CN101141469A - Safety information retrieval server, system, method and a terminal - Google Patents
Safety information retrieval server, system, method and a terminal Download PDFInfo
- Publication number
- CN101141469A CN101141469A CNA2007101820099A CN200710182009A CN101141469A CN 101141469 A CN101141469 A CN 101141469A CN A2007101820099 A CNA2007101820099 A CN A2007101820099A CN 200710182009 A CN200710182009 A CN 200710182009A CN 101141469 A CN101141469 A CN 101141469A
- Authority
- CN
- China
- Prior art keywords
- file
- security information
- user terminal
- server
- content identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The present invention discloses a safety information retrieval server, a system, a method and a terminal, and is used to improve the retrieval efficiency of the safety information and to save the occupancy of a network bandwidth. The safety information retrieval server provided by the present invention comprises a safety information gain cell, which is used to gain and memory the safety information of a document corresponding to the content identification of the document; and a safety information supply cell, which is used to supply the safety information of the document corresponding to the content identification of the document for a user terminal.
Description
Technical field
The present invention relates to networking technology area, relate in particular to a kind of safety information retrieval server, system, method and a kind of terminal.
Background technology
The nucleus module of existing antivirus engine comprises: scan module, removing module and feature database.As shown in Figure 1, scan module is used for the scanning to internal memory or file, carries out effect in the mode of binary coding coupling in feature database, if the file that meets virus characteristic is arranged, then can call the removing module it is removed.
Virus killing technology of the prior art comprises: 1, scanning/characteristic matching algorithm more at a high speed.2, more rational virus base comprises more comprehensively Virus Sample, and the more perfect virus extermination method of exploitation.3, inspire the overall application of technology such as scanning, virtual machine, artificial intelligence.Wherein, at a high speed mark scanning coupling and rational virus base have been saved the virus killing time, and technology such as heuristic scanning, virtual machine, artificial intelligence can help to prevent unknown virus.
Why antivirus software of the prior art can check out virus, and mainly rely on two conditions: the file of being checked possesses integrality; The virus of looking into has the condition code that is complementary in virus base, perhaps meet the logical implication that inspires scanning.A file (file in for example downloading) that does not possess integrality probably is a virus document that comprises imperfect virus characteristic, so, this virus neither possesses any complete characterization in the virus characteristic storehouse, the fuzzy characteristics that does not also possess the scanning of inspiring is so just can be considered to virus scarcely.Therefore, have only when satisfying above-mentioned two conditions simultaneously, virus document just can be considered to virus.
Though scanning/characteristic matching algorithm has at a high speed been saved the virus killing time, but this algorithm is to be based upon on the basis that takies a large amount of CPU and internal memory scanning, can bring a lot of inconvenience to the computer operator like this, cause more operating personnel in order to improve or recovery system speed and abandon using this virus killing technology.
The virus scan result of traditional antivirus software just offers single user.If run into a constant file, such as the Downloadable resource file that Internet service provider provides, all need know that the user of its security information needs it is carried out virus scan, has so just caused whole waste of time so.A very big file must download to this machine fully, just can scan, such as, the file A that size is M, its virus scan time T is about with the relation of M: T=F (M)+G (M).Wherein, F (M) is under the current bandwidth, the transmission time of file A, and F (M)=M/v, v is a transmission speed.The time that G (M) needs for scanning document A.As can be seen, the proportional and v relation of being inversely proportional to of T and M.G also depends on the efficient of antivirus software in addition, the complexity of CPU speed, memory size and the file of machine itself etc.For file A, if having N people to download and scanning, then consuming timely altogether be: t=T*N.And as long as file A itself is constant, the security information of A is constant, and the process of this multiple scanning is a kind of wastes for the Internet bandwidth resources in short supply, for everyone time also be a kind of waste.
In addition, the viral load level is all increasing with progression every day, the result who directly causes be exactly the virus characteristic storehouse that possesses of any single antivirus software all be incomplete, the so new virus that produces can not join in the middle of the feature database in time, therefore, the accuracy of antivirus software just can not be guaranteed.
Summary of the invention
The embodiment of the invention provides a kind of safety information retrieval server, system, method and a kind of terminal, in order to improve the recall precision of security information and taking of conserve network bandwidth.
A kind of safety information retrieval server that the embodiment of the invention provides comprises:
Security information obtains the unit, is used to obtain and the security information of corresponding this document of content identification of storage and file;
Security information provides the unit, and being used for provides security information with the corresponding described file of content identification of described file to user terminal.
A kind of user terminal that the embodiment of the invention provides comprises:
The checking and killing virus unit is used for file is carried out checking and killing virus, obtains the security information of this document;
Security information reports the unit, is used for the security information of described file is reported server.
A kind of user terminal that the embodiment of the invention provides comprises:
The security information request unit is used for sending to server the request of the security information that obtains file;
Receiving element is used to receive the security information of the described file that described server returns.
A kind of security information searching system that the embodiment of the invention provides comprises: first user terminal, server and second user terminal;
Described first user terminal is used for file is carried out checking and killing virus, obtains the security information of this document, and reports described server;
Described server is used to receive and store the security information of the described file of described first user terminal to send up, and, the security information of described file is provided to described second user terminal;
Described second user terminal is used for obtaining from described server the security information of described file.
A kind of security information search method that the embodiment of the invention provides comprises:
The security information of corresponding this document of content identification of server acquisition and storage and file;
Described server provides security information with the corresponding described file of content identification of described file to user terminal.
The embodiment of the invention, the security information of the corresponding this document of content identification by server acquisition and storage and file, described server provides security information with the corresponding described file of content identification of described file to user terminal, make the user terminal of downloading identical file can obtain the security information of this document fast, saved and obtained the time of file security information, and saved taking of the network bandwidth.
Description of drawings
Fig. 1 is the system configuration schematic diagram of prior art killing virus;
The system configuration schematic diagram that Fig. 2 A provides for the embodiment of the invention;
The first user terminal structural representation that Fig. 2 B provides for the embodiment of the invention;
The server architecture schematic diagram that Fig. 2 C provides for the embodiment of the invention;
The second user terminal structural representation that Fig. 2 D provides for the embodiment of the invention;
Fig. 3 is in the embodiment of the invention reporting the killing poison result of file the schematic diagram of server;
Fig. 4 sets up the security information index schematic diagram of file for the content identification that utilizes file in the embodiment of the invention;
The method flow schematic diagram that Fig. 5 provides for the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of safety information retrieval server, system, method and a kind of terminal, to improve the recall precision of security information and taking of conserve network bandwidth.
Below in conjunction with accompanying drawing the technical scheme that the embodiment of the invention provides is elaborated.
Referring to Fig. 2 A, the system that the embodiment of the invention provides comprises: NetWare file server 21, first user terminal 22, server 23 and second user terminal 24.Wherein, first user terminal 22 is the user terminal of first file in download A, and second user terminal 24 is downloaded the user terminal of this document A for other.
Described NetWare file server 21 is used for providing the user to need downloaded files to user terminal.
Described first user terminal 22 is used for from described NetWare file server 21 file in download A file A being carried out checking and killing virus, obtains the security information of file A, and, the security information of file A is reported described server 23.
Described server 23, the security information that receives and store the file A of described first user terminal 22 transmissions.When described second user terminal 24 sends the request of the security information that obtains file A, unified resource positioning address (the URL that provides according to described second user terminal 24, Uniform Resource Locator), inquiry obtains the content identification (CID of file A, be content ID, also can be called content signature, be the sign of the file flesh and blood that obtains by hashing algorithm, Davis-Meyer (Davies-Meyer) hash function or Secure Hash Algorithm (SHA) scheduling algorithm.CID is the unique identification that is used for the tab file content).The URL address of the CID of file A and this document is corresponding, but CID and URL and nonessential be one to one, the CID of the file that content is identical is identical, still, it be a lot of can giving the URL of user's download, therefore, CID and URL can be the relations of one-to-many.And CID and security information are man-to-man relations.In addition, the CID of described server 23 self file that also can obtain by hashing algorithm, Davis-Meyer (Davies-Meyer) hash function or Secure Hash Algorithm (SHA) scheduling algorithm.
Described second user terminal 24 is used for according to the URL address of file A, obtaining the security information of this document from the URL address of described NetWare file server 21 acquisition file A from server 23.
Therefore, for certain file on the network, if there be N people to download and scanning, then consuming time altogether: t=T*N.And the system that adopts the embodiment of the invention to provide if be constant time C (with file size, the file complexity is all irrelevant) security information retrieval time of single file, then always consuming timely is: t=C*N.So when N is big more, the time of saving (T-C) * N is also just big more.As seen, embodiment of the invention system has saved a large amount of network bandwidths and user's time.
Preferably, described server 23 is placed on the security information of file on search engine or the website, makes the user when browsing search engine or website, can obtain the security information of file simultaneously.
Introduce the process that server 23 obtains the security information of the file that first user terminal 22 reports below.
Fig. 3 shows the process that client (user terminal) is reported server 23 with the malicious result of the killing of file, and the embodiment of the invention is called distributed virus killing and data-gathering process.After server 23 was collected the virus of file, the file virus data are analyzed, put in order, set up the corresponding relation of file virus and file and various statistical report forms or the like.Server 23 can carry out analysis of science according to the viral data of collecting to be handled.Because the uncertainty that file virus changes, and the finiteness of current antivirus software itself make can not perceive viral feature in advance when file being carried out the killing poison, usually can delay virus a period of time and just can find effective killing mode.So deviation may appear in the data that certain period collects, be considered to safe file in advance and may also have the virus that can't discern at that time, along with the virus killing development of technology, can identify this part file this moment is dangerous.Therefore, server 23 will upgrade processing to the data that change according to various situations, also needs simultaneously the data of collecting are carried out taxonomic revision, sets up various index or the like, so that improve the efficient of inquiry and the accuracy of inquiry.
In order to retrieve the security information of certain specified file apace, utilize the CID of file to set up the index of the security information of this document, as shown in Figure 4.Index just can be saved retrieval time after setting up greatly.Further, owing to can downloaded files in the Internet have countless a plurality ofly, each file all can corresponding CID, so the CID of the file that client reports and checking and killing virus result's quantity still can be very big.From the information bank of so huge quantity, retrieve safety (checking and killing virus result) information of certain file correspondence, will expend a large amount of time, so, can further optimize retrieval mode, can calculate according to the CID of file, obtain the hashed value of described file, with further saving retrieval time.Particularly: the hashing algorithm that obtains the hashed value of file can adopt multiple mode, and generally the CID according to file calculates an integer.For example, the CID of certain file is: CAFAE01CF792E10A0763726EAEAD0CA8B743EC77, get preceding four: CAFA, these four are changeed the decimal system by hexadecimal and draw a decimal integer 51962, and this integer just can be used as second hashed value of this document CID.For alternative document, for example the CID of file is: CAFAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, same, the hashed value of this document of calculating also is 51962.But, be the file of AAAAE01CF792E10A0763726EAEAD0CA8B743EC77 for CID, will calculate different hashed value 43690.Therefore, by hashing algorithm, file CID can be classified, thereby the hashed value by file is retrieved corresponding file security information, the quantity that need find when making retrieval significantly reduces, thereby has improved retrieval rate.
Preferably, can use distributed computing technology to increase the capacity of information stores, the quantity of information bank can be done unconfined increase, thereby satisfies the demand of storage All Files security information.
Introduce the concrete structure of each device in the embodiment of the invention system below.
Referring to Fig. 2 B, first user terminal 22 that the embodiment of the invention provides comprises:
Checking and killing virus unit 221 is used for file is carried out checking and killing virus, obtains the security information of this document.
Security information reports unit 222, is used for the security information of described file is reported server 23.
Referring to Fig. 2 C, the server 23 that the embodiment of the invention provides comprises:
Security information obtains unit 231, is used to receive and store the security information of the file that first user terminal 22 sends, and wherein, the security information of described file is corresponding with the CID of this document.
Security information provides unit 232, and being used for provides security information with the corresponding described file of CID of described file to second user terminal 24.
Described security information obtains unit 231 and comprises:
Obtain unit 2311, be used to receive and store the security information of the file that first user terminal 22 sends.Certainly, described acquisition unit 2311 self also can carry out checking and killing virus to described file, obtains the security information of described file.
Described security information provides unit 232, the URL address that provides according to second user terminal 24, inquiry obtains the CID of described file, CID according to described file, calculate the hashed value of described file, and, from described memory cell 2313, retrieve corresponding file security ensemble of communication according to this hashed value, from the set of this document security information, take out the security information of this document, and offer second user terminal 24.
Referring to Fig. 2 D, second user terminal 24 that the embodiment of the invention provides comprises:
Security information request unit 241 is used for sending to server 23 request of the security information that obtains file, comprising the URL address of described file.
Receiving element 242 is used to receive the security information of the described file that described server 23 returns.
Introduce the method that the embodiment of the invention provides below.
The method that the embodiment of the invention provides comprises as shown in Figure 5:
S501, first user terminal are downloaded certain file from NetWare file server, and described first user terminal is downloaded the user terminal of this document for first.
S502, first user terminal scan this document by this machine antivirus software, obtain the security information of this document, and the security information of this document is reported to server.
S503, other download second user terminal of this document, send the request of the security information that obtains described file to described server, comprising the URL address of described file.
S504, described server be according to the request of described second user terminal, inquires the CID with corresponding this document in URL address of described file.
S505, described server are according to the CID of described file, and retrieval obtains the security information of corresponding described file, and the security information of this document is sent to second user terminal.
Preferably, when described second user terminal when described second server sends retrieval request, according to the URL of the second user side access file, inquire the CID of file.And described second server can calculate this first hashed value with the CID of described file as first hashed value, obtains second hashed value; According to second hashed value of described file, retrieve corresponding file security ensemble of communication, and the security information of therefrom taking out with described file sends to described second user terminal.
In sum, the technical scheme that adopts the embodiment of the invention to provide, need not to have downloaded the security information that file just can be learnt file, in conjunction with the virus killing function of client and the scheduling processing capacity of server, network information data are carried out the fail safe sign, come various viruses are carried out overall killing from the angle of full the Internet, analyze and control, avoided single virus killing instrument, the defective of single virus killing technology, the effect that can will once kill virus greatly is radiated hundreds of millions of users simultaneously, greatly saved total download time of numerous users, reduced the risk of a large amount of computer infective virus, saved taking the network bandwidth.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (14)
1. a safety information retrieval server is characterized in that, described server comprises:
Security information obtains the unit, is used to obtain and the security information of corresponding this document of content identification of storage and file;
Security information provides the unit, and being used for provides security information with the corresponding described file of content identification of described file to user terminal.
2. server according to claim 1 is characterized in that, described security information obtains the unit and comprises:
Obtain the unit, be used to obtain and the security information of corresponding this document of content identification of storage and file;
The unit is set, is used for content identification, calculate the hashed value of described file according to described file; The security information of each file that described hashed value is identical is set to a file security ensemble of communication;
Memory cell is used to store each file security ensemble of communication;
Described security information provides the unit, content identification according to described file, calculate the hashed value of described file, and according to this hashed value, from described memory cell, retrieve corresponding file security ensemble of communication, from the set of this document security information, take out the security information of this document, and offer described user terminal.
3. server according to claim 2 is characterized in that described security information provides the unit, and according to the unified resource positioning address that described user terminal provides, inquiry obtains the content identification of described file.
4. server according to claim 3 is characterized in that, the corresponding one or more unified resource positioning address of described content identification.
5. server according to claim 2 is characterized in that, described acquisition unit carries out checking and killing virus to described file, obtains the security information of described file; Perhaps, obtain the security information of described file from user terminal.
6. a user terminal is characterized in that, this user terminal comprises:
The checking and killing virus unit is used for file is carried out checking and killing virus, obtains the security information of this document;
Security information reports the unit, is used for the security information of described file is reported server.
7. a user terminal is characterized in that, this user terminal comprises:
The security information request unit is used for sending to server the request of the security information that obtains file;
Receiving element is used to receive the security information of the described file that described server returns.
8. user terminal according to claim 7 is characterized in that, comprises the unified resource positioning address of described file in the request of the security information of described acquisition file.
9. a security information searching system is characterized in that, this system comprises: first user terminal, server and second user terminal;
Described first user terminal is used for file is carried out checking and killing virus, obtains the security information of this document, and reports described server;
Described server is used to receive and store the security information of the described file of described first user terminal to send up, and, the security information of described file is provided to described second user terminal;
Described second user terminal is used for obtaining from described server the security information of described file.
10. a security information search method is characterized in that, this method comprises:
The security information of corresponding this document of content identification of server acquisition and storage and file;
Described server provides security information with the corresponding described file of content identification of described file to user terminal.
11. method according to claim 10 is characterized in that, described server calculates the hashed value of described file according to the content identification of described file; The security information of each file that described hashed value is identical is set to a file security ensemble of communication;
Described server is according to the content identification according to described file, calculate the hashed value of described file, and, retrieve corresponding file security ensemble of communication according to this hashed value, from the set of this document security information, take out the security information of this document, and offer described user terminal.
12. method according to claim 11 is characterized in that, the unified resource positioning address that described server provides according to described user terminal, and inquiry obtains the content identification of described file.
13. method according to claim 12 is characterized in that, the corresponding one or more unified resource positioning address of described content identification.
14. method according to claim 10 is characterized in that, the security information of described file is that user terminal provides; Perhaps, described server self carries out checking and killing virus to file and obtains.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101820099A CN101141469A (en) | 2007-10-17 | 2007-10-17 | Safety information retrieval server, system, method and a terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101820099A CN101141469A (en) | 2007-10-17 | 2007-10-17 | Safety information retrieval server, system, method and a terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101141469A true CN101141469A (en) | 2008-03-12 |
Family
ID=39193210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101820099A Pending CN101141469A (en) | 2007-10-17 | 2007-10-17 | Safety information retrieval server, system, method and a terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101141469A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924760A (en) * | 2010-08-17 | 2010-12-22 | 优视科技有限公司 | Method and system for downloading executable file securely |
| CN102469146A (en) * | 2010-11-19 | 2012-05-23 | 北京奇虎科技有限公司 | Cloud security downloading method |
| CN102790799A (en) * | 2012-06-05 | 2012-11-21 | 电子科技大学 | Resource downloading method based on cloud security service |
| CN103020519A (en) * | 2012-11-15 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method and equipment for providing safety relevant information corresponding to access request |
| CN103841156A (en) * | 2012-11-26 | 2014-06-04 | 腾讯科技(深圳)有限公司 | File download protection method, device, and system based on an end-to-end protocol |
-
2007
- 2007-10-17 CN CNA2007101820099A patent/CN101141469A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924760A (en) * | 2010-08-17 | 2010-12-22 | 优视科技有限公司 | Method and system for downloading executable file securely |
| CN101924760B (en) * | 2010-08-17 | 2012-11-14 | 优视科技有限公司 | Method and system for downloading executable file securely |
| CN102469146A (en) * | 2010-11-19 | 2012-05-23 | 北京奇虎科技有限公司 | Cloud security downloading method |
| WO2012065551A1 (en) * | 2010-11-19 | 2012-05-24 | 北京奇虎科技有限公司 | Method for cloud security download |
| CN102469146B (en) * | 2010-11-19 | 2015-11-25 | 北京奇虎科技有限公司 | A kind of cloud security downloading method |
| CN102790799A (en) * | 2012-06-05 | 2012-11-21 | 电子科技大学 | Resource downloading method based on cloud security service |
| CN102790799B (en) * | 2012-06-05 | 2015-01-21 | 电子科技大学 | Resource downloading method based on cloud security service |
| CN103020519A (en) * | 2012-11-15 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method and equipment for providing safety relevant information corresponding to access request |
| CN103841156A (en) * | 2012-11-26 | 2014-06-04 | 腾讯科技(深圳)有限公司 | File download protection method, device, and system based on an end-to-end protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8171008B2 (en) | Data retrieval | |
| US8504733B1 (en) | Subtree for an aggregation system | |
| US11347851B2 (en) | System and method for file artifact metadata collection and analysis | |
| CN111740868B (en) | Alarm data processing method and device and storage medium | |
| CN110083391A (en) | Call request monitoring method, device, equipment and storage medium | |
| US20040181607A1 (en) | Method and apparatus for providing information in a peer-to-peer network | |
| CN111538563A (en) | Event analysis method and device for Kubernetes | |
| CN102968591B (en) | Malicious-software characteristic clustering analysis method and system based on behavior segment sharing | |
| TWI711935B (en) | File processing method and device | |
| CN102932391A (en) | Method and device for processing data in peer to server/peer (P2SP) system, and P2SP system | |
| CN101141469A (en) | Safety information retrieval server, system, method and a terminal | |
| CN108063685B (en) | Log analysis method and device | |
| Patgiri et al. | Hunting the pertinency of bloom filter in computer networking and beyond: A survey | |
| WO2020167552A1 (en) | System and method for forensic artifact analysis and visualization | |
| CN103310154A (en) | Information security processing method, equipment and system | |
| WO2018019010A1 (en) | Dynamic behavioral analysis method, device, system, and apparatus | |
| CN101026502B (en) | Broad band network comprehensive performance management flatform | |
| CN115712646A (en) | Alarm strategy generation method, device and storage medium | |
| US11847219B2 (en) | Determining a state of a network | |
| US11308212B1 (en) | Adjudicating files by classifying directories based on collected telemetry data | |
| US20190007439A1 (en) | Analysis method, analysis device, and analysis program | |
| CN110716938A (en) | Data aggregation method and device, storage medium and electronic device | |
| Bhagat et al. | Content-based file sharing in peer-to-peer networks using threshold | |
| CN116095065A (en) | Intranet office software version downloading method based on server side dynamic allocation | |
| WO2022156293A1 (en) | Method and apparatus for processing alert log, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080312 |