CN103324888A - Method and system for automatically extracting virus characteristics based on family samples - Google Patents
Method and system for automatically extracting virus characteristics based on family samples Download PDFInfo
- Publication number
- CN103324888A CN103324888A CN2012100723726A CN201210072372A CN103324888A CN 103324888 A CN103324888 A CN 103324888A CN 2012100723726 A CN2012100723726 A CN 2012100723726A CN 201210072372 A CN201210072372 A CN 201210072372A CN 103324888 A CN103324888 A CN 103324888A
- Authority
- CN
- China
- Prior art keywords
- sample
- numbers
- family
- ordered series
- length
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 18
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000000605 extraction Methods 0.000 claims abstract description 23
- 238000001303 quality assessment method Methods 0.000 claims description 21
- 238000011156 evaluation Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 239000012467 final product Substances 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
Images
Landscapes
- Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
- Apparatus Associated With Microorganisms And Enzymes (AREA)
Abstract
The invention provides a method and a system for automatically extracting virus characteristics based on family samples. According to the method and the system, a longest public subsequence algorithm is modified, a sequence A and a sequence B are established by using samples in the family samples, Hash values of subsequences with lengths equal to preset values in the sequence A and the sequence B are calculated respectively through preset feature code lengths, and the Hash values of the subsequences in the sequence A and the sequence B are matched through a red black tree manner, if the Hash values are same, the subsequences corresponding to the Hash values are public subsequences of the sequence A and the sequence B, and the public subsequences are feature codes of the family samples; and when surplus samples are taken as the sequence B and searched in a red black tree, feature codes of all family samples are obtained and combined into a feature set of the family samples, a weighting model is evaluated according to qualities of the established feature codes, the qualities of the established feature codes are judged, and the feature codes of the family samples are determined. According to the method, the time complexity of the algorithm is simplified, and the extraction efficiency and the accuracy of the feature codes are improved.
Description
Technical field
The present invention relates to network safety filed, particularly a kind of virus characteristic extraction method and system based on family's sample.
Background technology
The time complexity of current known longest common subsequence algorithm is O(m*n), m, n are ordered series of numbers length, if its virus signature that is applied in based on family's sample is extracted, in the situation that face great amount of samples, the time complexity of this algorithm, the cost that produces will produce huge negative effect to the extraction efficiency of virus signature; Simultaneously, existing longest common subsequence algorithm is merely able to draw unique longest common subsequence of two known ordered series of numbers, be applied in family's sample extraction, will face the condition code of extracting very few, be not enough to offer the problem of manual analysis, condition code difficult quality guarantee, and the choosing of condition code, different according to the implementation feature of family's sample, the position that feature occurs is also different, affects equally the condition code quality of sample.
Summary of the invention
The invention provides a kind of virus characteristic extraction method and system based on family's sample, solved the longest common subsequence algorithm and extracted the problem that family's sample characteristics code efficiency is low, the extraction condition code is very few and the condition code accuracy is low.
A kind of virus characteristic extraction method based on family's sample comprises:
Utilize the sample in family's sample set, set up ordered series of numbers: choose arbitrary sample in family's sample set as ordered series of numbers A, sample length is ordered series of numbers A length;
Choose the residue sample in family's sample set, respectively as ordered series of numbers B, sample length is ordered series of numbers B length; Described residue sample is, except the selected sample of ordered series of numbers A, and the whole samples in family's sample set;
Set condition code length, according to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers A, and makes up RBTree with the cryptographic hash that obtains;
According to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers B;
Condition code is extracted, the cryptographic hash that ordered series of numbers B obtains is searched in RBTree respectively, if find identical cryptographic hash, then with the common subsequence of the corresponding ordered series of numbers A of described identical cryptographic hash and ordered series of numbers B as described family sample characteristics code, respectively as ordered series of numbers B and after searching in RBTree, all family's sample characteristics codes that obtain form family's sample characteristics collection with described residue sample;
In the described method, described default condition code length k is less than or equal to the length of ordered series of numbers A and ordered series of numbers B.
In the described method, the described condition code quality assessment weighted model of setting up, calculate each family's actual weights of sample characteristics code and comprise: according to the position of condition code, default condition code weights, by the quantity that condition code weights and condition code occur, calculate the actual weights of each family's sample characteristics code.
A kind of virus characteristic automatic extracting system based on family's sample comprises:
Sample is chosen module, utilizes the sample in family's sample set, sets up ordered series of numbers: choose arbitrary sample in family's sample set as ordered series of numbers A, sample length is ordered series of numbers A length;
Choose the residue sample in family's sample set, respectively as ordered series of numbers B, sample length is ordered series of numbers B length;
Computing module is used for setting condition code length, and according to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers A, and makes up RBTree with the cryptographic hash that obtains;
According to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers B;
The condition code extraction module, be used for the cryptographic hash that ordered series of numbers B obtains is searched RBTree respectively, if find identical cryptographic hash, then with the common subsequence of the corresponding ordered series of numbers A of described identical cryptographic hash and ordered series of numbers B as described family sample characteristics code, respectively as ordered series of numbers B and after searching in RBTree, all family's sample characteristics codes that obtain form family's sample characteristics collection with described residue sample;
The quality assessment module is used for setting up condition code quality assessment weighted model, calculates the actual weights of each family's sample characteristics code, keeps the family's sample characteristics code more than or equal to preset weights.
In the described system, described default condition code length k is less than or equal to the length of ordered series of numbers A and ordered series of numbers B.
In the described system, described quality assessment module is set up condition code quality assessment weighted model, calculating each family's actual weights of sample characteristics code comprises: according to the position of condition code, default condition code weights, by the quantity that condition code weights and condition code occur, calculate the actual weights of each family's sample characteristics code.
The present invention is by improving the longest common subsequence algorithm, and be applied in the condition code extraction of family's sample, efficient and quantity that condition code is extracted have significantly been improved, and according to condition code quality assessment weighted model, the condition code of extracting is carried out the position evaluation quality occurring by condition code, improved the accuracy that family's sample characteristics code extracts.
The invention provides a kind of virus characteristic extraction method and system based on family's sample, the present invention improves the longest common subsequence algorithm, utilize the sample in family's sample set, set up ordered series of numbers A, B, by default condition code length, calculate respectively ordered series of numbers A, length is the cryptographic hash of the subsequence of preset value among the B, and pass through the RBTree mode to A, the Hash values match of subsequence in the B ordered series of numbers, if cryptographic hash is identical, then the corresponding subsequence of this cryptographic hash is the common subsequence of ordered series of numbers A and ordered series of numbers B, then this common subsequence is family's sample characteristics code, when remain sample respectively as ordered series of numbers B and after searching in RBTree, all family's sample characteristics codes that obtain form family's sample characteristics collection, according to the condition code quality assessment weighted model of setting up, judging characteristic code quality is determined family's sample characteristics code.By method of the present invention, simplified the time complexity of algorithm, improved condition code extraction efficiency and accuracy.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art, apparently, the accompanying drawing that the following describes only is some embodiment that put down in writing among the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the virus characteristic extraction method process flow diagram based on family's sample;
Fig. 2 is the virus characteristic automatic extracting system structural representation based on family's sample.
Embodiment
In order to make those skilled in the art person understand better technical scheme in the embodiment of the invention, and above-mentioned purpose of the present invention, feature and advantage can be become apparent more, below in conjunction with accompanying drawing technical scheme among the present invention is described in further detail.
The invention provides a kind of virus characteristic extraction method and system based on family's sample, solved the longest common subsequence algorithm and extracted the problem that family's sample characteristics code efficiency is low, the extraction condition code is very few and the condition code accuracy is low.
Method of the present invention is improved the longest common subsequence algorithm, then utilize the longest common subsequence algorithm after improving by the form of programming automation a certain family sample to be carried out the condition code extraction, for the better improvement of understanding the longest common subsequence algorithm, give an example for improving one's methods.
For example, existing length is the ordered series of numbers A of m and the ordered series of numbers B that length is n, and the length that calculate ordered series of numbers A and B is 128 common subsequence (m and n are all greater than 128).Be that 128 subsequence carries out cryptographic hash and calculates to all length among the ordered series of numbers A at first, obtain m-127 cryptographic hash, utilize the RBTree of m-127 cryptographic hash structure that obtains; Be that 128 subsequence carries out cryptographic hash and calculates to all length among the ordered series of numbers B equally, obtain n-187 cryptographic hash; N-127 the cryptographic hash that obtains with the B ordered series of numbers divided in the cryptographic hash RBTree that is clipped to ordered series of numbers A and searched, if find identical cryptographic hash, thinks that namely the corresponding subsequence of this cryptographic hash is one of common subsequence of ordered series of numbers A, B.Can realize obtaining some common subsequence of two ordered series of numbers by the improved longest common subsequence algorithm of the method.The time complexity that the RBTree that is made up by the subsequence cryptographic hash of ordered series of numbers A is searched is O(log2m), therefore the time complexity of the longest common subsequence algorithm after improving is O(nlog2m).
Based on the improvement of above-mentioned algorithm, the invention provides a kind of virus characteristic extraction method based on family's sample, as shown in Figure 1, comprising:
S101: utilize the sample in family's sample set, set up ordered series of numbers: choose arbitrary sample in family's sample set as ordered series of numbers A, sample length is ordered series of numbers A length;
Time complexity by the longest common subsequence algorithm after improving is O(nlog2m) as can be known, choose large file as ordered series of numbers A as far as possible, can at utmost bring into play the advantage of longest common subsequence algorithm on efficient after the improvement;
S102: choose the residue sample in family's sample set, respectively as ordered series of numbers B, sample length is ordered series of numbers B length; Described residue sample is except the selected sample of ordered series of numbers A, the whole samples in family's sample set;
S103: set condition code length, according to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers A, and makes up RBTree with the cryptographic hash that obtains;
S104: according to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers B;
S105: condition code is extracted, the cryptographic hash that ordered series of numbers B obtains is searched in RBTree respectively, if find identical cryptographic hash, then with the common subsequence of the corresponding ordered series of numbers A of described identical cryptographic hash and ordered series of numbers B as described family sample characteristics code, respectively as ordered series of numbers B and after searching in RBTree, all family's sample characteristics codes that obtain form family's sample characteristics collection with described residue sample;
S106: set up condition code quality assessment weighted model, calculate the actual weights of each family's sample characteristics code;
S107: compare family's sample characteristics code preset weights and actual weights, keep the family's sample characteristics code more than or equal to preset weights, abandon the family's sample characteristics code less than preset weights.
For choosing of condition code length, can determine according to factors such as file sizes.
In the described method, described default condition code length k is less than or equal to the length of ordered series of numbers A and ordered series of numbers B.
In the described method, the described condition code quality assessment weighted model of setting up, calculate each family's actual weights of sample characteristics code and comprise: according to the position of condition code, default condition code weights, by the quantity that condition code weights and condition code occur, calculate the actual weights of each family's sample characteristics code.
In conjunction with the implementation of family's sample make up one occur with condition code till, condition code quantity etc. occurs as the condition code quality weighted model of weight, significance level according to position that condition code occurs, default condition code weights, for instance, for most of families sample, the position occurs according to condition code and carry out weights when making up, the weight of PE document code joint should be relatively the highest, and for thinking this class family sample of Trojan-Dropper.Win32.xxx, the position occurs according to condition code and carry out weights when making up, the weight of PE file resource joint should be relatively the highest.
The present invention also provides a kind of virus characteristic automatic extracting system based on family's sample, as shown in Figure 2, comprising:
Sample is chosen module 201, utilizes the sample in family's sample set, sets up ordered series of numbers: choose arbitrary sample in family's sample set as ordered series of numbers A, sample length is ordered series of numbers A length;
Choose the residue sample in family's sample set, respectively as ordered series of numbers B, sample length is ordered series of numbers B length;
According to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers B;
Condition code extraction module 203, be used for the cryptographic hash that ordered series of numbers B obtains is searched RBTree respectively, if find identical cryptographic hash, then the corresponding subsequence of cryptographic hash is the common subsequence of ordered series of numbers A and ordered series of numbers B, then this common subsequence is family's sample characteristics code, when remain sample respectively as ordered series of numbers B and after searching in RBTree, all family's sample characteristics codes that obtain form family's sample characteristics collection;
Quality assessment module 204 is used for setting up condition code quality assessment weighted model, calculates the actual weights of each family's sample characteristics code, keeps the family's sample characteristics code more than or equal to preset weights.
In the described system, described default condition code length k is less than or equal to the length of ordered series of numbers A and ordered series of numbers B.
In the described system, described quality assessment module is set up condition code quality assessment weighted model, calculating each family's actual weights of sample characteristics code comprises: according to the position of condition code, default condition code weights, by the quantity that condition code weights and condition code occur, calculate the actual weights of each family's sample characteristics code.
The present invention is by improving the longest common subsequence algorithm, and be applied in the condition code extraction of family's sample, efficient and quantity that condition code is extracted have significantly been improved, and according to condition code quality assessment weighted model, the condition code of extracting is carried out the position evaluation quality occurring by condition code, improved the accuracy that family's sample characteristics code extracts.
The invention provides a kind of virus characteristic extraction method and system based on family's sample, the present invention improves the longest common subsequence algorithm, utilize the sample in family's sample set, set up ordered series of numbers A, B, by default condition code length, calculate respectively ordered series of numbers A, length is the cryptographic hash of the subsequence of preset value among the B, and pass through the RBTree mode to A, the Hash values match of subsequence in the B ordered series of numbers, if cryptographic hash is identical, then the corresponding subsequence of this cryptographic hash is the common subsequence of ordered series of numbers A and ordered series of numbers B, then this common subsequence is family's sample characteristics code, when remain sample respectively as ordered series of numbers B and after searching in RBTree, all family's sample characteristics codes that obtain form family's sample characteristics collection, according to the condition code quality assessment weighted model of setting up, judging characteristic code quality is determined family's sample characteristics code.By method of the present invention, simplified the time complexity of algorithm, improved condition code extraction efficiency and accuracy.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and identical similar part is mutually referring to getting final product between each embodiment, and each embodiment stresses is difference with other embodiment.Especially, for system embodiment because its basic simlarity is in embodiment of the method, thus describe fairly simple, relevant part gets final product referring to the part explanation of embodiment of the method.
Although described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (6)
1. the virus characteristic extraction method based on family's sample is characterized in that, comprising:
Utilize the sample in family's sample set, set up ordered series of numbers: choose arbitrary sample in family's sample set as ordered series of numbers A, sample length is ordered series of numbers A length;
Choose the residue sample in family's sample set, respectively as ordered series of numbers B, sample length is ordered series of numbers B length;
Set condition code length, according to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers A, and makes up RBTree with the cryptographic hash that obtains;
According to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers B;
Condition code is extracted, the cryptographic hash that ordered series of numbers B obtains is searched in RBTree respectively, if find identical cryptographic hash, then with the common subsequence of the corresponding ordered series of numbers A of described identical cryptographic hash and ordered series of numbers B as described family sample characteristics code, respectively as ordered series of numbers B and after searching in RBTree, all family's sample characteristics codes that obtain form family's sample characteristics collection with described residue sample;
Set up condition code quality assessment weighted model, calculate the actual weights of each family's sample characteristics code, keep the family's sample characteristics code more than or equal to preset weights.
2. the method for claim 1 is characterized in that, described default condition code length k is less than or equal to the length of ordered series of numbers A and ordered series of numbers B.
3. the method for claim 1, it is characterized in that, the described condition code quality assessment weighted model of setting up, calculating each family's actual weights of sample characteristics code comprises: according to the position of condition code, default condition code weights, by the quantity that condition code weights and condition code occur, calculate the actual weights of each family's sample characteristics code.
4. the virus characteristic automatic extracting system based on family's sample is characterized in that, comprising:
Sample is chosen module, utilizes the sample in family's sample set, sets up ordered series of numbers: choose arbitrary sample in family's sample set as ordered series of numbers A, sample length is ordered series of numbers A length;
Choose the residue sample in family's sample set, respectively as ordered series of numbers B, sample length is ordered series of numbers B length;
Computing module is used for setting condition code length, and according to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers A, and makes up RBTree with the cryptographic hash that obtains;
According to default condition code length k, all length is the cryptographic hash of the subsequence of k among the calculating ordered series of numbers B;
The condition code extraction module, be used for the cryptographic hash that ordered series of numbers B obtains is searched RBTree respectively, if find identical cryptographic hash, then with the common subsequence of the corresponding ordered series of numbers A of described identical cryptographic hash and ordered series of numbers B as described family sample characteristics code, respectively as ordered series of numbers B and after searching in RBTree, all family's sample characteristics codes that obtain form family's sample characteristics collection with described residue sample;
The quality assessment module is used for setting up condition code quality assessment weighted model, calculates the actual weights of each family's sample characteristics code, keeps the family's sample characteristics code more than or equal to preset weights.
5. system as claimed in claim 4 is characterized in that, described default condition code length k is less than or equal to the length of ordered series of numbers A and ordered series of numbers B.
6. system as claimed in claim 4, it is characterized in that, described quality assessment module is set up condition code quality assessment weighted model, calculating each family's actual weights of sample characteristics code comprises: according to the position of condition code, default condition code weights, by the quantity that condition code weights and condition code occur, calculate the actual weights of each family's sample characteristics code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210072372.6A CN103324888B (en) | 2012-03-19 | 2012-03-19 | Based on virus characteristic extraction method and the system of family's sample |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210072372.6A CN103324888B (en) | 2012-03-19 | 2012-03-19 | Based on virus characteristic extraction method and the system of family's sample |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103324888A true CN103324888A (en) | 2013-09-25 |
| CN103324888B CN103324888B (en) | 2016-04-27 |
Family
ID=49193623
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210072372.6A Active CN103324888B (en) | 2012-03-19 | 2012-03-19 | Based on virus characteristic extraction method and the system of family's sample |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103324888B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902904A (en) * | 2013-12-11 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | Antivirus engine feature code evaluating method and system based on statistics |
| CN105488406A (en) * | 2014-12-29 | 2016-04-13 | 哈尔滨安天科技股份有限公司 | Similar malicious sample file matching method and system based on feature vector |
| CN103902911B (en) * | 2014-04-16 | 2016-09-14 | 南京大学 | A kind of malware detection methods based on program structure feature |
| CN108319853A (en) * | 2017-01-18 | 2018-07-24 | 腾讯科技(深圳)有限公司 | Virus signature processing method and processing device |
| CN113704762A (en) * | 2021-09-02 | 2021-11-26 | 广州大学 | Malicious software encrypted flow detection method based on ensemble learning |
| CN114021116A (en) * | 2022-01-05 | 2022-02-08 | 北京微步在线科技有限公司 | Construction method of homologous analysis knowledge base, homologous analysis method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101604363A (en) * | 2009-07-10 | 2009-12-16 | 珠海金山软件股份有限公司 | Computer rogue program categorizing system and sorting technique based on the file instruction frequency |
| US7873947B1 (en) * | 2005-03-17 | 2011-01-18 | Arun Lakhotia | Phylogeny generation |
| CN101976318A (en) * | 2010-11-15 | 2011-02-16 | 北京理工大学 | Detection method of code similarity based on digital fingerprints |
-
2012
- 2012-03-19 CN CN201210072372.6A patent/CN103324888B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7873947B1 (en) * | 2005-03-17 | 2011-01-18 | Arun Lakhotia | Phylogeny generation |
| CN101604363A (en) * | 2009-07-10 | 2009-12-16 | 珠海金山软件股份有限公司 | Computer rogue program categorizing system and sorting technique based on the file instruction frequency |
| CN101976318A (en) * | 2010-11-15 | 2011-02-16 | 北京理工大学 | Detection method of code similarity based on digital fingerprints |
Non-Patent Citations (2)
| Title |
|---|
| 冯林等: "基于最长公共子序列距离的主旨模式挖掘算法", 《计算机工程》 * |
| 朱扬勇等: "序列数据相似性查询技术研究综述", 《计算机研究与发展》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902904A (en) * | 2013-12-11 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | Antivirus engine feature code evaluating method and system based on statistics |
| CN103902904B (en) * | 2013-12-11 | 2017-01-04 | 哈尔滨安天科技股份有限公司 | A kind of Anti-Virus Engine condition code evaluation methodology based on statistics and system |
| CN103902911B (en) * | 2014-04-16 | 2016-09-14 | 南京大学 | A kind of malware detection methods based on program structure feature |
| CN105488406A (en) * | 2014-12-29 | 2016-04-13 | 哈尔滨安天科技股份有限公司 | Similar malicious sample file matching method and system based on feature vector |
| CN105488406B (en) * | 2014-12-29 | 2019-02-26 | 哈尔滨安天科技股份有限公司 | A kind of similar malice sample matches method and system based on feature vector |
| CN108319853A (en) * | 2017-01-18 | 2018-07-24 | 腾讯科技(深圳)有限公司 | Virus signature processing method and processing device |
| CN108319853B (en) * | 2017-01-18 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Virus characteristic code processing method and device |
| CN113704762A (en) * | 2021-09-02 | 2021-11-26 | 广州大学 | Malicious software encrypted flow detection method based on ensemble learning |
| CN113704762B (en) * | 2021-09-02 | 2022-06-21 | 广州大学 | Malicious software encrypted flow detection method based on ensemble learning |
| CN114021116A (en) * | 2022-01-05 | 2022-02-08 | 北京微步在线科技有限公司 | Construction method of homologous analysis knowledge base, homologous analysis method and device |
| CN114021116B (en) * | 2022-01-05 | 2022-03-29 | 北京微步在线科技有限公司 | Construction method of homologous analysis knowledge base, homologous analysis method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103324888B (en) | 2016-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103324888A (en) | Method and system for automatically extracting virus characteristics based on family samples | |
| CN104717124B (en) | A kind of friend recommendation method, apparatus and server | |
| CN102346829B (en) | Virus detection method based on ensemble classification | |
| CN104899267B (en) | A kind of integrated data method for digging of social network sites account similarity | |
| US20150207704A1 (en) | Public opinion information display system and method | |
| CN103530347A (en) | Internet resource quality assessment method and system based on big data mining | |
| CN105975852A (en) | Method and system for detecting sample relevance based on label propagation | |
| CN109460386A (en) | The matched malicious file homology analysis method and device of Hash is obscured based on various dimensions | |
| CN103559420A (en) | Building method and device of anomaly detection training set | |
| CN103745454A (en) | Method for evaluating image processing algorithms or systems based on rank learning | |
| CN107682344A (en) | A kind of ID collection of illustrative plates method for building up based on DPI data interconnection net identifications | |
| CN106875278A (en) | Social network user portrait method based on random forest | |
| Jiang et al. | A feature selection method for malware detection | |
| CN106021474B (en) | Between a kind of determining smiles expression formula whether the method with minor structure relationship | |
| CN104484412A (en) | Big data analysis system based on multiform processing | |
| CN103780343A (en) | Device and method for PHICH resource blind detection in SIB1 decoding in TD-LTE system | |
| CN106611021B (en) | Data processing method and equipment | |
| CN105119910A (en) | Template-based online social network rubbish information real-time detecting method | |
| CN104268560A (en) | Land utilization identification method based on remote sensing interpretation | |
| CN106326746A (en) | Malicious program behavior feature library construction method and device | |
| CN103309851A (en) | Method and system for spam identification of short text | |
| CN105488413A (en) | Malicious code detection method and system based on information gain | |
| EP2587393A3 (en) | Analysis of community structures in environmental samples | |
| CN103425579A (en) | Mobile terminal system security evaluation method based on potential function | |
| CN105992178A (en) | Garbage message identifying method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for automatically extracting virus characteristics based on family samples Effective date of registration: 20170621 Granted publication date: 20160427 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin Antiy Technology Co., Ltd. Registration number: 2017110000004 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20190614 Granted publication date: 20160427 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin Antiy Technology Co., Ltd. Registration number: 2017110000004 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for automatically extracting virus characteristics based on family samples Effective date of registration: 20190828 Granted publication date: 20160427 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: Y2019230000002 |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20160427 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: Y2019230000002 |