CN103500305A - System and method for malicious code analysis based on cloud computing - Google Patents
System and method for malicious code analysis based on cloud computing Download PDFInfo
- Publication number
- CN103500305A CN103500305A CN201310398011.5A CN201310398011A CN103500305A CN 103500305 A CN103500305 A CN 103500305A CN 201310398011 A CN201310398011 A CN 201310398011A CN 103500305 A CN103500305 A CN 103500305A
- Authority
- CN
- China
- Prior art keywords
- malicious code
- analysis
- analysis system
- agency
- malicious
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a malicious code analysis method, in particular to a system and method for malicious code analysis based on cloud computing. The system for malicious code analysis based on cloud computing comprises a malicious code analysis proxy and a malicious code could analysis system. The malicious code analysis proxy comprises a safety monitoring engine, a searching and killing engine, a local black list, a local white list, a behavior pattern bank and a virus characteristic bank. The malicious code could analysis system comprises a characteristic judging and searching engine, a sample storage center, multiple analysis engines, a global black list, a global white list, a global malicious behavior characteristic bank and a global virus characteristic bank. According to the system and method for malicious code analysis based on cloud computing, safety servitization is achieved based on the cloud computing technology, compatibility and cooperation of the multiple searching, killing and analysis engines are achieved, the threat analysis and response ability of the whole network is improved through the strong data processing and analysis ability of a cloud terminal, rapid discovery, rapid analysis and rapid processing of host threats are achieved, the safety of the host operation environment is guaranteed powerfully, and the self-protection ability of a host intrusion detection protective system can also be improved.
Description
Technical field
The present invention relates to a kind of malicious code analysis method, particularly a kind of malicious code analysis system and method based on cloud computing.
Background technology
Terminal, as the carrier of infosystem, is the promoter of practical operation and network behavior, is also the memory bank of the sensitive informations such as critical file and data, often becomes the primary goal that the assailant attacks or kidnaps.Along with the fast development of infotech and the continuous expansion of network size, utilize malicious code day by day frequent for terminal malicious attack and destruction, attack strength constantly increases.By terminal computational resource state and behavior are monitored in real time, find that in time malicious code has great significance for the normal operation that guarantees cyber-net.
At present, for the malicious code analysis system of terminal, mainly rely on the computational resource of terminal and the function of operating system realizes, although to a certain degree promoted the security protection ability of terminal, also have certain problem and shortage simultaneously.
(1) the malicious code speed of mutation is more and more faster, and the difficulty of identification and killing new threat is large fast
Along with the development of attack technology, the speed of mutation of the malicious codes such as virus, wooden horse, worm and spyware is more and more faster, and disguise and persistence are more and more stronger.Be mainly that the killing of malicious code is carried out in single employing based on condition code at present, this killing mode is only just effective after the condition code of extracting malicious code.Because the malicious code speed of mutation is more and more faster, original condition code can't be tackled new variation code, greatly increase the killing difficulty of malicious code, can't identify fast the threat new with killing, brought huge potential safety hazard to the safe operation of operation system.
(2) complicacy of fail-safe software is more and more higher, and self fragility easily becomes the new attack target
For attack technology and the new threat of identification fast of tackling development, fail-safe software is constantly expanded and integrated new function, cause the complicacy of self more and more higher, when to a certain degree promoting the threat identification ability, the security of himself also brings new potential safety hazard.By walking around fail-safe software or directtissima fail-safe software, thereby the event of kidnapping whole platform happens occasionally, and this also becomes a kind of trend of cyber-attack techniques future development.To a certain extent, the security threat that fail-safe software self fragility is brought may be also larger than malicious code itself.
(3) current anti-virus measure is faced with and occupies the problems such as ample resources, protective capacities be weak
In order to tackle the security threat of infosystem computing platform, at present for terminal platform, disposed dissimilar security protection product, the renewal of lasting virus base and feature database has consumed a large amount of storage spaces of main frame on the one hand, host resource is limited, the safety prevention measure stock number is large, directly affect the operation of upper-layer service, simultaneously too much dependence operating system realization, self is easily attacked.
Summary of the invention
The object of the invention is to provide a kind of malicious code analysis system and method based on cloud computing, and solve current malicious code analysis system threat identification ability and lag behind, a little less than quick-reaction capability (QRC), the problem that host resource consumption is large.
Cloud computing technology mainly is based on the thought of " network is exactly computing machine ", utilize Internet that a large amount of computational resources, storage resources and software resource are combined, form the large-scale virtual I T resource pool of sharing, by technology such as Distributed Calculation and distributed storage, break traditions for local user's service mode one to one, for remote client computer provides corresponding IT service, really realize the distribution according to need of resource.
A kind of malicious code analysis system based on cloud computing comprises that malicious code detects agency and malicious code cloud analysis system.In order to reduce the impact that brings new security threat and host performance because of the complicacy of self, improve the quick discovery that invasion threatens simultaneously, express-analysis and fast throughput, the main unit malice code analytic system is separated the detection analysis engine of core from host side, the host side malicious code detects the functions such as agency a reserved state detection, behavior monitoring and killing, and in service end, by malicious code cloud analysis system, the form with network service provides the detection analytic function of required complexity.Wherein malicious code detects to act on behalf of and comprises security monitoring engine, killing engine, Local Black white list, behavior pattern storehouse and virus characteristic storehouse; Malicious code cloud analysis system comprises feature judgement and querying server, sample storage center, many analysis engines, overall black and white lists, overall malicious act feature database, overall virus characteristic storehouse.Malicious code detects agency's (realizing with software) and is deployed in each host side, implementing safe condition based on local policy detects and behavior monitoring, when finding unknown the threat, send to high in the clouds and detect the Analysis Service request, and carry out respective handling according to the services request result; Malicious code cloud analysis system (realizing with software) is deployed in server end, the services request of response agent end is also carried out the service dispatch distribution, security services such as detecting Analysis Service, unified management service is provided, the collaborative and policy development that realizes many safety analyses engine with issue etc.
A kind of concrete steps of the malicious code analysis method based on cloud computing are:
1. after malicious code detects proxy load, security monitoring engine wherein is according to Local Black white list, behavior pattern storehouse and virus characteristic storehouse, Host Status and behavior are detected, when establishment, operating software or file, agents query Local Black white list, if in list control its behavior according to rule;
2. software or file be not in the Local Black white list, and the security monitoring engine first stops its operation, sends the Analysis Service request that detects, and suspect software or file are calculated after hash value to encryption be uploaded to malicious code cloud analysis system and analyzed;
3., after the judgement of the feature of malicious code cloud analysis system receives request with query engine, the hash value that malicious code detection agency is uploaded is decrypted, and carries out feature judgement and inquiry according to overall black and white lists;
4. if inquire the hash value of deciphering in overall black and white lists, show that this software or file once analyzed in the whole network, center of a sample recorded malice code detection agency with and the software or file hash value information uploaded after, directly will former analysis result and dispose after rule is encrypted and be issued to corresponding malicious code and detect the agency;
5. malicious code detects the agency after the feedback that receives malicious code cloud analysis system, analysis result and disposal rule are decrypted, after deciphering, the killing engine carries out corresponding disposal according to the rule issued, and analysis result and disposal rule are joined to the Local Black white list;
6., if malicious code cloud analysis system whole-network is inquired about unsuccessfully, can detect the agency to malicious code and send the feedback that inquiry is failed, and suspect software or file are uploaded in request;
7. malicious code detects the agency after the request of receiving, encrypts suspect software or file and is uploaded to malicious code cloud analysis system;
8. malicious code cloud analysis system is receiving the file of uploading, after deciphering, at first at the sample storage center, stored, then the many analysis engines based on condition code and behavior are analyzed, upgrade overall black and white lists storehouse according to analysis result, and being issued to corresponding malicious code detection agency according to analysis result and disposal rule, agency's killing engine carries out corresponding disposal according to rule
9. on the basis that malicious code cloud analysis system is analyzed at Massive Sample, the malicious act feature that extraction makes new advances and viral code feature regeneration behavior pattern base and virus characteristic storehouse, after behavior pattern base and the renewal of virus characteristic storehouse, sample in local white list is recalled to detect and analyzed, if discovery is malicious code will notifies corresponding malicious code to detect the killing engine of acting on behalf of and carry out killing.
So far, the malicious code analysis method based on cloud computing, by above every security control measure, has effectively promoted quick identification and the quick disposing capacity of malicious code.
The security feature of combined with virtual machine technology of the present invention mainly has the following advantages:
1. realize quick discovery, express-analysis and fast processing that Host Security threatens
Utilize cloud computing technology by security service, realize that the compatibility of many killings and analysis engine is with collaborative, rely on the powerful data in high in the clouds to process and analysis ability, promote the whole network threat analysis and responding ability, realize the quick discovery that main frame threatens, express-analysis and fast processing, the safety of strong guarantee main frame running environment.
2. improve main frame intrusion detection guard system from protective capacities
The malicious code of core is detected to analytic function and from traditional host side, be separated to high in the clouds, the form with service provides beyond the clouds.Simplified on the one hand the complicacy of host side malicious code analysis software self, minimizing brings potential safety hazard because of himself complicacy, on the other hand kernel service is placed in to high in the clouds, because obtaining the less possibility of being attacked of concrete details, promotes from protective capacities.
The accompanying drawing explanation
The malicious code analysis system schematic of Fig. 1 based on cloud computing
1 malicious code detects the local feature database 8 feature judgements and the overall blacklist of the query engine 9 overall malicious code behavioural characteristic of 10 analysis engine 11 storehouse, the sample storage center 12 overall white list 14 in overall virus characteristic storehouse 13 of agency's 2 malicious code cloud analysis system 3 security monitoring engine 4 killing engine 5 Local Blacks/local behavior pattern base 7 of white list 6
The malicious code analysis System Working Principle schematic diagram of Fig. 1 based on cloud computing
Embodiment
A kind of malicious code analysis system based on cloud computing comprises that malicious code detects agency 1 and malicious code cloud analysis system 2.In order to reduce the impact that brings new security threat and host performance because of the complicacy of self, improve the quick discovery that invasion threatens simultaneously, express-analysis and fast throughput, the main unit malice code analytic system is separated the detection analysis engine of core from host side, the host side malicious code detects 1 function such as reserved state detection, behavior monitoring and killing of agency, and in service end, by malicious code cloud analysis system, the form with network service provides the detection analytic function of required complexity.Wherein malicious code detection agency reason 1 comprises security monitoring engine 3, killing engine 4, Local Black/white list 5, behavior pattern storehouse 6 and virus characteristic storehouse 7; Malicious code cloud analysis system 2 comprises feature judgement and query engine 8, sample storage center 9, many analysis engines 10, overall blacklist 14, overall white list 13, overall malicious act feature database 11, overall virus characteristic storehouse 12.Malicious code detects agency 1 and is deployed in each host side, implements safe condition based on local policy and detects and behavior monitoring, when finding unknown the threat, sends to high in the clouds and detects the Analysis Service request, and carry out respective handling according to the services request result; Main unit malice code cloud analysis system 2 is deployed in server end, the services request of response agent end is also carried out the service dispatch distribution, security services such as detecting Analysis Service, unified management service is provided, the collaborative and policy development that realizes many safety analyses engine with issue etc.
A kind of concrete steps of the malicious code analysis method based on cloud computing are:
1. after malicious code detects agency's 1 loading, security monitoring 3 engines are wherein detected Host Status and behavior according to local knowledge base, when establishment, operating software or file, act on behalf of 1 inquiry Local Black white list 5, if in list control its behavior according to rule;
2. software or file, not in the Local Black white list, first stop its operation, send the Analysis Service request that detects, and suspect software or file are calculated after hash value to encryption are uploaded to malicious code cloud analysis system 2 and are analyzed;
3., after malicious code cloud analysis system 2 receives request, malicious code is detected to agency's 1 hash value of uploading and be decrypted, and carry out feature judgement and inquiry according to overall black and white lists;
4. if inquire the hash value of deciphering in overall black and white lists, show that this software or file once analyzed in the whole network, center of a sample recorded malice code detection agency 1 with and the software or file hash value information uploaded after, directly will former analysis result and dispose after rule is encrypted and be issued to corresponding malicious code and detect agency 1;
5. malicious code detects agency 1 after the feedback that receives malicious code cloud analysis system 2, analysis result and disposal rule are decrypted, after deciphering, killing engine 4 carries out corresponding disposal according to the rule issued, and analysis result and disposal rule are joined to Local Black white list 5;
6., if malicious code cloud analysis system 2 the whole networks are inquired about unsuccessfully, can detect agency 1 to malicious code and send the feedback that inquiry is failed, and suspect software or file are uploaded in request;
7. malicious code detects agency 1 after the request of receiving, encrypts suspect software or file and is uploaded to malicious code cloud analysis system 2;
8. malicious code cloud analysis system 2 is receiving the file of uploading, at first stored 9 at the sample storage center after deciphering, then the many analysis engines 10 based on condition code and behavior are analyzed, upgrade overall blacklist storehouse 14 or white list storehouse 13 according to analysis result, and being issued to corresponding malicious code detection agency 1 according to analysis result and disposal rule, agency's killing engine 4 carries out corresponding disposal according to rule
9. on the basis that malicious code cloud analysis system 2 is analyzed at Massive Sample, the malicious act feature that extraction makes new advances and viral code feature regeneration characteristics storehouse, after feature database upgrades, sample in white list is recalled to detect and analyzed, if discovery is malicious code will notifies corresponding malicious code to detect the killing engine 4 of acting on behalf of 1 and carry out killing.
So far, the malicious code analysis method based on cloud computing, by above every security control measure, has effectively promoted quick identification and the quick disposing capacity of malicious code.
Claims (2)
1. the malicious code analysis system based on cloud computing, is characterized in that: comprise that malicious code detects agency and malicious code cloud analysis system; Wherein malicious code detects to act on behalf of and comprises security monitoring engine, killing engine, Local Black white list, behavior pattern storehouse and virus characteristic storehouse; Malicious code cloud analysis system comprises feature judgement and query engine, sample storage center, many analysis engines, overall black and white lists, overall malicious act feature database, overall virus characteristic storehouse.
2. application rights requires 1 described a kind of malicious code analysis system based on cloud computing, it is characterized in that step is:
1). after malicious code detects proxy load, security monitoring engine wherein is according to Local Black white list, behavior pattern storehouse and virus characteristic storehouse, Host Status and behavior are detected, when establishment, operating software or file, agents query Local Black white list, if in list control its behavior according to rule;
2). software or file be not in the Local Black white list, and the security monitoring engine first stops its operation, sends the Analysis Service request that detects, and suspect software or file are calculated after hash value to encryption be uploaded to malicious code cloud analysis system and analyzed;
3). after the feature judgement of malicious code cloud analysis system receives request with query engine, the hash value that malicious code detection agency is uploaded is decrypted, and carries out feature judgement and inquiry according to overall black and white lists;
4) if. inquire the hash value of deciphering in overall black and white lists, show that this software or file once analyzed in the whole network, center of a sample recorded malice code detection agency with and the software or file hash value information uploaded after, directly will former analysis result and dispose after rule is encrypted and be issued to corresponding malicious code and detect the agency;
5). malicious code detects the agency after the feedback that receives malicious code cloud analysis system, analysis result and disposal rule are decrypted, after deciphering, the killing engine carries out corresponding disposal according to the rule issued, and analysis result and disposal rule are joined to the Local Black white list;
6) if. malicious code cloud analysis system whole-network is inquired about unsuccessfully, can detect the agency to malicious code and send the feedback that inquiry is failed, and suspect software or file is uploaded in request;
7). malicious code detects the agency after the request of receiving, encrypts suspect software or file and is uploaded to malicious code cloud analysis system;
8). malicious code cloud analysis system is receiving the file of uploading, after deciphering, at first at the sample storage center, stored, then the many analysis engines based on condition code and behavior are analyzed, upgrade overall black and white lists storehouse according to analysis result, and being issued to corresponding malicious code detection agency according to analysis result and disposal rule, agency's killing engine carries out corresponding disposal according to rule
9). on the basis that malicious code cloud analysis system is analyzed at Massive Sample, the malicious act feature that extraction makes new advances and viral code feature regeneration behavior pattern base and virus characteristic storehouse, after behavior pattern base and the renewal of virus characteristic storehouse, sample in local white list is recalled to detect and analyzed, if discovery is malicious code will notifies corresponding malicious code to detect the killing engine of acting on behalf of and carry out killing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310398011.5A CN103500305A (en) | 2013-09-04 | 2013-09-04 | System and method for malicious code analysis based on cloud computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310398011.5A CN103500305A (en) | 2013-09-04 | 2013-09-04 | System and method for malicious code analysis based on cloud computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103500305A true CN103500305A (en) | 2014-01-08 |
Family
ID=49865513
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310398011.5A Pending CN103500305A (en) | 2013-09-04 | 2013-09-04 | System and method for malicious code analysis based on cloud computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103500305A (en) |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823871A (en) * | 2014-02-26 | 2014-05-28 | 可牛网络技术(北京)有限公司 | Method and device for searching for software |
| CN103886258A (en) * | 2014-03-10 | 2014-06-25 | 珠海市君天电子科技有限公司 | Method and device for detecting viruses |
| CN103902882A (en) * | 2014-03-18 | 2014-07-02 | 宇龙计算机通信科技(深圳)有限公司 | Terminal and method for protecting user information against leakage |
| CN104021141A (en) * | 2014-05-12 | 2014-09-03 | 北京金山安全软件有限公司 | Method, device and system for data processing and cloud service |
| CN104243470A (en) * | 2014-09-10 | 2014-12-24 | 东软集团股份有限公司 | Cloud searching and killing method and system based on self-adaption classifier |
| CN104700033A (en) * | 2015-03-30 | 2015-06-10 | 北京瑞星信息技术有限公司 | Virus detection method and virus detection device |
| CN104717212A (en) * | 2014-10-21 | 2015-06-17 | 中华电信股份有限公司 | Protection method and system for cloud virtual network security |
| CN104966018A (en) * | 2015-06-18 | 2015-10-07 | 华侨大学 | Windows system-based software program abnormal behavior analysis method |
| CN105376251A (en) * | 2015-12-02 | 2016-03-02 | 华侨大学 | Intrusion detection method and intrusion detection system based on cloud computing |
| CN105897807A (en) * | 2015-01-14 | 2016-08-24 | 江苏博智软件科技有限公司 | Mobile intelligent terminal abnormal code cloud detection method based on behavioral characteristics |
| CN106682508A (en) * | 2016-06-17 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Method and device for searching and killing viruses |
| CN106789844A (en) * | 2015-11-23 | 2017-05-31 | 阿里巴巴集团控股有限公司 | A kind of malicious user recognition methods and device |
| CN107292168A (en) * | 2016-03-30 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Detect method and device, the server of program code |
| CN107634931A (en) * | 2016-07-18 | 2018-01-26 | 深圳市深信服电子科技有限公司 | Processing method, cloud server, gateway and the terminal of abnormal data |
| CN107682333A (en) * | 2017-09-30 | 2018-02-09 | 北京奇虎科技有限公司 | Virtualization safety defense system and method based on cloud computing environment |
| CN107944232A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of design method and system of the Active Defending System Against based on white list technology |
| CN108183920A (en) * | 2018-01-23 | 2018-06-19 | 北京网藤科技有限公司 | A kind of industrial control system malicious code defending system and its defence method |
| CN108804882A (en) * | 2018-06-11 | 2018-11-13 | 北京北信源信息安全技术有限公司 | A kind of copyrighted software detection process method and system |
| CN109379347A (en) * | 2018-09-29 | 2019-02-22 | 成都亚信网络安全产业技术研究院有限公司 | A kind of safety protecting method and equipment |
| WO2019153857A1 (en) * | 2018-02-12 | 2019-08-15 | 北京金山安全软件有限公司 | Asset protection method and apparatus for digital wallet, electronic device, and storage medium |
| CN110417903A (en) * | 2019-08-01 | 2019-11-05 | 广州知弘科技有限公司 | A kind of information processing method and system based on cloud computing |
| CN110781495A (en) * | 2018-12-24 | 2020-02-11 | 哈尔滨安天科技集团股份有限公司 | Internet of things distributed multi-level collaborative malicious code detection method, system and device |
| CN110826069A (en) * | 2019-11-05 | 2020-02-21 | 深信服科技股份有限公司 | Virus processing method, device, equipment and storage medium |
| CN111277601A (en) * | 2020-01-22 | 2020-06-12 | 奇安信科技集团股份有限公司 | Website security monitoring method and system |
| CN112434297A (en) * | 2020-12-29 | 2021-03-02 | 成都立鑫新技术科技有限公司 | Method for detecting mobile phone security in public place |
| CN112507335A (en) * | 2020-11-26 | 2021-03-16 | 中国大唐集团科学技术研究院有限公司 | Thermal power plant industrial control system virus checking and killing implementation method based on edge cloud coordination |
| WO2021129201A1 (en) * | 2019-12-26 | 2021-07-01 | 中科信息安全共性技术国家工程研究中心有限公司 | Intrusion detection method and device based on linux host |
| WO2022012294A1 (en) * | 2020-07-16 | 2022-01-20 | 青岛海尔工业智能研究院有限公司 | Security control method, apparatus and system, electronic device, and storage medium |
| CN114374528A (en) * | 2021-11-24 | 2022-04-19 | 河南中裕广恒科技股份有限公司 | Data security detection method and device, electronic equipment and medium |
| CN114386034A (en) * | 2021-12-21 | 2022-04-22 | 中国电子科技集团公司第三十研究所 | Dynamic iterative multi-engine fusion malicious code detection method, device and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
| CN103106366A (en) * | 2010-08-18 | 2013-05-15 | 北京奇虎科技有限公司 | Dynamic maintenance method of sample database based on cloud |
-
2013
- 2013-09-04 CN CN201310398011.5A patent/CN103500305A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103106366A (en) * | 2010-08-18 | 2013-05-15 | 北京奇虎科技有限公司 | Dynamic maintenance method of sample database based on cloud |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
Non-Patent Citations (1)
| Title |
|---|
| 陈晓天,黄锦,杨满智: "基于移动互联网云-管-端一体化的恶意软件解决及安全防护类产品实现方案", 《第二届全国信息安全等级保护技术大会会议论文集》, 21 June 2013 (2013-06-21), pages 517 - 518 * |
Cited By (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823871A (en) * | 2014-02-26 | 2014-05-28 | 可牛网络技术(北京)有限公司 | Method and device for searching for software |
| CN103886258A (en) * | 2014-03-10 | 2014-06-25 | 珠海市君天电子科技有限公司 | Method and device for detecting viruses |
| CN103902882A (en) * | 2014-03-18 | 2014-07-02 | 宇龙计算机通信科技(深圳)有限公司 | Terminal and method for protecting user information against leakage |
| CN104021141A (en) * | 2014-05-12 | 2014-09-03 | 北京金山安全软件有限公司 | Method, device and system for data processing and cloud service |
| CN104021141B (en) * | 2014-05-12 | 2017-11-10 | 北京金山安全软件有限公司 | Method, device and system for data processing and cloud service |
| CN104243470B (en) * | 2014-09-10 | 2018-04-06 | 东软集团股份有限公司 | Cloud checking and killing method and system based on adaptive classifier |
| CN104243470A (en) * | 2014-09-10 | 2014-12-24 | 东软集团股份有限公司 | Cloud searching and killing method and system based on self-adaption classifier |
| CN104717212A (en) * | 2014-10-21 | 2015-06-17 | 中华电信股份有限公司 | Protection method and system for cloud virtual network security |
| CN104717212B (en) * | 2014-10-21 | 2018-05-11 | 中华电信股份有限公司 | Protection method and system for cloud virtual network security |
| CN105897807A (en) * | 2015-01-14 | 2016-08-24 | 江苏博智软件科技有限公司 | Mobile intelligent terminal abnormal code cloud detection method based on behavioral characteristics |
| CN104700033A (en) * | 2015-03-30 | 2015-06-10 | 北京瑞星信息技术有限公司 | Virus detection method and virus detection device |
| CN104966018A (en) * | 2015-06-18 | 2015-10-07 | 华侨大学 | Windows system-based software program abnormal behavior analysis method |
| CN106789844B (en) * | 2015-11-23 | 2020-06-16 | 阿里巴巴集团控股有限公司 | Malicious user identification method and device |
| CN106789844A (en) * | 2015-11-23 | 2017-05-31 | 阿里巴巴集团控股有限公司 | A kind of malicious user recognition methods and device |
| CN105376251A (en) * | 2015-12-02 | 2016-03-02 | 华侨大学 | Intrusion detection method and intrusion detection system based on cloud computing |
| CN107292168A (en) * | 2016-03-30 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Detect method and device, the server of program code |
| CN106682508A (en) * | 2016-06-17 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Method and device for searching and killing viruses |
| CN107634931A (en) * | 2016-07-18 | 2018-01-26 | 深圳市深信服电子科技有限公司 | Processing method, cloud server, gateway and the terminal of abnormal data |
| CN107682333A (en) * | 2017-09-30 | 2018-02-09 | 北京奇虎科技有限公司 | Virtualization safety defense system and method based on cloud computing environment |
| CN107682333B (en) * | 2017-09-30 | 2022-02-25 | 北京奇虎科技有限公司 | Virtualization security defense system and method based on cloud computing environment |
| CN107944232A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of design method and system of the Active Defending System Against based on white list technology |
| CN108183920A (en) * | 2018-01-23 | 2018-06-19 | 北京网藤科技有限公司 | A kind of industrial control system malicious code defending system and its defence method |
| WO2019153857A1 (en) * | 2018-02-12 | 2019-08-15 | 北京金山安全软件有限公司 | Asset protection method and apparatus for digital wallet, electronic device, and storage medium |
| CN108804882A (en) * | 2018-06-11 | 2018-11-13 | 北京北信源信息安全技术有限公司 | A kind of copyrighted software detection process method and system |
| CN109379347B (en) * | 2018-09-29 | 2021-03-23 | 成都亚信网络安全产业技术研究院有限公司 | Safety protection method and equipment |
| CN109379347A (en) * | 2018-09-29 | 2019-02-22 | 成都亚信网络安全产业技术研究院有限公司 | A kind of safety protecting method and equipment |
| CN110781495A (en) * | 2018-12-24 | 2020-02-11 | 哈尔滨安天科技集团股份有限公司 | Internet of things distributed multi-level collaborative malicious code detection method, system and device |
| CN110417903A (en) * | 2019-08-01 | 2019-11-05 | 广州知弘科技有限公司 | A kind of information processing method and system based on cloud computing |
| CN111556165A (en) * | 2019-08-01 | 2020-08-18 | 广州知弘科技有限公司 | Information processing method and system based on cloud computing |
| CN110826069A (en) * | 2019-11-05 | 2020-02-21 | 深信服科技股份有限公司 | Virus processing method, device, equipment and storage medium |
| WO2021129201A1 (en) * | 2019-12-26 | 2021-07-01 | 中科信息安全共性技术国家工程研究中心有限公司 | Intrusion detection method and device based on linux host |
| CN111277601A (en) * | 2020-01-22 | 2020-06-12 | 奇安信科技集团股份有限公司 | Website security monitoring method and system |
| CN111277601B (en) * | 2020-01-22 | 2023-02-21 | 奇安信科技集团股份有限公司 | Website security monitoring method and system |
| WO2022012294A1 (en) * | 2020-07-16 | 2022-01-20 | 青岛海尔工业智能研究院有限公司 | Security control method, apparatus and system, electronic device, and storage medium |
| CN114024697A (en) * | 2020-07-16 | 2022-02-08 | 青岛海尔工业智能研究院有限公司 | Security control method, device, system, electronic device, and storage medium |
| CN112507335A (en) * | 2020-11-26 | 2021-03-16 | 中国大唐集团科学技术研究院有限公司 | Thermal power plant industrial control system virus checking and killing implementation method based on edge cloud coordination |
| CN112434297A (en) * | 2020-12-29 | 2021-03-02 | 成都立鑫新技术科技有限公司 | Method for detecting mobile phone security in public place |
| CN112434297B (en) * | 2020-12-29 | 2024-02-20 | 成都立鑫新技术科技有限公司 | Method for detecting safety of mobile phone in public place |
| CN114374528A (en) * | 2021-11-24 | 2022-04-19 | 河南中裕广恒科技股份有限公司 | Data security detection method and device, electronic equipment and medium |
| CN114386034A (en) * | 2021-12-21 | 2022-04-22 | 中国电子科技集团公司第三十研究所 | Dynamic iterative multi-engine fusion malicious code detection method, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103500305A (en) | System and method for malicious code analysis based on cloud computing | |
| US10893068B1 (en) | Ransomware file modification prevention technique | |
| KR100942456B1 (en) | Method for detecting and protecting ddos attack by using cloud computing and server thereof | |
| US8966249B2 (en) | Data security and integrity by remote attestation | |
| US10432650B2 (en) | System and method to protect a webserver against application exploits and attacks | |
| CN105580022A (en) | Systems and methods for using a reputation indicator to facilitate malware scanning | |
| US11032311B2 (en) | Methods for detecting and mitigating malicious network activity based on dynamic application context and devices thereof | |
| KR20180097527A (en) | Dual Memory Introspection to Protect Multiple Network Endpoints | |
| US9690598B2 (en) | Remotely establishing device platform integrity | |
| CN104871484A (en) | System and method for an endpoint hardware assisted network firewall in a security environment | |
| EP3531324B1 (en) | Identification process for suspicious activity patterns based on ancestry relationship | |
| Man et al. | A collaborative intrusion detection system framework for cloud computing | |
| CN105378745A (en) | Disabling and initiating nodes based on security issue | |
| CN113497786B (en) | Evidence collection and tracing method, device and storage medium | |
| Mudgerikar et al. | Edge-based intrusion detection for IoT devices | |
| CN107231364B (en) | Website vulnerability detection method and device, computer device and storage medium | |
| Park et al. | Ransomware-based cyber attacks: A comprehensive survey | |
| US20210058414A1 (en) | Security management method and security management apparatus | |
| CN113472789A (en) | Attack detection method, attack detection system, storage medium and electronic equipment | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| WO2014209889A1 (en) | System and method for antivirus protection | |
| Araújo et al. | Virtualization in intrusion detection systems: a study on different approaches for cloud computing environments | |
| KR20130033161A (en) | Intrusion detection system for cloud computing service | |
| Naaz et al. | Enhancement of network security through intrusion detection | |
| JP2021077373A (en) | Threat detection method and computer device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140108 |