CN103678997B - System safety check method and device - Google Patents

System safety check method and device Download PDF

Info

Publication number
CN103678997B
CN103678997B CN201210314091.7A CN201210314091A CN103678997B CN 103678997 B CN103678997 B CN 103678997B CN 201210314091 A CN201210314091 A CN 201210314091A CN 103678997 B CN103678997 B CN 103678997B
Authority
CN
China
Prior art keywords
virus
report
client
environments
system environments
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210314091.7A
Other languages
Chinese (zh)
Other versions
CN103678997A (en
Inventor
尚鸿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201210314091.7A priority Critical patent/CN103678997B/en
Publication of CN103678997A publication Critical patent/CN103678997A/en
Application granted granted Critical
Publication of CN103678997B publication Critical patent/CN103678997B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Abstract

The present invention relates to a kind of system safety check method and device, methods described includes:Representative system environment problem and virus base and corresponding system problem and virus report storehouse are established, the representative system environment problem includes multiple typical system environments problems and virus with virus base;Reception system report on the system environments of client and the relevant information of Virus State;The similarity of the system environments and the relevant information of Virus State reported described in calculating and the multiple typical system environments problem and virus, select typical system environments problem and virus that similarity exceedes predetermined similarity;According to selected typical system environments problem with virus in the system problem corresponding with being searched in virus report storehouse system problem and virus report;Recommend found system problem and virus report to the client.The present invention can increase degree of belief, raising user stickiness of the user to system safety inspection result, help user to understand basic system security knowledge.

Description

System safety check method and device
Technical field
The present invention relates to field of computer technology, more particularly to a kind of system safety check method and device.
Background technology
Existing system security classes software only shows inspection result and killing suggestion, i.e. computer when carrying out computer killing Running status what virus there may be, if it is recommended that killing etc., although inspection computer risk and the guarantor of user can be met Barrier system safety demand, still, it has not been convenient to user understand the accuracy of the result, the principle of every inspection result, virus Route of transmission, processing method etc..
The content of the invention
It is an object of the present invention to provide a kind of system safety check method, can increase user to system safety inspection As a result degree of belief, raising user's stickiness, help user to understand basic system security knowledge.
The object of the invention to solve the technical problems is realized using following technical scheme.
A kind of system safety check method, including:Establish representative system environment problem and virus base and corresponding be System problem and virus report storehouse, the representative system environment problem include multiple typical system environments problems and disease with virus base Poison;Reception system report on the system environments of client and the relevant information of Virus State;The system reported described in calculating The relevant information of environment and Virus State and the multiple typical system environments problem and the similarity of virus, select similarity More than the typical system environments problem and virus of predetermined similarity;According to selected typical system environments problem with virus in The system problem corresponding with being searched in virus report storehouse system problem and virus report;Recommend to be searched to the client The system problem and virus report arrived.
A kind of system safety inspection device, including:Establish module, for establish representative system environment problem and virus base and Corresponding system problem and virus report storehouse, the representative system environment problem include multiple typical systems with virus base Environmental problem and virus;Receiving module, for reception system report on the system environments of client and the phase of Virus State Close information;Computing module, for the relevant information for calculating the system environments reported and Virus State and the multiple typical case System environments problem with virus similarity, select similarity exceed predetermined similarity typical system environments problem with disease Poison;Searching modul, the typical system environments problem selected for basis is with virus in the system problem and virus report storehouse It is middle to search corresponding system problem and virus report;Recommending module, for recommending found system to ask to the client Topic and virus report.
System safety check method proposed by the invention and device can automatically analyze the system problem and disease of client Poison ring border, by analysis system report on the system environments of client and the relevant information of Virus State, with establishing in advance Representative system environment problem matched with virus base and corresponding system problem with virus report storehouse, to user recommend Corresponding system problem and virus report, can not only increase user to the degree of belief of system safety inspection result, improve user Stickiness, user can also be helped to learn to understand basic system security knowledge.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of specification, and in order to allow the above and other objects, features and advantages of the present invention can Become apparent, below especially exemplified by preferred embodiment, and coordinate accompanying drawing, describe in detail as follows.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the system safety check method in first embodiment of the invention.
Fig. 2 is the schematic flow sheet of the system safety check method in second embodiment of the invention.
Fig. 3 is the schematic flow sheet of the system safety check method in third embodiment of the invention.
Fig. 4 is the structural representation of the system safety inspection device in fourth embodiment of the invention.
Fig. 5 is the structural representation of the system safety inspection device in fifth embodiment of the invention.
Fig. 6 is the structural representation of the system safety inspection device in sixth embodiment of the invention.
Embodiment
Further to illustrate the present invention to reach the technological means and effect that predetermined goal of the invention is taken, below in conjunction with Accompanying drawing and preferred embodiment, to according to system safety check method proposed by the present invention and device its embodiment, method, Step, structure, feature and its effect, describe in detail as follows.
For the present invention foregoing and other technology contents, feature and effect, in the following preferable reality coordinated with reference to schema Applying in the detailed description of example to clearly appear from.By the explanation of embodiment, when predetermined mesh can be reached to the present invention The technological means taken and effect be able to more deeply and it is specific understand, but institute's accompanying drawings are only to provide with reference to saying It is bright to be used, not it is used for being any limitation as the present invention.
First embodiment
Fig. 1 is the schematic flow sheet of the system safety check method of first embodiment of the invention.Fig. 1 is refer to, the present invention System safety check method in embodiment includes:
Step S 11:Establish representative system environment problem and virus base and corresponding system problem and virus report Storehouse, the representative system environment problem include multiple typical system environments problems and virus with virus base.
Representative system environment problem with virus base can be obtained by historical data, can also rule of thumb obtain Some typical system environments problems with virus.The representative system environment problem includes multiple typical systems with virus base Environmental problem and virus.
Specifically, in step S 11, the representative system environment problem can be built with virus base according to class hierarchy It is vertical.Such as the representative system environment problem and virus base are divided into system environments problem base and virus base.System environments problem Storehouse can be divided into multiple problem word banks again, such as:System is mounted with that ad plug-in, IE options are set, system startup item occurs Black file, system service item exception etc..Virus base can also be divided into multiple viral word banks, such as leading viruses word bank, text Part type virus word bank, multipartite virus word bank, macrovirus word bank, trojan horse word bank, worm-type virus word bank and other virions Storehouse etc..Each the problem of corresponding to word bank can be correspondingly arranged a label with viral word bank.Label is used for marking some keys Information, similar to keyword.Such as Trojan for stealing numbers virus word bank, its label could be arranged to " steal-number ", " wooden horse " etc..For example, can So that representative system environment problem and virus base are classified into the system environments problem base and the virus base that are established as shown in Table 1:
Table one
System problem is corresponding representative system environment problem and the typical system environments in virus base with virus report storehouse Problem and virus generation, including system problem report and virus report.System problem report is for describing system exception The file of phenomenon, include the title of system exception, reason, performance, harm and restorative procedure etc..Such as:Domain name mapping file (host files) is changed, and other incredible IP address, Ke Yiyong are automatic jumped to when may cause to access normal webpage QQ computer house keepers etc. are repaired.Virus report is the file for describing Virus Info.Title, principle including virus, show As, route of transmission, harm, processing method etc..Virus report can also extract keyword therein as label.For example, on The report content of grey pigeon trojan horse can include following information:Grey pigeon trojan horse injects virus by edit the registry To service starting up's item, hacker's specified sites are connected in the case of user is unwitting, cause the personal information of user to be stolen, Computer house keeper can be used to carry out killing etc..Table two show the virus report example of shock wave virus:
Table two
Step S12:Reception system report on the system environments of client and the relevant information of Virus State.
System fail-safe software to client when carrying out system safety inspection or checking and killing virus, to the system ring of client Border can be analyzed automatically, including the startup item of system, IE, system service, desktop, start menu and quick startup column etc.. By the inspection and scanning to these, system fail-safe software can obtain the letter such as system environments and Virus State of client Breath.System environments refers to the system information of privacy, including system startup item, system vulnerability etc..Virus State refers to system Viral situation through infection and the system potential safety hazard caused by unreasonable possibility is set.System fail-safe software obtain on After the system environments of client and the relevant information of Virus State, these relevant informations are reported into backstage, it is excellent in the present invention Elect cloud backstage as.These relevant informations include event, scanning element, abnormal problem, possible virus and label etc., as shown in Table 3:
Table three
Step S13:The system environments and the relevant information of Virus State reported described in calculating and the multiple typical system The similarity of environmental problem of uniting and virus, select typical system environments problem and virus that similarity exceedes predetermined similarity.
Cloud backstage is after the relevant information of system environments that system software client reports and Virus State is received, according to letter Content and label are ceased, multiple typical system environments problems and the similarity of virus with being stored in cloud backstage is calculated, selectes phase Like typical system environments problem and virus of the degree more than predetermined similarity.Predetermined similarity can be according to actual environment and user Demand is selected.The calculating of similarity can use a variety of methods, such as text matches, cosine similarity etc..
Step S14:According to selected typical system environments problem with virus in the system problem and virus report storehouse It is middle to search corresponding system problem and virus report.
Cloud backstage exceedes the typical system environments problem of predetermined similarity with after virus, being asked in system in selected similarity Topic is with searching out system problem corresponding with virus with the system environments problem selected and system problem and disease in virus report storehouse Poison report.
Step S15:Recommend found system problem and virus report to the client.
The system problem that cloud backstage finds previous step recommends user with virus report.Consider and not all user There is the demand of reading report, it is possible to completed in a manner of optional.Recommendation is provided after the result of computer inspection is provided User reads the detailed report for scanning result.
System safety check method in the present embodiment can automatically analyze the system problem of client and viral environment, lead to Cross that analysis system reports on the system environments of client and the relevant information of Virus State, with the canonical system established in advance Environmental problem is matched with virus base and corresponding system problem with virus report storehouse, to system corresponding to user's recommendation Problem and virus report, it can not only increase degree of belief, raising user stickiness of the user to system safety inspection result, can also User is helped to learn to understand basic system security knowledge.
Second embodiment
Fig. 2 is the schematic flow sheet of the system safety check method of second embodiment of the invention.Fig. 2 is refer to, the present invention System safety check method in embodiment includes:
Step S21:Representative system environment problem and virus base and corresponding system problem and virus report storehouse are established, The representative system environment problem includes multiple typical system environments problems and virus with virus base.This step and foregoing phase Together, repeat no more here.
Step S22:Reception system report on the system environments of client and the relevant information of Virus State.This step As hereinbefore, repeat no more here.
In the present embodiment, after step S22, further comprise:
Step S23:By what is reported the allusion quotation is fed back on the system environments of client and the relevant information of Virus State Type system environments problem and virus base simultaneously update the representative system environment problem and virus base.
Step S24:According to updated representative system environment problem and virus base update corresponding system problem with Virus report storehouse.
The representative system environment problem for improving cloud backstage and virus report can be constantly updated by step S23 and step S24 Storehouse is accused, is easy to subsequent recommendation.
Step S25:The system environments and the relevant information of Virus State reported described in calculating and the multiple typical system The similarity of environmental problem of uniting and virus, select typical system environments problem and virus that similarity exceedes predetermined similarity.
In the present embodiment, step S25 includes:
Step S251:By the system environments reported and the relevant information vector quantization of Virus State.
By the system environments reported and the relevant information vector quantization of Virus State:n=(n1,n2..., ni), wherein, (n1, n2..., ni) can represent event in the relevant information that reports, scanning element, abnormal problem, may virus and label etc..
Step S252:By the typical system environments problem and Virus Info vector quantization.
By the typical system environments problem and Virus Info vector quantization:m=(m1,m2..., mi), wherein (m1, m2..., mi) can represent word bank in representative system environment problem and virus base, viral item, viral subitem, Virus Name and Label etc..
The above-mentioned system environments reported and the relevant information of Virus State and typical system environments problem and Virus Info Respective items correspond.Label can be differed with length.Such as:Reported event and word bank are corresponding, and scanning element and viral item are corresponding, Abnormal problem and viral subitem are corresponding, and possible virus is corresponding with Virus Name etc..
Step S253:Calculate the system environments reported after vector quantization and the relevant information and vector quantization of Virus State The typical system environments problem afterwards and the cosine similarity of Virus Info.
Cosine similarity is a kind of measure for being used for calculating the similarity between two vectors.It is general calculate two to The angle of amount, when two vector angles are smaller, its cosine value is bigger, and similarity is higher, conversely, when angle is bigger, its cosine It is worth smaller, similarity is lower.When two vector angles are 90 °, it is believed that two vectors are uncorrelated.Cosine similarity can be used for counting Calculate the similitude of document.
The system environments reported after vector quantization and the typical case after the relevant information and vector quantization of Virus State System environments problem and the cosine similarity of Virus Info be:
S∈[0,1]
S value is bigger, and both surfaces similarity is higher, conversely, similarity is lower.
Due to being difficult the size for determining each component during vector quantization, a kind of way is to construct the complete or collected works of each component, by this Component expands to a multi-C vector.Because the complete or collected works of each component include the various probable values of the component, then using complete Matching process:If a dimension of the component can match, it is 1 to set the dimension, and other dimensions are 0.
Illustrate below by taking table one as an example, for word bank, it is understood that there may be system and viral two kinds of situations, then:m1=<m11, m12 >;Viral item there may be 4 kinds of IE options, system startup item, trojan horse, worm-type virus situations, then:m2=<m21,m22,m23, m24>;Viral subitem there may be IE homepages and distort etc. 10, then:m3=<m31,m32,...,m310>;Virus Name there may be 10, then m4=<m41,m42,...,m410>;Assuming that label has 20 kinds, then m5=<m51,m52,...,m520>.For example, for Net silver wooden horse, its vectorizable value are:m=<0,1,0,0,1,0,...,1,0,0,1,...>.
The system environments and the relevant information of Virus State that vectorization reports in the same way, it is assumed that obtained vector is (length 50):n=<0,1,0,0,1,0,...,1,1,1,1,...>, then both similarity be
Step S254:Selected cosine similarity exceedes the typical system environments problem and virus of predetermined similarity.
Step S26:According to selected typical system environments problem with virus in the system problem and virus report storehouse It is middle to search corresponding system problem and virus report.This step as hereinbefore, repeats no more here.
Step S27:Recommend found system problem and virus report to the client.This step and foregoing phase Together, repeat no more here.
System safety check method in the present embodiment can automatically analyze the system problem of client and viral environment, lead to Cross that analysis system reports on the system environments of client and the relevant information of Virus State, with the canonical system established in advance Environmental problem is matched with virus base and corresponding system problem with virus report storehouse, to system corresponding to user's recommendation Problem and virus report, it can not only increase degree of belief, raising user stickiness of the user to system safety inspection result, can also User is helped to learn to understand basic system security knowledge.
3rd embodiment
Fig. 3 is the schematic flow sheet of the system safety check method of third embodiment of the invention.Fig. 3 is refer to, the present invention System safety check method in embodiment includes:
Step S31:Representative system environment problem and virus base and corresponding system problem and virus report storehouse are established, The representative system environment problem includes multiple typical system environments problems and virus with virus base.This step and foregoing phase Together, repeat no more here.
Step S32:Reception system report on the system environments of client and the relevant information of Virus State.This step As hereinbefore, repeat no more here.
Step S33:The system environments and the relevant information of Virus State reported described in calculating and the multiple typical system The similarity of environmental problem of uniting and virus, select typical system environments problem and virus that similarity exceedes predetermined similarity. This step as hereinbefore, repeats no more here.
Step S34:According to selected typical system environments problem with virus in the system problem and virus report storehouse It is middle to search corresponding system problem and virus report.This step as hereinbefore, repeats no more here.
Step S35:Recommend found system problem and virus report to the client.This step and foregoing phase Together, repeat no more here.
In the present embodiment, still further comprised after step S35:
Step S36:Judge whether the client needs to show found system problem and virus report, if needed Will, then found system problem and virus report are shown in client.
In the present embodiment, the system problem found and virus report are recommended user by cloud backstage.In view of not All users have the demand of reading report, so being completed in a manner of optional.If user selects to read, show in client Show found system problem and virus report.
Step S37:The request for initiating to evaluate the system problem and virus report to client.
It can be initiated while client shows found system problem and virus report to client to described The request that system problem is evaluated with virus report.Evaluation can include mensurable reading and feed back, such as including:It is appreciated that Property (whether facilitating user to understand), validity (whether problems, which use help, is taken precautions against to user) and overall assessment:Such as star Evaluation, fraction evaluation etc..
Step S38:Receive the evaluation to the system problem and virus report of client feedback.
Step S39:Received evaluation is fed back into the system problem with virus report storehouse and perfect according to evaluating The system problem and virus report storehouse.
Preferably, can use the synthesis result that similarity result and user evaluate as to user's promotion and conversion according to According to.The star for such as setting user is evaluated as 1-5 stars, and c=[0.20.4 0.6 0.8 1.0] is designated as normalization fraction
Recommend index be:R=(1-α)S+αc
Wherein α shows that user evaluates the influence to recommendation to recommend factor of influence.The parameter can be by the fortune of system software Row and data analysis situation determine.
Such as the shock wave virus in table two, its report scale is 4 stars.If it is 0.1 to recommend factor of influence, then recommend index For:
R=(1- α) * 0.816+ α 0.8=(1-0.8) * of * 0.816+0.8*0.1=0.814
Client provides certain scoring after the report that cloud backstage is recommended is read.Cloud backstage is after the evaluation is obtained, root According to the quantity of reading, mensurable feedback, the welcome degree of analysis report, the higher report of degree of recognition will be evaluated as full Preferential recommendation is to user in the case of sufficient similarity.Meanwhile the system environments problem and system on continuous modification and perfection cloud backstage are asked Topic and virus report storehouse, are easy to subsequent recommendation.
System safety check method in the present embodiment can automatically analyze the system problem of client and viral environment, lead to Cross that analysis system reports on the system environments of client and the relevant information of Virus State, with the canonical system established in advance Environmental problem is matched with virus base and corresponding system problem with virus report storehouse, to system corresponding to user's recommendation Problem and virus report, it can not only increase degree of belief, raising user stickiness of the user to system safety inspection result, can also User is helped to learn to understand basic system security knowledge.
Fourth embodiment
Fig. 4 is the structural representation of the system safety inspection device of fourth embodiment of the invention.Fig. 4 is refer to, the present invention System safety inspection device 40 in embodiment includes:Establish module 41, receiving module 42, computing module 43, searching modul 44, Recommending module 45.
Wherein, establish module 41 be used to establishing representative system environment problem and virus base and corresponding system problem with Virus report storehouse, the representative system environment problem include multiple typical system environments problems and virus with virus base.Receive Module 42 be used for reception system report on the system environments of client and the relevant information of Virus State.Computing module 43 is used In the system environments and the relevant information of Virus State reported described in calculating and the multiple typical system environments problem and disease The similarity of poison, select typical system environments problem and virus that similarity exceedes predetermined similarity.Searching modul 44 is used for According to selected typical system environments problem with virus in the system problem with searching corresponding system in virus report storehouse Problem and virus report.Recommending module 45 is used to recommend found system problem and virus report to the client.
System safety inspection device in the present embodiment can automatically analyze the system problem of client and viral environment, lead to Cross that analysis system reports on the system environments of client and the relevant information of Virus State, with the canonical system established in advance Environmental problem is matched with virus base and corresponding system problem with virus report storehouse, to system corresponding to user's recommendation Problem and virus report, it can not only increase degree of belief, raising user stickiness of the user to system safety inspection result, can also User is helped to learn to understand basic system security knowledge.
5th embodiment
Fig. 5 is the structural representation of the system safety inspection device of fifth embodiment of the invention.Fig. 5 is refer to, the present invention System safety inspection device 50 in embodiment includes:Establish module 51, receiving module 52, computing module 53, searching modul 54, Recommending module 55.
Wherein, establish module 51 be used to establishing representative system environment problem and virus base and corresponding system problem with Virus report storehouse, the representative system environment problem include multiple typical system environments problems and virus with virus base.Receive Module 52 be used for reception system report on the system environments of client and the relevant information of Virus State.Computing module 53 is used In the system environments and the relevant information of Virus State reported described in calculating and the multiple typical system environments problem and disease The similarity of poison, select typical system environments problem and virus that similarity exceedes predetermined similarity.Searching modul 54 is used for According to selected typical system environments problem with virus in the system problem with searching corresponding system in virus report storehouse Problem and virus report.Recommending module 55 is used to recommend found system problem and virus report to the client.
In the present embodiment, the receiving module 52 includes:First update module 521, for that will report on client The system environments at end and the relevant information of Virus State are fed back to described in the representative system environment problem and virus base and renewal Representative system environment problem and virus base;Second update module 522, for according to updated representative system environment problem and disease Malicious storehouse updates corresponding system problem and virus report storehouse.
In the present embodiment, the computing module 53 includes:First vector quantization module 531, for by it is described report be The relevant information vector quantization of system environment and Virus State;Second vector quantization module 532, for the typical system environments to be asked Topic and Virus Info vector quantization;Cosine similarity computing module 533, for the system environments reported described in calculating after vector quantization With the typical system environments problem and the cosine similarity of Virus Info after the relevant information and vector quantization of Virus State; Chosen module 534, for selecting typical system environments problem and virus of the cosine similarity more than predetermined similarity.
System safety inspection device in the present embodiment can automatically analyze the system problem of client and viral environment, lead to Cross that analysis system reports on the system environments of client and the relevant information of Virus State, with the canonical system established in advance Environmental problem is matched with virus base and corresponding system problem with virus report storehouse, to system corresponding to user's recommendation Problem and virus report, it can not only increase degree of belief, raising user stickiness of the user to system safety inspection result, can also User is helped to learn to understand basic system security knowledge.
Sixth embodiment
Fig. 6 is the structural representation of the system safety inspection device of sixth embodiment of the invention.Fig. 6 is refer to, the present invention System safety inspection device 60 in embodiment includes:Establish module 61, receiving module 62, computing module 63, searching modul 64, Recommending module 65.
Wherein, establish module 61 be used to establishing representative system environment problem and virus base and corresponding system problem with Virus report storehouse, the representative system environment problem include multiple typical system environments problems and virus with virus base.Receive Module 62 be used for reception system report on the system environments of client and the relevant information of Virus State.Computing module 63 is used In the system environments and the relevant information of Virus State reported described in calculating and the multiple typical system environments problem and disease The similarity of poison, select typical system environments problem and virus that similarity exceedes predetermined similarity.Searching modul 64 is used for According to selected typical system environments problem with virus in the system problem with searching corresponding system in virus report storehouse Problem and virus report.Recommending module 65 is used to recommend found system problem and virus report to the client.
In the present embodiment, system safety inspection device 60 further comprises:Judge execution module 66, it is described for judging Whether client needs to show found system problem and virus report, if it is desired, is then searched in client display The system problem and virus report arrived;Initiation module 67 is asked, for initiating to report the system problem and virus to client Accuse the request evaluated;Evaluate receiving module 68, for receive client feedback to the system problem and virus report Evaluation;Update module 69 is fed back, for received evaluation to be fed back into the system problem and virus report storehouse and root The system problem and virus report storehouse are improved according to evaluation.
System safety inspection device in the present embodiment can automatically analyze the system problem of client and viral environment, lead to Cross that analysis system reports on the system environments of client and the relevant information of Virus State, with the canonical system established in advance Environmental problem is matched with virus base and corresponding system problem with virus report storehouse, to system corresponding to user's recommendation Problem and virus report, it can not only increase degree of belief, raising user stickiness of the user to system safety inspection result, can also User is helped to learn to understand basic system security knowledge.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight Point explanation is all difference with other embodiment, between each embodiment identical similar part mutually referring to. For device class embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is joined See the part explanation of embodiment of the method.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to Nonexcludability includes, so that process, method, article or device including a series of elements not only will including those Element, but also the other element including being not expressly set out, or it is this process, method, article or device also to include Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that Other identical element also be present in process, method, article or device including the key element.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment To complete, by program the hardware of correlation can also be instructed to complete, described program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
The above described is only a preferred embodiment of the present invention, any formal limitation not is made to the present invention, though So the present invention is disclosed above with preferred embodiment, but is not limited to the present invention, any to be familiar with this professional technology people Member, without departing from the scope of the present invention, when the technology contents using the disclosure above make a little change or modification For the equivalent embodiment of equivalent variations, as long as being the technical spirit pair according to the present invention without departing from technical solution of the present invention content Any simple modification, equivalent change and modification that above example is made, in the range of still falling within technical solution of the present invention.

Claims (10)

  1. A kind of 1. system safety check method, it is characterised in that including:
    Establish representative system environment problem and virus base and corresponding system problem and virus report storehouse, the canonical system Environmental problem includes multiple typical system environments problems and virus with virus base;
    Reception system report on the system environments of client and the relevant information of Virus State;
    The system environments and the relevant information of Virus State that are reported described in calculating and the multiple typical system environments problem with The similarity of virus, select typical system environments problem and virus that similarity exceedes predetermined similarity;
    It is corresponding with lookup in virus report storehouse in the system problem according to selected typical system environments problem and virus System problem and virus report;
    Recommend found system problem and virus report to the client.
  2. 2. the method as described in claim 1, it is characterised in that the system environments on client that the reception system reports Include with the step of relevant information of Virus State:
    It will report and feed back to the representative system environment on the system environments of client and the relevant information of Virus State and ask Topic and virus base simultaneously update the representative system environment problem and virus base;
    Corresponding system problem and virus report storehouse are updated according to updated representative system environment problem and virus base.
  3. 3. the method as described in claim 1, it is characterised in that the system environments that is reported described in the calculating and Virus State The step of similarity of relevant information and the multiple typical system environments problem and virus, includes:
    By the system environments reported and the relevant information vector quantization of Virus State;
    By the typical system environments problem and Virus Info vector quantization;
    Calculate the system environments reported after vector quantization and the typical case after the relevant information and vector quantization of Virus State System environments problem and Virus Info cosine similarity;
    Selected cosine similarity exceedes the typical system environments problem and virus of predetermined similarity.
  4. 4. the method as described in claim 1, it is characterised in that described to recommend found system problem to the client With including afterwards the step of virus report:
    Judge whether the client needs to show found system problem and virus report, if it is desired, then in client End shows found system problem and virus report.
  5. 5. method as claimed in claim 4, it is characterised in that described to show found system problem and disease in client Include after the step of poison report:
    The request for initiating to evaluate the system problem and virus report to client;
    Receive the evaluation to the system problem and virus report of client feedback;
    Received evaluation is fed back into the system problem and virus report storehouse and the system problem is improved according to evaluation With virus report storehouse.
  6. A kind of 6. system safety inspection device, it is characterised in that including:
    Module is established, for establishing representative system environment problem and virus base and corresponding system problem and virus report Storehouse, the representative system environment problem include multiple typical system environments problems and virus with virus base;
    Receiving module, for reception system report on the system environments of client and the relevant information of Virus State;
    Computing module, for the relevant information for calculating the system environments reported and Virus State and the multiple typical system The similarity of environmental problem of uniting and virus, select typical system environments problem and virus that similarity exceedes predetermined similarity;
    Searching modul, the typical system environments problem selected for basis is with virus in the system problem and virus report storehouse It is middle to search corresponding system problem and virus report;
    Recommending module, for recommending found system problem and virus report to the client.
  7. 7. device as claimed in claim 6, it is characterised in that the receiving module includes:
    First update module, for feeding back to institute on the system environments of client and the relevant information of Virus State by what is reported State representative system environment problem and virus base and update the representative system environment problem and virus base;
    Second update module, asked for updating corresponding system with virus base according to updated representative system environment problem Topic and virus report storehouse.
  8. 8. device as claimed in claim 6, it is characterised in that the computing module includes:
    First vector quantization module, for by the relevant information vector quantization of the system environments reported and Virus State;
    Second vector quantization module, for by the typical system environments problem and Virus Info vector quantization;
    Cosine similarity computing module, for the system environments letter related to Virus State reported described in calculating after vector quantization Breath and the typical system environments problem and the cosine similarity of Virus Info after vector quantization;
    Chosen module, for selecting typical system environments problem and virus of the cosine similarity more than predetermined similarity.
  9. 9. device as claimed in claim 6, it is characterised in that described device further comprises:
    Judge execution module, for judging whether the client needs to show found system problem and virus report, If it is required, then found system problem and virus report are shown in client.
  10. 10. device as claimed in claim 9, it is characterised in that described device further comprises:
    Initiation module is asked, for the request for initiating to evaluate the system problem and virus report to client;
    Receiving module is evaluated, for receiving the evaluation to the system problem and virus report of client feedback;
    Update module is fed back, for received evaluation to be fed back into the system problem with virus report storehouse and according to evaluation Improve the system problem and virus report storehouse.
CN201210314091.7A 2012-08-30 2012-08-30 System safety check method and device Active CN103678997B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210314091.7A CN103678997B (en) 2012-08-30 2012-08-30 System safety check method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210314091.7A CN103678997B (en) 2012-08-30 2012-08-30 System safety check method and device

Publications (2)

Publication Number Publication Date
CN103678997A CN103678997A (en) 2014-03-26
CN103678997B true CN103678997B (en) 2017-12-01

Family

ID=50316514

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210314091.7A Active CN103678997B (en) 2012-08-30 2012-08-30 System safety check method and device

Country Status (1)

Country Link
CN (1) CN103678997B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346928B1 (en) * 2000-12-01 2008-03-18 Network Appliance, Inc. Decentralized appliance virus scanning
CN101281571A (en) * 2008-04-22 2008-10-08 白杰 Method for defending unknown virus program
CN101621511A (en) * 2009-06-09 2010-01-06 北京安天电子设备有限公司 Multilayer detecting method without local virus library and multilayer detecting system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346928B1 (en) * 2000-12-01 2008-03-18 Network Appliance, Inc. Decentralized appliance virus scanning
CN101281571A (en) * 2008-04-22 2008-10-08 白杰 Method for defending unknown virus program
CN101621511A (en) * 2009-06-09 2010-01-06 北京安天电子设备有限公司 Multilayer detecting method without local virus library and multilayer detecting system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于进化半监督模糊聚类算法的病毒检测研究;朱红斌 等;《计算技术与自动化》;20080315;第27卷(第01期);第104-106页 *
恶意代码分类的研究与实现;方志鹤;《中国优秀硕士学位论文全文数据库 信息科技辑》;20120415;正文第53页第1段至第63页第1段 *

Also Published As

Publication number Publication date
CN103678997A (en) 2014-03-26

Similar Documents

Publication Publication Date Title
US11086873B2 (en) Query-time analytics on graph queries spanning subgraphs
CN103177075B (en) The detection of Knowledge based engineering entity and disambiguation
CN102227725B (en) System and method for matching entities
US9304979B2 (en) Authorized syndicated descriptions of linked web content displayed with links in user-generated content
US9773272B2 (en) Recommendation engine
US20160132800A1 (en) Business Relationship Accessing
US9519718B2 (en) Webpage information detection method and system
US9081814B1 (en) Using an entity database to answer entity-triggering questions
US10825110B2 (en) Entity page recommendation based on post content
US20150120451A1 (en) Method and apparatus for acquiring merchant information
JP6758454B2 (en) Social network search result presentation method and device, and storage medium
US20150242515A1 (en) Mining Security Vulnerabilities Available from Social Media
US8973097B1 (en) Method and system for identifying business records
US20120102057A1 (en) Entity name matching
US20150348062A1 (en) Crm contact to social network profile mapping
CN109446417B (en) Intelligent retrieval method and device
CN108280102A (en) Internet behavior recording method, device and user terminal
CN114154166A (en) Abnormal data identification method, device, equipment and storage medium
US8738557B1 (en) Detection of spam using contextual analysis of data sources
CN109885780A (en) Data processing method and device
US20180165283A1 (en) Performance improvement in data visualization filters
CN103678997B (en) System safety check method and device
CN102622379A (en) Real name detection method and equipment
US9461897B1 (en) Monitoring and analysis of social network traffic
Huang et al. A hybrid decision approach to detect profile injection attacks in collaborative recommender systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230712

Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors

Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd.

Address before: 2, 518044, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District

Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

TR01 Transfer of patent right