Method and system for detecting an infection type virus based on file header

An infective, file header technology, applied in the field of network security, can solve problems such as staying and achieve the effect of avoiding losses

Inactive Publication Date: 2017-04-12
HARBIN ANTIY TECH
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the current detection of infectious viruses is still based on the method of detecting co

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting an infection type virus based on file header
  • Method and system for detecting an infection type virus based on file header
  • Method and system for detecting an infection type virus based on file header

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The present invention provides a method and a system embodiment for detecting infectious viruses based on file headers, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purpose and characteristics of the present invention And advantage can be more obvious and easy to understand, below in conjunction with accompanying drawing technical scheme in the present invention is described in further detail:

[0031] The present invention firstly provides a method embodiment 1 of detecting an infectious virus based on a file header, such as figure 1 shown, including:

[0032] S101 monitors whether there is an open operation for the executable file, and if it exists, extracts the file header information of the executable file; wherein, the file header information during the open operation can be saved in the structure P1;

[0033] S102 monitors whether there is a sa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for detecting an infection type virus based on a file header. The method comprises: whether an opening operation for an executable file exists is monitored and if so, file header information of the executable file is extracted; whether a storage operation for the executable file exists is monitored and if so, file header information of the executable file is extracted; the file header information extracted twice is compared and whether any difference exists is determined; if so, the file head of the executable file is determined to be tampered and a counting operation of plus one is carried out; and when the number of tampered executable files exceeds a preset threshold value, infection type virus existence is determined, wherein the file header information includes an inlet point of the file header and the number, sizes, and attributes of nodes. Therefore, monitoring can be carried out from the perspective of a function behavior and thus whether an infection type virus exists in a system can be determined accurately.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and system for detecting infectious viruses based on file headers. Background technique [0002] Traditional malicious code detection methods include: first, identify malicious code based on signature matching; second, some anti-virus engines use behavior detection methods to identify malicious code; determination. However, infectious viruses often evade detection by means of encryption or deformation, which makes it difficult to extract signature features. In terms of behavior detection, it only extracts the behavior of malicious code, and does not perform special processing for specific file formats, and the processing is not meticulous. Therefore, the current detection of infectious viruses still stays in the method of detecting conventional malicious codes, and no special treatment is carried out according to its particularity. [0003] Infectious virus i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 李柏松其他发明人请求不公开姓名
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap