CN101621511A - Multilayer detecting method without local virus library and multilayer detecting system - Google Patents

Multilayer detecting method without local virus library and multilayer detecting system Download PDF

Info

Publication number
CN101621511A
CN101621511A CN 200910086295 CN200910086295A CN101621511A CN 101621511 A CN101621511 A CN 101621511A CN 200910086295 CN200910086295 CN 200910086295 CN 200910086295 A CN200910086295 A CN 200910086295A CN 101621511 A CN101621511 A CN 101621511A
Authority
CN
China
Prior art keywords
server
virus
client
detection
whitelist
Prior art date
Application number
CN 200910086295
Other languages
Chinese (zh)
Inventor
关墨辰
Original Assignee
北京安天电子设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京安天电子设备有限公司 filed Critical 北京安天电子设备有限公司
Priority to CN 200910086295 priority Critical patent/CN101621511A/en
Publication of CN101621511A publication Critical patent/CN101621511A/en

Links

Abstract

The invention discloses a multilayer detecting method without a local virus library, which comprises the following steps: only preserving partial white list libraries by a client without preserving a local virus library; filtering white lists after a normalization command sequence of a file to be detected is obtained; reporting the filtered normalization command sequence to a server end; and receiving a detecting result returned by the server end. The server end comprise a multistep server group, only a top server group is used for storing the integrated white list library and a virus library, other levels of server groups only retain partial white list libraries and virus libraries, an uploaded normalization command sequence is carried out the multilevel white list filtration and the virus library comparison; and a selecting result is fed back the client. The invention also discloses a multilayer detecting system without a local virus library. The invention increases the speed and the effect of virus detection, reduces bandwidth occupation, can improve the detection capability of new viruses and can realize the customization of the enterprise private virus library.

Description

一种多层次的无本地病毒库检测方法及系统 A multi-level non-native virus detection method and system

技术领域 FIELD

本发明涉及计算机技术领域,特别涉及一种多层次的无本地病毒库检测方法及系统。 The present invention relates to computer technology, and particularly relates to a multi-level non-native virus detection method and system.

背景技术 Background technique

随着信息网络的迅速发展,我们所面临的安全问题越来越复杂,安全威胁正在飞速增长,尤其混合威胁的风险,如黑客攻击、蠕虫病毒、木马后门、间谍软件、僵尸网络等,极大地困扰着用户,给信息网络造成严重的破坏。 With the rapid development of information network security problems we face increasingly complex security threats are growing rapidly, especially the risk of blended threats, such as hackers, worms, backdoor Trojans, spyware, botnets, etc., greatly plagued users, causing serious damage to the information network. 而如何利用信息网络进行安全的通信,同时保护计算机自身信息的安全性,成为当前网络安全和信息安全迫在眉睫的问题。 And how to use information networks for secure communications, while protecting the security of their information the computer has become current network security and information security issues at stake.

近两年的安全防御调査表明,超过80%的管理和安全问题来自终端,计算机终端广泛涉及每个用户,由于其分散性、不被重视、安全手段缺乏的特点, 已成为信息安全体系的薄弱环节。 Nearly two years of security and defense survey showed that more than 80% of management and security issues from the terminal, computer terminals are widely involved in each user, due to its decentralized nature, not being taken seriously, the lack of security means the characteristics has become the information security system weakness.

目前,在现有的病毒检测技术中,最新公开的技术方案有以下两种: At present, the existing virus detection technology, the latest technical solution disclosed in the following two:

1. 一种在线査毒的装置和方法 An apparatus and method of online virus

(资料来源:中国专利公开号:CN101039177A公开日:2007年9月19 曰) (Source: China Patent Publication No.: CN101039177A Publication date: September 19, 2007, saying)

一种在线査毒的装置,用于客户终端与服务器端通过互联网对本地计算系统进行病毒的査杀,其特征在于,所述客户终端包含有客户端程序模块,所述服务器端包含有服务端程序模块,其中,所述客户端程序模块向所述服务端程序模块上传待査毒文件或者待査毒文件的校验值,并接受所述服务器端程序模块返回的查询结果;所述服务端程序模块根据该校验值査询该待査毒文件的信息或者调用杀毒引擎对该待查毒文件进行査毒,并向所述客户端程序模块返回查询结果。 Means an online virus checking for the client terminal and the server for killing the virus on the local computing system via the Internet, wherein the client terminal comprises a client program module, the server comprising server program module, wherein the client program module to the server program module to upload a file to be narcotics narcotics or value document to be checked, and accepts the query results returned by the server program module; said server the program modules to be used according to the query information check value document or narcotics antivirus engine calls the file to be narcotics virus scanning, the client program module to return query results. 该技术方案的优点是无需在客户端安装体积庞大的病毒库,也无需在客户端及时更新最新的病毒数据使客户终端部署简单,能够提供比较快速的查毒服务。 The advantage of this technical solution is no need to install client bulky virus database, there is no need to update the latest virus data in the client terminal allows customers to deploy simple, can provide relatively rapid virus scanning service. 但该技术方案通过上传待査毒文件或者待査毒文件的校验值进行检测的方法,仍存在无法对付隐蔽型病毒,严重影响了检测速度及效果,且带宽占用较大的相关问题。 But check the value of the technical methods to be narcotics program by uploading a file or files to be narcotics detection, and still can not deal with hidden viruses, seriously affecting the detection speed and effectiveness, and greater bandwidth issues.

2.病毒査杀的方法、装置和系统 2. A method for detecting virus, apparatus and system

(资料来源:中国专利公开号:CN101308533A公开日:2008年11月19曰) (Source: China Patent Publication No.: CN101308533A Publication date: November 19, 2008 said)

一种病毒査杀的方法,在客户端,所述病毒查杀的方法包括:收集目标文件的特征信息; A method for detecting virus, a client, a method for detecting virus comprising: collecting feature information of the target file;

将所述特征信息发送到服务器端进行特征匹配;接收服务端返回的匹配结果;根据所述匹配结果对所述目标文件进行处理。 Transmitting the feature information to the server feature matching; matching results returned from the receiving service; processing the target file according to the matching result. 在服务器端,所述病毒査杀的方法包括:接收客户端发送的目标文件的特征信息;将所述特征信息与特征库中的特征信息进行特征匹配,其中,所述特征库位于服务器端,用于存储带有病毒的目标文件的特征信息;将所述匹配结果发送到客户端,由客户端根据所述匹配结果对所述目标文件进行处理。 On the server side, the method for detecting virus comprising: receiving characteristic information of the target files sent by the client; the feature information of the feature information in the feature database matching feature, wherein the feature database on the server side, wherein the target file for storing information with a virus; sending the matching result to the client, the target file is processed by the client according to the matching result. 该技术方案的优点是在服务器端进行病毒的查杀,能够节省客户端系统资源。 The advantage of this technical solution is killing the virus on the server side, the client can save system resources. 该技术方案的利用特征信息匹配虽然具有对病毒识别的准确性,但是仍存在对未知病毒不具备识别能力,无法防范最新病毒与隐蔽型病毒,且检测速度及效果相对较低的问题。 The use of information matching the technical solution, while having the accuracy of the identification of the virus, but there are still questions about the unknown virus does not have the ability to identify, can not protect against the latest viruses and hidden viruses, and the detection rate and the effect is relatively low.

以上两个技术方案,仅仅针对病毒库进行更新操作,如果某企业用户需要专门检测某一类或某几类病毒,则仍需要花费大量的时间来等待检测结果,则会极大地损耗了企业的成本,造成不必要的损失。 More than two technical solutions, only for the virus database update operations, if the user needs an enterprise specialized detect a certain type or certain types of a virus, it still takes a lot of time to wait for test results, will be a great loss to the company's costs, resulting in unnecessary losses.

发明内容 SUMMARY

针对上述针对现有病毒检测技术中的问题,本发明的目的在于提供一种多层次的无本地病毒库检测方法,在避免病毒库升级成本的同时,提升了病毒的检测速度及对新病毒的检测能力,同时还可以实现企业私有病毒库的定制。 For the above problems of the prior art virus detection, object of the present invention is to provide a multi-level non-native virus detection method to avoid the upgrade costs while virus, enhance the detection speed viruses and new virus detection capabilities, as well as customized private enterprise virus database can be achieved. 为了实现本发明的方法,本发明还公开了一种多层次的无本地病毒库检测系统。 In order to achieve the method of the present invention, the present invention also discloses a multi-level non-native virus detection system.

本发明解决其技术问题采用的技术方案是:一种多层次的无本地病毒库检测方法,其特征在于,包括以下步骤: The present invention solves the technical problem using the technical solution is: A multi-level non-native virus detection method characterized by comprising the steps of:

所述客户端并不保存本地病毒库,仅保存部分的白名单库,获取待检测文件的归一化指令序列后,进行白名单过滤,将过滤后的归一化指令序列上传至服务器端,并接收服务器端返回的检测结果; The client does not save a local virus library, only save whitelist library section acquires a document to be detected return instruction sequence, whitelist filtered, normalized after filtration of a sequence of instructions to upload to the server, and receives the detection result returned by the server;

所述服务端包含多级服务器群,仅有顶级服务器群存储完整的白名单库与病毒库,其它级的服务器群仅保留部分白名单库及病毒库,将上传的归一化指令序列进行多级的白名单过滤与病毒库比对,将检测结果反馈给客户端。 The server contains multiple servers group, only the top-level server farms to store a complete library of white list and virus database, other levels of server farms to retain only part of the white list and virus database, upload normalized multiple instruction sequences whitelist virus filtration stage than the detection result back to the client.

所述获取待检测文件的归一化指令序列,进行白名单过滤的步骤,具体为: 在执行病毒检测操作时,所述客户端将会对待检测文件的指令进行包括剔除常数,去掉顺序语句等的转换,得到的归一化指令序列再进行白名单过滤,并将过滤后的归一化指令序列上传至距离客户端最近的服务器端进行病毒检测; The acquired file to be detected instruction sequence is normalized, the step of filtering the white list, specifically: When a virus detection operation, the client will treat the instruction comprises detecting file are removed constants, and the like to remove the sequential statements conversion, resulting normalized whitelist instruction sequence then filtered, and the normalized filtered sequence of instructions to upload from the client to the nearest end of virus detection server;

所述的将上传的归一化指令序列进行多级的白名单过滤与病毒库比对,将检测结果反馈给客户端的步骤,具体为:所述服务端将客户端上传的归一化指令序列进行白名单过滤与病毒库比对,判断是否为病毒,将检测结果反馈给客户端;如果该指令序列为未知并是第一次要求检测,则向上一级服务器群要求检测,同时对于要求检测次数多的未知文件进行优先分析,服务器端仅保存要求检测过的文件的特征和信息。 Uploading said normalized sequence of instructions multistage step whitelist virus filtering and comparing the detection result back to the client, specifically: the server to the client upload normalization instruction sequence filtered and whitelist virus database comparison, determines whether a virus detection result back to the client; if the instruction sequence is known and is the first requirement detection is required to detect up a server farm, while the requirements for detection of more often unknown priority file analysis, only the server storage requirements and feature information files that have been detected.

一种多层次的无本地病毒库检测系统,其特征在于:所述客户端包含有客户端程序模块,所述服务器端包含有顶级服务器及多级分服务器。 A multi-level non-native virus detection system, wherein: the client comprises a client program module, said server comprising a server and multiple top fraction servers.

所述客户端程序模块获取待检测文件的归一化指令序列,进行白名单过滤, 将过滤后的归一化指令序列上传至服务器端,并接收服务器端返回的检测结果; The client program module acquires the file to be detected instruction sequence is normalized, filtered the white list, the normalized filtered sequence of instructions to upload to the server, and receives the detection result returned by the server;

所述服务器端的多级分服务器群利用局域网内文件的相似性和有限性,每服务器只存储部分特征,通过将获取的归一化指令序列进行白名单过滤和病毒库比对,给出检测结果至客户端,同时对于未知文件和第一次要求检测的文件向上一级服务器请求; The multistage server server farm using the limited similarity and the LAN file server stores only each portion of the feature, by normalizing the obtained instruction sequence of a whitelist virus filtration and alignment, the detection result given to the client, while the server a request for an upward and unknown file required to detect the first document;

所述服务器端的顶级服务器群包含有最完整的病毒库及白名单库,通过接收多级分服务器群的检测请求,将获取的归一化指令序列进行最后的白名单过滤和病毒库比对,并对要求检测次数多的未知文件进行优先分析,将检测结果经多级分服务器群反馈至客户端。 The server-side top server cluster with the most complete virus and whitelist library, by receiving the detection request multistage server farm, the acquired normalized instruction sequence final whitelist filtering and virus alignment, and more often required to detect unknown file priority analysis, the result of detection by the multi-level sub-group feedback server to the client.

所述的客户端程序模块还可以通过企业内部服务器的内容指定,实现企业私有病毒库的定制。 The client module can also be specified by the contents of the internal server, customized private enterprise virus database.

与现有技术相比,本发明具有以下有益效果: Compared with the prior art, the present invention has the following advantages:

本发明通过安装在客户终端的程序模块,和所述服务器端的多级分服务器群和顶级分服务器群进行病毒检测的交互响应,使用户在客户终端不必加载病毒库,仅保留部分白名单库进行首次过滤,并通过服务器端的多级分服务器群和顶级服务器群的多层次过滤及检测,提高了病毒检测的速度及效果;通过对未知文件的优先分析,有效提升了对新病毒的检测能力;同时对于企业用户的特殊要求,可以通过企业内部服务器的内容指定,进行企业私有病毒库的定制, 大大节省企业的病毒检测成本。 The present invention is interactive response virus detection by a program module installed in the client terminal, and the server multistage server farm and top sub-server farms, so that the user of the client terminal without having to load virus, retaining only partially whitelist library multi-level for the first time filtered, and server-side multi-level sub-server farms and the top server group filtering and detection, improving the speed and effectiveness of virus detection; through priority analysis of unknown files, effectively enhance the ability to detect new viruses; At the same time for the special requirements of business users, it can be specified by the contents of the internal server, customized private enterprise virus database, virus detection saves costs.

附图说明 BRIEF DESCRIPTION

图1为本发明提供的多层次无本地病毒库的检测方法的客户端流程图图2为本发明提供的多层次无本地病毒库的检测方法的服务器端流程图图3为本发明提供的多层次无本地病毒库的检测系统的结构示意图 Server-side multi-level flowchart of FIG method for detecting virus No local client multi-level flowchart of FIG. 1 of the present invention provides a method of non-detection of the native virus 2 of the present invention to provide a multi-3 of the present invention no structural diagram level detection system of local virus library

具体实施方式 Detailed ways

下面结合附图和实施例对本发明做进一步的详细说明: 本发明的实施例提供了一种多层次的无本地病毒库检测方法及系统如图1所示,所述的多层次无病毒库的检测的方法包括: 在客户端, The present invention is further described in detail below in conjunction with the accompanying drawings and embodiments: an embodiment of the present invention provides a multi-level non-native virus detection method and system shown in Figure 1, the multi-level database of virus-free detection method comprising: at a client,

101,获取待检测文件的归一化指令序列 101, acquires the file to be detected is normalized instruction sequence

102,白名单过滤 102, whitelist filter

103,将过滤后的指令序列上传至服务器端104,接收服务器端反馈结果105,根据反馈结果做出相应提示及处理在服务器端, 103, the instruction sequence after filtration uploaded to the server 104, the server receives 105 a result of the feedback, and make the appropriate prompt processing on the server side according to the feedback result,

201,获取客户端的待检测归一化指令序列202,白名单过滤 201, to be detected client acquires a normalized sequence of instructions 202, whitelist filters

203,进行病毒库比对,判断是否为病毒 203, virus database comparison, to determine whether the virus

204,对于未知文件,则向上一级分服务器群请求 204, for an unknown file, the server farm requests up a fraction

205,判断是否为顶级服务器群 205, to determine whether the top server group

206,保存信息,将检测结果反馈至客户端 206, save information, the detection result is fed back to the client

207,检测结束 207, detection end

本发明实施例提供的一种多层次的无本地病毒库检测方法,通过在客户端获取待检测文件的归一化指令序列,并将经过白名单过滤后的指令序列发送至服务器端进行,有服务器端进行多级的白名单过滤及病毒库比对,将检测结果反馈回客户端,客户端即可给出相应的提示及处理。 No virus local multi-level detection method according to an embodiment of the present invention, by obtaining normalized to be detected in the client file of a sequence of instructions, and the instruction and the instruction sequence is sent to the white list filtering server side, there is multi-level server whitelist filtering and virus database comparison, the detection result is fed back to the client, the client can be given the appropriate and prompt treatment.

如图3所示,所述的多层次无病毒库的检测的系统,包括: As shown, the multi-level non-virus detection system 3, comprising:

所述客户端程序模块405,通过将归一化指令序列上传至距离客户端最近的服务器端的多级分服务器群进行病毒检测; The client program module 405, virus detection multistage sequence to upload from the client server farm nearest server by the normalized instruction;

所述服务端的多级分服务器群(402〜404)将客户端上传的归一化指令序列进行白名单过滤,并将过滤后的待检测目标文件与病毒库比对,如果该指令序列存在,则将检测结果反馈给客户端程序模块;如果该指令序列不存在并是第一次要求检测,则向上一级服务器群要求检测,多级分服务器群仅保存要求检测过的文件的特征和信息; The multi-server server farm fraction (402~404) the client uploads the normalized sequence of instructions whitelist filtered, and the target file to be detected after filtering and virus database comparison, if the instruction sequence is present, then the detection result back to the client program module; if the sequence of instructions does not exist and is the first request for detection is required to detect up a server cluster, the server cluster multistage saves only the features and the information detection file. ;

所述服务器端的顶级服务器群401包含有最完整的病毒库及白名单库,通过接收多级分服务器群的检测请求,对指令序列进行白名单过滤及病毒库比对, 同时对于要求检测次数多的未知文件进行优先分析,并将检测结果反馈给多级分服务器群。 The server side of the top server farm 401 includes the most complete virus and whitelist libraries, sequence of instructions whitelist filtered and signature match by receiving the multi-level detection request fraction server farm, while the requirement is detected more often unknown file priority analysis, and test results back to the multi-level sub-server farms.

本发明实施例所提供的这种多层次的无本地病毒库检测方法及系统,与现有技术相比,通过安装在客户终端的程序模块,和所述服务器端的多级分服务器和顶级分服务器进行病毒检测的交互响应,使用户在客户终端不必加载病毒库,仅保留部分白名单库进行首次过滤,并通过服务器端的多级分服务器和顶级服务器的多层次过滤及检测,提高了病毒检测的速度及效果,并极大的减少了带宽占用,更好的保护了用户电脑的系统安全。 Embodiment of the present invention is not native virus detection method and system for such multi-layered embodiments provided, as compared with the prior art, by a program module installed in the client terminal, the server and the server side and top multi-division sub-server virus detection interactive response, so that the user of the client terminal does not have to load the virus database, retaining only part of the white list library for the first time filtration, and filtration and detection through multi-level server multistage servers and top-level server, improved virus detection speed and effect, and greatly reduces bandwidth consumption, better protection of the user's computer system security. 实现了本实施例所述的方法及系统。 The system implements a method according to the present embodiment and the embodiment. 同时所述的客户端程序模块还可以通过企业内部服务器的内容指定, 实现企业私有病毒库的定制,减少了企业升级病毒库的成本,并提高了病毒的检测速度及效果。 At the same time the client program module can also be specified by the contents of the internal server, customized private enterprise virus database, reducing the cost of enterprise virus database update and improve the detection rate and the effect of the virus.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above are merely specific embodiments of the present invention, but the scope of the present invention is not limited thereto, within the spirit and principles of the present invention, any changes made, equivalent substitutions, improvements, etc., should It included within the scope of the present invention.

Claims (8)

1.一种多层次的无本地病毒库检测方法,其特征在于,包括以下步骤: 所述客户端并不保存本地病毒库,仅保存部分白名单库,获取待检测文件的归一化指令序列后,进行白名单过滤,将过滤后的归一化指令序列上传至服务器端,并接收服务器端返回的检测结果; 所述服务端包含多级服务器群,仅有顶级服务器群存储完整的白名单库与病毒库,其它级的服务器群仅保留部分白名单库及病毒库,将上传的归一化指令序列进行多级的白名单过滤与病毒库比对,将检测结果反馈给客户端。 A multi-level non-native virus detection method comprising the steps of: the client is not stored locally virus, only a portion of the white list stored library to acquire a document to be detected return instruction sequence after filtering the white list, the normalized filtered of a sequence of instructions to upload to the server, and receives the detection result returned by the server; the server comprises a multi-level server cluster, server farm only store the complete top whitelist virus database and database server farms other stages remain only partially whitelist and virus database upload normalized sequence of instructions multistage filtration whitelist virus database comparison, the detection result back to the client.
2. 根据权利要求1所述的方法,其特征在于,所述获取待检测文件的归一化指令序列,进行白名单过滤的步骤,具体为:在执行病毒检测操作时,所述客户端将会对待检测文件的指令进行包括剔除常数,去掉顺序语句等的转换,得到的归一化指令序列再进行白名单过滤, 并将过滤后的归一化指令序列上传至距离客户端最近的服务器端进行病毒检 2. The method according to claim 1, wherein said obtaining a normalized be detected instruction sequence files, whitelist filtering step, specifically: When a virus detection operation, the client instruction detection file will be treated include culling constant conversion remove sequential statements like, to obtain normalized whitelist instruction sequence then filtered, and the filtered return of a sequence of instructions to upload from the client to the server nearest check for viruses
3. 根据权利要求1所述方法,其特征在于,所述的将上传的归一化指令序列进行多级的白名单过滤与病毒库比对,将检测结果反馈给客户端的步骤, 具体为:所述服务端将客户端上传的归一化指令序列进行白名单过滤与病毒库比对,判断是否为病毒,将检测结果反馈给客户端;如果该指令序列为未知并是第一次要求检测,则向上一级服务器群要求检测,同时对于要求检测次数多的未知文件进行优先分析,服务器端仅保存要求检测过的文件的特征和信息。 3. The method according to claim 1, wherein the uploading of normalizing the sequence of instructions in multiple stages and the filter whitelist virus than the detection result back to the client in step is specifically: the server client upload normalized instruction sequence whitelist virus filtration comparison, determines whether a virus detection result back to the client; if the instruction sequence is known and is the first time required to detect , the required detection up a server farm, for simultaneously analyzing the priority repetition number required to detect unknown file, the server saves only the features detected and information files over.
4. 一种多层次的无本地病毒库检测系统,其特征在于:所述客户端包含有客户端程序模块,所述服务器端包含有顶级服务器群及多级分服务器群。 A multi-level non-native virus detection system, wherein: the client comprises a client program module, said server comprising a server farm and top multistage server farm.
5. 根据权利要求4所述的系统,其特征在于,所述客户端程序模块获取待检测文件的归一化指令序列,进行白名单过滤,将过滤后的归一化指令序列上传至服务器端,并接收服务器端返回的检测结果。 5. The system according to claim 4, characterized in that, the client program module obtaining a normalized be detected instruction sequence files, whitelist filtered, normalized after filtration of a sequence of instructions to upload to the server and receives the detection result returned by the server.
6. 根据权利要求4所述的系统,其特征在于,所述服务器端的多级分服务器群利用局域网内文件的相似性和有限性,每台服务器只存储部分特征,通过将获取的归一化指令序列进行白名单过滤和病毒库比对,给出检测结果至客户端,同时对于未知文件和第一次要求检测的文件向上一级服务器请求。 6. The system as claimed in claim 4, wherein said multi-division server using LAN file server cluster similarity and limited nature, wherein each server stores only part, by obtaining normalized sequence of instructions and whitelist virus filtration comparison, gives the detection result to the client, while the server a request for an upward and unknown file required to detect the first file.
7. 根据权利要求4所述的系统,其特征在于,所述服务器端的顶级服务器群包含有最完整的病毒库及白名单库,通过接收多级分服务器群的检测请求, 将获取的归一化指令序列进行最后的白名单过滤和病毒库比对,并对要求检测次数多的未知文件进行优先分析,将检测结果经多级分服务器群反馈至客户端。 7. The system as claimed in claim 4, wherein said top server server farm with the most complete and whitelist virus library, by receiving the detection request multistage server farm, the acquired normalized instruction sequence whitelist final match filtering and virus, and more often required to detect unknown file priority analysis, the result of detection by the multi-fraction is fed back to the client server farm.
8. 根据权利要求4所述的系统,其特征在于,所述的客户端程序模块还可以通过企业内部服务器的内容指定,实现企业私有病毒库的定制。 8. The system according to claim 4, wherein said client program module may also be specified by the content server internal, private corporate customized virus database.
CN 200910086295 2009-06-09 2009-06-09 Multilayer detecting method without local virus library and multilayer detecting system CN101621511A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200910086295 CN101621511A (en) 2009-06-09 2009-06-09 Multilayer detecting method without local virus library and multilayer detecting system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200910086295 CN101621511A (en) 2009-06-09 2009-06-09 Multilayer detecting method without local virus library and multilayer detecting system

Publications (1)

Publication Number Publication Date
CN101621511A true CN101621511A (en) 2010-01-06

Family

ID=41514554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200910086295 CN101621511A (en) 2009-06-09 2009-06-09 Multilayer detecting method without local virus library and multilayer detecting system

Country Status (1)

Country Link
CN (1) CN101621511A (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377753A (en) * 2010-08-19 2012-03-14 腾讯科技(深圳)有限公司 System information identification method, device and system
CN102790758A (en) * 2011-05-18 2012-11-21 海尔集团公司 Firewall system and processing method thereof
CN102819713A (en) * 2012-06-29 2012-12-12 北京奇虎科技有限公司 Method and system for detecting security of popup window
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN102915421A (en) * 2011-08-04 2013-02-06 腾讯科技(深圳)有限公司 Method and system for scanning files
CN103020118A (en) * 2012-11-14 2013-04-03 北京奇虎科技有限公司 Method and device for identifying security attributes of application programs
CN103049697A (en) * 2012-11-26 2013-04-17 北京奇虎科技有限公司 File detection method and system for enterprises
CN103150512A (en) * 2013-03-18 2013-06-12 珠海市君天电子科技有限公司 Honeypot system and method for utilizing same to detect Trojans
CN103678997A (en) * 2012-08-30 2014-03-26 腾讯科技(深圳)有限公司 System safety check method and device
CN103890770A (en) * 2011-10-17 2014-06-25 迈可菲公司 System and method for whitelisting applications in a mobile network environment
CN106203102A (en) * 2015-05-06 2016-12-07 北京金山安全管理系统技术有限公司 A kind of checking and killing virus method and device of the whole network terminal
CN106682505A (en) * 2016-05-04 2017-05-17 腾讯科技(深圳)有限公司 Virus detection method, terminal, server and system
CN107086978A (en) * 2016-02-15 2017-08-22 中国移动通信集团福建有限公司 A kind of method and device for recognizing trojan horse
CN107294966A (en) * 2017-06-21 2017-10-24 四川大学 A kind of IP white list construction methods based on Intranet flow

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377753A (en) * 2010-08-19 2012-03-14 腾讯科技(深圳)有限公司 System information identification method, device and system
CN102377753B (en) * 2010-08-19 2015-12-02 腾讯科技(深圳)有限公司 System information recognition methods, device and system
CN102790758A (en) * 2011-05-18 2012-11-21 海尔集团公司 Firewall system and processing method thereof
CN102790758B (en) * 2011-05-18 2017-08-18 海尔集团公司 Firewall system and its processing method
CN102915421A (en) * 2011-08-04 2013-02-06 腾讯科技(深圳)有限公司 Method and system for scanning files
CN102915421B (en) * 2011-08-04 2013-10-23 腾讯科技(深圳)有限公司 Method and system for scanning files
CN103890770A (en) * 2011-10-17 2014-06-25 迈可菲公司 System and method for whitelisting applications in a mobile network environment
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN102831338B (en) * 2012-06-28 2015-09-30 北京奇虎科技有限公司 A kind of safety detection method of Android application program and system
CN102819713A (en) * 2012-06-29 2012-12-12 北京奇虎科技有限公司 Method and system for detecting security of popup window
CN102819713B (en) * 2012-06-29 2015-09-16 北京奇虎科技有限公司 A kind of method and system detecting bullet window safe
CN103678997A (en) * 2012-08-30 2014-03-26 腾讯科技(深圳)有限公司 System safety check method and device
CN103678997B (en) * 2012-08-30 2017-12-01 腾讯科技(深圳)有限公司 System safety check method and device
CN103020118A (en) * 2012-11-14 2013-04-03 北京奇虎科技有限公司 Method and device for identifying security attributes of application programs
CN103020118B (en) * 2012-11-14 2016-09-28 北京奇虎科技有限公司 Security attribute recognition methods and device for application program
CN103049697A (en) * 2012-11-26 2013-04-17 北京奇虎科技有限公司 File detection method and system for enterprises
CN103150512B (en) * 2013-03-18 2015-10-21 珠海市君天电子科技有限公司 A kind of method of honey pot system and this systems axiol-ogy wooden horse of utilization
CN103150512A (en) * 2013-03-18 2013-06-12 珠海市君天电子科技有限公司 Honeypot system and method for utilizing same to detect Trojans
CN106203102A (en) * 2015-05-06 2016-12-07 北京金山安全管理系统技术有限公司 A kind of checking and killing virus method and device of the whole network terminal
CN106203102B (en) * 2015-05-06 2019-10-11 北京金山安全管理系统技术有限公司 A kind of checking and killing virus method and device of the whole network terminal
CN107086978A (en) * 2016-02-15 2017-08-22 中国移动通信集团福建有限公司 A kind of method and device for recognizing trojan horse
CN107086978B (en) * 2016-02-15 2019-12-10 中国移动通信集团福建有限公司 Method and device for identifying Trojan horse virus
CN106682505A (en) * 2016-05-04 2017-05-17 腾讯科技(深圳)有限公司 Virus detection method, terminal, server and system
CN107294966A (en) * 2017-06-21 2017-10-24 四川大学 A kind of IP white list construction methods based on Intranet flow

Similar Documents

Publication Publication Date Title
US8020206B2 (en) System and method of analyzing web content
JP5961183B2 (en) How to detect malicious software using contextual probabilities, generic signatures, and machine learning methods
US8667583B2 (en) Collecting and analyzing malware data
US9152789B2 (en) Systems and methods for dynamic cloud-based malware behavior analysis
RU2551820C2 (en) Method and apparatus for detecting viruses in file system
US8024804B2 (en) Correlation engine for detecting network attacks and detection method
EP2774076B1 (en) Fuzzy whitelisting anti-malware systems and methods
CA2686796C (en) Method and system for real time classification of events in computer integrity system
US7640589B1 (en) Detection and minimization of false positives in anti-malware processing
US8683216B2 (en) Identifying polymorphic malware
US9715588B2 (en) Method of detecting a malware based on a white list
Bayer et al. A View on Current Malware Behaviors.
Canali et al. Prophiler: a fast filter for the large-scale detection of malicious web pages
US20060130144A1 (en) Protecting computing systems from unauthorized programs
US20080127336A1 (en) Automated malware signature generation
US9177141B2 (en) Active defense method on the basis of cloud security
CN101267357B (en) A SQL injection attack detection method and system
KR101484023B1 (en) Malware detection via reputation system
US8239944B1 (en) Reducing malware signature set size through server-side processing
EP2478460B1 (en) Individualized time-to-live for reputation scores of computer files
US9762543B2 (en) Using DNS communications to filter domain names
JP6522707B2 (en) Method and apparatus for coping with malware
US9396333B1 (en) Thin client for computer security applications
US8375450B1 (en) Zero day malware scanner
US8091127B2 (en) Heuristic malware detection

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C20 Patent right deemed to be abandoned