CN103763324A - Method for monitoring virus procedure spreading equipment and server - Google Patents
Method for monitoring virus procedure spreading equipment and server Download PDFInfo
- Publication number
- CN103763324A CN103763324A CN201410033395.5A CN201410033395A CN103763324A CN 103763324 A CN103763324 A CN 103763324A CN 201410033395 A CN201410033395 A CN 201410033395A CN 103763324 A CN103763324 A CN 103763324A
- Authority
- CN
- China
- Prior art keywords
- virus
- network address
- address
- network
- propagation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a method for monitoring virus procedure spreading equipment. The method for monitoring the virus procedure spreading equipment comprises the steps of obtaining a network address pointed at when a virus procedure returns information, determining the spreading equipment of the virus procedure according to the network address, and monitoring the data transmitted to the network by the spreading equipment. Correspondingly, the embodiment of the invention discloses a server. By means of the method for monitoring the virus procedure spreading equipment and the server, the corresponding spreading equipment can be found through the virus procedure, monitoring of the virus procedure spreading equipment is achieved, and therefore the effect of helping a user terminal to prevent the virus procedure in advance is achieved, and the experience of safe internet surfing of a user is improved.
Description
Technical field
The present invention relates to network security technology field, relate in particular to a kind of method and server of Virus propagation monitoring of tools.
Background technology
Along with development and the popularization of the Internet, the Internet is come into the every field of user's life more and more.The thing followed, the privacy that Virus is also stolen user's information or spied on user by the Internet more and more.For example: Virus enters user's terminal by the Internet, steal account and encrypted message, the accounts information of Net silver and the personal information of network social intercourse platform etc. of user network platform.Wherein, the most general to steal the QQ mythimna separata of password of Tencent QQ account.
At present, the method for generally tackling Virus is, by analyzing the feature of a certain Virus, to design the virus killing process of this Virus of cleaning.But; for the Virus of stealing information, constantly update; it is unsatisfactory only by said method, protecting user's terminal, and this method can not just properly protect in advance before new virus program attack, thereby was based upon all the time on the basis of sacrificing a part of user.
Summary of the invention
Embodiment of the present invention technical problem to be solved is, provide a kind of Virus to propagate method and the server of monitoring of tools, can realize location and the monitoring of Virus being propagated to equipment, thereby reach, help user terminal to shift to an earlier date the effect of pre-antivirus program, improve the experience that user security is surfed the Net.
In order to solve the problems of the technologies described above, the embodiment of the present invention provides a kind of Virus to propagate the method for monitoring of tools, comprising:
The network address of pointing to while obtaining Virus loopback information;
According to the described network address, determine the propagation equipment of described Virus;
Described propagation device transmission is monitored to the data of network.
Correspondingly, the embodiment of the present invention also provides a kind of server, comprising:
Network address acquisition module, the network address of pointing to when obtaining Virus loopback information;
Propagation equipment acquisition module, for according to the described network address, determines the propagation equipment of described Virus;
Propagate monitoring of tools module, for described propagation device transmission is monitored to the data of network.
Implement the embodiment of the present invention, there is following beneficial effect: when the embodiment of the present invention adopts according to Virus loopback information, the method for the propagation equipment of its correspondence is found in the network address pointed, the monitoring of equipment is propagated in realization to Virus, thereby reach, help user terminal to shift to an earlier date the effect of pre-antivirus program, improve the experience that user security is surfed the Net.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the schematic flow sheet that a kind of Virus that the embodiment of the present invention provides is propagated the method for monitoring of tools;
Fig. 2 is the schematic flow sheet that another kind of Virus that the embodiment of the present invention provides is propagated the method for monitoring of tools;
Fig. 3 is the structural representation of a kind of server of providing of the embodiment of the present invention;
Fig. 4 is a kind of structural representation of propagating equipment acquisition module that the embodiment of the present invention provides;
Fig. 5 is the structural representation that a kind of core that the embodiment of the present invention provides is propagated equipment determining unit;
Fig. 6 is a kind of structural representation of propagating monitoring of tools module that the embodiment of the present invention provides;
Fig. 7 is the structural representation of a kind of network topology of providing of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
The Virus that the embodiment of the present invention provides enters user's terminal by the Internet and steals a kind of program of user profile, for example: Trojan for stealing numbers, QQ mythimna separata etc.
The server that the embodiment of the present invention provides comprises the disinfection server in high in the clouds, and described disinfection server at least comprises virus killing process, virus database and address database.
Fig. 1 is the schematic flow sheet that in the embodiment of the present invention, a kind of Virus is propagated the method for monitoring of tools.The flow process of the method for the propagation of the Virus in the present embodiment monitoring of tools can comprise as shown in the figure:
S101, the network address that server points to while obtaining Virus loopback information.
Virus author is when design Virus, can allow Virus steal after user's information, information is sent it back to viral author's server or network mailbox, thereby the above-mentioned network address comprises IP(Internet Protocol, Internet protocol) address or network email address.Concrete, IP address or network email address that server points to while obtaining the information that Virus loopback steals.
In addition, server obtains the method for the Virus of above-mentioned viral author designed and can be: by obtaining from sample file based on file characteristic or the viral authentication method based on behavioural characteristic.Described is a kind of conventional viral authentication method based on file characteristic or the viral authentication method based on behavioural characteristic, repeats no more here.
Optionally, server can move Virus in virtual environment, and then triggers Virus loopback information.Concrete, server in virtual environment, for example, in virtual machine running environment, moves Virus, and starts the program of analog subscriber operation, inserts false account and password, and then triggers account and password that Virus loopback is stolen.It is pointed out that Virus can all loopback be to viral author by all information of stealing, viral author is the true and false of further checking information again, thereby inserts false information and can trigger Virus.
S102, server, according to the described network address, is determined the propagation equipment of described Virus.
The propagation equipment of described Virus, viral author disseminates the terminal equipment of Virus.Concrete, IP address or network email address that server points to during according to Virus loopback information, determine that viral author disseminates the terminal equipment of Virus.
In specific implementation process, refer to the structural representation of a kind of network topology shown in Fig. 7.When the above-mentioned network address is IP address, server finds this IP address by network, thereby determine propagation equipment corresponding to IP address, for example: if the IP address of pointing to when the network address in A territory 3 is Virus loopback information, server can be determined the corresponding propagation equipment in the network address 3 in A territory by network so.When the above-mentioned network address is network mailbox, server is known the IP address of propagation equipment by the application information of requester network mailbox, nearest log-on message etc., thereby determines propagation equipment.
Optionally, the mode of above-mentioned definite propagation equipment, can be that the physical address by propagating equipment is determined.Even if propagate so equipment replacement IP address, server still can identify this propagation equipment.
S103, server is monitored to the data of network described propagation device transmission.
Concrete, server real-time monitoring core is propagated equipment, as long as find core, propagate equipment transmission data to network, server will obtain these data and to this data analysis, if analyze these data, be the Virus of the new wound of viral author, server accordingly should anti-measure for the Virus execution of this new wound.
Concrete, described Virus can be removed or isolate to server, or for described Virus, correspondingly upgrade the virus database of antivirus software, also or when detecting that user terminal is downloaded described Virus from network, to user terminal, send hydropac, thereby prevent in advance the Virus of above-mentioned new wound to invade user terminal by network, avoid user's information to be stolen.
When the embodiment of the present invention adopts according to Virus loopback information, the method for the propagation equipment of its correspondence is found in the network address pointed, the monitoring of equipment is propagated in realization to Virus, thereby reach, help user terminal to shift to an earlier date the effect of pre-antivirus program, improve the experience that user security is surfed the Net.
Fig. 2 is the schematic flow sheet that in the embodiment of the present invention, another kind of Virus is propagated the method for monitoring of tools, can comprise:
S201, server moves described Virus in virtual environment, and then triggers described Virus loopback information.
Virus author, when design Virus, can allow Virus steal after user's information, information is sent it back to viral author's server or network mailbox.Concrete, server in virtual environment, for example, in virtual machine running environment, moves Virus, and starts the program of analog subscriber operation, inserts false account and password, and then triggers account and password that Virus loopback is stolen.It is pointed out that Virus can all loopback be to viral author by all information of stealing, viral author is the true and false of further checking information again, thereby inserts false information and can trigger Virus.
In addition, server obtains the method for the Virus of above-mentioned viral author designed and can be: by obtaining from sample file based on file characteristic or the viral authentication method based on behavioural characteristic.Described is a kind of conventional viral authentication method based on file characteristic or the viral authentication method based on behavioural characteristic, repeats no more here.
S202, the network address that server points to while obtaining Virus loopback information.
The described network address comprises IP(Internet Protocol, Internet protocol) address or network email address.Concrete, after the information of stealing in the loopback of triggering Virus, server obtains IP address or the network email address that Virus points to.
S203, server, in address database, obtains the associated network address similar with the described network address.
The network address that described address database obtains for storage server.Concrete, server is classified the all-network address that deposits address database in, the network address that may belong to same viral author is classified as similarly, and the of a sort network address is associated network address.
In specific implementation process, the method for being classified in the network address in database can be:
First, all-network address is divided into two classes by IP address and network email address;
Then, respectively in IP address and in network email address, by character string fuzzy matching algorithm, the network address that may belong to same viral author is classified as similar, a class be found out and be classified as in the IP address of for example same territory section or same service provider can by character string fuzzy matching algorithm, and and for example a class be found out and be classified as to shape can by character string fuzzy matching algorithm as the network email address of " jack001 ", " jack002 ", " jack003 " naming method.
S204, server in the described network address and described associated network address, obtain described correspondence Virus on the network address of calling time the earliest.
Refer to Fig. 7, in user terminal, after Virus, can report server by network, server is recorded in address database calling time on Virus, in brief, address database record the network address and Virus corresponding to associated network address on call time.
Concrete, server, by calling time on comparing cell address and Virus corresponding to associated network address, is found out the network address of calling time the earliest on corresponding Virus in address database.
S205, server, according to the network address of calling time the earliest on the Virus of described correspondence, is determined core propagation equipment.
The propagation equipment of Virus, viral author disseminates the terminal equipment of Virus.Generally, viral author can disseminate away Virus on multiple propagation equipment, the multiple propagation equipment described in the above-mentioned network address and associated network address are just in time corresponding.
It is pointed out that equipment that viral author directly uses propagates equipment for core.Refer to Fig. 7, in figure, A territory or B territory are respectively multiple propagation equipment of same viral author, in A territory or B territory, have respectively multiple propagation equipment and a core to propagate equipment.
Concrete, because directly using core, viral author propagates equipment, therefore it must be that first disseminates Virus that core is propagated equipment, according to universal law, the Virus disseminating out the earliest also can be reported to server the earliest by user terminal, thereby server can be according to the network address of calling time the earliest on corresponding Virus, location core is propagated equipment.
In specific implementation process, refer to the structural representation of a kind of network topology shown in Fig. 7.When the above-mentioned network address is IP address, server finds this IP address by network, thereby determine propagation equipment corresponding to this IP address, for example: if the IP address of the network address in A territory 1 for calling time the earliest on corresponding Virus, server can determine that by network in A territory, the corresponding propagation equipment in the network address 1 is that core is propagated equipment so.When the above-mentioned network address is network mailbox, server is known the IP address of core propagation equipment by the application information of requester network mailbox, nearest log-on message etc., thereby determines core propagation equipment.
Optionally, the mode of above-mentioned definite propagation equipment, can be that the physical address by propagating equipment is determined.Even if propagate so equipment replacement IP address, server still can identify this propagation equipment.
S206, obtains described core and propagates the data of device transmission to network.
Concrete, server real-time monitoring core is propagated equipment, as long as find that core propagation equipment transmission data, to network, obtains these data.
S207, server judges whether described data are the Virus of new wound.
Concrete, server is by default authentication method, judges that whether these data are the Virus of the core propagation equipment new wound of disseminating.If so, enter step S208.
S208, server is taked for the Virus of described new wound should anti-measure.
Concrete, after server is analyzed the Virus of new wound, can remove or isolate described Virus, or for described Virus, correspondingly upgrade the virus database of antivirus software, also or when detecting that user terminal is downloaded described Virus from network, to user terminal, send hydropac, thereby prevent in advance the Virus of above-mentioned new wound to invade user terminal by network, avoid user's information to be stolen.
The embodiment of the present invention deposits address database in the network address pointed during by Virus loopback information, and in address database, find the associated network address that may belong to same viral author with it, analyze the core that gets viral author after this network address and associated network address and propagate equipment, and the monitoring of core Virus being propagated to equipment, the method of obtaining core propagation equipment by multiple network addresss of association more can improve success rate, thereby reach, help user terminal to shift to an earlier date the effect of pre-antivirus program, improve the experience that user security is surfed the Net.
Fig. 3 is the structural representation of a kind of server in the embodiment of the present invention.Server in the embodiment of the present invention at least can comprise network address acquisition module 310, propagates equipment acquisition module 320 and propagate monitoring of tools module 330 as shown in the figure, wherein:
Network address acquisition module 310, the network address of pointing to when obtaining Virus loopback information.
Virus author is when design Virus, can allow Virus steal after user's information, information is sent it back to viral author's server or network mailbox, thereby the above-mentioned network address comprises IP(Internet Protocol, Internet protocol) address or network email address.Concrete, IP address or network email address that network address acquisition module 310 points to while obtaining the information that Virus loopback steals.
In addition, server obtains the method for the Virus of above-mentioned viral author designed, can be: by obtaining from sample file based on file characteristic or the viral authentication method based on behavioural characteristic.Described is a kind of conventional viral authentication method based on file characteristic or the viral authentication method based on behavioural characteristic, repeats no more here.
Propagation equipment acquisition module 320, for according to the described network address, determines the propagation equipment of described Virus.In specific implementation, described propagation equipment acquisition module 320 can further comprise as shown in Figure 4: associated network address acquiring unit 321 and core are propagated equipment determining unit 322, wherein:
Associated network address acquiring unit 321, at address database, obtains the associated network address similar with the described network address.
The network address that described address database obtains for storage server.Concrete, associated network address acquiring unit 321 is classified the all-network address that deposits address database in, the network address that may belong to same viral author is classified as similarly, and the of a sort network address is associated network address.
In specific implementation process, the method for being classified in the network address in database can be:
First, all-network address is divided into two classes by IP address and network email address;
Then, respectively in IP address and in network email address, by character string fuzzy matching algorithm, the network address that may belong to same viral author is classified as similar, a class be found out and be classified as in the IP address of for example same territory section or same service provider can by character string fuzzy matching algorithm, and and for example a class be found out and be classified as to shape can by character string fuzzy matching algorithm as the network email address of " jack001 ", " jack002 ", " jack003 " naming method.
Core is propagated equipment determining unit 322, for according to the described network address and described associated network address, determines core propagation equipment.In specific implementation, described core is propagated equipment determining unit 322 and can further be comprised as shown in Figure 5: the first subelement 322a and the second subelement 322b, wherein:
The first subelement 322a, in the described network address and described associated network address, obtain described correspondence Virus on the network address of calling time the earliest.
Refer to Fig. 7, in user terminal, after Virus, can report server by network, server is recorded in address database calling time on Virus, in brief, address database record the network address and Virus corresponding to associated network address on call time.
Concrete, the first subelement 322a, by calling time on comparing cell address and Virus corresponding to associated network address, finds out the network address of calling time the earliest on corresponding Virus in address database.
The second subelement 322b, for according to the network address of calling time the earliest on the Virus of described correspondence, determines core propagation equipment.
The propagation equipment of Virus, viral author disseminates the terminal equipment of Virus.Generally, viral author can disseminate away Virus on multiple propagation equipment, the multiple propagation equipment described in the above-mentioned network address and associated network address are just in time corresponding.
It is pointed out that equipment that viral author directly uses propagates equipment for core.Refer to Fig. 7, in figure, A territory or B territory are respectively multiple propagation equipment of same viral author, in A territory or B territory, have respectively multiple propagation equipment and a core to propagate equipment.
Concrete, because directly using core, viral author propagates equipment, therefore it must be that first disseminates Virus that core is propagated equipment, according to universal law, the Virus disseminating out the earliest also can be reported to server the earliest by user terminal, thereby second subelement 322b can be according to the network address of calling time the earliest on corresponding Virus, location core is propagated equipment.
In specific implementation process, refer to the structural representation of a kind of network topology shown in Fig. 7.When the above-mentioned network address is IP address, the second subelement 322b finds this IP address by network, thereby determine propagation equipment corresponding to this IP address, for example: if the IP address of the network address in A territory 1 for calling time the earliest on corresponding Virus, the second subelement 322b can determine that by network in A territory, the corresponding propagation equipment in the network address 1 is that core is propagated equipment so.When the above-mentioned network address is network mailbox, the second subelement 322b is known the IP address of core propagation equipment by the application information of requester network mailbox, nearest log-on message etc., thereby determines core propagation equipment.
Optionally, the mode of above-mentioned definite propagation equipment, can be that the physical address by propagating equipment is determined.Even if propagate so equipment replacement IP address, server still can identify this propagation equipment.
Broadcast monitoring of tools module 330, for described propagation device transmission is monitored to the data of network.In specific implementation, described in broadcast monitoring of tools module 330 and can further comprise as shown in Figure 6: data capture unit 331, Virus judging unit 332 and Virus should anti-unit 333, wherein:
Concrete, the real-time monitoring core of data capture unit 331 is propagated equipment, as long as find that core propagation equipment transmission data, to network, obtains these data.
Virus judging unit 332, for judging whether described data are Virus.
Concrete, Virus judging unit 332 is by default authentication method, judges that whether these data are the Virus of the core propagation equipment new wound of disseminating.If so, trigger data storehouse updating block 333.
Virus should anti-unit 333, if be Virus for described data, carries out following any one or multiple operation:
Remove or isolate described Virus;
For described Virus, upgrade virus database;
When detecting that user terminal is downloaded described Virus from network, to user terminal, send hydropac.
Concrete, after Virus should anti-unit 333 be analyzed the Virus of new wound, can remove or isolate described Virus, or the process of this new wound Virus of design reply, and upgrade virus database, also or when detecting that user terminal is downloaded described Virus from network, to user terminal, send hydropac, thereby prevent in advance the Virus of above-mentioned new wound to invade terminal by network, avoid user's information to be stolen.
Optionally, refer to Fig. 3, the server in the embodiment of the present invention can also comprise Virus operation module 340 as shown in the figure, wherein:
Virus operation module 340, for move described Virus in virtual environment, and then triggers described Virus loopback information.
Concrete, Virus operation module 340 in virtual environment, for example, in virtual machine running environment, is moved Virus, and is started the program of analog subscriber operation, inserts false account and password, and then triggers account and password that Virus loopback is stolen.It is pointed out that Virus can all loopback be to viral author by all information of stealing, viral author is the true and false of further checking information again, thereby inserts false information and can trigger Virus.
When the embodiment of the present invention adopts according to Virus loopback information, the method for the propagation equipment of its correspondence is found in the network address pointed, the monitoring of equipment is propagated in realization to Virus, thereby reach, help user terminal to shift to an earlier date the effect of pre-antivirus program, improve the experience that user security is surfed the Net.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method, can carry out the hardware that instruction is relevant by computer program to complete, described program can be stored in a computer read/write memory medium, this program, when carrying out, can comprise as the flow process of the embodiment of above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
Above disclosed is only preferred embodiment of the present invention, certainly can not limit with this interest field of the present invention, and the equivalent variations of therefore doing according to the claims in the present invention, still belongs to the scope that the present invention is contained.
Claims (14)
1. Virus is propagated a method for monitoring of tools, it is characterized in that, described method comprises:
The network address of pointing to while obtaining Virus loopback information;
According to the described network address, determine the propagation equipment of described Virus;
Described propagation device transmission is monitored to the data of network.
2. the method for claim 1, is characterized in that, described in also comprise before the network address pointed to while obtaining Virus loopback information:
In virtual environment, move described Virus, and then trigger described Virus loopback information.
3. the method for claim 1, is characterized in that, described according to the described network address, determines that the propagation equipment of described Virus comprises:
In address database, obtain the associated network address similar with the described network address;
According to the described network address and described associated network address, determine core propagation equipment;
Described described propagation device transmission monitored and comprised to the data of network:
Described core is propagated to device transmission to be monitored to the data of network.
4. method as claimed in claim 3, is characterized in that, in described address database, record Virus corresponding to the described network address and described associated network address on call time,
Described according to the described network address and described associated network address, determine that core propagation equipment comprises:
In the described network address and described associated network address, obtain described correspondence Virus on the network address of calling time the earliest;
According to the network address of calling time the earliest on the Virus of described correspondence, determine core propagation equipment.
5. the method for claim 1, is characterized in that, described described propagation device transmission is monitored and comprised to the data of network:
Obtain the data of described propagation device transmission to network;
Judge whether described data are Virus;
If described data are Virus, carry out following any one or multiple operation:
Remove or isolate described Virus;
For described Virus, upgrade virus database;
When detecting that user terminal is downloaded described Virus from network, to user terminal, send hydropac.
6. the method as described in claim 1-5 any one, is characterized in that, the described network address comprises Internet protocol address or network email address.
7. method as claimed in claim 2, is characterized in that, describedly in virtual environment, moves described Virus, and then triggers described Virus loopback packet and draw together:
By obtaining described Virus based on file characteristic or the viral authentication method based on behavioural characteristic;
The described Virus obtaining is moved in virtual machine, and then trigger described Virus loopback information.
8. a server, is characterized in that, described server comprises:
Network address acquisition module, the network address of pointing to when obtaining Virus loopback information;
Propagation equipment acquisition module, for according to the described network address, determines the propagation equipment of described Virus;
Propagate monitoring of tools module, for described propagation device transmission is monitored to the data of network.
9. server as claimed in claim 8, is characterized in that, described server also comprises:
Virus operation module, for move described Virus in virtual environment, and then triggers described Virus loopback information.
10. server as claimed in claim 8, is characterized in that, described propagation equipment acquisition module comprises:
Associated network address acquiring unit, at address database, obtains the associated network address similar with the described network address;
Core is propagated equipment determining unit, for according to the described network address and described associated network address, determines core propagation equipment;
Described propagation monitoring of tools module is monitored to the data of network for described core is propagated to device transmission.
11. servers as claimed in claim 10, is characterized in that, in described address database, record Virus corresponding to the described network address and described associated network address on call time,
Described core is propagated equipment determining unit and is comprised:
The first subelement, in the described network address and described associated network address, obtain described correspondence Virus on the network address of calling time the earliest;
The second subelement, for according to the network address of calling time the earliest on the Virus of described correspondence, determines core propagation equipment.
12. servers as claimed in claim 8, is characterized in that, described propagation monitoring of tools module comprises:
Data capture unit, for obtaining the data of described propagation device transmission to network;
Virus judging unit, for judging whether described data are Virus;
Virus should anti-unit, if be Virus for described data, carries out following any one or multiple operation:
Remove or isolate described Virus;
For described Virus, upgrade virus database;
When detecting that user terminal is downloaded described Virus from network, to user terminal, send hydropac.
13. servers as described in claim 8-12 any one, is characterized in that, the described network address comprises Internet protocol address or network email address.
14. servers as claimed in claim 9, is characterized in that,
Described Virus operation module, for by obtaining described Virus based on file characteristic or the viral authentication method based on behavioural characteristic;
The described Virus obtaining is moved in virtual machine, and then trigger described Virus loopback information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410033395.5A CN103763324A (en) | 2014-01-23 | 2014-01-23 | Method for monitoring virus procedure spreading equipment and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410033395.5A CN103763324A (en) | 2014-01-23 | 2014-01-23 | Method for monitoring virus procedure spreading equipment and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103763324A true CN103763324A (en) | 2014-04-30 |
Family
ID=50530484
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410033395.5A Pending CN103763324A (en) | 2014-01-23 | 2014-01-23 | Method for monitoring virus procedure spreading equipment and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103763324A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104504338A (en) * | 2015-01-23 | 2015-04-08 | 北京瑞星信息技术有限公司 | Method and device for identifying, acquiring and collecting virus propagation routes |
| CN108234484A (en) * | 2017-12-30 | 2018-06-29 | 广东世纪网通信设备股份有限公司 | For tracing the wooden horse source traceability system of the computer readable storage medium in wooden horse source and the application medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6701440B1 (en) * | 2000-01-06 | 2004-03-02 | Networks Associates Technology, Inc. | Method and system for protecting a computer using a remote e-mail scanning device |
| CN1514964A (en) * | 2001-04-10 | 2004-07-21 | �Ҵ���˾ | Method and apparatus for detection of computer viurses on network using bait server |
| CN101127638A (en) * | 2007-06-07 | 2008-02-20 | 飞塔信息科技(北京)有限公司 | Active virus automatic prevention and control system and method |
| US7568231B1 (en) * | 2004-06-24 | 2009-07-28 | Mcafee, Inc. | Integrated firewall/virus scanner system, method, and computer program product |
| CN102761535A (en) * | 2011-04-29 | 2012-10-31 | 北京瑞星信息技术有限公司 | Virus monitoring method and equipment |
| CN102841990A (en) * | 2011-11-14 | 2012-12-26 | 哈尔滨安天科技股份有限公司 | Method and system for detecting malicious codes based on uniform resource locator |
| CN103150512A (en) * | 2013-03-18 | 2013-06-12 | 珠海市君天电子科技有限公司 | Honeypot system and method for detecting trojan by using same |
-
2014
- 2014-01-23 CN CN201410033395.5A patent/CN103763324A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6701440B1 (en) * | 2000-01-06 | 2004-03-02 | Networks Associates Technology, Inc. | Method and system for protecting a computer using a remote e-mail scanning device |
| CN1514964A (en) * | 2001-04-10 | 2004-07-21 | �Ҵ���˾ | Method and apparatus for detection of computer viurses on network using bait server |
| US7568231B1 (en) * | 2004-06-24 | 2009-07-28 | Mcafee, Inc. | Integrated firewall/virus scanner system, method, and computer program product |
| CN101127638A (en) * | 2007-06-07 | 2008-02-20 | 飞塔信息科技(北京)有限公司 | Active virus automatic prevention and control system and method |
| CN102761535A (en) * | 2011-04-29 | 2012-10-31 | 北京瑞星信息技术有限公司 | Virus monitoring method and equipment |
| CN102841990A (en) * | 2011-11-14 | 2012-12-26 | 哈尔滨安天科技股份有限公司 | Method and system for detecting malicious codes based on uniform resource locator |
| CN103150512A (en) * | 2013-03-18 | 2013-06-12 | 珠海市君天电子科技有限公司 | Honeypot system and method for detecting trojan by using same |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104504338A (en) * | 2015-01-23 | 2015-04-08 | 北京瑞星信息技术有限公司 | Method and device for identifying, acquiring and collecting virus propagation routes |
| CN108234484A (en) * | 2017-12-30 | 2018-06-29 | 广东世纪网通信设备股份有限公司 | For tracing the wooden horse source traceability system of the computer readable storage medium in wooden horse source and the application medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6100898B2 (en) | Method and device for processing messages | |
| CN109347827B (en) | Method, device, equipment and storage medium for predicting network attack behavior | |
| CN105939326B (en) | Method and device for processing message | |
| CN109450955B (en) | Traffic processing method and device based on network attack | |
| CN102694820B (en) | Processing method of signature rule, server and intrusion defending system | |
| CN104883680B (en) | A kind of data guard method and user terminal | |
| WO2014172956A1 (en) | Login method,apparatus, and system | |
| CN110830986B (en) | Method, device, equipment and storage medium for detecting abnormal behavior of Internet of things card | |
| CN103428183B (en) | Method and device for identifying malicious website | |
| CN103607385A (en) | Method and apparatus for security detection based on browser | |
| US9137245B2 (en) | Login method, apparatus, and system | |
| CN108270722B (en) | Attack behavior detection method and device | |
| CN106656989B (en) | Flow monitoring method and terminal | |
| EP3582463B1 (en) | Threat detection method and apparatus | |
| CN108234400B (en) | Attack behavior determination method and device and situation awareness system | |
| CN110351237B (en) | Honeypot method and device for numerical control machine tool | |
| CN106911675B (en) | A kind of mobile phone Malware method for early warning and device | |
| JP5739034B1 (en) | Attack detection system, attack detection device, attack detection method, and attack detection program | |
| EP3579523A1 (en) | System and method for detection of malicious interactions in a computer network | |
| CN104021141A (en) | Method, device and system for data processing and cloud service | |
| US20230283641A1 (en) | Dynamic cybersecurity scoring using traffic fingerprinting and risk score improvement | |
| CN108183884B (en) | Network attack determination method and device | |
| JP2014179025A (en) | Connection destination information extraction device, connection destination information extraction method, and connection destination information extraction program | |
| CN108737421B (en) | Method, system, device and storage medium for discovering potential threats in network | |
| CN113132316A (en) | Web attack detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140430 |
|
| RJ01 | Rejection of invention patent application after publication |