Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Training method used for virus identification and virus identification method and device

A virus and mathematical technology, applied in the computer field, can solve the problem of huge virus signature database, and achieve the effect of improving the degree of automation, reducing the false alarm rate, and improving the accuracy

Active Publication Date: 2014-10-01
TENCENT TECH (SHENZHEN) CO LTD +1
View PDF7 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The embodiment of the present invention provides a training method for virus identification and a virus identification method and device, which can solve the problem that the virus feature database in the prior art is getting larger and larger, which brings severe challenges to the feature scanning method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Training method used for virus identification and virus identification method and device
  • Training method used for virus identification and virus identification method and device
  • Training method used for virus identification and virus identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0067] The embodiment of the present invention provides a kind of training method that is used for virus identification, in this training method its processing object can be pure black sample, in the pure black sample has the sample of various viruses known to those skilled in the art, the The program in the pure black sample is used as input, the features of the program in the pure black sample are extracted, and the feature is converted into a feature vector as the input of the ART neural network. training process.

[0068] Such as image 3 As shown, the method includes:

[0069] Step 101, extracting the features of a program in the pure black sample,

[0070] It should be noted that the programs in the pure black sample mentioned here mean that all the programs in the sample are virus programs, and the users of these virus programs train the designed ART neural network, so that the ART neural network will Characteristics of virus programs that can learn to recognize thes...

Embodiment 2

[0094] An embodiment of the present invention provides a computer virus identification method, which is based on the ART neural network trained in the first embodiment above, and can determine whether various input programs are dangerous programs. see Figure 5 As shown, the method includes:

[0095] Step 201, extracting the features of the input program;

[0096] The features of the currently extracted program are similar to the above-mentioned step 101, the difference is that the programs in step 101 are all virus programs, which are used in training the ART neural network, while the object operated in the current step 201 is a program whose safety is unknown and needs to be trained After the identification of a good ART neural network, it is possible to judge whether the program is safe or not.

[0097] The characteristics of the program can include: program entry point address (Address of Entry Point), program code segment size (Size of Code), address space size of the p...

Embodiment 4

[0139] An embodiment of the present invention is a computer virus identification device, said device comprising: a second feature unit, a second mathematical feature unit, a second judging feature unit, and a first output unit;

[0140] The second feature unit is used to extract features of the input program;

[0141] The second mathematical feature unit is configured to acquire the mathematical feature of the program according to the feature of the program;

[0142] The second judging feature unit is used to judge whether the mathematical feature meets the requirements of the mathematical feature of the trained virus according to claim 1;

[0143] The first output unit is configured to output the mathematical feature, or output the virus name corresponding to the mathematical feature, if it matches.

[0144] Preferably, the embodiment of the present invention provides a computer virus identification device, such as Figure 7 As shown, the device includes: a second extractio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a training method used for virus identification and a virus identification method and a corresponding device. The training method used for the virus identification comprises the following steps: extracting the characteristics of a program in a pure black sample; according to the characteristics of the program, obtaining the mathematical characteristics of the program; judging whether the mathematical characteristics conform to the requirements of the mathematical characteristics of a preset virus or not; if yes, obtaining the common characteristic of the mathematical characteristics of the program and the mathematical characteristics of the preset virus; and if not, recording the mathematical characteristics of the program to serve as the mathematical characteristics of a newly-added virus. The viruses can be quickly scanned.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a training method for virus identification, a virus identification method and a device. Background technique [0002] The rapid development of Internet technology also provides a convenient way for the rapid spread of viruses, in order to detect viruses in time and avoid virus attacks on user equipment. In the prior art, methods for computer virus scanning are mainly divided into two types: [0003] One is a scanning method that uses manual feature extraction. This technology is to analyze new viruses after they are found artificially, extract signatures according to their characteristics, and add them to the database. When executing the virus scanning program, check whether the file contains a virus by comparing the file with the virus signature code in the virus database. For traditional viruses, virus pattern scanning technology is fast and has a low false positive rate. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/561
Inventor 余文锋
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com