A malware cloud detection method and system based on hash feature vector

Abstract

A malware cloud detection method and system based on hash feature vectors. The steps of the method are: S1: Malware feature vector processing; S2: The cloud server sends the malware feature vector to the terminal, and whenever the malware feature When the database is updated, the update of the feature vector is incrementally pushed to the terminal; S3: the terminal uses the segmented BF algorithm to map the local file to be scanned and performs fuzzy scanning with the malware feature vector, and sends the matching result to the cloud service S4: The cloud server performs further precise scanning on the matching result, and then returns the confirmation result to the terminal. The system is used to perform the method described above. The present invention can reduce the network, calculation and storage expenses of the malicious software detection terminal as much as possible, and at the same time make the terminal submit as little file information as possible to the cloud server, thereby protecting the privacy of the terminal.

Description

technical field [0001] The invention mainly relates to the field of malware detection of computing terminals, and particularly relates to a cloud computing technology, how to use hash feature vector technology to provide an efficient malware scanning detection method and system for terminals under the condition of both privacy and practical efficiency. . Background technique [0002] With the rapid popularization of mobile smart devices and IoT devices and the development of cloud computing remote storage capabilities, the security issues of the mobile Internet have become prominent. According to iResearch's "2013 China Mobile Security Data Report", the mobile security situation in 2013 was severe, with 690,000 new malware, more than five times that of 2012. A large number of heavily obfuscated and encrypted malware have emerged, and more and more malware or advertising platforms have begun to use dynamic loading and delayed attack to avoid detection and killing by security...

AI Technical Summary

Problems solved by technology

In addition, the current related research is also roughly in line with the above ideas, such as the Chinese application number 201110265295.1, titled "Mobile phone malware detection and killing method and system" proposed a mobile phone malware detection and killing based on the mobile network side malware monitoring and analysis system method can improve the efficiency of mobile phone malware detection and killing, but there are risks of leakage of some important identities of users, sensitive information, and server-side signature databases during the killing process, and the security is difficult to be guaranteed.

The Chinese application number is 201010292928.3, titled "An Information Security Detection Method and Mobile Terminal", which proposes to pre-analyze the behavior characteristics of malicious software through the method of dynamic virtual machine, which can effectively reduce the threat to mobile terminals, but the dynamic virtual machine itself will Causes a large consumption of terminal resources, resulting in a decline in overall efficiency

[0007] To sum up, placing the security detection process on the terminal will not pose a threat to user privacy, but there are problems with large consumption of computing, storage, and network resources, which seriously affect the availability of resource-constrained terminal devices and battery continuity; The idea and architecture of cloud computing transfers the security detection process to the cloud, which will improve terminal resource consumption and timely efficiency, but there is a risk of user privacy being leaked, and the computing tasks on the cloud will increase sharply

The existing technology fails to take into account the needs of both privacy and efficiency, so proposing a new malware scanning strategy and architecture that can take both efficiency and privacy into account is very meaningful for the security of the mobile Internet and the Internet of Things

Images