CN103500305A - System and method for malicious code analysis based on cloud computing - Google Patents

System and method for malicious code analysis based on cloud computing Download PDF

Info

Publication number
CN103500305A
CN103500305A CN201310398011.5A CN201310398011A CN103500305A CN 103500305 A CN103500305 A CN 103500305A CN 201310398011 A CN201310398011 A CN 201310398011A CN 103500305 A CN103500305 A CN 103500305A
Authority
CN
China
Prior art keywords
malicious code
analysis
analysis system
agency
malicious
Prior art date
Application number
CN201310398011.5A
Other languages
Chinese (zh)
Inventor
段翼真
王晓程
刘忠
王斌
毛俐旻
陈志浩
Original Assignee
中国航天科工集团第二研究院七〇六所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国航天科工集团第二研究院七〇六所 filed Critical 中国航天科工集团第二研究院七〇六所
Priority to CN201310398011.5A priority Critical patent/CN103500305A/en
Publication of CN103500305A publication Critical patent/CN103500305A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention relates to a malicious code analysis method, in particular to a system and method for malicious code analysis based on cloud computing. The system for malicious code analysis based on cloud computing comprises a malicious code analysis proxy and a malicious code could analysis system. The malicious code analysis proxy comprises a safety monitoring engine, a searching and killing engine, a local black list, a local white list, a behavior pattern bank and a virus characteristic bank. The malicious code could analysis system comprises a characteristic judging and searching engine, a sample storage center, multiple analysis engines, a global black list, a global white list, a global malicious behavior characteristic bank and a global virus characteristic bank. According to the system and method for malicious code analysis based on cloud computing, safety servitization is achieved based on the cloud computing technology, compatibility and cooperation of the multiple searching, killing and analysis engines are achieved, the threat analysis and response ability of the whole network is improved through the strong data processing and analysis ability of a cloud terminal, rapid discovery, rapid analysis and rapid processing of host threats are achieved, the safety of the host operation environment is guaranteed powerfully, and the self-protection ability of a host intrusion detection protective system can also be improved.

Description

A kind of malicious code analysis system and method based on cloud computing

Technical field

The present invention relates to a kind of malicious code analysis method, particularly a kind of malicious code analysis system and method based on cloud computing.

Background technology

Terminal, as the carrier of infosystem, is the promoter of practical operation and network behavior, is also the memory bank of the sensitive informations such as critical file and data, often becomes the primary goal that the assailant attacks or kidnaps.Along with the fast development of infotech and the continuous expansion of network size, utilize malicious code day by day frequent for terminal malicious attack and destruction, attack strength constantly increases.By terminal computational resource state and behavior are monitored in real time, find that in time malicious code has great significance for the normal operation that guarantees cyber-net.

At present, for the malicious code analysis system of terminal, mainly rely on the computational resource of terminal and the function of operating system realizes, although to a certain degree promoted the security protection ability of terminal, also have certain problem and shortage simultaneously.

(1) the malicious code speed of mutation is more and more faster, and the difficulty of identification and killing new threat is large fast

Along with the development of attack technology, the speed of mutation of the malicious codes such as virus, wooden horse, worm and spyware is more and more faster, and disguise and persistence are more and more stronger.Be mainly that the killing of malicious code is carried out in single employing based on condition code at present, this killing mode is only just effective after the condition code of extracting malicious code.Because the malicious code speed of mutation is more and more faster, original condition code can't be tackled new variation code, greatly increase the killing difficulty of malicious code, can't identify fast the threat new with killing, brought huge potential safety hazard to the safe operation of operation system.

(2) complicacy of fail-safe software is more and more higher, and self fragility easily becomes the new attack target

For attack technology and the new threat of identification fast of tackling development, fail-safe software is constantly expanded and integrated new function, cause the complicacy of self more and more higher, when to a certain degree promoting the threat identification ability, the security of himself also brings new potential safety hazard.By walking around fail-safe software or directtissima fail-safe software, thereby the event of kidnapping whole platform happens occasionally, and this also becomes a kind of trend of cyber-attack techniques future development.To a certain extent, the security threat that fail-safe software self fragility is brought may be also larger than malicious code itself.

(3) current anti-virus measure is faced with and occupies the problems such as ample resources, protective capacities be weak

In order to tackle the security threat of infosystem computing platform, at present for terminal platform, disposed dissimilar security protection product, the renewal of lasting virus base and feature database has consumed a large amount of storage spaces of main frame on the one hand, host resource is limited, the safety prevention measure stock number is large, directly affect the operation of upper-layer service, simultaneously too much dependence operating system realization, self is easily attacked.

Summary of the invention

The object of the invention is to provide a kind of malicious code analysis system and method based on cloud computing, and solve current malicious code analysis system threat identification ability and lag behind, a little less than quick-reaction capability (QRC), the problem that host resource consumption is large.

Cloud computing technology mainly is based on the thought of " network is exactly computing machine ", utilize Internet that a large amount of computational resources, storage resources and software resource are combined, form the large-scale virtual I T resource pool of sharing, by technology such as Distributed Calculation and distributed storage, break traditions for local user's service mode one to one, for remote client computer provides corresponding IT service, really realize the distribution according to need of resource.

A kind of malicious code analysis system based on cloud computing comprises that malicious code detects agency and malicious code cloud analysis system.In order to reduce the impact that brings new security threat and host performance because of the complicacy of self, improve the quick discovery that invasion threatens simultaneously, express-analysis and fast throughput, the main unit malice code analytic system is separated the detection analysis engine of core from host side, the host side malicious code detects the functions such as agency a reserved state detection, behavior monitoring and killing, and in service end, by malicious code cloud analysis system, the form with network service provides the detection analytic function of required complexity.Wherein malicious code detects to act on behalf of and comprises security monitoring engine, killing engine, Local Black white list, behavior pattern storehouse and virus characteristic storehouse; Malicious code cloud analysis system comprises feature judgement and querying server, sample storage center, many analysis engines, overall black and white lists, overall malicious act feature database, overall virus characteristic storehouse.Malicious code detects agency's (realizing with software) and is deployed in each host side, implementing safe condition based on local policy detects and behavior monitoring, when finding unknown the threat, send to high in the clouds and detect the Analysis Service request, and carry out respective handling according to the services request result; Malicious code cloud analysis system (realizing with software) is deployed in server end, the services request of response agent end is also carried out the service dispatch distribution, security services such as detecting Analysis Service, unified management service is provided, the collaborative and policy development that realizes many safety analyses engine with issue etc.

A kind of concrete steps of the malicious code analysis method based on cloud computing are:

1. after malicious code detects proxy load, security monitoring engine wherein is according to Local Black white list, behavior pattern storehouse and virus characteristic storehouse, Host Status and behavior are detected, when establishment, operating software or file, agents query Local Black white list, if in list control its behavior according to rule;

2. software or file be not in the Local Black white list, and the security monitoring engine first stops its operation, sends the Analysis Service request that detects, and suspect software or file are calculated after hash value to encryption be uploaded to malicious code cloud analysis system and analyzed;

3., after the judgement of the feature of malicious code cloud analysis system receives request with query engine, the hash value that malicious code detection agency is uploaded is decrypted, and carries out feature judgement and inquiry according to overall black and white lists;

4. if inquire the hash value of deciphering in overall black and white lists, show that this software or file once analyzed in the whole network, center of a sample recorded malice code detection agency with and the software or file hash value information uploaded after, directly will former analysis result and dispose after rule is encrypted and be issued to corresponding malicious code and detect the agency;

5. malicious code detects the agency after the feedback that receives malicious code cloud analysis system, analysis result and disposal rule are decrypted, after deciphering, the killing engine carries out corresponding disposal according to the rule issued, and analysis result and disposal rule are joined to the Local Black white list;

6., if malicious code cloud analysis system whole-network is inquired about unsuccessfully, can detect the agency to malicious code and send the feedback that inquiry is failed, and suspect software or file are uploaded in request;

7. malicious code detects the agency after the request of receiving, encrypts suspect software or file and is uploaded to malicious code cloud analysis system;

8. malicious code cloud analysis system is receiving the file of uploading, after deciphering, at first at the sample storage center, stored, then the many analysis engines based on condition code and behavior are analyzed, upgrade overall black and white lists storehouse according to analysis result, and being issued to corresponding malicious code detection agency according to analysis result and disposal rule, agency's killing engine carries out corresponding disposal according to rule

9. on the basis that malicious code cloud analysis system is analyzed at Massive Sample, the malicious act feature that extraction makes new advances and viral code feature regeneration behavior pattern base and virus characteristic storehouse, after behavior pattern base and the renewal of virus characteristic storehouse, sample in local white list is recalled to detect and analyzed, if discovery is malicious code will notifies corresponding malicious code to detect the killing engine of acting on behalf of and carry out killing.

So far, the malicious code analysis method based on cloud computing, by above every security control measure, has effectively promoted quick identification and the quick disposing capacity of malicious code.

The security feature of combined with virtual machine technology of the present invention mainly has the following advantages:

1. realize quick discovery, express-analysis and fast processing that Host Security threatens

Utilize cloud computing technology by security service, realize that the compatibility of many killings and analysis engine is with collaborative, rely on the powerful data in high in the clouds to process and analysis ability, promote the whole network threat analysis and responding ability, realize the quick discovery that main frame threatens, express-analysis and fast processing, the safety of strong guarantee main frame running environment.

2. improve main frame intrusion detection guard system from protective capacities

The malicious code of core is detected to analytic function and from traditional host side, be separated to high in the clouds, the form with service provides beyond the clouds.Simplified on the one hand the complicacy of host side malicious code analysis software self, minimizing brings potential safety hazard because of himself complicacy, on the other hand kernel service is placed in to high in the clouds, because obtaining the less possibility of being attacked of concrete details, promotes from protective capacities.

The accompanying drawing explanation

The malicious code analysis system schematic of Fig. 1 based on cloud computing

1 malicious code detects the local feature database 8 feature judgements and the overall blacklist of the query engine 9 overall malicious code behavioural characteristic of 10 analysis engine 11 storehouse, the sample storage center 12 overall white list 14 in overall virus characteristic storehouse 13 of agency's 2 malicious code cloud analysis system 3 security monitoring engine 4 killing engine 5 Local Blacks/local behavior pattern base 7 of white list 6

The malicious code analysis System Working Principle schematic diagram of Fig. 1 based on cloud computing

Embodiment

A kind of malicious code analysis system based on cloud computing comprises that malicious code detects agency 1 and malicious code cloud analysis system 2.In order to reduce the impact that brings new security threat and host performance because of the complicacy of self, improve the quick discovery that invasion threatens simultaneously, express-analysis and fast throughput, the main unit malice code analytic system is separated the detection analysis engine of core from host side, the host side malicious code detects 1 function such as reserved state detection, behavior monitoring and killing of agency, and in service end, by malicious code cloud analysis system, the form with network service provides the detection analytic function of required complexity.Wherein malicious code detection agency reason 1 comprises security monitoring engine 3, killing engine 4, Local Black/white list 5, behavior pattern storehouse 6 and virus characteristic storehouse 7; Malicious code cloud analysis system 2 comprises feature judgement and query engine 8, sample storage center 9, many analysis engines 10, overall blacklist 14, overall white list 13, overall malicious act feature database 11, overall virus characteristic storehouse 12.Malicious code detects agency 1 and is deployed in each host side, implements safe condition based on local policy and detects and behavior monitoring, when finding unknown the threat, sends to high in the clouds and detects the Analysis Service request, and carry out respective handling according to the services request result; Main unit malice code cloud analysis system 2 is deployed in server end, the services request of response agent end is also carried out the service dispatch distribution, security services such as detecting Analysis Service, unified management service is provided, the collaborative and policy development that realizes many safety analyses engine with issue etc.

A kind of concrete steps of the malicious code analysis method based on cloud computing are:

1. after malicious code detects agency's 1 loading, security monitoring 3 engines are wherein detected Host Status and behavior according to local knowledge base, when establishment, operating software or file, act on behalf of 1 inquiry Local Black white list 5, if in list control its behavior according to rule;

2. software or file, not in the Local Black white list, first stop its operation, send the Analysis Service request that detects, and suspect software or file are calculated after hash value to encryption are uploaded to malicious code cloud analysis system 2 and are analyzed;

3., after malicious code cloud analysis system 2 receives request, malicious code is detected to agency's 1 hash value of uploading and be decrypted, and carry out feature judgement and inquiry according to overall black and white lists;

4. if inquire the hash value of deciphering in overall black and white lists, show that this software or file once analyzed in the whole network, center of a sample recorded malice code detection agency 1 with and the software or file hash value information uploaded after, directly will former analysis result and dispose after rule is encrypted and be issued to corresponding malicious code and detect agency 1;

5. malicious code detects agency 1 after the feedback that receives malicious code cloud analysis system 2, analysis result and disposal rule are decrypted, after deciphering, killing engine 4 carries out corresponding disposal according to the rule issued, and analysis result and disposal rule are joined to Local Black white list 5;

6., if malicious code cloud analysis system 2 the whole networks are inquired about unsuccessfully, can detect agency 1 to malicious code and send the feedback that inquiry is failed, and suspect software or file are uploaded in request;

7. malicious code detects agency 1 after the request of receiving, encrypts suspect software or file and is uploaded to malicious code cloud analysis system 2;

8. malicious code cloud analysis system 2 is receiving the file of uploading, at first stored 9 at the sample storage center after deciphering, then the many analysis engines 10 based on condition code and behavior are analyzed, upgrade overall blacklist storehouse 14 or white list storehouse 13 according to analysis result, and being issued to corresponding malicious code detection agency 1 according to analysis result and disposal rule, agency's killing engine 4 carries out corresponding disposal according to rule

9. on the basis that malicious code cloud analysis system 2 is analyzed at Massive Sample, the malicious act feature that extraction makes new advances and viral code feature regeneration characteristics storehouse, after feature database upgrades, sample in white list is recalled to detect and analyzed, if discovery is malicious code will notifies corresponding malicious code to detect the killing engine 4 of acting on behalf of 1 and carry out killing.

So far, the malicious code analysis method based on cloud computing, by above every security control measure, has effectively promoted quick identification and the quick disposing capacity of malicious code.

Claims (2)

1. the malicious code analysis system based on cloud computing, is characterized in that: comprise that malicious code detects agency and malicious code cloud analysis system; Wherein malicious code detects to act on behalf of and comprises security monitoring engine, killing engine, Local Black white list, behavior pattern storehouse and virus characteristic storehouse; Malicious code cloud analysis system comprises feature judgement and query engine, sample storage center, many analysis engines, overall black and white lists, overall malicious act feature database, overall virus characteristic storehouse.
2. application rights requires 1 described a kind of malicious code analysis system based on cloud computing, it is characterized in that step is:
1). after malicious code detects proxy load, security monitoring engine wherein is according to Local Black white list, behavior pattern storehouse and virus characteristic storehouse, Host Status and behavior are detected, when establishment, operating software or file, agents query Local Black white list, if in list control its behavior according to rule;
2). software or file be not in the Local Black white list, and the security monitoring engine first stops its operation, sends the Analysis Service request that detects, and suspect software or file are calculated after hash value to encryption be uploaded to malicious code cloud analysis system and analyzed;
3). after the feature judgement of malicious code cloud analysis system receives request with query engine, the hash value that malicious code detection agency is uploaded is decrypted, and carries out feature judgement and inquiry according to overall black and white lists;
4) if. inquire the hash value of deciphering in overall black and white lists, show that this software or file once analyzed in the whole network, center of a sample recorded malice code detection agency with and the software or file hash value information uploaded after, directly will former analysis result and dispose after rule is encrypted and be issued to corresponding malicious code and detect the agency;
5). malicious code detects the agency after the feedback that receives malicious code cloud analysis system, analysis result and disposal rule are decrypted, after deciphering, the killing engine carries out corresponding disposal according to the rule issued, and analysis result and disposal rule are joined to the Local Black white list;
6) if. malicious code cloud analysis system whole-network is inquired about unsuccessfully, can detect the agency to malicious code and send the feedback that inquiry is failed, and suspect software or file is uploaded in request;
7). malicious code detects the agency after the request of receiving, encrypts suspect software or file and is uploaded to malicious code cloud analysis system;
8). malicious code cloud analysis system is receiving the file of uploading, after deciphering, at first at the sample storage center, stored, then the many analysis engines based on condition code and behavior are analyzed, upgrade overall black and white lists storehouse according to analysis result, and being issued to corresponding malicious code detection agency according to analysis result and disposal rule, agency's killing engine carries out corresponding disposal according to rule
9). on the basis that malicious code cloud analysis system is analyzed at Massive Sample, the malicious act feature that extraction makes new advances and viral code feature regeneration behavior pattern base and virus characteristic storehouse, after behavior pattern base and the renewal of virus characteristic storehouse, sample in local white list is recalled to detect and analyzed, if discovery is malicious code will notifies corresponding malicious code to detect the killing engine of acting on behalf of and carry out killing.
CN201310398011.5A 2013-09-04 2013-09-04 System and method for malicious code analysis based on cloud computing CN103500305A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310398011.5A CN103500305A (en) 2013-09-04 2013-09-04 System and method for malicious code analysis based on cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310398011.5A CN103500305A (en) 2013-09-04 2013-09-04 System and method for malicious code analysis based on cloud computing

Publications (1)

Publication Number Publication Date
CN103500305A true CN103500305A (en) 2014-01-08

Family

ID=49865513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310398011.5A CN103500305A (en) 2013-09-04 2013-09-04 System and method for malicious code analysis based on cloud computing

Country Status (1)

Country Link
CN (1) CN103500305A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103823871A (en) * 2014-02-26 2014-05-28 可牛网络技术(北京)有限公司 Method and device for searching for software
CN103886258A (en) * 2014-03-10 2014-06-25 珠海市君天电子科技有限公司 Method and device for detecting viruses
CN103902882A (en) * 2014-03-18 2014-07-02 宇龙计算机通信科技(深圳)有限公司 Terminal and method for protecting user information against leakage
CN104021141A (en) * 2014-05-12 2014-09-03 北京金山安全软件有限公司 Data processing and cloud service method, device and system
CN104243470A (en) * 2014-09-10 2014-12-24 东软集团股份有限公司 Cloud searching and killing method and system based on self-adaption classifier
CN104700033A (en) * 2015-03-30 2015-06-10 北京瑞星信息技术有限公司 Virus detection method and virus detection device
CN104717212A (en) * 2014-10-21 2015-06-17 中华电信股份有限公司 Cloud virtual network security protection method and system
CN104966018A (en) * 2015-06-18 2015-10-07 华侨大学 Windows system-based software program abnormal behavior analysis method
CN105376251A (en) * 2015-12-02 2016-03-02 华侨大学 Intrusion detection method and intrusion detection system based on cloud computing
CN105897807A (en) * 2015-01-14 2016-08-24 江苏博智软件科技有限公司 Mobile intelligent terminal abnormal code cloud detection method based on behavioral characteristics
CN106682508A (en) * 2016-06-17 2017-05-17 腾讯科技(深圳)有限公司 Method and device for searching and killing viruses
CN106789844A (en) * 2015-11-23 2017-05-31 阿里巴巴集团控股有限公司 A kind of malicious user recognition methods and device
CN107292168A (en) * 2016-03-30 2017-10-24 阿里巴巴集团控股有限公司 Detect method and device, the server of program code
CN107634931A (en) * 2016-07-18 2018-01-26 深圳市深信服电子科技有限公司 Processing method, cloud server, gateway and the terminal of abnormal data
CN107682333A (en) * 2017-09-30 2018-02-09 北京奇虎科技有限公司 Virtualization safety defense system and method based on cloud computing environment
CN107944232A (en) * 2017-12-08 2018-04-20 郑州云海信息技术有限公司 A kind of design method and system of the Active Defending System Against based on white list technology
CN108183920A (en) * 2018-01-23 2018-06-19 北京网藤科技有限公司 A kind of industrial control system malicious code defending system and its defence method
CN108804882A (en) * 2018-06-11 2018-11-13 北京北信源信息安全技术有限公司 A kind of copyrighted software detection process method and system
WO2019153857A1 (en) * 2018-02-12 2019-08-15 北京金山安全软件有限公司 Asset protection method and apparatus for digital wallet, electronic device, and storage medium
CN110417903A (en) * 2019-08-01 2019-11-05 广州知弘科技有限公司 A kind of information processing method and system based on cloud computing

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102081714A (en) * 2011-01-25 2011-06-01 潘燕辉 Cloud antivirus method based on server feedback
CN102663284A (en) * 2012-03-21 2012-09-12 南京邮电大学 Malicious code identification method based on cloud computing
CN103106366A (en) * 2010-08-18 2013-05-15 北京奇虎科技有限公司 Dynamic maintenance method of sample database based on cloud

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103106366A (en) * 2010-08-18 2013-05-15 北京奇虎科技有限公司 Dynamic maintenance method of sample database based on cloud
CN102081714A (en) * 2011-01-25 2011-06-01 潘燕辉 Cloud antivirus method based on server feedback
CN102663284A (en) * 2012-03-21 2012-09-12 南京邮电大学 Malicious code identification method based on cloud computing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈晓天,黄锦,杨满智: "基于移动互联网云-管-端一体化的恶意软件解决及安全防护类产品实现方案", 《第二届全国信息安全等级保护技术大会会议论文集》, 21 June 2013 (2013-06-21), pages 517 - 518 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103823871A (en) * 2014-02-26 2014-05-28 可牛网络技术(北京)有限公司 Method and device for searching for software
CN103886258A (en) * 2014-03-10 2014-06-25 珠海市君天电子科技有限公司 Method and device for detecting viruses
CN103902882A (en) * 2014-03-18 2014-07-02 宇龙计算机通信科技(深圳)有限公司 Terminal and method for protecting user information against leakage
CN104021141A (en) * 2014-05-12 2014-09-03 北京金山安全软件有限公司 Data processing and cloud service method, device and system
CN104021141B (en) * 2014-05-12 2017-11-10 北京金山安全软件有限公司 Data processing and the method, apparatus and system of cloud service
CN104243470A (en) * 2014-09-10 2014-12-24 东软集团股份有限公司 Cloud searching and killing method and system based on self-adaption classifier
CN104243470B (en) * 2014-09-10 2018-04-06 东软集团股份有限公司 Cloud checking and killing method and system based on adaptive classifier
CN104717212B (en) * 2014-10-21 2018-05-11 中华电信股份有限公司 A kind of means of defence and system of cloud virtual network security
CN104717212A (en) * 2014-10-21 2015-06-17 中华电信股份有限公司 Cloud virtual network security protection method and system
CN105897807A (en) * 2015-01-14 2016-08-24 江苏博智软件科技有限公司 Mobile intelligent terminal abnormal code cloud detection method based on behavioral characteristics
CN104700033A (en) * 2015-03-30 2015-06-10 北京瑞星信息技术有限公司 Virus detection method and virus detection device
CN104966018A (en) * 2015-06-18 2015-10-07 华侨大学 Windows system-based software program abnormal behavior analysis method
CN106789844A (en) * 2015-11-23 2017-05-31 阿里巴巴集团控股有限公司 A kind of malicious user recognition methods and device
CN106789844B (en) * 2015-11-23 2020-06-16 阿里巴巴集团控股有限公司 Malicious user identification method and device
CN105376251A (en) * 2015-12-02 2016-03-02 华侨大学 Intrusion detection method and intrusion detection system based on cloud computing
CN107292168A (en) * 2016-03-30 2017-10-24 阿里巴巴集团控股有限公司 Detect method and device, the server of program code
CN106682508A (en) * 2016-06-17 2017-05-17 腾讯科技(深圳)有限公司 Method and device for searching and killing viruses
CN107634931A (en) * 2016-07-18 2018-01-26 深圳市深信服电子科技有限公司 Processing method, cloud server, gateway and the terminal of abnormal data
CN107682333A (en) * 2017-09-30 2018-02-09 北京奇虎科技有限公司 Virtualization safety defense system and method based on cloud computing environment
CN107944232A (en) * 2017-12-08 2018-04-20 郑州云海信息技术有限公司 A kind of design method and system of the Active Defending System Against based on white list technology
CN108183920A (en) * 2018-01-23 2018-06-19 北京网藤科技有限公司 A kind of industrial control system malicious code defending system and its defence method
WO2019153857A1 (en) * 2018-02-12 2019-08-15 北京金山安全软件有限公司 Asset protection method and apparatus for digital wallet, electronic device, and storage medium
CN108804882A (en) * 2018-06-11 2018-11-13 北京北信源信息安全技术有限公司 A kind of copyrighted software detection process method and system
CN110417903A (en) * 2019-08-01 2019-11-05 广州知弘科技有限公司 A kind of information processing method and system based on cloud computing

Similar Documents

Publication Publication Date Title
US10291654B2 (en) Automated construction of network whitelists using host-based security controls
JP6224173B2 (en) Method and apparatus for dealing with malware
Al-rimy et al. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions
KR101737726B1 (en) Rootkit detection by using hardware resources to detect inconsistencies in network traffic
US20170230389A1 (en) Behavioral model based malware protection system and method
EP2779574B1 (en) Attack detection and prevention using global device fingerprinting
EP2829037B1 (en) Method and system for malicious code detection
US9596257B2 (en) Detection and prevention of installation of malicious mobile applications
EP2774039B1 (en) Systems and methods for virtualized malware detection
JP5816375B2 (en) Method, logic and device for real-time customized protection against threats
EP2923295B1 (en) Using telemetry to reduce malware definition package size
US10133866B1 (en) System and method for triggering analysis of an object for malware in response to modification of that object
US10095866B2 (en) System and method for threat risk scoring of security threats
US10225280B2 (en) System and method for verifying and detecting malware
CN104023034B (en) Security defensive system and defensive method based on software-defined network
KR101535502B1 (en) System and method for controlling virtual network including security function
EP2659416B1 (en) Systems and methods for malware detection and scanning
CN103733590B (en) Compiler for regular expressions
CN101924762B (en) Cloud security-based active defense method
US9386036B2 (en) Method for detecting and preventing a DDoS attack using cloud computing, and server
US20150052520A1 (en) Method and apparatus for virtual machine trust isolation in a cloud environment
Modi et al. Integrating signature apriori based network intrusion detection system (NIDS) in cloud computing
EP2754081B1 (en) Dynamic cleaning for malware using cloud technology
Modi et al. A survey of intrusion detection techniques in cloud
Kholidy et al. CIDS: A framework for intrusion detection in cloud systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20140108