CN103678997A - System safety check method and device - Google Patents

System safety check method and device Download PDF

Info

Publication number
CN103678997A
CN103678997A CN201210314091.7A CN201210314091A CN103678997A CN 103678997 A CN103678997 A CN 103678997A CN 201210314091 A CN201210314091 A CN 201210314091A CN 103678997 A CN103678997 A CN 103678997A
Authority
CN
China
Prior art keywords
virus
report
client
environments
system environments
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210314091.7A
Other languages
Chinese (zh)
Other versions
CN103678997B (en
Inventor
尚鸿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201210314091.7A priority Critical patent/CN103678997B/en
Publication of CN103678997A publication Critical patent/CN103678997A/en
Application granted granted Critical
Publication of CN103678997B publication Critical patent/CN103678997B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Abstract

The invention relates to a system safety check method and device. The method includes the first step of establishing a typical system environmental problem and virus database and a system problem and virus report library corresponding to the typical system environmental problem and virus database, wherein the typical system environmental problem and virus database comprises a plurality of typical system environmental problems and viruses, the second step of receiving relevant information of system environments and virus states, reported by a system, about a client side, the third step of computing the similarity between the relevant information of the system environments and virus states reported by the system and the typical system environmental problems and viruses, and selecting the typical system environmental problems and viruses whose similarity exceeds the preset similarity, the fourth step of searching for corresponding system problems and virus reports in the system problem and virus report library according to the selected typical system environmental problems and viruses, and the fifth step of recommending the searched system problems and virus reports to the client side. The system safety check method and device can be used for improving credibility of a user on system safety check results, improving user stickiness, and helping the user to know basic system safety knowledge.

Description

Security of system inspection method and device
Technical field
The present invention relates to field of computer technology, particularly relate to a kind of security of system inspection method and device.
Background technology
Existing system security classes software is when carrying out computer killing, only show check result and killing suggestion, may there is any virus in the running status that is computer, whether advise killing etc., although can meet user's inspection computer risk and the demand of safeguards system safety, but inconvenient user understands the accuracy of this result, the route of transmission, disposal route etc. of the principle of every check result, virus.
Summary of the invention
The object of the invention is to, a kind of security of system inspection method is provided, can increase user to the degree of belief of security of system check result, raising user stickiness, help user to understand basic security of system knowledge.
The object of the invention to solve the technical problems realizes by the following technical solutions.
A security of system inspection method, comprising: set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral; Receiving system report about the system environments of client and the relevant information of Virus State; The system environments reporting described in calculating and the relevant information of Virus State and described a plurality of typical system environments problem and viral similarity, selected similarity surpasses the typical system environments problem and virus of predetermined similarity; According to selected typical system environments problem, searching corresponding system problem with virus in described system problem and virus report storehouse reports with virus; To described client, recommend the system problem and virus report that find.
A kind of security of system testing fixture, comprise: set up module, for set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise a plurality of typical system environments problems and viral; Receiver module, for receiving system, report about the system environments of client and the relevant information of Virus State; Computing module, for the relevant information of the system environments that reports described in calculating and Virus State and described a plurality of typical system environments problem and viral similarity, selected similarity surpasses the typical system environments problem and virus of predetermined similarity; Search module, for searching corresponding system problem and virus report according to selected typical system environments problem and virus in described system problem and virus report storehouse; Recommending module, for system problem and the virus report of recommending to find to described client.
Security of system inspection method proposed by the invention and device can automatic analysis client system problem and viral environment, by analytic system, report about the system environments of client and the relevant information of Virus State, mate with virus report storehouse with the representative system environment problem of prior foundation and virus base and the system problem corresponding with it, to user, recommend corresponding system problem and virus report, not only can increase the degree of belief of user to security of system check result, improve user's stickiness, also can help user learning to understand basic security of system knowledge.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of instructions, and for above and other object of the present invention, feature and advantage can be become apparent, below especially exemplified by preferred embodiment, and coordinate accompanying drawing, be described in detail as follows.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the security of system inspection method in first embodiment of the invention.
Fig. 2 is the schematic flow sheet of the security of system inspection method in second embodiment of the invention.
Fig. 3 is the schematic flow sheet of the security of system inspection method in third embodiment of the invention.
Fig. 4 is the structural representation of the security of system testing fixture in fourth embodiment of the invention.
Fig. 5 is the structural representation of the security of system testing fixture in fifth embodiment of the invention.
Fig. 6 is the structural representation of the security of system testing fixture in sixth embodiment of the invention.
Embodiment
For further setting forth the present invention, reach technological means and the effect that predetermined goal of the invention is taked, below in conjunction with accompanying drawing and preferred embodiment, to the security of system inspection method proposing according to the present invention and install its embodiment, method, step, structure, feature and effect thereof, be described in detail as follows.
Relevant aforementioned and other technology contents of the present invention, Characteristic can be known and present in the following detailed description coordinating with reference to graphic preferred embodiment.By the explanation of embodiment, when can be to reach technological means and the effect that predetermined object takes to be able to more deeply and concrete understanding to the present invention, yet appended graphic being only to provide with reference to the use with explanation be not used for the present invention to be limited.
The first embodiment
Fig. 1 is the schematic flow sheet of the security of system inspection method of first embodiment of the invention.Please refer to Fig. 1, the security of system inspection method in the embodiment of the present invention comprises:
Step S 11: set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral.
Representative system environment problem and virus base can obtain by historical data, can be also some the typical system environments problems and virus that rule of thumb obtain.Described representative system environment problem and virus base comprise a plurality of typical system environments problems and virus.
Concrete, in step S 11, described representative system environment problem and virus base can be set up according to classification classification.For example described representative system environment problem and virus base are divided into system environments problem base and virus base.System environments problem base can be divided into again a plurality of problem word banks, for example: system has installed that ad plug-in, IE option are set up, black file appears in system startup item, system service item is abnormal etc.Virus base also can be divided into a plurality of viral word banks, such as leading viruses word bank, File Infector Virus word bank, multipartite virus word bank, macrovirus word bank, trojan horse word bank, worm-type virus word bank and other virion storehouse etc.Each corresponding problem word bank can correspondingly arrange a label with viral word bank.Label is used for marking some key messages, is similar to key word.As Trojan for stealing numbers virus word bank, its label can be set to " steal-number ", " wooden horse " etc.For example, representative system environment problem and virus base classification can be established as to system environments problem base and virus base as shown in Table 1:
Table one
Figure BDA00002075685000041
System problem reports that with virus storehouse is typical system environments problem and viral generation the in corresponding representative system environment problem and virus base, comprises system problem report and viral report.System problem report is the file for descriptive system abnormal occurrence, comprises the title of system exception, reason, performance, harm and restorative procedure etc.For example: domain name mapping file (host file) is modified, in the time of may causing accessing normal webpage, be automatically jumped to other incredible IP addresses, can wait and repair with QQ computer house keeper.Virus report is for describing the file of Virus Info.Comprise viral title, principle, phenomenon, route of transmission, harm, disposal route etc.Virus report can also be extracted keyword wherein as label.For example, report content about grey pigeon trojan horse can comprise following information: grey pigeon trojan horse injects virus for serving starting up's item by edit the registry, in the unwitting situation of user, connect hacker's specified sites, cause user's personal information stolen, can use computer house keeper to carry out killing etc.Table two is depicted as the virus report example of shock wave virus:
Table two
Step S12: receiving system report about the system environments of client and the relevant information of Virus State.
Security of system software, when client is carried out to security of system inspection or checking and killing virus, can be analyzed automatically to the system environments of client, comprises startup item, IE, system service, desktop, the start menu of system and starts fast hurdle etc.By to these inspection and scanning, security of system software can obtain the information such as the system environments of client and Virus State.System environments refers to the system information of privacy, comprises system startup item, system vulnerability etc.The viral situation that the system that refers to Virus State has infected and due to the unreasonable security of system hidden danger that may cause being set.Security of system software, after obtaining about the system environments of client and the relevant information of Virus State, reports backstage by these relevant informations, is preferably cloud backstage in the present invention.These relevant informations comprise event, analyzing spot, abnormal problem, possibility virus and label etc., as shown in Table 3:
Table three
Figure BDA00002075685000061
Step S13: the system environments reporting described in calculating and the relevant information of Virus State and described a plurality of typical system environments problem and viral similarity, selected similarity surpasses the typical system environments problem and virus of predetermined similarity.
Cloud backstage is after receiving the relevant information of system environments that system software client reports and Virus State, according to the information content and label, a plurality of typical system environments problem of storing in calculating and cloud backstage and viral similarity, selected similarity surpasses the typical system environments problem of predetermined similarity with viral.Predetermined similarity can be selected according to actual environment and user's request.The calculating of similarity can adopt several different methods, as text matches, and cosine similarity etc.
Step S14: search corresponding system problem with virus according to selected typical system environments problem in described system problem and virus report storehouse and report with virus.
Cloud backstage after selected similarity surpasses the typical system environments problem and virus of predetermined similarity, system problem with in virus report storehouse, search out and selected system environments problem and viral corresponding system problem and system problem and viral report.
Step S15: recommend the system problem finding to report with virus to described client.
The system problem that cloud backstage finds previous step is recommended user with virus report.Consider not to be the demand that all users have reading report, so can complete in optional mode.After the result that provides computer inspection, provide and recommend user to read the detailed report for scanning result.
Security of system inspection method in the present embodiment can automatic analysis client system problem and viral environment, by analytic system, report about the system environments of client and the relevant information of Virus State, mate with virus report storehouse with the representative system environment problem of prior foundation and virus base and the system problem corresponding with it, to user, recommend corresponding system problem and virus report, not only can increase user to the degree of belief of security of system check result, raising user stickiness, also can help user learning to understand basic security of system knowledge.
The second embodiment
Fig. 2 is the schematic flow sheet of the security of system inspection method of second embodiment of the invention.Please refer to Fig. 2, the security of system inspection method in the embodiment of the present invention comprises:
Step S21: set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral.This step as hereinbefore, repeats no more here.
Step S22: receiving system report about the system environments of client and the relevant information of Virus State.This step as hereinbefore, repeats no more here.
In the present embodiment, after step S22, further comprise:
Step S23: feed back to described representative system environment problem and virus base and upgrade described representative system environment problem and virus base about the system environments of client and the relevant information of Virus State what report.
Step S24: upgrade the system problem corresponding with it and virus report storehouse according to the representative system environment problem of upgrading and virus base.
By step S23 and step S24, can constantly update representative system environment problem and the virus report storehouse of improving cloud backstage, be convenient to follow-up recommendation.
Step S25: the system environments reporting described in calculating and the relevant information of Virus State and described a plurality of typical system environments problem and viral similarity, selected similarity surpasses the typical system environments problem and virus of predetermined similarity.
In the present embodiment, step S25 comprises:
Step S251: by the relevant information vector quantization of the described system environments reporting and Virus State.
By the relevant information vector quantization of the system environments reporting and Virus State: n=(n 1, n 2..., n i), wherein, (n 1, n 2..., n i) event in the relevant information that can represent to report, analyzing spot, abnormal problem, may virus and label etc.
Step S252: by described typical system environments problem and Virus Info vector quantization.
By described typical system environments problem and Virus Info vector quantization: m=(m 1, m 2..., m i), (m wherein 1, m 2..., m i) can represent word bank, virus item, viral subitem, Virus Name and label etc. in representative system environment problem and virus base.
The relevant information of the above-mentioned system environments reporting and Virus State is corresponding one by one with the respective items of Virus Info with typical system environments problem.Label can length differ.For example: reported event and word bank are corresponding, analyzing spot and a virus correspondence, abnormal problem and viral subitem are corresponding, possibility virus and Virus Name correspondence etc.
Step S253: the described typical system environments problem after the system environments reporting described in after compute vectors and the relevant information of Virus State and vector quantization and the cosine similarity of Virus Info.
Cosine similarity is a kind of measure that is used for calculating two similarities between vector.General calculate two vectorial angles, when two vector angles more hour, its cosine value is larger, similarity is higher, otherwise when angle is larger, its cosine value is less, similarity is lower.When two vector angles are 90 °, think that two vectors are uncorrelated.Cosine similarity can be used for calculating the similarity of document.
Described typical system environments problem after the system environments reporting described in after vector quantization and the relevant information of Virus State and vector quantization and the cosine similarity of Virus Info are:
S = < n , m > | | n | | * | | m | | = &Sigma; n i m i &Sigma; n i 2 &Sigma; m i 2 , S∈[0,1]
The value of S is larger, and both similarities of surface are higher, otherwise similarity is lower.
During due to vector quantization, be difficult to determine the size of each component, a kind of way is the complete or collected works of each component of structure, and this component is expanded to a multi-C vector.Various probable values because the complete or collected works of each component comprise this component, are then used full matching process: if a dimension of this component can be mated, it is 1 that this dimension is set, and other dimension is 0.
Table one take below as example explanation, for word bank, may have system and two kinds of situations of virus: m 1=<m 11, m 12>; May there are IE option, system startup item, trojan horse, 4 kinds of situations of worm-type virus in virus: m 2=<m 21, m 22, m 23, m 24>; Virus subitem may exist IE homepage to distort etc. 10: m 3=<m 31, m 32..., m 310>; Virus Name may exist 10, m 4=<m 41, m 42..., m 410>; Suppose that label exists 20 kinds, m 5=<m 51, m 52..., m 520>.For example, for Net silver wooden horse, its vectorizable value is: m=<0, and 1,0,0,1,0 ..., 1,0,0,1 ... >.
The system environments reporting with same method vectorization and the relevant information of Virus State, suppose that the vector obtaining is (length is 50): n=<0,1,0,0,1,0 ..., 1,1,1,1 ... >, both similarities are S = ( 1 * 1 + 1 * 1 + 1 * 1 + 1 * 1 ) / ( 4 * 6 ) = 0.816 .
Step S254: selected cosine similarity surpasses the typical system environments problem and virus of predetermined similarity.
Step S26: search corresponding system problem with virus according to selected typical system environments problem in described system problem and virus report storehouse and report with virus.This step as hereinbefore, repeats no more here.
Step S27: recommend the system problem finding to report with virus to described client.This step as hereinbefore, repeats no more here.
Security of system inspection method in the present embodiment can automatic analysis client system problem and viral environment, by analytic system, report about the system environments of client and the relevant information of Virus State, mate with virus report storehouse with the representative system environment problem of prior foundation and virus base and the system problem corresponding with it, to user, recommend corresponding system problem and virus report, not only can increase user to the degree of belief of security of system check result, raising user stickiness, also can help user learning to understand basic security of system knowledge.
The 3rd embodiment
Fig. 3 is the schematic flow sheet of the security of system inspection method of third embodiment of the invention.Please refer to Fig. 3, the security of system inspection method in the embodiment of the present invention comprises:
Step S31: set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral.This step as hereinbefore, repeats no more here.
Step S32: receiving system report about the system environments of client and the relevant information of Virus State.This step as hereinbefore, repeats no more here.
Step S33: the system environments reporting described in calculating and the relevant information of Virus State and described a plurality of typical system environments problem and viral similarity, selected similarity surpasses the typical system environments problem and virus of predetermined similarity.This step as hereinbefore, repeats no more here.
Step S34: search corresponding system problem with virus according to selected typical system environments problem in described system problem and virus report storehouse and report with virus.This step as hereinbefore, repeats no more here.
Step S35: recommend the system problem finding to report with virus to described client.This step as hereinbefore, repeats no more here.
In the present embodiment, after step S35, also further comprise:
Step S36: judge whether described client needs to show the system problem and virus report finding, if needed, show in client the system problem and virus report finding.
In the present embodiment, user is recommended by the system problem finding and virus report in cloud backstage.Consider not to be the demand that all users have reading report, so complete in optional mode.If user selects to read, in client, show the system problem and virus report finding.
Step S37: the request of described system problem and virus report being evaluated to client initiation.
In client, show when the system problem finding is reported with virus and can initiate the request that evaluate described system problem and virus report to client.Evaluation can comprise measurable reading feedback, for example, comprise: intelligibility (whether facilitating user to understand), and validity (user is taken precautions against to problems and whether use help) and overall assessment: as star evaluation, mark evaluation etc.
Step S38: receive the evaluation with virus report to described system problem of client feedback.
Step S39: received evaluation is fed back to described system problem and improve described system problem and virus report storehouse with virus report storehouse and according to evaluation.
Preferably, can adopt the synthesis result of similarity result and user's evaluation as the foundation of recommending report to user.As the star of establishing user is evaluated as 1-5 stars, for normalization mark, be designated as c=[0.20.4 0.6 0.8 1.0]
Recommendation index is: R=(1-α) S+ α c
Wherein α, for recommending factor of influence, shows that user evaluates the impact on recommending.This parameter can be determined by operation and the data analysis situation of system software.
As the shock wave virus in table two, its report scoring is 4 stars.If recommending factor of influence is 0.1, recommend index to be:
R=(1-α)*0.816+α*0.8=(1-0.8)*0.816+0.8*0.1=0.814
Client, after reading the report of recommending on cloud backstage, provides certain scoring.Cloud backstage after obtaining this evaluation, according to the quantity of reading, measurable feedback, the welcome degree of analysis report, will evaluate report that degree of recognition is higher as preferentially recommend user in the situation that meeting similarity.Meanwhile, constantly the system environments problem on modification and perfection cloud backstage and system problem and virus report storehouse, be convenient to follow-up recommendation.
Security of system inspection method in the present embodiment can automatic analysis client system problem and viral environment, by analytic system, report about the system environments of client and the relevant information of Virus State, mate with virus report storehouse with the representative system environment problem of prior foundation and virus base and the system problem corresponding with it, to user, recommend corresponding system problem and virus report, not only can increase user to the degree of belief of security of system check result, raising user stickiness, also can help user learning to understand basic security of system knowledge.
The 4th embodiment
Fig. 4 is the structural representation of the security of system testing fixture of fourth embodiment of the invention.Please refer to Fig. 4, the security of system testing fixture 40 in the embodiment of the present invention comprises: set up module 41, receiver module 42, computing module 43, search module 44, recommending module 45.
Wherein, set up module 41 for set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral.Receiver module 42 for receiving system, report about the system environments of client and the relevant information of Virus State.Computing module 43 is for the relevant information of the system environments that reports described in calculating and Virus State and described a plurality of typical system environments problem and viral similarity, and selected similarity surpasses the typical system environments problem and virus of predetermined similarity.Search module 44 for searching corresponding system problem and virus report according to selected typical system environments problem and virus in described system problem and virus report storehouse.The system problem and virus report of recommending module 45 for recommending to find to described client.
Security of system testing fixture in the present embodiment can automatic analysis client system problem and viral environment, by analytic system, report about the system environments of client and the relevant information of Virus State, mate with virus report storehouse with the representative system environment problem of prior foundation and virus base and the system problem corresponding with it, to user, recommend corresponding system problem and virus report, not only can increase user to the degree of belief of security of system check result, raising user stickiness, also can help user learning to understand basic security of system knowledge.
The 5th embodiment
Fig. 5 is the structural representation of the security of system testing fixture of fifth embodiment of the invention.Please refer to Fig. 5, the security of system testing fixture 50 in the embodiment of the present invention comprises: set up module 51, receiver module 52, computing module 53, search module 54, recommending module 55.
Wherein, set up module 51 for set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral.Receiver module 52 for receiving system, report about the system environments of client and the relevant information of Virus State.Computing module 53 is for the relevant information of the system environments that reports described in calculating and Virus State and described a plurality of typical system environments problem and viral similarity, and selected similarity surpasses the typical system environments problem and virus of predetermined similarity.Search module 54 for searching corresponding system problem and virus report according to selected typical system environments problem and virus in described system problem and virus report storehouse.The system problem and virus report of recommending module 55 for recommending to find to described client.
In the present embodiment, described receiver module 52 comprises: the first update module 521, for feeding back to described representative system environment problem and virus base and upgrade described representative system environment problem and virus base about the system environments of client and the relevant information of Virus State what reporting; The second update module 522, for upgrading the system problem corresponding with it and virus report storehouse according to the representative system environment problem of upgrading and virus base.
In the present embodiment, described computing module 53 comprises: the first vector quantization module 531, for by the relevant information vector quantization of the described system environments reporting and Virus State; The second vector quantization module 532, for by described typical system environments problem and Virus Info vector quantization; Cosine similarity calculation module 533, for the system environments that reports described in after compute vectors and relevant information and the described typical system environments problem after vector quantization and the cosine similarity of Virus Info of Virus State; Chosen module 534, surpasses the typical system environments problem of predetermined similarity with viral for selected cosine similarity.
Security of system testing fixture in the present embodiment can automatic analysis client system problem and viral environment, by analytic system, report about the system environments of client and the relevant information of Virus State, mate with virus report storehouse with the representative system environment problem of prior foundation and virus base and the system problem corresponding with it, to user, recommend corresponding system problem and virus report, not only can increase user to the degree of belief of security of system check result, raising user stickiness, also can help user learning to understand basic security of system knowledge.
The 6th embodiment
Fig. 6 is the structural representation of the security of system testing fixture of sixth embodiment of the invention.Please refer to Fig. 6, the security of system testing fixture 60 in the embodiment of the present invention comprises: set up module 61, receiver module 62, computing module 63, search module 64, recommending module 65.
Wherein, set up module 61 for set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral.Receiver module 62 for receiving system, report about the system environments of client and the relevant information of Virus State.Computing module 63 is for the relevant information of the system environments that reports described in calculating and Virus State and described a plurality of typical system environments problem and viral similarity, and selected similarity surpasses the typical system environments problem and virus of predetermined similarity.Search module 64 for searching corresponding system problem and virus report according to selected typical system environments problem and virus in described system problem and virus report storehouse.The system problem and virus report of recommending module 65 for recommending to find to described client.
In the present embodiment, security of system testing fixture 60 further comprises: judgement execution module 66, for judging whether described client needs to show the system problem and virus report finding, if needed, in client, show the system problem and virus report finding; Request initiation module 67, for the request of initiating described system problem and virus report to evaluate to client; Evaluate receiver module 68, for receiving the evaluation with virus report to described system problem of client feedback; Feedback update module 69, improves described system problem and virus report storehouse for received evaluation being fed back to described system problem with virus report storehouse and according to evaluation.
Security of system testing fixture in the present embodiment can automatic analysis client system problem and viral environment, by analytic system, report about the system environments of client and the relevant information of Virus State, mate with virus report storehouse with the representative system environment problem of prior foundation and virus base and the system problem corresponding with it, to user, recommend corresponding system problem and virus report, not only can increase user to the degree of belief of security of system check result, raising user stickiness, also can help user learning to understand basic security of system knowledge.
It should be noted that, each embodiment in this instructions all adopts the mode of going forward one by one to describe, and each embodiment stresses is the difference with other embodiment, between each embodiment identical similar part mutually referring to.For device class embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part is referring to the part explanation of embodiment of the method.
It should be noted that, in this article, relational terms such as the first and second grades is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply and between these entities or operation, have the relation of any this reality or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby the process, method, article or the device that make to comprise a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or be also included as the intrinsic key element of this process, method, article or device.The in the situation that of more restrictions not, the key element being limited by statement " comprising ... ", and be not precluded within process, method, article or the device that comprises described key element and also have other identical element.
One of ordinary skill in the art will appreciate that all or part of step that realizes above-described embodiment can complete by hardware, also can come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium of mentioning can be ROM (read-only memory), disk or CD etc.
The above, it is only preferred embodiment of the present invention, not the present invention is done to any pro forma restriction, although the present invention discloses as above with preferred embodiment, yet not in order to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, when can utilizing the technology contents of above-mentioned announcement to make a little change or being modified to the equivalent embodiment of equivalent variations, in every case be not depart from technical solution of the present invention content, any simple modification of above embodiment being done according to technical spirit of the present invention, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.

Claims (10)

1. a security of system inspection method, is characterized in that, comprising:
Set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral;
Receiving system report about the system environments of client and the relevant information of Virus State;
The system environments reporting described in calculating and the relevant information of Virus State and described a plurality of typical system environments problem and viral similarity, selected similarity surpasses the typical system environments problem and virus of predetermined similarity;
According to selected typical system environments problem, searching corresponding system problem with virus in described system problem and virus report storehouse reports with virus;
To described client, recommend the system problem and virus report that find.
2. the method for claim 1, is characterized in that, the step about the system environments of client and the relevant information of Virus State that described receiving system reports comprises:
By what report, about the system environments of client and the relevant information of Virus State, feed back to described representative system environment problem and virus base and upgrade described representative system environment problem and virus base;
According to the representative system environment problem of upgrading and virus base, upgrade the system problem corresponding with it and virus report storehouse.
3. the method for claim 1, is characterized in that, the step of the system environments reporting described in described calculating and the relevant information of Virus State and described a plurality of typical system environments problem and viral similarity comprises:
By the relevant information vector quantization of the described system environments reporting and Virus State;
By described typical system environments problem and Virus Info vector quantization;
Described typical system environments problem after the system environments reporting described in after compute vectors and the relevant information of Virus State and vector quantization and the cosine similarity of Virus Info;
Selected cosine similarity surpasses the typical system environments problem and virus of predetermined similarity.
4. the method for claim 1, is characterized in that, after the step of the described system problem finding to described client recommendation and virus report, comprises:
Judge whether described client needs to show the system problem and virus report finding, if needed, in client, show the system problem and virus report finding.
5. method as claimed in claim 4, is characterized in that, after the step of the described system problem finding in client demonstration and virus report, comprises:
To client, initiate the request that described system problem and virus report are evaluated;
Receive the evaluation with virus report to described system problem of client feedback;
Received evaluation is fed back to described system problem and with virus report storehouse and according to evaluation, improve described system problem and virus report storehouse.
6. a security of system testing fixture, is characterized in that, comprising:
Set up module, for set up representative system environment problem and virus base and with it corresponding system problem and virus report storehouse, described representative system environment problem and virus base comprise that a plurality of typical system environments problems are with viral;
Receiver module, for receiving system, report about the system environments of client and the relevant information of Virus State;
Computing module, for the relevant information of the system environments that reports described in calculating and Virus State and described a plurality of typical system environments problem and viral similarity, selected similarity surpasses the typical system environments problem and virus of predetermined similarity;
Search module, for searching corresponding system problem and virus report according to selected typical system environments problem and virus in described system problem and virus report storehouse;
Recommending module, for system problem and the virus report of recommending to find to described client.
7. device as claimed in claim 6, is characterized in that, described receiver module comprises:
The first update module, for feeding back to described representative system environment problem and virus base and upgrade described representative system environment problem and virus base about the system environments of client and the relevant information of Virus State what reporting;
The second update module, for upgrading the system problem corresponding with it and virus report storehouse according to the representative system environment problem of upgrading and virus base.
8. device as claimed in claim 6, is characterized in that, described computing module comprises:
The first vector quantization module, for by the relevant information vector quantization of the described system environments reporting and Virus State;
The second vector quantization module, for by described typical system environments problem and Virus Info vector quantization;
Cosine similarity calculation module, for the system environments that reports described in after compute vectors and relevant information and the described typical system environments problem after vector quantization and the cosine similarity of Virus Info of Virus State;
Chosen module, surpasses the typical system environments problem of predetermined similarity with viral for selected cosine similarity.
9. device as claimed in claim 6, is characterized in that, described device further comprises:
Judgement execution module, for judging whether described client needs to show the system problem and virus report finding, if needed, shows in client the system problem and virus report finding.
10. device as claimed in claim 9, is characterized in that, described device further comprises:
Request initiation module, for the request of initiating described system problem and virus report to evaluate to client;
Evaluate receiver module, for receiving the evaluation with virus report to described system problem of client feedback;
Feedback update module, improves described system problem and virus report storehouse for received evaluation being fed back to described system problem with virus report storehouse and according to evaluation.
CN201210314091.7A 2012-08-30 2012-08-30 System safety check method and device Active CN103678997B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210314091.7A CN103678997B (en) 2012-08-30 2012-08-30 System safety check method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210314091.7A CN103678997B (en) 2012-08-30 2012-08-30 System safety check method and device

Publications (2)

Publication Number Publication Date
CN103678997A true CN103678997A (en) 2014-03-26
CN103678997B CN103678997B (en) 2017-12-01

Family

ID=50316514

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210314091.7A Active CN103678997B (en) 2012-08-30 2012-08-30 System safety check method and device

Country Status (1)

Country Link
CN (1) CN103678997B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346928B1 (en) * 2000-12-01 2008-03-18 Network Appliance, Inc. Decentralized appliance virus scanning
CN101281571A (en) * 2008-04-22 2008-10-08 白杰 Method for defending unknown virus program
CN101621511A (en) * 2009-06-09 2010-01-06 北京安天电子设备有限公司 Multilayer detecting method without local virus library and multilayer detecting system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346928B1 (en) * 2000-12-01 2008-03-18 Network Appliance, Inc. Decentralized appliance virus scanning
CN101281571A (en) * 2008-04-22 2008-10-08 白杰 Method for defending unknown virus program
CN101621511A (en) * 2009-06-09 2010-01-06 北京安天电子设备有限公司 Multilayer detecting method without local virus library and multilayer detecting system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
方志鹤: "恶意代码分类的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
朱红斌 等: "基于进化半监督模糊聚类算法的病毒检测研究", 《计算技术与自动化》 *

Also Published As

Publication number Publication date
CN103678997B (en) 2017-12-01

Similar Documents

Publication Publication Date Title
Narayanan et al. A multi-view context-aware approach to Android malware detection and malicious code localization
US11625407B2 (en) Website scoring system
CN106295333B (en) method and system for detecting malicious code
Jimenez et al. Vulnerability prediction models: A case study on the linux kernel
US20130110828A1 (en) Tenantization of search result ranking
US20150242515A1 (en) Mining Security Vulnerabilities Available from Social Media
CN109714341A (en) A kind of Web hostile attack identification method, terminal device and storage medium
WO2014021866A1 (en) Vulnerability vector information analysis
US20200097587A1 (en) Machine learning detection of database injection attacks
US20150213272A1 (en) Conjoint vulnerability identifiers
US10783175B2 (en) Expanding search queries using query term weighting
CN111343154A (en) Vulnerability detection method and device, terminal equipment and storage medium
CN105095769A (en) Information service software vulnerability detection method
CN110110527A (en) A kind of discovery method of loophole component, discovery device, computer installation and storage medium
CN106126412A (en) The automatic Evaluation and Optimization of code quality based on Android API operating specification
Bao et al. Automated android application permission recommendation
CN113961930A (en) SQL injection vulnerability detection method and device and electronic equipment
Liu et al. Automatic, highly accurate app permission recommendation
CN115061874A (en) Log information verification method, device, equipment and medium
CN116932406A (en) Component detection method, device, terminal equipment and storage medium
CN107704377B (en) Method for detecting second-order taint propagation type loophole
CN111753149A (en) Sensitive information detection method, device, equipment and storage medium
US20180025359A1 (en) Customer journey optimized pre-fetching
CN103678997A (en) System safety check method and device
CN102622379A (en) Real name detection method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230712

Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors

Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd.

Address before: 2, 518044, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District

Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

TR01 Transfer of patent right