Method and system for cloud detection of malicious software based on Hash characteristic vector

Abstract

The present invention discloses a method and a system for cloud detection of malicious software based on a Hash characteristic vector. The method comprises the following steps of: S1, malicious software characteristic vectors are processed; S2, a cloud server side sends the malicious software characteristic vectors to a terminal, and incrementally pushes updates of the characteristic vectors to the terminal whenever a malicious software characteristic database is updated; S3, the terminal maps local files to be scanned through a segmented BF algorithm, fuzzily scans the local files to be scanned with the malicious software characteristic vectors and sends matching results to the cloud server side; and S4, the cloud server side further accurately scans the matching results and returns confirming results to the terminal. The system is used for implementing the method. By virtue of the method and the system, the network, computing and storage costs of the malicious software detection terminal can be reduced as far as possible; the terminal is enabled to submit file information to the cloud server as little as possible, so that the privacy of the terminal can be protected.

Description

technical field [0001] The present invention mainly relates to the field of malicious software detection of computing terminals, and specifically refers to how to use hash feature vector technology to provide efficient malware scanning and detection methods and systems for terminals under the condition of both privacy and practical efficiency under cloud computing technology . Background technique [0002] With the rapid popularization of mobile smart devices and Internet of Things devices and the development of cloud computing remote storage functions, the security issues of mobile Internet have become prominent. According to iResearch's 2013 China Mobile Security Data Report, the mobile security situation in 2013 was relatively severe, with 690,000 new malicious software, more than five times that of 2012. A large number of heavily obfuscated and encrypted malware are emerging, and more and more malware or advertising platforms are using dynamic loading, delayed onset, et...

AI Technical Summary

Problems solved by technology

In addition, the current related research is also roughly in line with the above ideas, such as the Chinese application number 201110265295.1, titled "Mobile phone malware detection and killing method and system" proposed a mobile phone malware detection and killing based on the mobile network side malware monitoring and analysis system method can improve the efficiency of mobile phone malware detection and killing, but there are risks of leakage of some important identities of users, sensitive information, and server-side signature databases during the killing process, and the security is difficult to be guaranteed.

The Chinese application number is 201010292928.3, titled "An Information Security Detection Method and Mobile Terminal", which proposes to pre-analyze the behavior characteristics of malicious software through the method of dynamic virtual machine, which can effectively reduce the threat to mobile terminals, but the dynamic virtual machine itself will

Images