CN106203102A - A kind of checking and killing virus method and device of the whole network terminal - Google Patents
A kind of checking and killing virus method and device of the whole network terminal Download PDFInfo
- Publication number
- CN106203102A CN106203102A CN201510226429.7A CN201510226429A CN106203102A CN 106203102 A CN106203102 A CN 106203102A CN 201510226429 A CN201510226429 A CN 201510226429A CN 106203102 A CN106203102 A CN 106203102A
- Authority
- CN
- China
- Prior art keywords
- virus
- file
- score value
- doubtful
- killing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
A kind of checking and killing virus method and device of the whole network terminal.Method is used for the Cloud Server of network side, including: call cloud killing engine end of scan equipment based on anti-virus signature database;If scanning doubtful file, then it is identified, and according to qualification result, it is judged that whether described doubtful file is virus document;The most then result of determination is sent to described terminal unit, and the virus characteristic of described virus document is published in described anti-virus signature database.In the present invention, end side no longer needs with setting up virus base, utilizes the cloud killing engine on network side to carry out the killing of virus, saves the waste of space resources;And utilize the virus base of virus characteristic real-time update, the safety of the equipment being further ensured that.
Description
Technical field
The invention belongs to technical field of network security, especially relate to the checking and killing virus side of a kind of the whole network terminal
Method and device.
Background technology
Along with the development of computer technology, computer virus is also in the data day by day affecting computer user
Safety or experience.For these a lot of computers be mounted with antivirus software (or claim antivirus software, fire wall
Deng) to resist computer virus.Antivirus software many employings condition code knowledge at present detects virus otherwise,
Confirmed by the condition code of detection virus the file of Current Scan comprises virus.Therefore some computers
The virus document that the author of virus writes in order to avoid oneself is detected by antivirus software, it will usually by one
The most invalid instruction addition virus document is to hide the signature detection of antivirus software, thus have impact on gas defence
The effect of software defense computer virus.
Current detection method, is the virus base being updated self by terminal from network side, utilizes the disease of self
Poison storehouse carries out scanning and the killing of data, and it is big that this mode exists the resource that takes up room, and virus base updates not
Problem timely.
Summary of the invention
An object of the present invention is to provide a kind of checking and killing virus method of the whole network terminal, to solve existing skill
The resource that takes up room in art is big, and virus base updates problem not in time.
In some illustrative embodiment, the checking and killing virus method of described the whole network terminal, for network side
Cloud Server, including: call cloud killing engine based on anti-virus signature database and scan this terminal unit;
If scanning doubtful file, then identify described doubtful file, and according to qualification result, it is judged that described doubtful
Whether file is virus document;The most then result of determination is sent to described terminal unit, and by described
The virus characteristic of virus document is published in described anti-virus signature database.
Preferably, the described doubtful file of described qualification, according to qualification result, it is judged that described doubtful file is
No for virus document, specifically include: described doubtful file is carried out following qualification successively, according to described mirror
Determine result and determine the final score value of described doubtful file;Auxiliary is identified, multi engine is identified, static identify and
Dynamically identify;Described final score value is compared with virus threshold value set in advance, according to comparative result,
Judge that described doubtful file is as virus document or non-viral file.
Preferably, described auxiliary is identified, specifically includes: identify the type of described doubtful file, and foundation
The type of described doubtful file carries out pretreatment to it, it is determined that the digital signature of file after pretreatment is
No effectively, and/or, if containing infection type code;If it is determined that result to be digital signature invalid or containing thoughts
Dye type code, then be judged to described virus document by described doubtful file;Otherwise, to described doubtful file
Carry out follow-up qualification.
Preferably, in the type of the described doubtful file of described identification, and according to the type of described doubtful file
It is carried out pretreatment, including: if compressed file, decompress the most successively, obtain all sons after decompression
File;If adding shelf document, shelling the most successively, obtaining the original document after shelling.
Preferably, described multi engine is identified, specifically includes: disposes and overlaps document engine more, for auxiliary mirror
File after fixed filtration is scanned, and is allocated the first sub-score value according to scanning result;In conjunction with obtaining
Described first sub-score value static identify and the qualification result of dynamically qualification with described, determine described final point
Value.
Preferably, described static qualification, specifically include: extraction document attribute material, in self-teaching type
Material database carries out material coupling, it is determined that material is the most abnormal, determines the second sub-score value according to result of determination;
Identify and the qualification result of dynamically qualification with described multi engine in conjunction with the described second sub-score value obtained, determine
Described final score value.
Preferably, described self-teaching type material database includes standard material at least one: system
API, import and export table, key compositional character string, file icon, fileversion number, file compiler
Type, PE file section table, binary system piecemeal, instruction redirect block, job sequence.
Preferably, described dynamic qualification, specifically include: by file doubtful described in virtual machine monitoring whether
Dangerous behavior, then determine the 3rd sub-score value according to the kind of hazardous act;Described aggressive behavior and institute
State infection risk, including: all kinds of injections, mutexes, inline hook, startup host process, mirror image are robbed
Hold, add delay renaming item, input method mechanism, amendment command register and remote thread context,
Global message hook, common leak flooding are set;In conjunction with the described 3rd sub-score value obtained and institute
State multi engine to identify and the static qualification result identified, determine described final score value.
Preferably, call cloud killing engine based on anti-virus signature database scan this terminal unit described
Afterwards, also include: if scanning virus document, then utilize described cloud killing engine to remove from described terminal
This virus document is removed on equipment.
Further object is that the checking and killing virus device that a kind of the whole network terminal is provided.
In some illustrative embodiment, the checking and killing virus device of described the whole network terminal, including: call mould
Block, scans this terminal unit for calling cloud killing engine based on anti-virus signature database;Parsing module,
If for scanning doubtful file, then identify described doubtful file, and according to qualification result, it is judged that described
Whether doubtful file is virus document;Sending module, for result of determination is sent to described terminal unit,
And the virus characteristic of described virus document is published in described anti-virus signature database.
Compared with prior art, the illustrative embodiment of the present invention includes advantages below:
End side no longer needs with setting up virus base, utilizes the cloud killing engine on network side to carry out looking into of virus
Kill, save the waste of space resources;And utilize the virus base of virus characteristic real-time update, protect further
The safety of the equipment of card.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes of the application
Point, the schematic description and description of the present invention is used for explaining the present invention, is not intended that the present invention's
Improper restriction.In the accompanying drawings:
Fig. 1 is the flow chart of the illustrative embodiment according to the present invention;
Fig. 2 is the structured flowchart of the illustrative embodiment according to the present invention.
Detailed description of the invention
In the following detailed description, a large amount of specific detail is proposed, in order to provide the thorough reason to the present invention
Solve.However it will be understood by those of ordinary skill in the art that, even if not having these specific detail can implement this yet
Bright.In other cases, it is not described in well-known method, process, assembly and circuit, with
Exempt to affect the understanding of the present invention.
As it is shown in figure 1, disclose a kind of checking and killing virus method of the whole network terminal, the cloud for network side takes
Business device, including:
S11, call cloud killing engine based on anti-virus signature database and scan this terminal unit;
If S12 scans doubtful file, then it is identified, and according to qualification result, it is judged that institute
State whether doubtful file is virus document;
S13, the most then result of determination is sent to described terminal unit, and by described virus document
Virus characteristic is published in described anti-virus signature database.
Terminal is called cloud killing engine and is scanned this terminal document, if there is doubtful file, then obtains this doubtful
File, carries out putting in data to be tested storehouse, after identifying that this doubtful file is virus document, by this disease
The virus characteristic of poison file is put in anti-virus signature database.
In the present invention, end side no longer needs with setting up virus base, utilizes the cloud killing engine on network side to carry out
The killing of virus, saves the waste of space resources;And utilize the virus base of virus characteristic real-time update,
The safety of the equipment being further ensured that.
In some illustrative embodiment, the described doubtful file of described qualification, according to qualification result, it is judged that
Whether described doubtful file is virus document, specifically includes: described doubtful file is carried out following mirror successively
Fixed, the final score value of described doubtful file is determined according to described qualification result;Auxiliary is identified, multi engine mirror
Fixed, static state is identified and dynamically identifies;Described final score value is compared with virus threshold value set in advance,
According to comparative result, it is determined that described doubtful file is virus document or non-viral file.
In some illustrative embodiment, described auxiliary is identified, specifically includes: identify described doubtful file
Type, and according to the type of described doubtful file, it is carried out pretreatment;Judge file after pretreatment
Digital signature whether effective, and/or, it is determined that whether file contains infection type code after pretreatment;If
Result of determination is that digital signature is invalid or containing infection type file, then be judged to by described doubtful file described
Virus document;Otherwise, described doubtful file is carried out follow-up qualification.
In some illustrative embodiment, in the type of the described doubtful file of described identification, and according to described
The type of doubtful file carries out pretreatment to it, including: (1), if compressed file, decompresses the most successively,
Obtain all subfiles after decompression;(2) if adding shelf document, shell the most successively, after obtaining shelling
Original document.
In some illustrative embodiment, described multi engine is identified, specifically includes: disposes many set files and draws
Hold up, identify that the file after filtering is scanned for auxiliary, and be allocated the first son according to scanning result
Score value;In conjunction with the described first sub-score value obtained and the described static qualification result identified and dynamically identify,
Determine described final score value.
In some illustrative embodiment, described static qualification, specifically include: extraction document attribute material,
Material coupling is carried out, it is determined that material is the most abnormal, true according to result of determination in self-teaching type material database
Fixed second sub-score value;Identify in conjunction with the described second sub-score value obtained and described multi engine and dynamically identify
Qualification result, determines described final score value.
In some illustrative embodiment, described self-teaching type material database includes at least one
Standard material: system API, import and export table, key compositional character string, file icon, FileVersion
Number, file compiler type, PE file section table, binary system piecemeal, instruction redirect block, job sequence.
In some illustrative embodiment, described dynamic qualification, specifically include: by virtual machine monitoring institute
State the most dangerous behavior of doubtful file, then determine the 3rd sub-score value according to the kind of hazardous act;Institute
State aggressive behavior and described infection risk, including: all kinds of injections, mutexes, inline hook, startup place
Host process, mirror image are kidnapped, interpolation postpones renaming item, input method is machine-processed, revise command register and remote
Journey thread context, global message hook, common leak flooding are set;Described in conjunction with obtain
3rd sub-score value is identified with described multi engine and the static qualification result identified, determines described final score value.
In some illustrative embodiment, call cloud killing engine based on anti-virus signature database described
After scanning this terminal unit, also include: if scanning virus document, then utilize described cloud killing engine
Remove from described terminal unit, remove this virus document.
In some illustrative embodiment, described multi engine is identified, static state is identified and dynamically identifies
The first sub-score value, the second sub-score value and the 3rd sub-score value carry out result by the weighted value that pre-sets
In conjunction with.
Such as:
I=aX+bY+cZ
Wherein, I is final score value, and X, Y, Z are respectively the first sub-score value, the second sub-score value and the 3rd
Sub-score value, a, b, c be respectively the first sub-score value, the second sub-score value and the weight coefficient of the 3rd sub-score value,
A+b+c=1.
In some illustrative embodiment, qualification can also include:
Special qualification δ: refer in particular to a class code of points, this rule relies on a collection of special external factor auxiliary meter
Point counting value, such as file size, file range, file path, scanning channel etc..
Such as:
I=aX+bY+cZ+ δ
Wherein, I is final score value, and X, Y, Z are respectively the first sub-score value, the second sub-score value and the 3rd
Sub-score value, a, b, c be respectively the first sub-score value, the second sub-score value and the weight coefficient of the 3rd sub-score value,
A+b+c=1.
As in figure 2 it is shown, disclose the checking and killing virus device 100 of a kind of the whole network terminal, including: call base
Cloud killing engine in anti-virus signature database scans the calling module 101 of this terminal unit;If scanning
Doubtful file, then identify described doubtful file, and according to qualification result, it is judged that whether described doubtful file
Parsing module 102 for virus document;Result of determination is sent to described terminal unit, and by described disease
The sending module 103 that the virus characteristic of poison file is published in described anti-virus signature database.
In some illustrative embodiment, described parsing module 102 includes: depend on described doubtful file
The secondary qualification module 1021 carrying out following qualification: assist qualification, multi engine to identify, static state is identified and dynamic
Identify;The analyzing sub-module 1022 of the final score value of described doubtful file is determined according to described qualification result;
Described final score value is compared, according to comparative result with virus threshold value set in advance, it is determined that described
Doubtful file is the judge module 1023 of virus document or non-viral file.
In some illustrative embodiment, described qualification module 1021 includes: first identifies submodule
10211, for identifying the type of described doubtful file, and according to the type of described doubtful file, it is entered
Row pretreatment, it is determined that the digital signature of file after pretreatment is the most effective, and/or, if containing thoughts
Dye type code;If it is determined that result to be digital signature invalid or containing infection type code, then by described doubtful literary composition
Part is judged to described virus document;Otherwise, described doubtful file is carried out follow-up qualification.
In some illustrative embodiment, in the type of the described doubtful file of described identification, and according to described
The type of doubtful file carries out pretreatment to it, including: if compressed file, decompress the most successively, obtain
All subfiles after decompression;If adding shelf document, shelling the most successively, obtaining the original document after shelling.
In some illustrative embodiment, described qualification module 1022 includes: second identifies submodule
10212, it is used for disposing and overlaps document engine more, identify that the file after filtering is scanned for auxiliary, and
It is allocated the first sub-score value according to scanning result;In conjunction with the described first sub-score value obtained and described static state
The qualification result identified and dynamically identify, determines described final score value.
In some illustrative embodiment, described qualification module 1022 includes: the 3rd identifies submodule
10213, for extraction document attribute material, in self-teaching type material database, carry out material coupling, sentence
Determine material the most abnormal, determine the second sub-score value according to result of determination;In conjunction with described second son point obtained
The qualification result that value is identified with described multi engine and dynamically identified, determines described final score value.
Preferably, described self-teaching type material database includes standard material at least one: system
API, import and export table, key compositional character string, file icon, fileversion number, file compiler
Type, PE file section table, binary system piecemeal, instruction redirect block, job sequence.
In some illustrative embodiment, described qualification module 1022 includes: the 4th identifies submodule
10214, for by the most dangerous behavior of file doubtful described in virtual machine monitoring, then according to danger
The kind of behavior determines the 3rd sub-score value;Described aggressive behavior and described infection risk, including: all kinds of notes
Enter, mutexes, inline hook, start host process, mirror image is kidnapped, add and postpone renaming item, defeated
Enter method mechanism, amendment command register and remote thread context, global message hook, common is set
Leak flooding;Identify in conjunction with the described 3rd sub-score value obtained and the qualification of described multi engine and static state
Qualification result, determines described final score value.
In some illustrative embodiment, described checking and killing virus module also includes: killing module, if for
Scan virus document, then utilize described cloud killing engine to remove from described terminal unit, remove this virus
File.
The explanation of above example is only intended to help to understand method and the core concept thereof of the present invention;Meanwhile,
For one of ordinary skill in the art, according to the thought of the present invention, at detailed description of the invention and application model
Placing and all will change, in sum, this specification content should not be construed as limitation of the present invention.
Claims (10)
1. the checking and killing virus method of the whole network terminal, it is characterised in that for the cloud service of network side
Device, including:
Call cloud killing engine end of scan equipment based on anti-virus signature database;
If scanning doubtful file, then it is identified, and according to qualification result, it is judged that described doubtful
Whether file is virus document;
The most then result of determination is sent to described terminal unit, and by special for the virus of described virus document
Levy and be published in described anti-virus signature database.
Checking and killing virus method the most according to claim 1, it is characterised in that described it is carried out
Identify, and according to qualification result, it is judged that whether described doubtful file is virus document, specifically includes:
Described doubtful file is carried out following qualification successively, determines described doubtful literary composition according to described qualification result
The final score value of part;Auxiliary is identified, multi engine is identified, static state is identified and dynamically identifies;
Described final score value is compared, according to comparative result with virus threshold value set in advance, it is determined that
Described doubtful file is virus document or non-viral file.
Checking and killing virus method the most according to claim 2, it is characterised in that described auxiliary is identified,
Specifically include:
Identify the type of described doubtful file, and according to the type of described doubtful file, it is carried out pretreatment;
Judge that the digital signature of file after pretreatment is the most effective, and/or, if containing infection type generation
Code;
If it is determined that result to be digital signature invalid or containing infection type code, then will the judgement of described doubtful file
For described virus document;
Otherwise, described doubtful file is carried out follow-up qualification.
Checking and killing virus method the most according to claim 3, it is characterised in that in described identification institute
State the type of doubtful file, and according to the type of described doubtful file, it is carried out pretreatment, including:
If compressed file, decompress the most successively, obtain all subfiles after decompression;
If adding shelf document, shelling the most successively, obtaining the original document after shelling.
Checking and killing virus method the most according to claim 3, it is characterised in that described multi engine reflects
Fixed, specifically include:
Dispose and overlap document engine more, identify that the file after filtering is scanned for auxiliary, and according to scanning
Result is allocated the first sub-score value;
In conjunction with the described first sub-score value obtained and the described static qualification result identified and dynamically identify, really
Fixed described final score value.
Checking and killing virus method the most according to claim 3, it is characterised in that described static qualification,
Specifically include:
Extraction document attribute material, carries out material coupling, it is determined that material is in self-teaching type material database
No exception, determines the second sub-score value according to result of determination;
Identify and the qualification result of dynamically qualification with described multi engine in conjunction with the described second sub-score value obtained,
Determine described final score value.
Checking and killing virus method the most according to claim 6, it is characterised in that described self-teaching
Type material database includes standard material at least one:
System API, import and export table, key compositional character string, file icon, fileversion number, literary composition
Part compiler type, PE file section table, binary system piecemeal, instruction redirect block, job sequence.
Checking and killing virus method the most according to claim 3, it is characterised in that described dynamic qualification,
Specifically include:
By the most dangerous behavior of file doubtful described in virtual machine monitoring, then according to the kind of hazardous act
Class determines the 3rd sub-score value;
Described aggressive behavior and described infection risk, including:
All kinds of injections, mutexes, inline hook, startup host process, mirror image are kidnapped, are added delay weight
Name item, input method are machine-processed, revise command register and remote thread context, arrange global message hook
Sub, common leak flooding;
Identify and the static qualification result identified with described multi engine in conjunction with the described 3rd sub-score value obtained,
Determine described final score value.
Checking and killing virus method the most according to claim 1, it is characterised in that call base described
After the cloud killing engine of anti-virus signature database scans this terminal unit, also include:
If scanning virus document, then utilize described cloud killing engine to remove and remove from described terminal unit
This virus document.
10. the checking and killing virus device of the whole network terminal, it is characterised in that including:
Calling module, for calling cloud killing engine end of scan equipment based on anti-virus signature database;
Parsing module, if for scanning doubtful file, then it being identified, and according to qualification result,
Judge whether described doubtful file is virus document;
Sending module, for sending result of determination to described terminal unit, and by described virus document
Virus characteristic is published in described anti-virus signature database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510226429.7A CN106203102B (en) | 2015-05-06 | 2015-05-06 | A kind of checking and killing virus method and device of the whole network terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510226429.7A CN106203102B (en) | 2015-05-06 | 2015-05-06 | A kind of checking and killing virus method and device of the whole network terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106203102A true CN106203102A (en) | 2016-12-07 |
| CN106203102B CN106203102B (en) | 2019-10-11 |
Family
ID=57459111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510226429.7A Active CN106203102B (en) | 2015-05-06 | 2015-05-06 | A kind of checking and killing virus method and device of the whole network terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106203102B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106993042A (en) * | 2017-04-05 | 2017-07-28 | 河南工程学院 | A kind of network real-time monitoring method based on cloud computing |
| CN107358102A (en) * | 2017-07-14 | 2017-11-17 | 合肥执念网络科技有限公司 | A kind of computer based checking and killing virus system |
| CN108171058A (en) * | 2017-12-26 | 2018-06-15 | 中国联合网络通信集团有限公司 | Multi engine virus scan system and multi engine virus scan method based on Serverless frames |
| CN108667771A (en) * | 2017-03-29 | 2018-10-16 | 北京宸信征信有限公司 | A kind of data processing system and processing method for handling distrust data |
| CN108898019A (en) * | 2018-08-17 | 2018-11-27 | 广州瀚华建筑设计有限公司 | CAD checking and killing virus method, system, computer equipment and readable storage medium storing program for executing |
| CN109918173A (en) * | 2019-03-06 | 2019-06-21 | 苏州浪潮智能科技有限公司 | Virtual machine health examination method and system based on openstack |
| CN112149115A (en) * | 2020-08-28 | 2020-12-29 | 杭州安恒信息技术股份有限公司 | Method and device for updating virus library, electronic device and storage medium |
| CN112214765A (en) * | 2020-09-29 | 2021-01-12 | 珠海豹好玩科技有限公司 | Virus checking and killing method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
| US20070240217A1 (en) * | 2006-04-06 | 2007-10-11 | George Tuvell | Malware Modeling Detection System And Method for Mobile Platforms |
| CN101621511A (en) * | 2009-06-09 | 2010-01-06 | 北京安天电子设备有限公司 | Multilayer detecting method without local virus library and multilayer detecting system |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102799804A (en) * | 2012-04-30 | 2012-11-28 | 珠海市君天电子科技有限公司 | Comprehensive identification method and system for security of unknown file |
-
2015
- 2015-05-06 CN CN201510226429.7A patent/CN106203102B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070240217A1 (en) * | 2006-04-06 | 2007-10-11 | George Tuvell | Malware Modeling Detection System And Method for Mobile Platforms |
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
| CN101621511A (en) * | 2009-06-09 | 2010-01-06 | 北京安天电子设备有限公司 | Multilayer detecting method without local virus library and multilayer detecting system |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102799804A (en) * | 2012-04-30 | 2012-11-28 | 珠海市君天电子科技有限公司 | Comprehensive identification method and system for security of unknown file |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667771A (en) * | 2017-03-29 | 2018-10-16 | 北京宸信征信有限公司 | A kind of data processing system and processing method for handling distrust data |
| CN106993042A (en) * | 2017-04-05 | 2017-07-28 | 河南工程学院 | A kind of network real-time monitoring method based on cloud computing |
| CN107358102A (en) * | 2017-07-14 | 2017-11-17 | 合肥执念网络科技有限公司 | A kind of computer based checking and killing virus system |
| CN108171058A (en) * | 2017-12-26 | 2018-06-15 | 中国联合网络通信集团有限公司 | Multi engine virus scan system and multi engine virus scan method based on Serverless frames |
| CN108898019A (en) * | 2018-08-17 | 2018-11-27 | 广州瀚华建筑设计有限公司 | CAD checking and killing virus method, system, computer equipment and readable storage medium storing program for executing |
| CN109918173A (en) * | 2019-03-06 | 2019-06-21 | 苏州浪潮智能科技有限公司 | Virtual machine health examination method and system based on openstack |
| CN112149115A (en) * | 2020-08-28 | 2020-12-29 | 杭州安恒信息技术股份有限公司 | Method and device for updating virus library, electronic device and storage medium |
| CN112214765A (en) * | 2020-09-29 | 2021-01-12 | 珠海豹好玩科技有限公司 | Virus checking and killing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106203102B (en) | 2019-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106203102A (en) | A kind of checking and killing virus method and device of the whole network terminal | |
| US11431676B2 (en) | Method, apparatus, and system for detecting terminal security status | |
| US10657251B1 (en) | Multistage system and method for analyzing obfuscated content for malware | |
| CN102254111B (en) | Malicious site detection method and device | |
| US11188650B2 (en) | Detection of malware using feature hashing | |
| CN106295333B (en) | method and system for detecting malicious code | |
| RU2726032C2 (en) | Systems and methods for detecting malicious programs with a domain generation algorithm (dga) | |
| US20060015940A1 (en) | Method for detecting unwanted executables | |
| CN111460445A (en) | Method and device for automatically identifying malicious degree of sample program | |
| US8332941B2 (en) | Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor | |
| CN106250761B (en) | Equipment, device and method for identifying web automation tool | |
| US10262136B1 (en) | Cloud-based malware detection | |
| CN103679016A (en) | Method and system for processing malicious programs of mobile phone | |
| EP3745292A1 (en) | Hidden link detection method and apparatus for website | |
| CN102984134A (en) | Safe defense system | |
| CN105631332B (en) | A kind of method and device of processing rogue program | |
| CN111966630B (en) | File type detection method, device, equipment and medium | |
| CN110417746A (en) | Cross-site scripting attack defence method, device, equipment and storage medium | |
| CN105844161A (en) | Security defense method, device and system | |
| EP4137976A1 (en) | Learning device, detection device, learning method, detection method, learning program, and detection program | |
| CN104506529A (en) | Website protection method and device | |
| US9881155B2 (en) | System and method for automatic use-after-free exploit detection | |
| CN105787359A (en) | Course guarding method and device | |
| CN112351008B (en) | Network attack analysis method and device, readable storage medium and computer equipment | |
| CN114417349A (en) | Attack result determination method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100041, room 2, building 3, building 30, Xing Xing street, Shijingshan District, Beijing, Patentee after: Beijing Falcon Safety Technology Co., Ltd Address before: 100041, room 2, building 3, building 30, Xing Xing street, Shijingshan District, Beijing, Patentee before: BEIJING KINGSOFT SECURITY MANAGEMENT SYSTEM TECHNOLOGY Co.,Ltd. |