Feature acquisition method for file virus detection and file virus detection method
A virus detection and file technology, applied in the field of network security, can solve problems such as the bloated MD5 whitelist and unavoidable false positives of unknown files, so as to reduce the false positive rate of files and avoid false positives.
Active Publication Date: 2018-04-17
BEIJING BAIDU NETCOM SCI & TECH CO LTD
View PDF6 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The inventors found that because the MD5 whitelist compares the files with the identifier one-to-one, it cannot identify a batch of similar files by the same feature. With the diversification of file features, the MD5 whitelist is bloated and huge. The MD5 whitelist cannot include the identification of all files, so it is impossible to prevent unknown files from being falsely reported
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0036] The feature acquisition method for file virus detection and the method and device for file virus detection according to the embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
[0037] figure 1 A flowchart of a feature acquisition method for file virus detection according to an embodiment of the present invention is shown. refer to figure 1 , the feature acquisition method for file virus detection comprises the following steps:
[0038] Step 101, extract a plurality of first sub-features at a set position of the sample file, and the plurality of first sub-features form a first feature vector, and execute step 102.
[0039] Step 102, recombine the plurality of first sub-features formed in step 101 according to the position information of the plurality of second sub-features to obtain a second feature vector, and execute step 103.
[0040] For example, N setting positions can be recorded through the featur...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The present invention provides a feature acquisition method for file virus detection and a file virus detection method. The feature acquisition method for file virus detection includes: extracting multiple first sub-features at a set position of a sample file, the multiple A first sub-feature forms a first feature vector; according to the position information of a plurality of second sub-features, the plurality of first sub-features are recombined to obtain a second feature vector; if not found in the first feature library For the sub-features included in the second feature vector, add the second feature vector as the identification feature of the sample file into the second feature library. Obtain the file feature by the feature acquisition method of file virus detection, if the file feature is not in the first feature library, then add the file feature as the identification feature of the file into the second feature library, realize the continuous update of the second feature library, avoid Unknown files are falsely reported, reducing the false positive rate of files.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to a feature acquisition method for file virus detection and a file virus detection method and device. Background technique [0002] With the rapid development and popularization of computer technology, a large number of malicious files (viruses) also breed thereupon, thereby seriously affecting the safe application of computer technology and causing serious computer security risks. At present, the detection of malicious files and the reduction of false positives for non-malicious files mostly use the MD5 whitelist technology. This technology generates an MD5 value for each non-malicious file as an identifier, and prevents the engine from detecting the files in the whitelist through this identifier. The file makes malicious file virus detection results, so as to achieve the purpose of reducing false positives. The inventors found that because the MD5 whitelist compares the...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
Inventor 曹德强冯侦探熊蜀光王新
Owner BEIJING BAIDU NETCOM SCI & TECH CO LTD