Virus type identification method and device

A type identification and virus technology, applied in the field of information security, can solve the problems of virus identification false positives, feature failures, false positives, etc., to achieve the effect of avoiding false positives and false negatives, good identification, and solving false positives and false positives

Active Publication Date: 2017-07-18
ALIBABA GRP HLDG LTD
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, if a virus (such as a worm) has a variant, the features may fail. If normal features are used to match these invalid features, false positives or false negatives may occur, and then related technologies use feature value matching. There will be false positives and false negatives in virus (such as worm) identification

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virus type identification method and device
  • Virus type identification method and device
  • Virus type identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0020] According to an embodiment of the present application, an embodiment of a method for identifying a virus type is also provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0021] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Take running on a computer terminal as an example, figure 1 It is a block diagram of the hardware structure of a computer terminal of a virus type identification method in the embodiment of the present application. Such as figure 1 As shown, the computer terminal 10 may include one or more (only one is shown in the figure) pro...

Embodiment 2

[0089] According to an embodiment of the present invention, a device for implementing the above virus type identification method is also provided, Figure 6 is the structural frame of the virus type identification device according to the embodiment of the present application Figure 1 ,Such as Figure 6 As shown, the device includes:

[0090] The first preprocessing module 62 is used to preprocess the behavior data to be tested of the virus to obtain word frequency vectors;

[0091] It should be noted that the virus may be a Trojan horse virus or a worm virus, but is not limited thereto.

[0092] The above-mentioned preprocessing process can be completed by an independent module (such as the first preprocessing module 62), and can also be completed by a plurality of submodules or units contained in the module. For the latter, the first preprocessing module 62 can only include The word segmentation unit is used to perform word segmentation processing on the behavior data to ...

Embodiment 3

[0116] Embodiments of the present invention may provide a computer terminal, and the computer terminal may be any computer terminal device in a group of computer terminals. Optionally, in this embodiment, the foregoing computer terminal may also be replaced with a terminal device such as a mobile terminal.

[0117] Optionally, in this embodiment, the foregoing computer terminal may be located in at least one network device among multiple network devices of the computer network.

[0118] In this embodiment, the above-mentioned computer terminal can execute the program code of the following steps in the virus type identification method of the application program: preprocessing the behavior data of the virus to be tested to obtain the word frequency vector; obtaining the word frequency vector and each classification of the virus The distance between the cluster center points is obtained by obtaining multiple distance values; the classification of the cluster center point correspo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a virus type identification method and device, wherein the method comprises the steps of: pre-processing to-be-detected behaviour data of virus to obtain a word frequency vector; obtaining the distances between the word frequency vector and each classified clustering centre point of the virus to obtain multiple distance values; and, determining the classification, where the clustering centre point corresponding to the minimum distance value in the multiple distance values is, as the type of the virus.

Description

technical field [0001] The present invention relates to the field of information security, in particular, to a virus type identification method and device. Background technique [0002] Viruses (such as worms) in related technologies are generally identified by matching feature values ​​in network traffic or behavior-based identification techniques. However, if a virus (such as a worm) has a variant, the features may fail. If normal features are used to match these invalid features, false positives or false negatives may occur, and then related technologies use feature value matching. False positives and false negatives may exist in identifying viruses (such as worms). Contents of the invention [0003] According to an aspect of the embodiment of the present application, a virus type identification method is provided, including: preprocessing the behavior data of the virus to be tested to obtain a word frequency vector; The distance between multiple distance values ​​is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/566G06F18/23213
Inventor 程利军
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap