CN111797392B - Method, device and storage medium for controlling infinite analysis of derivative files - Google Patents
Method, device and storage medium for controlling infinite analysis of derivative files Download PDFInfo
- Publication number
- CN111797392B CN111797392B CN201910284057.1A CN201910284057A CN111797392B CN 111797392 B CN111797392 B CN 111797392B CN 201910284057 A CN201910284057 A CN 201910284057A CN 111797392 B CN111797392 B CN 111797392B
- Authority
- CN
- China
- Prior art keywords
- derivative
- file
- analyzed
- analysis
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The embodiment of the invention discloses a method, a device and a storage medium for controlling infinite analysis of derivative files, relates to the technical field of malicious code analysis, and can save system resources by limiting the generation and analysis of the derivative files through limiting the hierarchy of the derivative files. The method comprises the following steps: acquiring input files to be analyzed, and adding a derivative layer number; if the file to be analyzed generates a derivative file, adding 1 as the derivative layer level number of the derivative file on the basis of the derivative layer level number of the parent file; judging whether the number of the derived layers of the file to be analyzed is larger than a set threshold value of the analysis identifier, and if so, preventing the file to be analyzed from entering the analysis identifier.
Description
Technical Field
The present invention relates to the field of malicious code analysis technologies, and in particular, to a method, an apparatus, and a storage medium for controlling infinite analysis of derivative files.
Background
In the existing malicious code analysis products, the detection method of the file is to directly deliver a sample, so that each analysis component analyzes the sample, and finally, analysis results are summarized and output. However, when we cannot get a clear analysis result from the existing analysis report, other methods are often needed to assist the analysis. In general, we will focus on whether the sample has a derived file, if so, we can further obtain more accurate and rich information by analyzing the derived file. There are many ways of generating the derivative file, such as unpacking and shelling by an antivirus engine, extracting attachments from an email format file, releasing or downloading virtual machine operation, etc. But just due to the diversity of the derivatization, a number of problems are presented to us. Since the system typically analyzes large volumes of samples, if not limited, this results in redelivery whenever there is a derivative file, which can produce a similar unpacking bomb effect. Many derivative files are generated, and the overall analysis speed is greatly reduced. Since we focus on deriving the document by analyzing the derived document to obtain the behavior and information related to the sample, we do not want the document to be derived infinitely and analyzed infinitely.
Disclosure of Invention
In view of the above, the embodiments of the present invention provide a method, an apparatus, and a storage medium for controlling infinite analysis of a derivative file, which can effectively solve the negative influence caused by analysis of the derivative file and improve the analysis efficiency of a system by adding a derivative layer number to the file to be analyzed.
In a first aspect, an embodiment of the present invention provides a method for controlling infinite analysis of a derivative file, including:
acquiring input files to be analyzed, and adding a derivative layer number;
if the file to be analyzed generates a derivative file, adding 1 as the derivative layer level number of the derivative file on the basis of the derivative layer level number of the parent file;
judging whether the number of the derived layers of the file to be analyzed is larger than a set threshold value of the analysis identifier, and if so, preventing the file to be analyzed from entering the analysis identifier.
According to a specific implementation manner of the embodiment of the present invention, the determining whether the number of derived layers of the file to be analyzed is greater than a set threshold of the analysis identifier, if so, preventing the file to be analyzed from entering the analysis identifier, and replacing with: and judging whether the number of the derived layers of the file to be analyzed is larger than a preset value, and if so, not allowing the file to be analyzed to be uploaded.
According to a specific implementation manner of the embodiment of the invention, the method further comprises the following steps: different thresholds are set for each analysis evaluator.
According to a specific implementation manner of the embodiment of the invention, the method further comprises the following steps: and determining the derivative relation between the derivative file and the parent file based on the derivative layer progression.
In a second aspect, an embodiment of the present invention provides an apparatus for controlling infinite analysis of a derivative file, including:
the derivative layer series adding module is used for obtaining input files to be analyzed and adding the derivative layer series;
the derivative level number updating module is used for adding 1 as the derivative level number of the derivative file on the basis of the derivative level number of the parent file if the file to be analyzed generates the derivative file;
and the derivative layer number judging module is used for judging whether the number of the derivative layer numbers of the files to be analyzed is larger than the set threshold value of the analysis identifier, and if so, preventing the files to be analyzed from entering the analysis identifier.
According to a specific implementation manner of the embodiment of the present invention, the derivative layer number determining module is specifically configured to: and judging whether the number of the derived layers of the file to be analyzed is larger than a preset value, and if so, not allowing the file to be analyzed to be uploaded.
According to a specific implementation manner of the embodiment of the invention, the method further comprises the following steps: different thresholds are set for each analysis evaluator.
According to a specific implementation manner of the embodiment of the invention, the method further comprises the following steps: and determining the derivative relation between the derivative file and the parent file based on the derivative layer progression.
In a third aspect, an embodiment of the present invention provides an electronic device, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory for performing the method of any of the foregoing implementations.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the method of any of the preceding implementations.
The embodiment of the invention provides a method, a device and a storage medium for controlling infinite analysis of derived files, which are characterized in that firstly, derived layer series are added to all input files to be analyzed, if the files to be analyzed generate the derived files, 1 adding operation is executed on the basis of the original derived layer series, and the like; judging whether the number of derived layers of the file to be analyzed is larger than a set threshold value, and further controlling whether the file to be analyzed is put into an analysis identifier to execute analysis operation. According to the method and the device provided by the invention, the level distinction of the derivative files is realized by increasing the number of the derivative layers in the sample execution analysis process, so that the generation and analysis of the derivative files are limited, and the analysis efficiency of a system is improved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for controlling infinite analysis of derived documents according to an embodiment of the present invention;
FIG. 2 is a flow chart of yet another embodiment of a method of controlling infinite analysis of derived documents in accordance with the present invention;
FIG. 3 is a schematic structural diagram of an apparatus for controlling infinite analysis of derived documents according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an embodiment of the electronic device of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are merely some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
When the analysis performance test of the system is carried out, a large number of samples are required to be delivered into the system, if the number of the derivative layers is not limited, new derivative files are infinitely derived from the samples, and then the new derivative files are infinitely put into the system for analysis, and the analysis task of the system is aggravated due to the large number of derivative files, so that the system performance is seriously affected.
In a first aspect, an embodiment of the present invention provides a method for controlling infinite analysis of derived files, which can reduce system resource consumption and improve analysis efficiency of a system.
FIG. 1 is a flow chart of a method for controlling infinite analysis of derived documents according to an embodiment of the present invention, comprising:
s101: and acquiring the input file to be analyzed, and adding the number of derivative layers.
Wherein the number of derived layers of the file to be analyzed which is initially input is set to 0.
S102: if the file to be analyzed generates a derivative file, adding 1 as the derivative layer level number of the derivative file on the basis of the derivative layer level number of the parent file.
For example, if the number of derived layers of the parent file is 0, the number of derived layers of the current derived file is 1, and so on, the current derived file is taken as the file to be analyzed, and if the file to be analyzed generates a new derived file, the number of derived layers of the derived file is 2.
S103: different thresholds are set for each analysis evaluator. The setting of different thresholds for each analysis identifier can be based on the dynamic and static analysis identifier, the analysis speed of the identifier and/or the number of objects to be analyzed, etc., so as to reasonably set the thresholds of each analysis identifier. Specifically, a derivative level condition may be added to the configuration file of each analysis identifier, and only the file to be analyzed satisfying the condition that the number of derivative levels is equal to or smaller than the threshold value will be subjected to analysis by the analysis identifier.
S104: judging whether the number of the derived layers of the file to be analyzed is larger than a set threshold value of the analysis identifier, and if so, preventing the file to be analyzed from entering the analysis identifier.
Preferably, the method further comprises: and determining the derivative relation between the derivative file and the parent file based on the derivative layer progression.
For example: setting the threshold value of the analysis identifier to be 1, delivering the same number of samples into the system again, and finding that the number of derived files is obviously reduced and the file analysis speed is stable. This is because only documents with derivative levels 0 and 1 will be analyzed by the validator, thus greatly relieving the pressure of the validator in analysis and significantly improving the analytical performance.
The method of the embodiment not only can improve the analysis efficiency of the system, but also can enable each analysis identifier to better play a role by setting the threshold value of each analysis identifier, and realize analysis and filtration of the derived file in the analysis process.
FIG. 2 is a flow chart of a method of controlling infinite analysis of derived documents according to another embodiment of the present invention, including:
s201: and acquiring the input file to be analyzed, and adding the number of derivative layers.
S202: if the file to be analyzed generates a derivative file, adding 1 as the derivative layer level number of the derivative file on the basis of the derivative layer level number of the parent file.
S203: and judging whether the number of the derived layers of the file to be analyzed is larger than a preset value, and if so, not allowing the file to be analyzed to be uploaded.
The judging whether the number of the derived layers of the file to be analyzed is larger than a preset value or not specifically comprises the following steps: and adding a configuration file into the system, setting a preset value of the maximum allowable uploading derivative layer number for the system when the system is started for control, and if the derivative layer number of the file to be analyzed is judged to be larger than the preset value, not allowing the file to be uploaded by the system, so that the system does not have a re-derivative condition.
Preferably, the method further comprises: and determining the derivative relation between the derivative file and the parent file based on the derivative layer progression.
According to the method, the analysis efficiency of the system can be improved, and when the number of the derivative layers of the file to be analyzed is larger than a preset value, uploading of the file to be analyzed is prevented, so that blocking operation from an entrance is achieved. The embodiment saves system resources while ensuring analysis depth.
In a second aspect, an embodiment of the present invention provides a device for controlling infinite analysis of derived files, where the device can reduce system resource consumption and improve analysis efficiency of a system.
FIG. 3 is a schematic structural diagram of an apparatus for controlling infinite analysis of derived documents according to an embodiment of the present invention, wherein the apparatus may include:
the derivative layer number adding module 301 is configured to obtain an input file to be analyzed, and add a derivative layer number;
the derivative level number updating module 302 is configured to add 1 as a derivative level number of the derivative file on the basis of the derivative level number of the parent file if the file to be analyzed generates the derivative file;
the derivative level number determining module 303 is configured to determine whether the number of derivative levels of the document to be analyzed is greater than a set threshold of the analysis identifier, and if so, prevent the document to be analyzed from entering the analysis identifier.
Preferably, the derivative layer number determining module is specifically configured to: and judging whether the number of the derived layers of the file to be analyzed is larger than a preset value, and if so, not allowing the file to be analyzed to be uploaded.
Preferably, the method further comprises: different thresholds are set for each analysis evaluator.
Preferably, the method further comprises: and determining the derivative relation between the derivative file and the parent file based on the derivative layer progression.
The device of the embodiment not only can improve the analysis efficiency of the system, but also can enable each analysis identifier to better play a role by setting the threshold value of each analysis identifier, and realize analysis and filtration of the derived file in the analysis process.
In a third aspect, the embodiment of the present invention further provides an electronic device, which can reduce system resource consumption and improve analysis efficiency of a system.
Fig. 4 is a schematic structural diagram of an embodiment of an electronic device according to the present invention, where the electronic device may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged in a space surrounded by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to the respective circuits or devices of the above-described electronic apparatus; the memory 43 is for storing executable program code; the processor 42 runs a program corresponding to the executable program code by reading the executable program code stored in the memory 43 for executing the method described in any of the foregoing embodiments.
The specific implementation of the above steps by the processor 42 and the further implementation of the steps by the processor 42 by running executable program codes may be referred to the description of the embodiment of fig. 1-3 of the present invention, and will not be repeated here.
The electronic device exists in a variety of forms including, but not limited to:
(1) A mobile communication device: such devices are characterized by mobile communication capabilities and are primarily aimed at providing voice, data communications. Such terminals include: smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, etc.
(2) Ultra mobile personal computer device: such devices are in the category of personal computers, having computing and processing functions, and generally also having mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as iPad.
(3) Portable entertainment device: such devices may display and play multimedia content. The device comprises: audio, video players (e.g., iPod), palm game consoles, electronic books, and smart toys and portable car navigation devices.
(4) And (3) a server: the configuration of the server includes a processor, a hard disk, a memory, a system bus, and the like, and the server is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, and the like.
(5) Other electronic devices with data interaction functions.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the method of any of the preceding implementations.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
For convenience of description, the above apparatus is described as being functionally divided into various units/modules, respectively. Of course, the functions of the various elements/modules may be implemented in the same piece or pieces of software and/or hardware when implementing the present invention.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present invention should be included in the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (10)
1. A method of controlling infinite analysis of a derivative document, comprising:
acquiring input files to be analyzed, and adding a derivative layer number;
if the file to be analyzed generates a derivative file, adding 1 as the derivative layer level number of the derivative file on the basis of the derivative layer level number of the parent file;
judging whether the number of the derived layers of the file to be analyzed is larger than a set threshold value of the analysis identifier, and if so, preventing the file to be analyzed from entering the analysis identifier.
2. The method of claim 1, wherein the determining whether the number of derived layers of the document to be analyzed is greater than a set threshold of the analysis evaluator, if so, prevents the document to be analyzed from entering the analysis evaluator, and the replacing is: and judging whether the number of the derived layers of the file to be analyzed is larger than a preset value, and if so, not allowing the file to be analyzed to be uploaded.
3. The method as recited in claim 1, further comprising: different thresholds are set for each analysis evaluator.
4. The method as recited in claim 1, further comprising: and determining the derivative relation between the derivative file and the parent file based on the derivative layer progression.
5. An apparatus for controlling infinite analysis of a derivative document, comprising:
the derivative layer series adding module is used for obtaining input files to be analyzed and adding the derivative layer series;
the derivative level number updating module is used for adding 1 as the derivative level number of the derivative file on the basis of the derivative level number of the parent file if the file to be analyzed generates the derivative file;
and the derivative layer number judging module is used for judging whether the number of the derivative layer numbers of the files to be analyzed is larger than the set threshold value of the analysis identifier, and if so, preventing the files to be analyzed from entering the analysis identifier.
6. The apparatus of claim 5, wherein the determining whether the number of derived layers of the document to be analyzed is greater than a set threshold of the analysis evaluator, if so, prevents the document to be analyzed from entering the analysis evaluator, instead of: and judging whether the number of the derived layers of the file to be analyzed is larger than a preset value, and if so, not allowing the file to be analyzed to be uploaded.
7. The apparatus as recited in claim 5, further comprising: different thresholds are set for each analysis evaluator.
8. The apparatus as recited in claim 5, further comprising: and determining the derivative relation between the derivative file and the parent file based on the derivative layer progression.
9. An electronic device, the electronic device comprising: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; a processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory for performing the method of any of the preceding claims 1 to 4.
10. A computer readable storage medium storing one or more programs executable by one or more processors to implement the method of any of the preceding claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910284057.1A CN111797392B (en) | 2019-04-09 | 2019-04-09 | Method, device and storage medium for controlling infinite analysis of derivative files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910284057.1A CN111797392B (en) | 2019-04-09 | 2019-04-09 | Method, device and storage medium for controlling infinite analysis of derivative files |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111797392A CN111797392A (en) | 2020-10-20 |
| CN111797392B true CN111797392B (en) | 2023-08-08 |
Family
ID=72805780
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910284057.1A Active CN111797392B (en) | 2019-04-09 | 2019-04-09 | Method, device and storage medium for controlling infinite analysis of derivative files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111797392B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2012083849A (en) * | 2010-10-07 | 2012-04-26 | Hitachi Ltd | Malware detector, and method and program for the same |
| CN103793649A (en) * | 2013-11-22 | 2014-05-14 | 北京奇虎科技有限公司 | Method and device for cloud-based safety scanning of files |
| CN106778276A (en) * | 2016-12-29 | 2017-05-31 | 北京安天网络安全技术有限公司 | A kind of method and system for detecting incorporeity file malicious code |
| CN108229164A (en) * | 2016-12-21 | 2018-06-29 | 武汉安天信息技术有限责任公司 | Decompress the judgment method and device of bomb |
| CN108229168A (en) * | 2017-12-29 | 2018-06-29 | 哈尔滨安天科技股份有限公司 | A kind of Heuristic detection method, system and the storage medium of nesting class file |
| CN108881150A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | A kind of processing method of Detection task, device, electronic equipment and storage medium |
| CN108874617A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | Detection task distributing method, device, electronic equipment and storage medium |
| CN109033828A (en) * | 2018-07-25 | 2018-12-18 | 山东省计算中心(国家超级计算济南中心) | A kind of Trojan detecting method based on calculator memory analytical technology |
-
2019
- 2019-04-09 CN CN201910284057.1A patent/CN111797392B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2012083849A (en) * | 2010-10-07 | 2012-04-26 | Hitachi Ltd | Malware detector, and method and program for the same |
| CN103793649A (en) * | 2013-11-22 | 2014-05-14 | 北京奇虎科技有限公司 | Method and device for cloud-based safety scanning of files |
| CN108229164A (en) * | 2016-12-21 | 2018-06-29 | 武汉安天信息技术有限责任公司 | Decompress the judgment method and device of bomb |
| CN106778276A (en) * | 2016-12-29 | 2017-05-31 | 北京安天网络安全技术有限公司 | A kind of method and system for detecting incorporeity file malicious code |
| CN108229168A (en) * | 2017-12-29 | 2018-06-29 | 哈尔滨安天科技股份有限公司 | A kind of Heuristic detection method, system and the storage medium of nesting class file |
| CN108881150A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | A kind of processing method of Detection task, device, electronic equipment and storage medium |
| CN108874617A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | Detection task distributing method, device, electronic equipment and storage medium |
| CN109033828A (en) * | 2018-07-25 | 2018-12-18 | 山东省计算中心(国家超级计算济南中心) | A kind of Trojan detecting method based on calculator memory analytical technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111797392A (en) | 2020-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108875364B (en) | Threat determination method and device for unknown file, electronic device and storage medium | |
| US10579837B2 (en) | Method, device and electronic apparatus for testing capability of analyzing a two-dimensional code | |
| US9727568B2 (en) | Method and system for game data collection | |
| CN108804918B (en) | Security defense method, security defense device, electronic equipment and storage medium | |
| US20190012248A1 (en) | Method for scanning cache of application and electronic device | |
| CN110652728B (en) | Game resource management method and device, electronic equipment and storage medium | |
| CN111161283B (en) | Picture resource processing method and device and electronic equipment | |
| US20170192480A1 (en) | Method for adjusting frequency modulation parameters and electronic device | |
| CN111030968A (en) | Detection method and device capable of customizing threat detection rule and storage medium | |
| CN113965402A (en) | Configuration method and device of firewall security policy and electronic equipment | |
| CN111797392B (en) | Method, device and storage medium for controlling infinite analysis of derivative files | |
| CN111027065B (en) | Leucavirus identification method and device, electronic equipment and storage medium | |
| CN111062035B (en) | Lesu software detection method and device, electronic equipment and storage medium | |
| CN114338102B (en) | Security detection method, security detection device, electronic equipment and storage medium | |
| CN111782294A (en) | Application program running method and device, electronic equipment and storage medium | |
| CN106933323B (en) | Method and device for optimizing power consumption of application program and electronic equipment | |
| CN110611675A (en) | Vector magnitude detection rule generation method and device, electronic equipment and storage medium | |
| CN108804917B (en) | File detection method and device, electronic equipment and storage medium | |
| CN110312166B (en) | Live broadcast room message filtering method and device, electronic equipment and storage medium | |
| CN108875372B (en) | Code detection method and device, electronic equipment and storage medium | |
| CN110659489B (en) | Threat detection method, device and storage medium for character string splicing behavior | |
| WO2017028729A1 (en) | Method, apparatus, and electronic device for determining whether an application program is an authorized application program | |
| US20170154096A1 (en) | Data service system and electronic apparatus | |
| CN114189379B (en) | Webpage resource processing method and device and electronic equipment | |
| CN111797393B (en) | Method and device for detecting malicious mining behavior based on GPU |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |