 301, configured to acquire a pseudo-random system program;

[0092] The generating unit 302 is configured to generate a hash value of the pseudo-random system program according to the obtained pseudo-random system program, and add an index and a generation time to the hash value to obtain a processed hash value;

[0093] A filtering unit 303, configured to filter the processed hash value to obtain a filtered hash value;

[0094] For example, the filtered hash value may specifically be a black hash value and / or a gray hash value, that is, the filtering...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of invention discloses a method and system for searching for a final virus parent. A pseudorandom system program is adopted, a hash value of the pseudorandom system program is generated according to the pseudorandom system program, indexes and generating time are added to the hash value, a processed hash value is obtained, then, the processed hash value is filtered to obtain a filtered hash value, a look-up table taking the indexes and the time as the dimensionality is built according to the filtered hash value, when the final virus parent needs to be searched for, an analysis sample of the hash value is obtained according to the look-up table and is operated, meanwhile, hash value information of all files released by the hash value analysis sample is recorded, a behavior journal file is generated, the behavior journal file is analyzed so as to determine the final virus parent, and therefore the aim of automatically searching for the final virus parent is achieved. Due to the fact that the manual operation is not needed according to the technical scheme, manpower, material resources and time are saved, the defect that faults are prone to occurring due to the manual operation is also avoided, and the searching effect is greatly improved.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and system for searching the final parent of a virus. Background technique [0002] With the rapid development of the Internet, the relationship between people's life and the Internet is getting closer and closer. How to protect the security of information on the Internet has always been a concern of people. Computer viruses, referred to as viruses, have great harm to information security. Therefore, how to check and kill viruses is a very important link in information security protection. [0003] Viruses are often not a single individual, but one releases the other, interlocking. For example, there are three viruses A, B and C, among which, A releases B, and B releases C, which forms a chain of "A->B->C", then we can call B the parent of C at this time , and A is the parent of B. Of course, it can also be said that A is the parent of C. If A does not ha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F17/30G06F21/56
CPCG06F16/134G06F16/148G06F21/56
Inventor 周力陈鸿雏
Owner TENCENT TECH (SHENZHEN) CO LTD