A malware cloud detection method and system based on hash feature vector

A feature vector, malware technology, applied in the direction of platform integrity maintenance, etc., can solve problems such as overall efficiency decline, increase in computing tasks, terminal resource consumption, etc., to achieve the effect of improving efficiency, accurate positioning, and reducing the number of features

Active Publication Date: 2018-03-20
NAT UNIV OF DEFENSE TECH
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, the current related research is also roughly in line with the above ideas, such as the Chinese application number 201110265295.1, titled "Mobile phone malware detection and killing method and system" proposed a mobile phone malware detection and killing based on the mobile network side malware monitoring and analysis system method can improve the efficiency of mobile phone malware detection and killing, but there are risks of leakage of some important identities of users, sensitive information, and server-side signature databases during the killing process, and the security is difficult to be guaranteed.
The Chinese application number is 201010292928.3, titled "An Information Security Detection Method and Mobile Terminal", which proposes to pre-analyze the behavior characteristics of malicious software through the method of dynamic virtual machine, which can effectively reduce the threat to mobile terminals, but the dynamic virtual machine itself will Causes a large consumption of terminal resources, resulting in a decline in overall efficiency
[0007] To sum up, placing the security detection process on the terminal will not pose a threat to user privacy, but there are problems with large consumption of computing, storage, and network resources, which seriously affect the availability of resource-constrained terminal devices and battery continuity; The idea and architecture of cloud computing transfers the security detection process to the cloud, which will improve terminal resource consumption and timely efficiency, but there is a risk of user privacy being leaked, and the computing tasks on the cloud will increase sharply
The existing technology fails to take into account the needs of both privacy and efficiency, so proposing a new malware scanning strategy and architecture that can take both efficiency and privacy into account is very meaningful for the security of the mobile Internet and the Internet of Things

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A malware cloud detection method and system based on hash feature vector
  • A malware cloud detection method and system based on hash feature vector
  • A malware cloud detection method and system based on hash feature vector

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0053] In order to minimize the overhead of the malware detection terminal and the risk of privacy leakage, the present invention uses hash mapping to compress the malware feature library into a feature information vector, and exchanges detection information between the terminal and the cloud server. It also changes the problem that the existing cloud security technology needs to match all the files of the user with all the signature codes, and only needs to match the specific suspect files of the user with the specific signature codes.

[0054] The present invention designs a malware scanning strategy and architecture on the basis of the Bloom Filter algorithm. The Bloom Filter algorithm is briefly introduced below. The Bloom Filter (hereinafter referred to as BF) algorithm is a binary vector data structure proposed by B.H. Bloom in 19...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A malware cloud detection method and system based on hash feature vectors. The steps of the method are: S1: Malware feature vector processing; S2: The cloud server sends the malware feature vector to the terminal, and whenever the malware feature When the database is updated, the update of the feature vector is incrementally pushed to the terminal; S3: the terminal uses the segmented BF algorithm to map the local file to be scanned and performs fuzzy scanning with the malware feature vector, and sends the matching result to the cloud service S4: The cloud server performs further precise scanning on the matching result, and then returns the confirmation result to the terminal. The system is used to perform the method described above. The present invention can reduce the network, calculation and storage expenses of the malicious software detection terminal as much as possible, and at the same time make the terminal submit as little file information as possible to the cloud server, thereby protecting the privacy of the terminal.

Description

technical field [0001] The invention mainly relates to the field of malware detection of computing terminals, and particularly relates to a cloud computing technology, how to use hash feature vector technology to provide an efficient malware scanning detection method and system for terminals under the condition of both privacy and practical efficiency. . Background technique [0002] With the rapid popularization of mobile smart devices and IoT devices and the development of cloud computing remote storage capabilities, the security issues of the mobile Internet have become prominent. According to iResearch's "2013 China Mobile Security Data Report", the mobile security situation in 2013 was severe, with 690,000 new malware, more than five times that of 2012. A large number of heavily obfuscated and encrypted malware have emerged, and more and more malware or advertising platforms have begun to use dynamic loading and delayed attack to avoid detection and killing by security...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 苏金树王小峰陈曙晖孙浩胡晓峰吴纯青赵锋时向泉周寰
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products