CN104683379A

CN104683379A - A new system for computing and debugging facing enterprise service platform with new technique of novel cloud computing

Info

Publication number: CN104683379A
Application number: CN201310613656.6A
Authority: CN
Inventors: 徐幼娟
Original assignee: Shanghai Mo Yu Electronic Science And Technology Co Ltd
Current assignee: Shanghai Mo Yu Electronic Science And Technology Co Ltd
Priority date: 2013-11-27
Filing date: 2013-11-27
Publication date: 2015-06-03

Abstract

The present invention provides a new system for computing and debugging facing an enterprise service platform with a new technique of novel cloud computing, which is widely used in the field of anti-virus. A cloud security includes: obtaining the latest new information of Trojan horse and rogue programs in the Internet through monitoring abnormal behaviors in software behaviors in a network via a large amount of reticulate clients, pushing the latest new information to a service end for automatic analysis and processing, and then distributing a solution to whole internet targets of every client.

Description

New system is debugged in the calculating of a kind of Novel cloud calculating To enterprises service platform of new technology

The calculating of a kind of Novel cloud calculating To enterprises service platform of new technology of the present invention is debugged new system and is belonged to telecommunications field.

" cloud security " is that " important branch of cloud computing technology is applied widely in the middle of anti-virus field.Cloud security by netted a large amount of clients to the exception monitoring of software action in network, obtain the up-to-date information of wooden horse, rogue program in the Internet, be pushed to service end and carry out automatic analysis and process, then the solution of virus and wooden horse is distributed to each client.Whole the Internet, becomes a super large antivirus software, the ambitious goal of cloud security plan that Here it is.

Cloud security illustrates civilian section

What is cloud security " cloud security " is continue " occurring the important application of " cloud " technology after cloud computing " cloud storage ", having achieved in anti-viral software and applied widely, played good effect.For anti-viral software has won first chance in the middle of virus with the technology competition of anti-viral software.

After following cloud computing, cloud storage closely, cloud security has also occurred.Cloud security is the concept that Chinese Enterprises is created, and takes the course of its own in international field of cloud calculation.

" cloud security (Cloud Security) " plan is the up-to-date embodiment of information security cybertimes, it has merged emerging technology and the concepts such as parallel processing, grid computing, unknown virus behavior judgement, by netted a large amount of clients to the exception monitoring of software action in network, obtain the up-to-date information of wooden horse, rogue program in the Internet, be pushed to Server end and carry out automatic analysis and process, then the solution of virus and wooden horse is distributed to each client.

Following antivirus software cannot process increasing rogue program effectively.Chief threat from the Internet turns to rogue program and wooden horse by computer virus, and under these circumstances, the feature database diagnostic method of employing is obviously out-of-date.After the application of cloud security technology, identify and the viral virus base no longer only relied in local hard drive of killing, but rely on huge network service, carry out in real time gathering, analyze and processing.Whole the Internet is exactly one huge " antivirus software ", and participant is more, and each participant is safer, and whole the Internet will be safer.　

History

What propose " cloud security " this concept the earliest is Trend Micro, and in May, 2008, Trend Micro is proposed " cloud security " technology at United States Non-Provisional.The concept of " cloud security " once caused not little dispute in early days, was universally accepted now.It is worth mentioning that, Chinese network security enterprise has gone to prostatitis, the world in the technology application of " cloud security ".[3]

Know-why

Development trend cloud security framework

After the concept proposition of cloud security, once caused and dispute on widely, many people think that it is pseudo-proposition.But facts are stronger than rhetoric, the development of cloud security is as a gust of wind [1], and Rising, trend, this base of kappa, MCAFEE, SYMANTEC, Jiangmin Sci and Tech, PANDA, Kingsoft, 360 security guards etc. are all proposed cloud security solution.Safety of China enterprise Kingsoft, 360, Risings etc. all have relevant technology and come into operation.The cloud in Kingsoft makes the product resource of oneself take to be reduced greatly, and a lot of old machine also can smoothly run.Trend Micro's cloud security establishes 5 large data centers in the whole world, several ten thousand line servers.It is reported, cloud security can support that average every day 5,500,000,000 clicks inquiry, collection analysis every day 2.5 hundred million samples, and data bank first time hit rate just can reach 99%.By cloud security, the virus infections that Trend Micro blocks now every day is up to 1,000 ten thousand times.

Thought source cloud security illustrates civilian section

Cloud security technology is the result of P2P technology, grid, cloud computing technology distributed computing technique mixing development, natural evolvement.

The process of cloud security is worth mentioning, the core concept of cloud security, and the Anti-spam Grid just proposed as far back as 2003 with Liu Peng closely.Liu Peng thought at that time, and spam spreads unchecked and cannot, with technological means automatic fitration well, be because the artificial intelligence approach relied on is not mature technology.The maximum feature of spam is: identical content can be sent to millions of recipients by it.

For this reason, a distributed statistics and learning platform can be set up, carry out filtering spam mail with the cooperated computing of large-scale consumer:

First, user installation client, for each the envelope mail received calculates unique " fingerprint ", can be added up the number of copies of similar mail, when number of copies reaches some, just can judge that mail is spam by comparison " fingerprint ";

Secondly, the information grasped than a computer due to multiple stage computer on the Internet is more, thus can adopt distributed Bayesian learning algorithm, hundreds of client machine realizes Cooperative Study process, collects, analyzes and share up-to-date information.

Anti-spam Grid embodies real grid ideas, each user adding system is the object of service, also be an information node of distributed statistical function, along with the continuous expansion of system scale, the accuracy of system filtering spam mail also can improve thereupon.The method carrying out the way ratio artificial intelligence of filtering spam mail by extensive statistical method is more ripe, is not easy to occur the false-positive situation of erroneous judgement, and practicality is very strong.Anti-spam Grid is exactly the collaborative work of millions upon millions of the main frames utilized in distribution the Internet, builds " the sky net " of one catching rubbish mail.

After Anti-spam Grid thought proposes, elected as outstanding grid project by IEEE Cluster 2003 international conference and done on-the-spot demonstration in Hong Kong, in 2004, grid computing international symposium specialist paper and on-the-spot demonstration are done, cause and pay close attention to comparatively widely, receive the attention of Largest In China mail service provider Netease incorporator Ding Lei etc.Since spam can so process, virus, wooden horse etc. are as the same, and the thought of this and cloud security is just very close.

The epoch meeting of Tactics cloud security

The Tactics of cloud security is that user is more, and each user is safer, because so huge customer group, is enough to the every nook and cranny covering the Internet, as long as some websites is hung horse or certain new trojan horse occurs, will be intercepted and captured at once.

Main contents Rising cloud security plan antivirus software

The content that Rising's " cloud security " plans is, user is closely connected by the Internet with Rising technology platform, form a huge wooden horse/Malware monitoring, killing network, each " Rising's card card 6.0 " user does one's bit for " cloud security " plan, shares the security effort of other all users simultaneously.

" automatic on-line diagnosis " module of " Rising's card card 6.0 ", it is one of " cloud security " core of planning, whenever user starts computer, this module all automatically can detect and extract the suspicious wooden horse sample in computer, and uploading to Rising's " wooden horse/Malware automatic analysis system ", whole process only needs a few second.RsAMA will feed back to user analysis result subsequently, checking and killing Trojan virus, and by Rising's security document storehouse, be shared with other all " Rising's card card 6.0 " users.

Rising's card card 6.0 itself is the security tool of number million size, but its behind is the information security specialty team of largest domestic, be Rising " wooden horse/Malware automatic analysis system " (RsAMA) and " Rising's security document storehouse " (RsSD), share the apocrypha Monitoring Result of tens million of other Risings card card 6.0 user simultaneously.

The lecture of title design cloud security

" cloud security " this name is that horse just rises, and this plan is named " secure cloud ", is disdained by everybody, thinks rustic.This concept has had for a long time in fact, and the ratio that only Rising is dynamic is very fast." before cloud computing, there is an awfully hot concept to be called " grid computing ", exactly everybody computer is joined together, contribute the computing capability of some free time, take at any time for everybody.Google is one of " grid computing " user the earliest, and his server is all join together with cheap PC, is used for replacing expensive server, to provide the computing capability of Large Copacity searching requirement.Technological difficulties wherein, are just parallel computation, these technology of server communication.

Just virtual network can be formed, referred to as " cloud " by Rising's server, tens million of card card user.Virus, for the attack of " cloud ", all can be intercepted and captured, record and strike back by serviced device.Within the shortest time, can be obtained the solution of server by the node of virus infections, killing virus recovers normal." cloud " like this, theoretic safe coefficient can infinitely be improved.The place that " cloud " is the most powerful, has cast aside the concept that simple " client " is protected exactly.Conventional client is infected, kill virus complete after be just over, there is no further information trace and share.And all nodes of " cloud ", share information with server.You are poisoning, and server will record, and while your process of help, also give other user Information Sharing, they would not by superinfection.This so " cloud " shroud under user more, " cloud " records also more with the security information shared, and overall user is also more powerful.This is only the true essence of network, is also the place of the elite of so-called " cloud security ".

Difficulties cloud security illustrates civilian section

Want to set up " cloud security " system, and make it normal operation, need to solve four major problem: the first, need the client (cloud security probe) of magnanimity; The second, need antivirus techniques and the experience of specialty; 3rd, need a large amount of funds and Technical investment; 4th, must be open system, and need adding of a large amount of affiliate.

The first, the client (cloud security probe) of magnanimity is needed.Only have the client of magnanimity, the sensitiveest perception could be had to the virus that the Internet occurs, wooden horse, extension horse website.There is the own client more than 100,000,000 in current Rising, if add the client of the affiliate such as a sudden peal of thunder, trip for a long time, then can cover domestic all netizens completely, and whichever netizen is poisoning, horse webpage is hung in access, can make a response in the very first time.

The second, antivirus techniques and the experience of specialty is needed.Rising has the antivirus techniques accumulation of 20 years nearly, and the R&D force be made up of hundreds engineer, obtain international technical certification continuously in recent years, technical strength is surely at the forefront in the world.The technical merit domestic initiation of these Dou Shi Rising " cloud security " systems, leading in the world.The integrated use of the technology such as a large amount of patented technology, virtual machine, intelligent Initiative Defense, large-scale parallel computing, make " cloud security " system of Rising can process the reporting information of magnanimity in time, result is shared to each member of " cloud security " system.

Three, a large amount of funds and Technical investment is needed.The input of current Rising " cloud security " system only on the hardware such as server, bandwidth is more than 100,000,000 yuan, and corresponding top technical team, over the next several years continue research cost will be several times as much as hardware investment, such scale of input is that non-specialized vendor cannot accomplish.

Four, must be open system, and need adding of a large amount of affiliate.Rising's " cloud security " is an open system, its " probe " is completely compatible with all software, even if user uses other antivirus softwares, the software with " probe " function such as Rising card card assistant also can be installed, the achievement that " cloud security " system of enjoyment is brought.And swim for a long time, the adding of hundreds of the heavyweight manufacturers such as a sudden peal of thunder, also greatly strengthen the covering power of " cloud security " system.

Interception downloaded by what's new wooden horse

Based on leading anti-Trojan Horse Technique, tackle poisoning computer by the more virus of web download and Trojan for stealing numbers, block the passage that wooden horse enters user computer, effectively contain spreading unchecked of pernicious trojan horses such as " wooden horse groups ".

Wooden horse judges interception

Based on powerful " intelligent Initiative Defense " technology, when wooden horse and suspect program start, load time, at once its behavior is tackled, blocks the destructions such as its steal-number, find when trojan horse runs and remove, protect the account number safety of QQ, network game and Net silver.

Automatic on-line is diagnosed

The Core Feature that Rising " cloud security " (CloudSecurity) plans.Automatic detection the Newman extracted in computer takes Rising by the hand

Suspicious wooden horse sample, and upload to Rising's " wooden horse/Malware automatic analysis system " (RsAutomatedMalwareAnalyzer, be called for short RsAMA), RsAMA will feed back to user analysis result subsequently, checking and killing Trojan virus, and by " Rising's security document storehouse " (RisingSecurityDatabase is called for short RsSD), be shared with other all " Rising's card card 6.0 " users.

Strengthen function vulnerability scanning

The vulnerability scanning engine of the brand-new exploitation of application, Intelligent Measurement Windows system vulnerability, third-party application software vulnerability and associated safety are arranged, and help user to repair.User also according to setting, can realize the automatic reparation of above-mentioned leak, simplifies the operation of user, helps user to make up potential safety hazard in the very first time more timely simultaneously.

Powerful reparation

For the Operation system setting be destroyed by the virus, as IE browser homepage is changed, often jumps to the phenomenons such as advertiser website, card card assistant can repair registration table, Operation system setting and host file, makes computer recover normal.

Enter to open management

Help user effectively to manage the driving in computer, start shooting self-starting software, browser plug-in etc., effectively can improve the operational efficiency of user computer.

Upgrade kit collection

For skilled computer user, card card Internet security aid 6.0 provides comprehensive utility function: cleaning garbage files, the management of system startup item, Service Management, networking program management, LSP reparation, file are pulverized and special anti-virus tool.

Seven monitor greatly

Card card Internet security aid 6.0, has automatic on-line diagnosis, USB flash disk virus immunity, automatically repair system leak, wooden horse behavior judges protect with interception, objectionable website, the anti-pierced wall of IE and wooden horse download interception 7 monitoring system greatly.Comprehensive unlatching protection user computer safety.

Example of security ESET NOD32

Come from the ESET NOD32 of Slovakia as far back as 2006, just in its high-level heuristics engine, have employed this technology, be referred to as ThreatSense early warning system, and applied for patent.Subscriber computer is as the node of in ESET cloud, and ESET can understand by ThreatSense early warning system the situation that user installation uses software.When antivirus engine finds that certain software is very suspicious, but when being not enough to assert that it is virus, ThreatSense will collect the relevant information of software, and with central server swap date, central server just can make feedback rapidly accurately by all data collected.

Jinshan anti-virus software

Jinshan anti-virus software " cloud security " is the Security Architecture of a kind of the whole network defence that the security situation in order to solve the Internet sternness after wooden horse commercialization is arisen at the historic moment.It comprises intelligent client, concentrating type service end and open platform three levels." cloud security " is strengthening on existing antivirus techniques basis and supplement, and the user Internet era that final purpose being to allow can obtain sooner, more fully safeguard protection.

First the SmartClient of stability and high efficiency; it can be independently safety product; also can as the security component integrated with other products, such as Jinshan anti-virus software 2012 and security centre of Baidu etc., it is that whole cloud security system provides sample collection and threatens the basic function processed; The Jinshan anti-virus software 2011 that Kingsoft was released in 2010, software volume too fat to move before changing, greatly reduces resource occupation, and Consumer's Experience is leaped.

Secondly the support of service end, it comprises distributed mass data storage center, the safety analysis service of specialty and the intellectual analysis digging technology of Security Trend, simultaneously it and client cooperation, for user provides cloud security service;

Finally, cloud security is based on an open safety service platform, and it is that third party's security cooperation partner provides the platform support with virus countermeasure.Jinshan anti-virus software cloud security both provided security service for third party's security cooperation buddy subscriber, again by setting up the whole network defense system with third party's security cooperation partners cooperation.Make each user participate in the whole network defense system, run into virus and also will no longer fight a lone battle.

1. can support the mercury platform that Massive Sample stores and calculates

2. the Internet authentic authentication service

3. crawler system

Trend Micro

The large trump card of Trend Micro SecureCloud cloud security 6:

1.Web reputation service

By one of territory credit database that the whole world is maximum, the change of the Website page that the Web reputation service of Trend Micro finds according to Malware behavioural analysis, historical position and suspicious activity sign etc. are because usually specifying prestige mark, thus the confidence level of tracking webpage.Then will continue scans web sites by this technology and prevent user from accessing infected website.In order to improve accuracy, reduce rate of false alarm, Trend Micro Web reputation service is that the particular webpage of website or link specify reputation score, instead of whole website classified or tackles because usually legitimate site only some is under attack, and prestige can change in time and constantly.

By the comparison of reputation score, some websites potential risks rank just can be known.When user's access has the website of potential risk, just can obtain system alert or prevention in time, thus help user to confirm the fail safe of targeted website rapidly.By Web reputation service, can preventing malice program source.Because the strick precaution of attacking zero day is credibility based on website instead of real content, therefore can the initial download of effective preventing malicious software, user enters that network is front just can obtain protective capacities.

2. Email reputation service

The credit database that the Email reputation service of Trend Micro is originated according to known spam checks IP address, utilizes simultaneously and can the dynamic Service of real-time assessment Email senders prestige verify IP address.Prestige scoring is in addition refinement by constantly analyzing " behavior ", " scope of activities " of IP address and former history.According to the IP address of sender, namely malicious e-mail is blocked in cloud, thus prevents the web such as corpse or Botnet from threatening the computer arriving network or user.

3. file reputation service

Present Trend Micro's cloud security will comprise file reputation service technology, and it can check the prestige of each file being positioned at end points, server or gateway.The foundation checked comprises known optimum lists of documents and known pernicious lists of documents, i.e. present so-called anti-virus condition code.It is minimum that high performance content distributing network and locally buffered server will guarantee in checking process, to be dropped to time of delay.Because fallacious message is stored in cloud, all users in network therefore can be arrived immediately.And, compare with the traditional anti-virus condition code file download taking end points space, this method reduces end points internal memory and system consumption.

4. behavior related analysis technology

Trend Micro's cloud security utilizes " correlation technique " of behavioural analysis that threat activity is comprehensively connected, and determines whether it belongs to malicious act.The single activity that Web threatens seems do not have what harm, but if carry out multinomial activity simultaneously, so just may cause malice result.Therefore to need according to heuristic viewpoint to judge whether that physical presence threatens, the correlation between the different assembly of potential threat can be checked.By the different piece threatened is associated and constantly updates its threat data storehouse, make Trend Micro obtain outstanding advantage, namely can make response in real time, threaten to provide for Email and Web and protect in time, automatically.

5. automatic feedback mechanism

Another significant components of Trend Micro's cloud security is exactly automatic feedback mechanism, realizes uninterrupted communication in two-way renewal stream mode at the product of Trend Micro and between the round-the-clock threat study center of company and technology.By checking that the route prestige of single client determines various novel threat; " neighbourhood's supervision " mode that the function of Trend Micro's global automatic feedback mechanism widely adopts the spitting image of present a lot of communities; realize real-time detection and " jointly intelligence " protection timely, will contribute to establishing comprehensive latest threat index.Often kind of new threat that the conventional prestige inspection of single client finds all can upgrade all threat data storehouses that Trend Micro is positioned at all parts of the world automatically, prevents later client from running into the threat had been found that.

6. threat information gathers

From the research of the U.S., Philippine, Japan, France, Germany and the ground researcher such as Chinese by the feedback of supplementary Trend Micro with submit content to.At Trend Micro's anti-virus research and development and technical support centre TrendLabs, the employee of various language will provide real-time response, the round-the-clock threat monitoring of 24/7 and attack defending, to detect, to prevent and to remove attack.

The various technology of Trend Micro's integrated application and Data Collection mode---comprise " honey jar ", new Web Crawler, client and the submission of affiliate's content, feedback loop and TrendLabs threat study---, and Trend Micro can obtain the various information about latest threat.By the malware data storehouse in Trend Micro's cloud security and TrendLabs research, service and support center analyzes threat data.

This base of kappa

The global function security protection of this base of kappa is intended to for internet information builds a seamless transparent security system:

1., for the information security threats that type in internet environment is various, Card Buskie laboratory for core, based on Integration ofTechnology, achieves the function hardware and software platform of information security software with anti-malware engine.The Core Features such as system safety, safety on line, information filtering and anti-malware can realize unified, orderly and three-dimensional Prevention-Security on the platform of global function fail-safe software, instead of hash that the is dissimilar and product of function;

2. under the support of powerful backstage technical Analysis ability and online transparent interaction pattern, this base global function fail-safe software 2009 of kappa can be collected online when user " knows the inside story and agrees to (Awareness & Approval) ", analyze the rogue program sample such as suspicious virus and wooden horse in (OnlineRealtimeCollecting & Analysing) subscriber computer, and carries out user's distribution (InstantSolutionDistribution) by the global anti-virus database of average renewal per hour 1 time.Thus " this base secure network of kappa " that the online collection of the rogue programs such as realization virus and wooden horse, instant analysis and solution are distributed online, i.e. " cloud security " technology.This base global function fail-safe software 2009 of kappa is by " this base secure network of kappa ", " cloud security " technology is applied to numerous computer users pellucidly, this base of kappa user in the whole world is made to constitute the Prevention-Security net that has superelevation intelligence, immunity can be produced in the very first time to new threat, stop the infringement of security threat." this base secure network of kappa " have passed through the long-term research and development of Card Buskie laboratory and test, has high stability and maturity.Therefore, can take the lead in the product of the formal version of global function fail-safe software 2009 directly for user provides service.

3. realize user by the service system of flattening to dock with the zero distance on technology backstage.This base of kappa has world-leading rogue program sample center and rogue program analysis platform, and the anti-virus database of renewal per hour can ensure that the Prevention-Security ability of subscriber computer is docked with the zero distance on technology backstage.In the defense system of the global function safety of this base of kappa, all users are the active participate person of internet security and the instant beneficiary of safe practice innovation.

Cloud security scanner

Singular point scanner

The comprehensive vulnerability detection system of singular point cloud security is first degree of depth safety estimation system based on APT intrusion detection pattern of the whole world, be devoted to the application safety test under web2.0 and the comprehensive scanning analysis of network station leakage, the security sweep strategy of its efficiently and accurately, user can be allowed easily to find, and leak threatens, for safety manager also provides the vulnerability scanning form of specialty in detail.The comprehensive Hole Detection service of web server covers nearly all vulnerability of application program of the internal authority WSO such as CVE, packetstorm, OWASP, WebAppSec and domestic and international safe community definition, goes for external server Hole Detection.

Find WEB application server security leak;

Find network station leakage;

Overseas VPN intrusion detection server can be supported, can solve external or shield the problem that cannot scan website;

Support conventional detection vulnerability model and intelligent Liquid penetrant testing model

Support simple mode (single domain name) batch mode (multiple domain name), rapid scanning, depth scan 4 kinds of patterns;

Specialty, clear, visual form accurately;

Support is more than 500 kinds of inspection policies, and tens of kinds of logics infiltration invasion detect lines are, can the leak that exists of accurate scanning website.

Support intelligent Liquid penetrant testing model, comprise 0day and upgrade detection, leak combines, the Hole Detection such as Google hacking reptile

Superpower leak analysis ability

The two-channel intelligent detection model of original creation, not only supports the detection of conventional leak, and has intelligent Liquid penetrant testing model.

First is separately for the professional detection model of domestic and international common mailing system, forum, blog, web editing machine.

Support that cookies Entered state gos deep into measuring ability

Be integrated with JavaScript intelligently parsing engine, to malicious code, the cross site scripting leak of DOM type and the redirect Hole Detection of any page more accurate.

Shirtsleeve operation step, specialty can be customized scaling option, high-quality invasion safety detection can be completed easily

McAfee

Famous security firm McAfee announces, will release the safety system Artemis based on cloud computing.This system can protection calculation machine from the infringement of virus, wooden horse or other security threats.

Under McAfee, the researcher of AvertLabs represents, this system can shorten the time of collection, detection of malicious software, and configures the time of whole solution.

Along with the development of safety system, this time reduces to a few hours from several days in the past, drops to again " several milliseconds " at present.

AvertLabs security study and communication supervisor DaveMarcus represent: " Artemis system management window, all activities of enterprise customer are all carried out in this window, and this window will continual analysis with or without Malware.The object of Artemis is to make time minimum used."

Conventional security system uses threat signature database to manage malware information, and as a cloud computing service, Artemis just can react to threat before signature file is not yet issued.

Marcus represents, the every weekly assembly of AvertLabs researcher finds up to ten thousand new signature files.If user computer is equipped with Artemis system, so once computer is detected there is apocrypha, so can at once with McAfee server contact, to determine that whether apocrypha is malice.By this mode, McAfee can also utilize collected data to provide the security solution of customization for enterprise.

Expert represents, Artemis can provide real-time safeguard protection.And in traditional safety system based on signature, find security threat and take often life period delay between safeguard measure.

IDC safety product head of research CharlesKolodgy represents: " traditional malware detection mode Shortcomings based on signature.Along with the change of user behavior, security threat is also in change, and malware detection techniques does not keep synchronized development in general.”

Rising's white paper

" cloud security " (CloudSecurity) plans: user be closely connected by the Internet with Rising technology platform, form a huge wooden horse/Malware monitoring, killing network, each " Rising's card card 6.0 " user does one's bit for " cloud security " (CloudSecurity) plan, shares the security effort of other all users simultaneously.

" automatic on-line diagnosis " module of " Rising's card card 6.0 ", it is one of " cloud security " (CloudSecurity) core of planning, whenever user starts computer, this module all automatically can detect and extract the suspicious wooden horse sample in computer, and upload to Rising's " wooden horse/Malware automatic analysis system " (RsAutomatedMalwareAnalyzer, be called for short RsAMA), whole process only needs a few second.RsAMA will feed back to user analysis result subsequently, checking and killing Trojan virus, and by " Rising's security document storehouse " (RisingSecurityDatabase is called for short RsSD), be shared with other all " Rising's card card 6.0 " users.

Because this process is all by the Internet and through procedure auto-control, user can be improved to the full extent to wooden horse and viral prevention ability.Ideally, from a Trojan for stealing numbers from attack certain computer, to whole " cloud security " (CloudSecurity) network, immunity, killing ability are had to it, only need the time of several seconds.

Although the trojan horse sample collected every day has 8 ~ 100,000, but the automatic analysis system of Rising can be classified automatically according to the mutation group of trojan horse, and " variant virus family Feature Extraction Technology " is utilized the feature of each mutation group to be extracted respectively.Like this, after carrying out Automatic analysis to tens thousand of new trojan horses, the real new trojan horse sample of real manual analysis that needs only has hundreds of.

Jiangmin Sci and Tech

The extensive feature database built in cloud mode is not sufficient to tackle increasing rapidly of security threat; domestic and international virus killing manufacturer also needs in the core antivirus technique foot time up and down; the such as unknown virus precautionary technology such as virtual machine, heuristic, sandbox, intelligent Initiative Defense all needs to strengthen and development, and the self-protection ability of most antivirus software itself also needs reinforcement.It is fast again that virus increases, the just change of amount, and in the middle of reality, bring about great losses, and but only a few applies the malignant virus of new virus technology often.

Power just can be showed in the basis that " cloud security " must be based upon core technologies such as " kernel level self-protection " " sandbox " " virtual machines "; there is no these core technologies; the embarrassment that antivirus software just may occur in face of virus " having a heart but no strength "; many antivirus software scanning discoveries virus in reality; unable removing, even instead be can be found everywhere by the phenomenon that virus is closed.This is also why Jiang Min is when releasing KV2009, and first it is emphasised that core technologies such as " sandbox " " kernel level self-protections " " intelligent Initiative Defense " " virtual machine ", and " cloud security " toxicological operation protective system comes reason below.Killing virus the same with other industry, is first that basis is enough powerful, and basis is unsturdy, and it is high more also not firm that building is built.

" sandbox " is a kind of system kernel level technology of more deep layer, all be not quite similar in know-why or in the form of expression with " virtual machine ", " sandbox " can take over the behavior of viral calling interface or function, and rollback mechanism can be carried out after confirming as virus behavior, allow system reset, and " virtual machine " does not have rollback recovery mechanisms, after challenge virus, virtual machine can be judged as YES a certain viroid according to the behavioural characteristic of virus, and call engine this virus is removed, be essentially different between the two.In fact, when tackling new virus invasion, the KV2009 applying " sandbox " has started to have played powerful effect.There is user in the various real-time monitoring of closedown river people KV2009 antivirus software, only open " Initiative Defense of band Sandboxing " pattern, after result runs " mopping up ripple " new virus, all behaviors of virus are blocked and erase, and have no chance to leave any vestige in systems in which.

The main problem that current anti-virus faces is the technological challenge of driving virus to antivirus software.Therefore, current anti-microbial top priority promotes anti-virus core technology further, under the prerequisite guaranteeing antivirus techniques, fully by the fast fast response mechanism of " cloud security " toxicological operation protective system, make the dual safety security system that " cloud security " adds " sandbox ".

The problem high in the clouds problem of cloud security

Cloud computing safe seven crimes cloud security alliance and Hewlett-Packard list the seven crimes of cloud computing jointly, mainly based on to the investigation result of 29 enterprises, technology suppliers and consulting firm and the conclusion drawn.　

1. loss of data/leakage: be not very good to the security control dynamics of data in cloud computing, API Access Permissions control and secret generating, store and management aspect deficiency all may cause data leak, and necessary data destroying policy may be lacked.　

2. technology of sharing leak: in cloud computing, simple error configurations all may cause and have a strong impact on, because a lot of virtual servers in cloud computing environment share identical configuration, be therefore necessary for network and server configuration performs service level agreement (SLA) to guarantee to install in time repair procedure and to implement best practice.　

3. hidden traitor: cloud computing service supplier may be different with the control dynamics of business data access rights to the background check dynamics of staff, a lot of supplier does well in this respect, but and not, enterprise needs to assess supplier and proposes how to screen the scheme of employee.　

4. account, service and communication hijack: a lot of data, application program and resource all concentrate in cloud computing, if and the Authentication mechanism of cloud computing is very weak, invader just easily can obtain user account number and log in the virtual machine of client, therefore this threat is initiatively monitored in suggestion, and adopts dual factors Authentication mechanism.　

5. unsafe application programming interfaces: in developing application, as new platform must be regarded cloud computing by enterprise, instead of outsourcing.In the life cycle of application program, must dispose strict review process, developer can use some criterion to process authentication, access privilege control and encryption.6. correctly do not use cloud computing: in application technology, hacker may be more progressive than technical staff faster, and hacker usually can dispose rapidly new attack technology and freely walk in cloud computing.　

7. the risk of the unknown: clarity issues annoyings cloud service supplier always, and account user only uses front-end interface, they do not know that their supplier uses which kind of platform or reparation level.Literary composition section 1

Client-side issue

For the customer, cloud security has the worry of network facet.Have some anti-viral softwares after suspension, performance declines greatly.And be also no lack of such situation in the middle of practical application.Due to viral subversive, the factors such as network environment, once go wrong on network, cloud has just become burden on the contrary, has helped to fall.

Claims

The calculating of a kind of Novel cloud calculating To enterprises service platform of new technology is debugged new system resilience and is calculated

Based on the cloud infrastructure service of Distributed Calculation, make to calculate and storage resources can elastic telescopic fast, user can buy unconfined application service resource at any time, saving IT cost;

Measurable service

By providing the measurement service of different stage, as storage, access times, service time etc., control and optimization system resource, the service condition of all resources is all monitored and is added up.
New system on-demand service is debugged in the calculating of a kind of Novel cloud calculating To enterprises service platform of new technology

System provides enough customized options, user can as required customized oneself service and select different charge mode, need not service provider intervene;

Many tenants

The calculating of a kind of Novel cloud calculating To enterprises service platform of new technology is debugged new system and is utilized shared data to store architecture in design, focus on easily extensible, ALARA Principle, detachable, data isolation, thus be isolated from each other and independently logical space for each tenant provides, between multiple tenant, shared system calculates and storage resources, and provides sufficient safety guarantee;

Basic application service

There is provided multiple platform application serviced component, such as metadata management, workflow management, security service, tactical management and data analysis service, these services can provide more senior service by combination and modeling;

Platform service function

The service function that new system is debugged in the calculating of a kind of Novel cloud calculating To enterprises service platform of new technology can be provided for medium-sized and small enterprises has:

Huge volumes of content manages

Carry out metadata according to document content automatically to extract, sort out, support the function such as full-text search, tag control, comment management, Version Control, activation record trackings, regulation management, tactical management, digital copyright management, and online editing, preview (supporting to commonly use Office document), broadcasting, format conversion, workflow management; Document library supports multiple access, interactive mode agreement: FTP, CIFS, WEBDAV, IMAP, CMIS and SharePoint etc.
The management of new system flow is debugged in the calculating of a kind of Novel cloud calculating To enterprises service platform of new technology

Utilize unified, that highly extendible platform carrys out visible service flow design, execution, monitoring and optimization;

There is provided personalized knowledge information door, the powerful text search tool of using function finds information accurately fast;

Search Results can sort, and display hit keyword, document, correlation rank etc.;

Support Syndicating search, inquire about the information of multiple data bank, and be presented in together by the mode of polymerization;

Schedule and conference management

The schedule of Executive Team or individual and meeting, the use of coordination committee room;

Can be compatible with Microsoft Outlook, the transmitting-receiving operation between support and Outlook and then notice of meeting;

Mail service

Can integrated multiple mail server, support the various protocols such as IMAP, POP3, the multiple mail account of one-stop management;

Business collaboration

The collaboration space that support site (Site), community (Community) etc. create based on interest, project, task dispatching;

Website application, based on plug-in unit pattern, powerfully applies combination, member's control of authority flexibly flexibly;

Operation management

Contain the utility functions such as administration, human resource management, customer relation management and purchasing management, for the ERP platform that medium-sized and small enterprises provide a complete and function to be simple and easy to, thus you is enable to integrate the data resource of each side's dispersion and realize automatically processing end to end.
New system security management is debugged in the calculating of a kind of Novel cloud calculating To enterprises service platform of new technology

Control by user and fabric anomaly, data encryption, digital copyright management and content modification audit etc., protect and follow the tracks of sensitive information.
Platform value

The management mode of enterprise that new system help medium-sized and small enterprises build high efficiency, standardization, networking is debugged in the calculating of a kind of Novel cloud calculating To enterprises service platform of new technology, enterprise management level is assisted effectively to control information and the operation of enterprise, carry out close collaboration between the team of promoting enterprise, make enterprise staff can rationally, specification, organize and complete oneself work efficiently; ;

New system is debugged in the calculating of a kind of Novel cloud calculating To enterprises service platform of new technology provides the modules such as the management of collaboration space, huge volumes of content, workflow management can help the institutional framework of standardization medium-sized and small enterprises, realize the information transmission of enterprises and automation that is shared and workflow, impel accumulation of knowledge and standardized management;

The calculating of a kind of Novel cloud calculating To enterprises service platform of new technology is debugged new system and can be analyzed and understand state of affairs, provides quantized data to help enterprise to make rational decision-making.
The service that new system provides cross-terminal is debugged in the calculating of a kind of Novel cloud calculating To enterprises service platform of new technology, and namely client be may have access to by browser and network, greatly reduces workload and the expense of IT maintenance while convenient use.
The project indicator

Technical indicator

Performance index:

The commercial platform that can process mass data based on the mass data processing of distributed structure/architecture and service platform, for actual operation system, solving practical problems;

Extensibility: platform support services device quantity is greater than 100, and storage capacity is greater than 500TB; And there is the ability of support more than 500 servers;

Support parallel data acquisition and parallel data analysis capabilities;

Support distributed storage and the inquiry of massive structured data and unstructured data;

Support the search engine of mass data;

Distributed task dispatching system and monitoring;

Reliability: data storing reliability and availability assessment and optimisation technique, reach reliability and the Information Security of at least 99.99%; A kind of mass data distributed storage and data managing method are provided;

Functional parameter:

Huge volumes of content manages

Workflow management

Knowledge retrieval

Schedule and conference management

Mail service

Business collaboration

Operation management

Safety management

Application index:

Elastic calculation

Serve mensurable

On-demand service

Many tenants

Cross-terminal

Low cost.