CN104732148A - Distributed searching and killing method and system - Google Patents
Distributed searching and killing method and system Download PDFInfo
- Publication number
- CN104732148A CN104732148A CN201510175152.XA CN201510175152A CN104732148A CN 104732148 A CN104732148 A CN 104732148A CN 201510175152 A CN201510175152 A CN 201510175152A CN 104732148 A CN104732148 A CN 104732148A
- Authority
- CN
- China
- Prior art keywords
- virus
- terminal
- killing
- file
- base
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a distributed searching and killing method. The method includes the steps that a virus killing system is divided into a control unit and an execution unit; the control unit is arranged in a cloud operating system, and the execution unit is arranged in a terminal; the virus killing system is upgraded through the control unit, and a virus reservoir in the virus killing system is updated; virus detection is conducted on files in the terminal through the execution unit, and detected virus is searched and killed. By means of the distributed searching and killing method, the size of the virus killing system is controlled, the searching and killing efficiency is improved, the size of the virus reservoir in the virus killing system is changed dynamically to control the consumption amount of resources of the cloud operating system by the virus killing system, the utilization efficiency of the system resources is improved, and user experience is improved.
Description
Technical field
The present invention relates to technical field of network security, the method and system of particularly a kind of distributed killing.
Background technology
In cloud operating system, virus killing system can support a lot of virtual personal computer (personalcomputer, be called for short pc), software resource file in each virtual pc and hardware resource file are independently, namely each virtual pc has oneself independently virtual center processor (Central ProcessingUnit relatively, be called for short CPU) computing unit, virtual hard disk storage unit, virtual memory unit, mutual inaccessible between each virtual pc, but cloud operating system can calculate the size of the virtual cpu computing unit of each virtual pc, virtual memory size, the software that virtual hard disk storage size and each virtual pc install controls.
In prior art, each virtual pc needs to install a whole set of antivirus software, but various along with viral species, the storage space taking pc terminal increases, and the load of pc terminal is also increasing, has influence on the application of other functions of pc terminal, expend very much system total resources, cost is high, efficiency is low.
Summary of the invention
The object of this invention is to provide a kind of method and system of distributed killing, to solve consumes resources in prior art, high, the inefficient problem of cost.
According to an aspect of the present invention, provide a kind of method of distributed killing, described method comprises:
Virus killing system is divided into control module and performance element;
Be arranged on by described control module in cloud operating system, described performance element is installed in the terminal;
By described control module, described virus killing system is upgraded, and the virus base in described virus killing system is upgraded;
By described performance element, detection virus is carried out to the file in described terminal, killing is carried out to the virus detected.
Alternatively, described method also comprises:
The frequency occurred in described terminal according to described virus and infringement degree, to the viral divided rank in described virus base;
When the processor proportion of described terminal reaches threshold value, the virus of the lowest class in described virus base is deleted;
When the processor proportion of described terminal is less than threshold value, upgrade described virus base.
Alternatively, described by described performance element to the file in described terminal carry out detection virus, killing is carried out to the virus detected and specifically comprises:
Described terminal, by the file type in described terminal, is categorized into first terminal and the second terminal by described control module;
According to the file type in described first terminal and described second terminal, the first virus base and the second virus base are categorized into described virus base;
Described first virus base and described second virus base are distributed to described first terminal and described second terminal respectively;
Detect in described first terminal the data whether existing and mate with the virus in described first virus base, and detect in described second terminal the data whether existing and mate with the virus in described second virus base;
Data in the described first terminal of coupling or described second terminal are carried out killing.
Alternatively, described file comprises application software file or data file, and described application software comprises Games Software, and video software or download software, described data file comprises compressed file, text or software installation kit file.
Alternatively, the mode of described killing comprises: remove, and deletes, disable access, and isolation, does not process.
According to another aspect of the present invention, provide a kind of system of distributed killing, described system comprises:
Separate units, for being divided into control module and performance element by virus killing system;
Installation unit, for being arranged in cloud operating system by described control module, described performance element is installed in the terminal;
Described control module, for upgrading to described virus killing system, and upgrades the virus base in described virus killing system;
Described performance element, for by carrying out detection virus to the file in described terminal, carries out killing to the virus detected.
Alternatively, described system also comprises:
Division unit, for the frequency and the infringement degree that occur in described terminal according to described virus, to the viral divided rank in described virus base;
Delete cells, for when the processor proportion of described terminal reaches threshold value, deletes the virus of the lowest class in described virus base;
Updating block, for when the processor proportion of described terminal is less than threshold value, upgrades described virus base.
Alternatively, described performance element, specifically for:
Described terminal, by the file type in described terminal, is categorized into first terminal and the second terminal by described control module;
According to the file type in described first terminal and described second terminal, the first virus base and the second virus base are categorized into described virus base;
Described first virus base and described second virus base are distributed to described first terminal and described second terminal respectively;
Detect in described first terminal the data whether existing and mate with the virus in described first virus base, and detect in described second terminal the data whether existing and mate with the virus in described second virus base;
Data in the described first terminal of coupling or described second terminal are carried out killing.
Alternatively, described file comprises application software file or data file, and described application software comprises Games Software, and video software or download software, described data file comprises compressed file, text or software installation kit file.
Alternatively, the mode of described killing comprises: remove, and deletes, disable access, and isolation, does not process.
According to the specific embodiment that the application provides, this application discloses following technique effect:
The method and system of the distributed killing that the embodiment of the present application provides, control the size of virus killing system, improve killing efficiency, virus base size in dynamic change virus killing system, control the resource consumption proportion of virus killing system to cloud operating system, improve system resource service efficiency, adding users is experienced.
Accompanying drawing explanation
The method flow diagram of the distributed killing that Fig. 1 provides for a kind of embodiment of the application;
The system schematic of the distributed killing that Fig. 2 provides for the another kind of embodiment of the application.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with embodiment also with reference to accompanying drawing, the present invention is described in more detail.Should be appreciated that, these describe just exemplary, and do not really want to limit the scope of the invention.In addition, in the following description, the description to known features and technology is eliminated, to avoid unnecessarily obscuring concept of the present invention.
The method and system of the distributed killing that the embodiment of the present application provides, be applicable to allly look into viricidal system, for there being the terminal of virus killing demand to provide support, killing system carries out killing virus by distributed mode to terminal.
In order to understand the advantage of the application better, introduce the embodiment of the application below by accompanying drawing and detailed description.
The method flow diagram of the distributed killing that Fig. 1 provides for a kind of embodiment of the application.The executive agent of the embodiment of the present application can be killing system.As shown in Figure 1, the method for the distributed killing of the embodiment of the present application specifically comprises the following steps:
Step 101, virus killing system is divided into control module and performance element;
Virus killing system is for detecting and remove virus, computer worms and the trojan-horse program in computer terminal.Virus killing system identifies containing real-time program monitoring usually, rogue program scans and remove and automatically upgrade the functions such as virus database, is the important composition of computer system of defense.
The main function of virus killing system detects and process virus, and upgrade virus base.Virus killing system is split into control module and performance element, and control module detects virus and upgrades virus base, performance element process virus.
Step 102, be arranged in cloud operating system by control module, performance element is installed in the terminal;
Be arranged in cloud operating system by the control module of virus killing system, the performance element of virus killing system is installed in the terminal, the control module of virus killing system and performance element is separated.
Step 103, by control module, virus killing system to be upgraded, and the virus base in virus killing system is upgraded;
Such as: when virus killing system newly increases function, as entrance newly-increased on interface, virus killing system file diminish, Long-distance Control killing etc., can be upgraded to virus killing system by control module.Virus base in virus killing system has " DOS virus ", " Windows virus ", " intrusive virus ", " embedded virus ", " shell viroid " and " viral fabrication tool " are viral, when increasing newly into " macrovirus ", need to be upgraded the virus base in virus killing system by control module, " macrovirus " is added in virus base.
Alternatively, the process that control module upgrades the virus base in virus killing system can also be specifically following steps:
Step 201, the frequency occurred in the terminal according to virus and infringement degree, to the viral divided rank in virus base;
Such as, the frequency that macrovirus occurs in the file of terminal is 80%, and makes file run after there is the file of terminal, and the frequency that shell viroid occurs in the file of terminal is 30%, and exist in the file of terminal and do not affect running paper, then shell viroid is divided into the lowest class.
Step 202, when the processor proportion of terminal reaches threshold value, the virus of the lowest class in virus base to be deleted;
When the processor cpu proportion of terminal increases and reaches threshold value 80%, in whole cloud operating system, detect that the virtual computing unit that all virtual pc use accounts for total cloud operating system processor cpu computational resource proportion and increases, send instruction instruction and the relative the lowest class virus coat viroid in virus base is deleted.
Step 203, when the processor proportion of terminal is less than threshold value, upgrade virus base.
When the processor cpu proportion of terminal reduces and reaches threshold value 30%, in whole cloud operating system, detect that the virtual computing unit that all virtual pc use accounts for total system cpu computational resource proportion and reduces, send the virus in instruction instruction renewal virus base.
Step 104, by performance element to the file in terminal carry out detection virus, killing is carried out to the virus detected.
File in terminal can be application software file or data file, and application software can be Games Software, and video software or download software, data can be compressed files, text or software installation kit file.
By the performance element in virus killing system, detection virus is carried out to each file in terminal, killing is carried out to the virus detected.The killing of virus killing system to the file of infected virus has various ways: remove, and deletes, disable access, and isolation, does not process.Such as, killing process can be the virus in file deleted, or will be with virulent file erase etc.
Particularly, step 104 can comprise the following steps in specific implementation:
Terminal, by the file type in terminal, is categorized into first terminal and the second terminal by step 301, control module;
Such as, file type in panel computer only has video file and audio file, video file, audio file and text is had in desktop computer, control module is by the file type in panel computer terminal and desktop computer terminal, panel computer terminal is categorized into first terminal, desktop computer terminal is categorized into the second terminal.
Step 302, according to the file type in first terminal and the second terminal, the first virus base and the second virus base are categorized into virus base;
" DOS virus ", " Windows virus ", " intrusive virus ", " embedded virus ", " shell viroid ", " viral fabrication tool ", " macrovirus " etc. in virus base, " intrusive virus " and " macrovirus " is categorized into the first virus base, " intrusive virus ", " macrovirus " and " embedded virus " are categorized into the second virus base.Accordingly carry out correspondence to Virus Sample in virus base to classify, appear in the application software of which kind of type and data for each virus and mark.
Step 303, the first virus base and the second virus base are distributed to first terminal and the second terminal respectively;
First virus base that will include " intrusive virus " and " macrovirus " is distributed to first terminal, and " intrusive virus " will be included, second virus base of " macrovirus " and " embedded virus " is distributed to the second terminal.
Whether there are the data of mating with the virus in the first virus base in step 304, detection first terminal, and detect in the second terminal whether there are the data of mating with the virus in the second virus base;
Such as, whether there are the data of mating with the virus in the first virus base in the video file in detection first terminal panel computer terminal and audio file, and detect in the file in the second terminal whether there are the data of mating with the virus in the second virus base.
Step 305, the data in the first terminal of coupling or the second terminal are carried out killing.
By the data of lane terminal internal memory and virus killing system self with virus base condition code compared with, if there are the data of mating with the virus in virus base in sense terminals, be then judged as virus and killing carried out to virus.
When there being the data of mating with virus in the file that a virtual pc exists, just the virus in these data being sent to performance element, carrying out killing by performance element.
By the present invention, control the size of virus killing system, improve killing efficiency, the dynamic virus base size changed in virus killing system, controls the resource consumption proportion of virus killing system to cloud operating system, improves system resource service efficiency, and adding users is experienced.
Corresponding with the method for the distributed killing that the embodiment of the present application provides, the embodiment of the present application additionally provides a kind of system of distributed killing, the system schematic of the distributed killing that Fig. 2 provides for the another kind of embodiment of the application, see Fig. 2, this system specifically can comprise:
Separate units 201, for being divided into control module and performance element by virus killing system;
Installation unit 202, for being arranged in cloud operating system by described control module, described performance element is installed in the terminal;
Described control module 203, for upgrading to described virus killing system, and upgrades the virus base in described virus killing system;
Described performance element 204, for by carrying out detection virus to the file in described terminal, carries out killing to the virus detected.
Alternatively, described system also comprises:
Division unit, for the frequency and the infringement degree that occur in described terminal according to described virus, to the viral divided rank in described virus base;
Delete cells, for when the processor proportion of described terminal reaches threshold value, deletes the virus of the lowest class in described virus base;
Updating block, for when the processor proportion of described terminal is less than threshold value, upgrades described virus base.
Alternatively, described performance element, specifically for:
Described terminal, by the file type in described terminal, is categorized into first terminal and the second terminal by described control module;
According to the file type in described first terminal and described second terminal, the first virus base and the second virus base are categorized into described virus base;
Described first virus base and described second virus base are distributed to described first terminal and described second terminal respectively;
Detect in described first terminal the data whether existing and mate with the virus in described first virus base, and detect in described second terminal the data whether existing and mate with the virus in described second virus base;
Data in the described first terminal of coupling or described second terminal are carried out killing.
Alternatively, described file comprises application software file or data file, and described application software comprises Games Software, and video software or download software, described data file comprises compressed file, text or software installation kit file.
Alternatively, the mode of described killing comprises: remove, and deletes, disable access, and isolation, does not process.
Unit in the system of the distributed killing in this embodiment is corresponding with the processing procedure in the embodiment of the method for distributed killing, and its unit can perform corresponding process, does not repeat them here.
Method of the present invention and device, control the size of virus killing system, improves killing efficiency, virus base size in dynamic change virus killing system, control the resource consumption proportion of virus killing system to cloud operating system, improve system resource service efficiency, adding users is experienced.
Should be understood that, above-mentioned embodiment of the present invention only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore, any amendment made when without departing from the spirit and scope of the present invention, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.In addition, claims of the present invention be intended to contain fall into claims scope and border or this scope and border equivalents in whole change and modification.
Claims (10)
1. a method for distributed killing, is characterized in that, described method comprises:
Virus killing system is divided into control module and performance element;
Be arranged on by described control module in cloud operating system, described performance element is installed in the terminal;
By described control module, described virus killing system is upgraded, and the virus base in described virus killing system is upgraded;
By described performance element, detection virus is carried out to the file in described terminal, killing is carried out to the virus detected.
2. method according to claim 1, is characterized in that, described method also comprises:
The frequency occurred in described terminal according to described virus and infringement degree, to the viral divided rank in described virus base;
When the processor proportion of described terminal reaches threshold value, the virus of the lowest class in described virus base is deleted;
When the processor proportion of described terminal is less than threshold value, upgrade described virus base.
3. method according to claim 1, is characterized in that, described by described performance element to the file in described terminal carry out detection virus, killing is carried out to the virus detected and specifically comprises:
Described terminal, by the file type in described terminal, is categorized into first terminal and the second terminal by described control module;
According to the file type in described first terminal and described second terminal, the first virus base and the second virus base are categorized into described virus base;
Described first virus base and described second virus base are distributed to described first terminal and described second terminal respectively;
Detect in described first terminal the data whether existing and mate with the virus in described first virus base, and detect in described second terminal the data whether existing and mate with the virus in described second virus base;
Data in the described first terminal of coupling or described second terminal are carried out killing.
4. method according to claim 1, is characterized in that, described file comprises application software file or data file, described application software comprises Games Software, video software or download software, described data file comprises compressed file, text or software installation kit file.
5. method according to claim 1, is characterized in that, the mode of described killing comprises: remove, and deletes, disable access, and isolation, does not process.
6. a system for distributed killing, is characterized in that, described system comprises:
Separate units, for being divided into control module and performance element by virus killing system;
Installation unit, for being arranged in cloud operating system by described control module, described performance element is installed in the terminal;
Described control module, for upgrading to described virus killing system, and upgrades the virus base in described virus killing system;
Described performance element, for by carrying out detection virus to the file in described terminal, carries out killing to the virus detected.
7. system according to claim 6, is characterized in that, described system also comprises:
Division unit, for the frequency and the infringement degree that occur in described terminal according to described virus, to the viral divided rank in described virus base;
Delete cells, for when the processor proportion of described terminal reaches threshold value, deletes the virus of the lowest class in described virus base;
Updating block, for when the processor proportion of described terminal is less than threshold value, upgrades described virus base.
8. system according to claim 6, is characterized in that, described performance element, specifically for:
Described terminal, by the file type in described terminal, is categorized into first terminal and the second terminal by described control module;
According to the file type in described first terminal and described second terminal, the first virus base and the second virus base are categorized into described virus base;
Described first virus base and described second virus base are distributed to described first terminal and described second terminal respectively;
Detect in described first terminal the data whether existing and mate with the virus in described first virus base, and detect in described second terminal the data whether existing and mate with the virus in described second virus base;
Data in the described first terminal of coupling or described second terminal are carried out killing.
9. system according to claim 6, is characterized in that, described file comprises application software file or data file, described application software comprises Games Software, video software or download software, described data file comprises compressed file, text or software installation kit file.
10. system according to claim 6, is characterized in that, the mode of described killing comprises: remove, and deletes, disable access, and isolation, does not process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510175152.XA CN104732148A (en) | 2015-04-14 | 2015-04-14 | Distributed searching and killing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510175152.XA CN104732148A (en) | 2015-04-14 | 2015-04-14 | Distributed searching and killing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104732148A true CN104732148A (en) | 2015-06-24 |
Family
ID=53456029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510175152.XA Pending CN104732148A (en) | 2015-04-14 | 2015-04-14 | Distributed searching and killing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104732148A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105718800A (en) * | 2016-01-18 | 2016-06-29 | 北京金山安全管理系统技术有限公司 | Rapid virus scanning and killing method and apparatus |
| CN106534236A (en) * | 2015-09-10 | 2017-03-22 | 中国移动通信集团公司 | Cloud detecting and killing method and device |
| CN109918173A (en) * | 2019-03-06 | 2019-06-21 | 苏州浪潮智能科技有限公司 | Virtual machine health examination method and system based on openstack |
| CN112580026A (en) * | 2019-09-27 | 2021-03-30 | 奇安信科技集团股份有限公司 | Network system and terminal virus searching and killing method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101547126A (en) * | 2008-03-27 | 2009-09-30 | 北京启明星辰信息技术股份有限公司 | Network virus detecting method based on network data streams and device thereof |
| EP2259203A1 (en) * | 2008-03-26 | 2010-12-08 | Fujitsu Limited | Information processing device, virus management facility device and virus disinfection method |
| CN102073815A (en) * | 2010-12-27 | 2011-05-25 | 奇瑞汽车股份有限公司 | Vehicle-mounted antivirus system and antivirus method |
| CN102368289A (en) * | 2011-03-28 | 2012-03-07 | 卡巴斯基实验室封闭式股份公司 | System and method for dynamically generating anti-virus database |
| CN103632097A (en) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | Security threat processing method of portable mobile terminal |
-
2015
- 2015-04-14 CN CN201510175152.XA patent/CN104732148A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2259203A1 (en) * | 2008-03-26 | 2010-12-08 | Fujitsu Limited | Information processing device, virus management facility device and virus disinfection method |
| CN101547126A (en) * | 2008-03-27 | 2009-09-30 | 北京启明星辰信息技术股份有限公司 | Network virus detecting method based on network data streams and device thereof |
| CN102073815A (en) * | 2010-12-27 | 2011-05-25 | 奇瑞汽车股份有限公司 | Vehicle-mounted antivirus system and antivirus method |
| CN102368289A (en) * | 2011-03-28 | 2012-03-07 | 卡巴斯基实验室封闭式股份公司 | System and method for dynamically generating anti-virus database |
| CN103632097A (en) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | Security threat processing method of portable mobile terminal |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106534236A (en) * | 2015-09-10 | 2017-03-22 | 中国移动通信集团公司 | Cloud detecting and killing method and device |
| CN105718800A (en) * | 2016-01-18 | 2016-06-29 | 北京金山安全管理系统技术有限公司 | Rapid virus scanning and killing method and apparatus |
| CN109918173A (en) * | 2019-03-06 | 2019-06-21 | 苏州浪潮智能科技有限公司 | Virtual machine health examination method and system based on openstack |
| CN112580026A (en) * | 2019-09-27 | 2021-03-30 | 奇安信科技集团股份有限公司 | Network system and terminal virus searching and killing method and device |
| CN112580026B (en) * | 2019-09-27 | 2024-02-20 | 奇安信科技集团股份有限公司 | Network system and terminal virus searching and killing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110651269B (en) | Isolated container event monitoring | |
| US10476899B2 (en) | Application phenotyping | |
| Bayer et al. | Scalable, behavior-based malware clustering. | |
| CN101924761B (en) | Method for detecting malicious program according to white list | |
| US8561193B1 (en) | Systems and methods for analyzing malware | |
| EP2725510A1 (en) | Method, system and relevant device for detecting malicious codes | |
| US8631492B2 (en) | Dynamic management of resource utilization by an antivirus application | |
| US20180063179A1 (en) | System and Method Of Performing Online Memory Data Collection For Memory Forensics In A Computing Device | |
| KR102534334B1 (en) | Detection of software attacks on processes in computing devices | |
| WO2015056885A1 (en) | Detection device and detection method for malicious android application | |
| US20150089655A1 (en) | System and method for detecting malware based on virtual host | |
| CN104662517A (en) | Techniques for detecting a security vulnerability | |
| CA2915068C (en) | Systems and methods for directing application updates | |
| CN111125688B (en) | Process control method and device, electronic equipment and storage medium | |
| US9104873B1 (en) | Systems and methods for determining whether graphics processing units are executing potentially malicious processes | |
| CN104732148A (en) | Distributed searching and killing method and system | |
| US8839432B1 (en) | Method and apparatus for performing a reputation based analysis on a malicious infection to secure a computer | |
| Elish et al. | A static assurance analysis of android applications | |
| US9483643B1 (en) | Systems and methods for creating behavioral signatures used to detect malware | |
| CN114297630A (en) | Malicious data detection method and device, storage medium and processor | |
| US10089469B1 (en) | Systems and methods for whitelisting file clusters in connection with trusted software packages | |
| US9646157B1 (en) | Systems and methods for identifying repackaged files | |
| CN105138388A (en) | Virtual machine monitoring method and apparatus | |
| CN104426836A (en) | Invasion detection method and device | |
| CN103430153A (en) | Inoculator and antibody for computer security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150624 |