CN101827104A - Multi anti-virus engine-based network virus joint defense method - Google Patents
Multi anti-virus engine-based network virus joint defense method Download PDFInfo
- Publication number
- CN101827104A CN101827104A CN201010158969A CN201010158969A CN101827104A CN 101827104 A CN101827104 A CN 101827104A CN 201010158969 A CN201010158969 A CN 201010158969A CN 201010158969 A CN201010158969 A CN 201010158969A CN 101827104 A CN101827104 A CN 101827104A
- Authority
- CN
- China
- Prior art keywords
- virus
- resource
- user
- server
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a multi anti-virus engine-based network virus joint defense method. In the method, various anti-virus engines are integrated by using cluster servers in the cloud computing to assist or even substitute for a user terminal to defense network virus so as to ensure fast network system and effectively defense the attack of the network virus. At present, the problems of spreading, infection and attack of the virus on the network become more and more serious, and the main means of defending the network virus depends on anti-virus software. The invention provides the multi anti-virus engine-based network virus joint defense method which is suitable for both Internet and Intranet. The method comprises the following steps of: deploying various anti-virus engines on the cluster servers of the cloud computing, wherein the different anti-virus engines focus on different types of network viruses; dividing the server cluster into a plurality of defense areas according to the engines arranged on the servers; and in addition, selecting a server node as a gateway node for the user terminal to access the cluster server.
Description
Technical field
The present invention is a kind of being used in the network computing environment based on the Internet or Intranet, improves the defensive ability/resistance ability of each host node to internet worm, adoptable a kind of internet worm Alliance Defense method based on many anti-virus engine.Present technique belongs to the interleaving techniques application of Distributed Calculation, information security, computer network and computer software.
Background technology
Internet worm comprises computer virus, network worm, back door wooden horse, spy's part etc., and resource-sharing that network is outstanding and communication function provide natural hotbed for propagation, infection and the destruction of internet worm.By network particularly the internet worm propagated of the Internet and application system thereof, involve that scope is big, broad covered area, just can cause at short notice that network congestion even paralysis, shared resource are lost, confidential information is had things stolen, thereby cause tremendous loss.
The main means of defending against network virus are to rely on patch system leak (being patch installing) and anti-viral software or anti-viral software at present.Anti-viral software integrated real-time monitoring identification usually, virus scan and functions such as removing, auto-update and data recovery have become the computer and network system of defense important component part of (also comprising fire compartment wall, intrusion detection, intrusion prevention system etc.).
But present anti-viral software is at first will find and confirm an internet worm substantially, and then takes precautions against, and exists a series of problems:
(1) can't handle increasing rogue program effectively, most of anti-viral software is manufacturing and the propagation that lags behind internet worm, and the feature database diagnostic method of the most normal employing at present is obviously out-of-date;
(2) the rogue program defence policies of the most normal employing at present mainly is simple multimachine defence, and the anti-viral software of cover identification and killing rogue program promptly is installed on every computer, mainly relies on the virus base in the local hard drive, and is weak in strength;
(3) kind of anti-viral software is many at present, emphasis is had nothing in common with each other, even from the progressive fixed point gateway virus killing of single-point defence, but a cover anti-viral software only is installed generally on the gateway of responsible defence or the computer, therefore usually is difficult to effectively defend diverse network virus to network level;
(4) internet worm of attacking anti-viral software in recent years is also more and more, even present most of anti-viral software all has the self-protection function, but still has internet worm can shield the process of anti-viral software now, causes its paralysis and can't protect main frame.
At serious day by day internet worm propagation, infection and attack problem, the present invention proposes a kind of both applicable to the internet worm Alliance Defense method based on many anti-virus engine that also is applicable to Intranet in the Internet.
Summary of the invention
Technical problem: virus propagation, infection and the attack problem on the network is serious day by day at present, and the main means of defending against network virus are the anti-viral softwares that relies on.Yet present anti-viral software exists hysteresis quality and a series of problems such as incomprehensive, causes its effectively defending against network virus.Various anti-virus engine side emphasis differences exist complementary.The present invention proposes a kind of both applicable to the internet worm Alliance Defense method based on many anti-virus engine that also is applicable to Intranet in the Internet.
Technical scheme: it is a kind of that the present invention proposes mainly had been to utilize the integrated multiple anti-virus engine of cluster server in the cloud computing to assist even replace user terminal to come defending against network virus applicable to the internet worm Alliance Defense method based on many anti-virus engine that also is applicable to Intranet in the Internet both, made network system can resist the attack of internet worm more quickly and efficiently.
Cloud computing is distributed in calculation task on the cluster server resource pool of a large amount of computers formations, make various application systems can obtain required service as required, generally possess following 3 characteristic features: the hardware infrastructure framework is on large-scale low-cost server cluster; Application program and the exploitation of bottom service collaboration maximally utilise resource; By the redundancy between a plurality of low-cost servers, use software to obtain high availability.The network application system that employing makes up based on the cloud computing technology of the computer cluster of high performance-price ratio, can come operational network application program and network service by the powerful server cluster of network function of use, any one user can obtain the network service of high performance-price ratio by suitable internet access facility.
The internet worm problem that the present invention utilizes the cloud computing framework to solve in the network has embodied new approaches that ensure information security cybertimes, and it has merged emerging technology and notions such as associated treatment, Distributed Calculation, data mining.
At first at the multiple anti-virus engine of cloud computing cluster server end deploy, different anti-virus engines lay particular emphasis on networks of different type virus respectively to this method; Server is divided into a plurality of defence zone according to the engine of installing on it with server cluster, selects a server node to insert the door node of cluster server as user terminal in addition;
The major function of server end is that the Internet resources that the user asks for are detected filtration, virus sweep and system upgrade by many anti-virus engine, when user terminal obtained network by networking client software, the anti-virus engine of reliance server end replaced own defending against network virus.
The Alliance Defense method may further comprise the steps:
Step 1. user terminal at first mails to network resources address the door node of cluster server end,
Harmful resources bank in a continual renovation of cluster server end maintenance has comprised relevant informations such as malicious websites, malice file; If the system discovery user wishes that the resource address that obtains is comprised in harmful resources bank, send a warning information to the user at once, and whether the inquiry user determines will continue to obtain this resource; , the user finishes this session if abandoning; If the user selects to continue to obtain this resource, or this resource address does not have danger, then changes step over to 2.;
Step is the system server website that visit is correlated with according to resource address 2.,
Step 3. system server is obtained the network of relation resource,
Step 4. system server terminal is carried out the parallel detection of many anti-virus engine to resource at once after getting access to Internet resources, soon resource is dispatched to simultaneously on the regional server node of a plurality of defence and detects; If the server node in these defence zones all detects this resource without any safety problem, be about to resource and be sent to user's reception; If wherein at least one regional server node detects this resource and has safety problem, as has comprised internet worms such as worm, wooden horse, then send a warning information to the user at once, and whether the inquiry user determines will continue to obtain this resource;
, the user finishes this session if abandoning; If the user selects to continue to obtain this resource, then attempt removing the internet worm in the resource, then clean resource is sent to the user if remove successfully, if server can't be removed, then submit to virus to report to the viral report database of server end at once, leave the relevant unit that is responsible for solution internet worm problem for and analyze solution, simultaneously information such as this resource address are write in harmful resources bank, and inquire once more whether the user determines to receive this resource; , the user finishes this session if abandoning; If the user selects to continue to obtain this resource, then this resource is sent to this user, and give the alarm to other user terminal of system.
No longer only rely on virus base in the user terminal local hard drive based on identification and killing virus in the internet worm Alliance Defense method of many anti-virus engine, but rely on huge system for cloud computing service, gather in real time, analyze, the whole upgrading fast of processing and network system, the internet worm that constantly occurs with collaborative antagonism.Whole network has just formed huge " an internet worm Alliance Defense system ", and server end is responsible for assisting even is replaced user terminal to concentrate defending against network virus.
At the cluster server end deploy multiclass anti-viral software or the multiple anti-virus engine of cloud computing system, different anti-viral softwares or engine lay particular emphasis on various rogue programs such as wooden horse, virus, worm, spy's part, recreation steal-number or password theft program respectively.Cluster server is divided into a plurality of defence zones according to the engine of installing on it with server cluster.Select a server node to insert the door node of cluster server as user terminal in addition.Also corresponding anti-viral software can be installed independently on the user terminal computer, therefore the difference according to the anti-viral software of being installed also is divided into user terminal computer a plurality of Virtual Organization.Sometimes, user terminal computer can be installed a plurality of anti-viral softwares that do not conflict mutually; Also can select not install any anti-viral software, the defense work that is about to internet worm is transferred to server fully and is brought in and finish.
The major function of server end is that Internet resources are detected filtration, virus sweep and system upgrade by many anti-virus engine, in addition, also need catch the virus report of submitting to analysis user; The user terminal of enormous amount can be to the rogue program that occurs on the Internet, and there is the sensitiveest perception dangerous website, so its major function is in time the internet worm of discovery or the abnormal conditions of system to be submitted to server end.
Beneficial effect: the internet worm Alliance Defense method based on many anti-virus engine of the present invention can reach following beneficial effect:
(1) internet worm is defendd more comprehensively, and systems approach effectively forms and has complementary advantages each viroid in the more effective solution network by at the integrated many anti-virus engine of server end
(2) alleviated the burden of user side, the user side poison defence software that can uneasiness pretends to be sick just can be surfed the Net and obtained resource.
(3) the anti-virus system upgrade is more prone to, and can improve the virus defense ability of network system by the Antivirus program of concentrating the upgrade server end.
Description of drawings
Fig. 1 is a cluster server subregion schematic diagram.
Fig. 2 is based on the internet worm Alliance Defense method workflow schematic diagram of many anti-virus engine.
Embodiment
Key based on the internet worm Alliance Defense method of many anti-virus engine is at cloud computing cluster server end deploy multiclass anti-viral software or multiple anti-virus engine, and different anti-viral softwares or engine lay particular emphasis on various rogue programs such as wooden horse, virus, worm, spy's part, recreation steal-number or password theft program respectively.
1, cluster server subregion
Suppose this 5 cover anti-virus engine of existing A, B, C, D and E, server is divided into A, B, C, D, 5 defence zones of E according to the anti-virus engine of installing on it with server cluster, as shown in Figure 1.Select a server node to insert the door node of cluster server as user terminal in addition.
2, user terminal computer grouping
Also corresponding anti-viral software can be installed independently on the user terminal computer of cloud computing environment, therefore the difference according to the anti-viral software of being installed also is divided into user terminal computer a plurality of Virtual Organization, the user of the purpose different grouping of grouping can corresponding different subregions cluster server, be responsible for renewal user terminal anti-viral software by the server of the identical anti-virus engine of the employing of correspondence.User terminal also can select not install any anti-viral software, and the defense work that is about to internet worm is transferred to server fully and brought in and finish.
The major function of server end is that Internet resources are detected filtration, virus sweep and system upgrade by many anti-virus engine, in addition, also need catch the virus report of submitting to analysis user; The rogue program of the user terminal of enormous amount to occurring on the Internet, there is the sensitiveest perception dangerous website, so its major function is in time the internet worm or the abnormal conditions of system found to be submitted to server end and other user terminal.Particularly the accessing user terminal to network according to anti-viral software does not pass through browser, FTP (File Transfer Protocol in this locality when user terminal, file transfer protocol (FTP)) or P2P (Peer-to-Peer computing, equity is calculated) etc. client software when obtaining various resource such as webpage, video, software, anti-virus engine that can the reliance server end replaces own defending against network virus, system can be according to following works, as shown in Figure 2:
1. user terminal at first mails to resource address such as the URL of Internet resources (Uniform Resource Locator, URL(uniform resource locator) are used to specify the method for expressing of information position on the web services program) the door node of cluster server end.
Harmful resources bank in a continual renovation of cluster server end maintenance has comprised relevant informations such as malicious websites, malice file.If the system discovery user wishes that the resource address that obtains is comprised in harmful resources bank, send a warning information to the user at once, and whether the inquiry user determines will continue to obtain this resource., the user finishes this session if abandoning; If the user selects to continue to obtain this resource, or this resource address does not have danger, then changes step over to 2..
2. system server is according to the relevant website of resource address visit, and 3. system server obtains the network of relation resource.
4. system server terminal is carried out the parallel detection of many anti-virus engine to resource at once after getting access to Internet resources, is about to detect on the server node that resource is dispatched to A, B, C, D, 5 defence zones of E simultaneously.If the server node in A, B, C, D, 5 defence zones of E all detects this resource without any safety problem, be about to resource and be sent to user's reception, 5. referring to the step among the figure; If wherein at least one regional server node detects this resource and has safety problem, as has comprised internet worms such as worm, wooden horse, then send a warning information to the user at once, and whether the inquiry user determines will continue to obtain this resource.
, the user finishes this session if abandoning; If the user selects to continue to obtain this resource, then attempt removing the internet worm in the resource, successfully then clean resource is sent to user's (5.) if remove referring to the step among the figure, if server can't be removed, then submit to virus to report to the viral report database of server end at once, leave the relevant unit that is responsible for solution internet worm problem for and analyze solution, simultaneously information such as this resource address are write in harmful resources bank, and inquire once more whether the user determines to receive this resource., the user finishes this session if abandoning; If the user selects to continue to obtain this resource, then this resource is sent to this user (5.), and give the alarm to other user terminal of system referring to the step among the figure.
Particularly, the mode that this method can software realizes.For the software systems that make this method of application have general applicability, promptly can either be applicable to server end, can be applicable to various clients again, internet worm Alliance Defense software systems based on many anti-virus engine should adopt the JAVA language with cross-platform characteristic to make up, and based on the Eclipse development platform, harmful resources bank that the cluster server end is safeguarded then adopts the MySQL Database Systems to realize.This software is made up of server end module and user side module.In order be simultaneously to wait service for a plurality of users provide virus detections, system must can support multi-user, Multi-task Concurrency operation, and server OS employing linux system, employing multithreading are implemented in and being connected of a plurality of user nodes.
Claims (1)
1. internet worm Alliance Defense method based on many anti-virus engine is characterized in that at first at the multiple anti-virus engine of cloud computing cluster server end deploy, different anti-virus engines lay particular emphasis on networks of different type virus respectively; Server is divided into a plurality of defence zone according to the engine of installing on it with server cluster, selects a server node to insert the door node of cluster server as user terminal in addition;
The major function of server end is that the Internet resources that the user asks for are detected filtration, virus sweep and system upgrade by many anti-virus engine, when user terminal obtained network by networking client software, the anti-virus engine of reliance server end replaced own defending against network virus;
The Alliance Defense method may further comprise the steps:
Step 1. user terminal at first mails to network resources address the door node of cluster server end,
Harmful resources bank in a continual renovation of cluster server end maintenance has comprised relevant informations such as malicious websites, malice file; If the system discovery user wishes that the resource address that obtains is comprised in harmful resources bank, send a warning information to the user at once, and whether the inquiry user determines will continue to obtain this resource; , the user finishes this session if abandoning; If the user selects to continue to obtain this resource, or this resource address does not have danger, then changes step over to 2.;
Step is the system server website that visit is correlated with according to resource address 2.,
Step 3. system server is obtained the network of relation resource,
Step 4. system server terminal is carried out the parallel detection of many anti-virus engine to resource at once after getting access to Internet resources, soon resource is dispatched to simultaneously on the regional server node of a plurality of defence and detects; If the server node in these defence zones all detects this resource without any safety problem, be about to resource and be sent to user's reception; If wherein at least one regional server node detects this resource and has safety problem, as has comprised internet worms such as worm, wooden horse, then send a warning information to the user at once, and whether the inquiry user determines will continue to obtain this resource;
, the user finishes this session if abandoning; If the user selects to continue to obtain this resource, then attempt removing the internet worm in the resource, then clean resource is sent to the user if remove successfully, if server can't be removed, then submit to virus to report to the viral report database of server end at once, leave the relevant unit that is responsible for solution internet worm problem for and analyze solution, simultaneously information such as this resource address are write in harmful resources bank, and inquire once more whether the user determines to receive this resource; , the user finishes this session if abandoning; If the user selects to continue to obtain this resource, then this resource is sent to this user, and give the alarm to other user terminal of system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010158969 CN101827104B (en) | 2010-04-27 | 2010-04-27 | Multi anti-virus engine-based network virus joint defense method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010158969 CN101827104B (en) | 2010-04-27 | 2010-04-27 | Multi anti-virus engine-based network virus joint defense method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101827104A true CN101827104A (en) | 2010-09-08 |
CN101827104B CN101827104B (en) | 2013-01-02 |
Family
ID=42690805
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201010158969 Expired - Fee Related CN101827104B (en) | 2010-04-27 | 2010-04-27 | Multi anti-virus engine-based network virus joint defense method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101827104B (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977188A (en) * | 2010-10-14 | 2011-02-16 | 中国科学院计算技术研究所 | Malicious program detection system |
CN102123396A (en) * | 2011-02-14 | 2011-07-13 | 恒安嘉新(北京)科技有限公司 | Cloud detection method of virus and malware of mobile phone based on communication network |
CN102148712A (en) * | 2011-04-21 | 2011-08-10 | 天讯天网(福建)网络科技有限公司 | Cloud computing-based service management system |
CN102346828A (en) * | 2011-09-20 | 2012-02-08 | 海南意源高科技有限公司 | Malicious program judging method based on cloud security |
CN102419803A (en) * | 2011-11-01 | 2012-04-18 | 成都市华为赛门铁克科技有限公司 | Method, system and device for searching and killing computer virus |
CN102467633A (en) * | 2010-11-19 | 2012-05-23 | 奇智软件(北京)有限公司 | Method and system for safely browsing webpage |
CN102970272A (en) * | 2011-09-01 | 2013-03-13 | 腾讯科技(深圳)有限公司 | Method, device and cloud server for detesting viruses |
CN103036745A (en) * | 2012-12-21 | 2013-04-10 | 北京邮电大学 | Anomaly detection system based on neural network in cloud computing |
WO2013185483A1 (en) * | 2012-06-13 | 2013-12-19 | 华为技术有限公司 | Method for processing a signature rule, server and intrusion prevention system |
CN103632094A (en) * | 2013-11-04 | 2014-03-12 | 天津汉柏信息技术有限公司 | Virus defense system for uploading cloud computing big data |
CN103679026A (en) * | 2013-12-03 | 2014-03-26 | 西安电子科技大学 | Intelligent defense system and method against malicious programs in cloud computing environment |
CN104008331A (en) * | 2013-02-21 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Access method, device and system of malicious web |
CN104123501A (en) * | 2014-08-06 | 2014-10-29 | 厦门大学 | Online virus detection method based on assembly of multiple detectors |
US9465941B2 (en) | 2011-08-09 | 2016-10-11 | Huawei Technologies Co., Ltd. | Method, system, and apparatus for detecting malicious code |
CN107864677A (en) * | 2015-07-22 | 2018-03-30 | 爱维士软件私人有限公司 | Access to content verifies system and method |
CN108566396A (en) * | 2018-04-20 | 2018-09-21 | 成都亚信网络安全产业技术研究院有限公司 | A kind of compacted administering method of stiff wood and system |
CN111159708A (en) * | 2019-12-02 | 2020-05-15 | 中国建设银行股份有限公司 | Apparatus, method and storage medium for detecting web Trojan horse in server |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1725759A (en) * | 2004-07-21 | 2006-01-25 | 微软公司 | Containment of worms |
WO2006122055A2 (en) * | 2005-05-05 | 2006-11-16 | Ironport Systems, Inc. | Method of determining network addresses of senders of electronic mail messages |
CN101582887A (en) * | 2009-05-20 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Safety protection method, gateway device and safety protection system |
CN101656632A (en) * | 2008-08-21 | 2010-02-24 | 中国建设银行股份有限公司 | Virus monitoring method and virus monitoring device in large network |
-
2010
- 2010-04-27 CN CN 201010158969 patent/CN101827104B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1725759A (en) * | 2004-07-21 | 2006-01-25 | 微软公司 | Containment of worms |
WO2006122055A2 (en) * | 2005-05-05 | 2006-11-16 | Ironport Systems, Inc. | Method of determining network addresses of senders of electronic mail messages |
CN101656632A (en) * | 2008-08-21 | 2010-02-24 | 中国建设银行股份有限公司 | Virus monitoring method and virus monitoring device in large network |
CN101582887A (en) * | 2009-05-20 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Safety protection method, gateway device and safety protection system |
Cited By (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977188A (en) * | 2010-10-14 | 2011-02-16 | 中国科学院计算技术研究所 | Malicious program detection system |
CN102467633A (en) * | 2010-11-19 | 2012-05-23 | 奇智软件(北京)有限公司 | Method and system for safely browsing webpage |
CN102123396A (en) * | 2011-02-14 | 2011-07-13 | 恒安嘉新(北京)科技有限公司 | Cloud detection method of virus and malware of mobile phone based on communication network |
CN102123396B (en) * | 2011-02-14 | 2014-08-13 | 恒安嘉新(北京)科技有限公司 | Cloud detection method of virus and malware of mobile phone based on communication network |
CN102148712B (en) * | 2011-04-21 | 2014-05-14 | 天讯天网(福建)网络科技有限公司 | Cloud computing-based service management system |
CN102148712A (en) * | 2011-04-21 | 2011-08-10 | 天讯天网(福建)网络科技有限公司 | Cloud computing-based service management system |
US9465941B2 (en) | 2011-08-09 | 2016-10-11 | Huawei Technologies Co., Ltd. | Method, system, and apparatus for detecting malicious code |
CN102970272B (en) * | 2011-09-01 | 2015-05-20 | 腾讯科技(深圳)有限公司 | Method, device and cloud server for detesting viruses |
CN102970272A (en) * | 2011-09-01 | 2013-03-13 | 腾讯科技(深圳)有限公司 | Method, device and cloud server for detesting viruses |
CN102346828A (en) * | 2011-09-20 | 2012-02-08 | 海南意源高科技有限公司 | Malicious program judging method based on cloud security |
CN102419803A (en) * | 2011-11-01 | 2012-04-18 | 成都市华为赛门铁克科技有限公司 | Method, system and device for searching and killing computer virus |
CN102419803B (en) * | 2011-11-01 | 2014-12-03 | 华为数字技术(成都)有限公司 | Method, system and device for searching and killing computer virus |
US9479528B2 (en) | 2012-06-13 | 2016-10-25 | Huawei Technologies Co., Ltd. | Signature rule processing method, server, and intrusion prevention system |
US9948667B2 (en) | 2012-06-13 | 2018-04-17 | Huawei Technologies Co., Ltd. | Signature rule processing method, server, and intrusion prevention system |
WO2013185483A1 (en) * | 2012-06-13 | 2013-12-19 | 华为技术有限公司 | Method for processing a signature rule, server and intrusion prevention system |
CN103036745A (en) * | 2012-12-21 | 2013-04-10 | 北京邮电大学 | Anomaly detection system based on neural network in cloud computing |
WO2014127653A1 (en) * | 2013-02-21 | 2014-08-28 | 腾讯科技(深圳)有限公司 | Method, device and system for visiting malicious website |
CN104008331A (en) * | 2013-02-21 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Access method, device and system of malicious web |
US10264000B2 (en) | 2013-02-21 | 2019-04-16 | Tencent Technology (Shenzhen) Company Limited | Malicious website access method and apparatus |
CN103632094B (en) * | 2013-11-04 | 2017-11-14 | 天津汉柏信息技术有限公司 | A kind of cloud computing big data uploads virus defense system |
CN103632094A (en) * | 2013-11-04 | 2014-03-12 | 天津汉柏信息技术有限公司 | Virus defense system for uploading cloud computing big data |
CN103679026B (en) * | 2013-12-03 | 2016-11-16 | 西安电子科技大学 | Rogue program intelligence system of defense under a kind of cloud computing environment and defence method |
CN103679026A (en) * | 2013-12-03 | 2014-03-26 | 西安电子科技大学 | Intelligent defense system and method against malicious programs in cloud computing environment |
CN104123501B (en) * | 2014-08-06 | 2017-11-07 | 厦门大学 | A kind of viral online test method based on many assessor set |
CN104123501A (en) * | 2014-08-06 | 2014-10-29 | 厦门大学 | Online virus detection method based on assembly of multiple detectors |
CN107864677A (en) * | 2015-07-22 | 2018-03-30 | 爱维士软件私人有限公司 | Access to content verifies system and method |
CN107864677B (en) * | 2015-07-22 | 2022-05-27 | 爱维士软件有限责任公司 | Content access authentication system and method |
CN108566396A (en) * | 2018-04-20 | 2018-09-21 | 成都亚信网络安全产业技术研究院有限公司 | A kind of compacted administering method of stiff wood and system |
CN108566396B (en) * | 2018-04-20 | 2021-11-09 | 成都亚信网络安全产业技术研究院有限公司 | Dead wood creep treatment method and system |
CN111159708A (en) * | 2019-12-02 | 2020-05-15 | 中国建设银行股份有限公司 | Apparatus, method and storage medium for detecting web Trojan horse in server |
CN111159708B (en) * | 2019-12-02 | 2022-08-19 | 中国建设银行股份有限公司 | Apparatus, method and storage medium for detecting web Trojan horse in server |
Also Published As
Publication number | Publication date |
---|---|
CN101827104B (en) | 2013-01-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101827104B (en) | Multi anti-virus engine-based network virus joint defense method | |
US11709945B2 (en) | System and method for identifying network security threats and assessing network security | |
JP7167240B6 (en) | Reactive and preemptive security systems for protection of computer networks and systems | |
US20200259858A1 (en) | Identifying security actions based on computing asset relationship data | |
US9628508B2 (en) | Discovery of suspect IP addresses | |
US10826872B2 (en) | Security policy for browser extensions | |
US9942270B2 (en) | Database deception in directory services | |
CN105991595B (en) | Network security protection method and device | |
KR101689298B1 (en) | Automated verification method of security event and automated verification apparatus of security event | |
US9027128B1 (en) | Automatic identification of malicious budget codes and compromised websites that are employed in phishing attacks | |
WO2015200308A1 (en) | Entity group behavior profiling | |
CN103384888A (en) | Systems and methods for malware detection and scanning | |
Wang et al. | NetSpy: Automatic generation of spyware signatures for NIDS | |
Akiyama et al. | Active credential leakage for observing web-based attack cycle | |
CN112583841B (en) | Virtual machine safety protection method and system, electronic equipment and storage medium | |
Park et al. | How to design practical client honeypots based on virtual environment | |
Yagi et al. | Investigation and analysis of malware on websites | |
AlZoubi et al. | The effect of using honeypot network on system security | |
Nagaonkar et al. | Finding the malicious URLs using search engines | |
KR101267953B1 (en) | Apparatus for Preventing Malicious Codes Distribution and DDoS Attack through Monitoring for P2P and Webhard Site | |
Luo et al. | DDOS Defense Strategy in Software Definition Networks | |
Ali et al. | Wireshark window authentication based packet captureing scheme to pervent DDoS related security issues in cloud network nodes | |
Sharma et al. | A survey of intrusion detection system for denial of service attack in cloud | |
Fujii et al. | Stargazer: Long-Term and Multiregional Measurement of Timing/Geolocation-Based Cloaking | |
US20170279820A1 (en) | System and method for detecting computer attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130102 Termination date: 20150427 |
|
EXPY | Termination of patent right or utility model |