Unknown virus infection tracing method, device and system

An unknown virus and virus technology, applied in the computer field, can solve the problems of unable to find information system weaknesses, affecting information system reinforcement, unable to trace unknown virus sources and transmission paths, etc.

Active Publication Date: 2020-01-14
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF9 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, traditional antivirus software only traces known ransomware viruses, and cannot trace the source and transmission path of unknown viruses, and thus cannot discover the weaknesses of the information system, which affects the final reinforcement of the information system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unknown virus infection tracing method, device and system
  • Unknown virus infection tracing method, device and system
  • Unknown virus infection tracing method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] refer to figure 1 , the embodiment of the present invention provides an unknown virus infection tracing method, wherein, when applied to an unknown virus infection tracing engine, may include the following steps:

[0028] Step S101, receiving the file content of the monitoring file sent by the terminal, and extracting the first feature and the second feature from the file content; wherein, the first feature is the MD5 feature of the overall file content, and the second feature is the MD5 feature of the partial file content ;

[0029]In the embodiment of the present invention, the embodiment of the present invention extracts the file content of the monitoring file in two situations, and obtains the MD5 features of the two file contents. In case 1, the overall file content of the monitoring file is extracted to obtain the MD5 feature of the overall file content; in case 2, the partial file content of the monitoring file is extracted to obtain the MD5 feature of the parti...

Embodiment 2

[0053] refer to image 3 , an embodiment of the present invention provides an unknown virus infection tracing device, which is applied to an unknown virus infection tracing engine, including:

[0054] The receiving module 11 is used to receive the file content of the monitoring file sent by the terminal, and extract the first feature and the second feature from the file content; wherein, the first feature is the MD5 feature of the overall file content, and the second feature is the partial file content MD5 characteristics;

[0055] Judging module 12, for judging whether the monitored file is a suspected unknown virus file based on the first feature and the second feature;

[0056] Processing judging module 13, for if, then put suspected unknown virus file in the sandbox and process, judge whether suspected unknown virus file has virus behavior characteristic;

[0057] Determining module 14, for if having, then the suspected unknown virus file with virus behavior characterist...

Embodiment 3

[0070] refer to Figure 5 , the embodiment of the present invention provides an unknown virus infection tracing system, which includes: an unknown virus infection tracing engine 30, at least one terminal 40 and a visual presentation system 50; wherein the terminal 40 is used to provide the unknown virus infection tracing engine with The file content and file operation of the monitoring file on the terminal; the unknown virus infection tracing engine 30 is used to receive the file content and file operation, and based on the file content and file operation, form the transmission path of the unknown virus; the visual presentation system 50 is used to Displays the propagation path.

[0071] In the embodiment of the present invention, the unknown virus infection traceability engine 30 receives the file feature data reported by each terminal 40, and forms traceability results after global data analysis. The first machine and the propagation path of the unknown virus file, where th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an unknown virus infection tracing method, device and system, and relates to the technical field of computers, and the method comprises the steps: receiving the file content ofa monitoring file sent by a terminal, and extracting a first feature and a second feature from the file content; based on the first feature and the second feature, judging whether the monitoring fileis a suspected unknown virus file or not; if yes, judging whether the suspected unknown virus file has virus behavior characteristics or not; if yes, determining the suspected unknown virus file withthe virus behavior characteristics as an unknown virus; receiving file operations reported by all terminals, and searching an infection source of the unknown virus based on the MD5 value of the firstfeature of the unknown virus and the operation information of the file operations; and based on the infection source, sorting all unknown viruses according to the infection time sequence of each unknown virus to form a propagation path of the unknown viruses. According to the method, the source of unknown viruses and the propagation path of the unknown viruses can be traced.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to a tracing method, device and system for unknown virus infection. Background technique [0002] With the rapid popularity of malware such as ransomware and mining Trojan horses, various new virus file machine variants emerge in an endless stream, posing a huge challenge to traditional antivirus software. For an information system, it is very important to discover and deal with this unknown virus. At the same time, tracing the source and transmission path of the unknown virus is also important for discovering protection weaknesses and strengthening them in time. However, traditional anti-virus software only traces known ransomware viruses, and cannot trace the source and transmission path of unknown viruses, and thus cannot discover the weaknesses of the information system, which affects the final reinforcement of the information system. Contents of the invention [00...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 李华生范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap