Method for identifying unknown virus programe and clearing method thereof

A technology of virus programs and unknown viruses, which is applied to instruments, electronic digital data processing, platform integrity maintenance, etc., can solve the problems of large system space, occupancy, and low efficiency of virus program identification, so as to improve accuracy and efficiency, and accurately recognition effect

Inactive Publication Date: 2007-03-28
光子(北京)国际信息工程技术研究有限公司
View PDF1 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, because the virus program behavior infection analysis method needs to simulate a CPU, even the entire operating system, and needs to adopt enough baits to induce the program to be detected, it will cause the method to take up a large system space and identify virus programs. low efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for identifying unknown virus programe and clearing method thereof
  • Method for identifying unknown virus programe and clearing method thereof
  • Method for identifying unknown virus programe and clearing method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051]The core idea of ​​the present invention is to obtain the behavior data of the program to be detected, and compare it with the obtained special behavior data of the virus program, that is, the behavior data related to destructive operations, so as to judge whether the program to be detected is a virus program . Therefore, the method of the present invention can not only identify known virus programs, but also identify most unknown virus programs through the comparison of behavior data.

[0052] Referring to FIG. 1 , it is a flow chart of the first embodiment of the unknown virus program identification method of the present invention.

[0053] The method described in Figure 1 comprises the following steps:

[0054] Step s1, acquiring behavior data of the program to be detected. The behavior data of the program to be tested is essentially a series of source code sequence blocks capable of completing specific functions or results, that is, program operation instructions o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The method includes steps: obtaining data of behavior of program to be tested; based on obtained data of behavior and prearranged data of behavior of typical virus program to determine whether the program to be tested is a virus program. The invention not only can identify known virus program, also can identify most unknown virus program quite accurately. The invention can compare results of behaviors, and determines relation between results and behaviors so as to realize identifying unknown virus program accurately, as well as raise discriminating accuracy and efficiency. The invention also discloses method for cleaning out unknown virus programs, and further builds and executes converse operations of behavior of virus program based on behavior of virus program so as to be able to recover data destroyed by virus program.

Description

technical field [0001] The invention relates to a method for identifying and clearing an unknown virus program, in particular to a method for identifying an unknown virus program and a method for clearing the virus program. Background technique [0002] In a common anti-virus program, a feature code scanning technology is usually used for identifying a virus program. The anti-virus program consists of two parts: one part is the virus program code library, which contains specially selected characteristic code strings of various computer virus programs; Whether the program to be detected is a virus program is judged by finding whether there is a characteristic code string in the virus program code library in the program to be detected. The number of computer virus programs that can be identified by the virus program scanning program depends entirely on the number of characteristic code strings of virus programs contained in the virus program code library. Obviously, the more...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F1/00G06F21/56
CPCG06F21/566
Inventor 白杰鲁征宇李薇
Owner 光子(北京)国际信息工程技术研究有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap