CN106708727B - Distributed virus characteristic sample verification method and system - Google Patents

Distributed virus characteristic sample verification method and system Download PDF

Info

Publication number
CN106708727B
CN106708727B CN201610626302.9A CN201610626302A CN106708727B CN 106708727 B CN106708727 B CN 106708727B CN 201610626302 A CN201610626302 A CN 201610626302A CN 106708727 B CN106708727 B CN 106708727B
Authority
CN
China
Prior art keywords
test
task
sample
subtask
management server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610626302.9A
Other languages
Chinese (zh)
Other versions
CN106708727A (en
Inventor
段海彦
陈珊珊
杨姣玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610626302.9A priority Critical patent/CN106708727B/en
Publication of CN106708727A publication Critical patent/CN106708727A/en
Application granted granted Critical
Publication of CN106708727B publication Critical patent/CN106708727B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)

Abstract

The invention relates to the field of computer security, in particular to a distributed virus characteristic sample verification method and a system, wherein the method comprises the following steps: the test node acquires a test task from the management server; if the test task returned by the management server is the main task, creating a subtask according to the main task, and sending the subtask to the management server; if the test task returned by the management server is a subtask, downloading a test packet according to the subtask, wherein the test packet comprises a scanning engine, a virus library, sample information and a corresponding expected result; acquiring a characteristic sample according to the sample information; detecting whether the characteristic sample carries virus characteristics in a virus library by using a scanning engine to obtain a detection result; and judging whether the detection result is consistent with the expected result or not, and sending the judgment result to the management server. The invention realizes that a plurality of test nodes coordinate to complete the verification of the large-scale feature sample, saves the time for transmitting the feature sample from the server to the test nodes and improves the task execution efficiency.

Description

Distributed virus characteristic sample verification method and system
Technical Field
The invention relates to the field of computer security, in particular to a distributed virus characteristic sample verification method and a distributed virus characteristic sample verification system.
Background
A virus library is a collection of virus signatures. The existing virus searching and killing method judges whether the file is a virus file or not by comparing the file with virus characteristics in a virus library. The virus database is used for identifying the virus files, so that the virus characteristics in the virus database are effective, and the phenomenon that new viruses cannot be found out but the viruses are not made to be unnecessary is avoided. In order to avoid the phenomenon of false killing, computer virus analysts need to collect samples (including virus-containing files and virus-free files) before formally warehousing and issuing the viruses to users, and then pretest the collected samples according to the extracted virus characteristics to verify whether the virus characteristics are effective.
Currently, most test methods adopt a push mode, transmit a feature sample to a tester, and the tester executes a test and outputs a test result. Under the condition of small quantity of characteristic samples, the transmission time consumption can be ignored, but under the condition of large quantity of characteristic samples, the push mode can occupy most time of the whole test, unknown errors can occur in the push process, and the risk of data transmission failure is increased. Moreover, most automated tests only have one device node to execute the test, and when a task which takes a long time is executed, the test result cannot be output quickly.
Aiming at the problems of long time consumption and low efficiency of the existing testing method, an effective solution is not provided at present.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a verification method and a verification system for a distributed virus characteristic sample. The virus characteristic sample is verified in a mode that the test node actively acquires and executes the task from the management server, wherein when the test node executes the subtask, whether the required characteristic sample exists in a tester where the test node is located is firstly inquired, and the characteristic sample is acquired from the sample storage server under the condition that the required characteristic sample does not exist locally, so that the transmission time of the characteristic sample is saved, and the verification efficiency is improved.
The technical scheme adopted by the invention is as follows:
a distributed virus characteristic sample verification method comprises the following steps:
the method comprises the steps that a test node obtains a test task from a management server, wherein the test task is a main task or a subtask;
if the test task returned by the management server is a main task, creating a subtask according to the main task, and sending the subtask to the management server;
if the test task returned by the management server is a subtask, downloading a test packet according to the subtask, wherein the test packet comprises a scanning engine, a virus library, sample information and a corresponding expected result; acquiring a characteristic sample according to the sample information; detecting whether the characteristic sample carries virus characteristics in the virus library by using a scanning engine to obtain a detection result; and judging whether the detection result is consistent with the expected result or not, and sending the judgment result to a management server.
Correspondingly, the invention also provides a distributed virus characteristic sample verification system, which comprises a management server and at least one testing machine, wherein the testing machine comprises a plurality of testing nodes,
the test node includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a test task from a management server, and the test task is a main task or a subtask;
the execution module is used for creating one or more subtasks according to the main task when the test task returned by the management server is the main task, sending the subtasks to the management server, and downloading a test package according to the subtasks when the test task returned by the management server is the subtask, wherein the test package comprises a scanning engine, a virus library, sample information and a corresponding expected result; acquiring a characteristic sample according to the sample information; detecting whether the characteristic sample carries virus characteristics in the virus library by using a scanning engine to obtain a detection result; and judging whether the detection result is consistent with the expected result or not, and sending the judgment result to a management server.
The invention has the beneficial effects that:
according to the invention, a plurality of test machines are connected with a management server through a communication network, a distributed processing system is constructed for verifying virus characteristic samples, and the verification efficiency of the characteristic samples is greatly improved; on the other hand, the subtask returned to the test node by the management server does not contain the feature sample, when the subtask is executed, the feature sample corresponding to the sample information is firstly obtained from the test machine where the test node is located, and the feature sample is obtained from the sample storage server under the condition that the required feature sample does not exist in the test machine.
In addition, task disassembling work is moved to the test nodes, and the test nodes disassemble the main task into a plurality of subtasks, so that the task disassembling efficiency is improved, and the requirement on the operation performance of the management server is lowered.
In the characteristic sample verification process, the management server captures the task failed to be executed by updating the task execution state, and recalls the task failed to be executed for the test node to obtain and execute again, so that the success rate of task execution is improved.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a schematic structural diagram of an implementation environment of a distributed virus signature sample verification method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram illustrating one embodiment of a distributed virus signature sample verification method of the present invention;
FIG. 3 is a flowchart of the steps for obtaining and executing the main task in the distributed virus signature sample verification method of the present invention;
FIG. 4 is a flowchart of the steps for obtaining and executing subtasks in the distributed virus signature sample verification method of the present invention;
FIG. 5 is a flowchart illustrating the steps of a test node executing a subtask in the distributed virus signature sample verification method of the present invention;
FIG. 6 is a schematic block diagram of one embodiment of a distributed virus signature sample verification system of the present invention;
FIG. 7 is a schematic structural diagram of a test node in the distributed virus signature sample verification system according to the present invention;
fig. 8 is a schematic structural diagram of a management server in the distributed virus signature sample verification system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an implementation environment of a distributed virus signature sample verification method according to an embodiment of the present invention.
The implementation environment shown in fig. 1 is used to implement the distributed virus signature sample verification method according to any embodiment or implementation manner of the present invention, and includes a management server 100, a test packet storage server 200, a sample storage server 300, and at least one test machine 400, where the management server 100 and the test packet storage server 200 may be connected through a wireless network or a limited network, and each test machine 400 and the management server 100, the test packet storage server 200, and the sample storage server 300 may be connected through a wireless network or a limited network. For ease of description, fig. 1 shows only one tester 400, and the number of testers may be increased as desired.
Each test machine 400 is provided with a plurality of android virtual machines, a plurality of threads are designed, and one android virtual machine and one thread form a test node, that is, each test machine includes a plurality of test nodes. The test node is configured to actively obtain a test task (the test task includes a main task and a sub task) from the management server 100, execute the obtained test task, and feed back an execution result to the management server 100, if the executed test task is the sub task, the test node further needs to download a test package from the test package storage server 200, and obtain a feature sample from the sample storage server 300. Further, the test node needs to feed back the execution status of the test task to the management server 100, so that the management server records the execution state of each test task, adds the task that fails to be executed to the unexecuted task queue, and the test node acquires and executes the task again. In the present invention, the testing machine 400 may be a mobile terminal, a computer terminal or a similar computing device, and is preferably a computer terminal installed with a windows system. The computer terminal comprises a processor and a memory for storing the characteristic samples, an android running environment is simulated on the computer terminal, an android virtual machine is built on the computer terminal by adopting an Oracle VM virtual Box and an android image, a folder for storing the characteristic samples is configured into a virtual machine sharing folder, and automatic mounting during starting is set. When the subtask is executed, the feature sample can be directly obtained from the shared folder, and the time required by the feature sample from the management server 100 to the android virtual machine is saved.
The management server 100 of the present invention monitors the test packet storage server in a polling manner, and when a new test packet is found to be stored in the test packet storage server 200, automatically generates a test main task and a corresponding task list according to the new test packet, and sends the test task to the test node for execution according to the request of the test node for obtaining the test task, and updates the task list after receiving the execution result fed back by the test node. In the present invention, the management server 100 may be a mobile terminal, a computer terminal or a similar computing device, and is preferably a computer terminal (e.g., a personal computer PC) installed with a windows system. The computer terminal may comprise one or more processors (a processor may comprise but is not limited to a processing means such as a microprocessor MCU or a programmable logic device FPGA) and a memory for storing data, although the structure of the computer terminal is not limited to the above-mentioned electronic means and may comprise more components than the above components, for example. The memory can be used for storing software programs and modules of data and application software, such as program instructions/modules corresponding to data processing for storing test tasks, task lists and test reports, and storing subtasks which are failed to execute, generating test reports, adding the subtasks into the unexecuted task queue again and the like.
The test package stored in the test package storage server 200 is generated by another compiling platform, and can be formally sent out to a certain version of virus checking and killing software for users to use, that is, a package to be released. The sample storage server 300 is used for storing the feature samples, and the test node can obtain the feature samples from the sample storage server 300 when executing the subtasks, so as to reduce the time consumed for transmitting data from the management server 100 to the test node 400. The test package storage server 200 and the sample storage server 300 each contain memory, which may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
Referring to fig. 2, fig. 2 is a flowchart illustrating a distributed virus signature sample verification method according to an embodiment of the present invention.
The method for verifying the virus characteristic samples in the distributed meter comprises the following steps:
step S201, a test node acquires a test task from a management server, wherein the test task is a main task or a subtask;
step S202, if the test task returned by the management server is a main task, creating a subtask according to the main task, and sending the subtask to the management server;
if the test task returned by the management server is a subtask, downloading a test packet according to the subtask, wherein the test packet comprises a scanning engine, a virus library, sample information and a corresponding expected result; acquiring a characteristic sample according to the sample information; detecting whether the characteristic sample carries virus characteristics in the virus library by using a scanning engine to obtain a detection result; and judging whether the detection result is consistent with the expected result or not, and sending the judgment result to a management server.
The method can obviously improve the verification efficiency of the characteristic sample, and is mainly embodied as follows: the method comprises the steps that firstly, a main task is split into a plurality of subtasks by a testing node, different main tasks can be split at the same time due to the fact that the number of the testing nodes is large, and compared with the traditional method that a management server can only split one main task at a time, execution efficiency is obviously improved; and secondly, the subtasks sent to the test nodes by the management server do not contain the characteristic samples, and the test nodes can acquire the characteristic samples from the virtual machine shared folder or the sample storage server when executing the subtasks, so that the time consumed by transmitting the characteristic samples from the management server to the test nodes is reduced, and the execution efficiency is improved.
The flow of steps for executing the distributed virus signature sample verification method of the present invention will be described in detail with reference to fig. 3-5.
Referring to fig. 3, fig. 3 is a flowchart illustrating steps of acquiring and executing a main task in the distributed virus signature sample verification method according to the present invention. The steps include:
s301, the management server generates a main task and a task list corresponding to the main task according to the test packet, and stores the main task and the task list.
Specifically, the test package is generated by other compiling platforms, and can be formally sent out to a certain version of virus killing software for users to use on line, that is, the package to be released needs to be tested through a test flow before being released, and the test package is completely stored in the test package storage server.
The method for generating the main task and the task list according to the test packet comprises an automatic creation mode and a manual creation mode. The automatic creation mode is as follows: the management server monitors the test packet storage server in real time through the monitoring program, and when a newly stored test packet is found in the test packet storage server, a test main task and a corresponding task list are generated according to the test packet, and then the main task and the task list are stored in the memory. The main task comprises a main task ID, priority description, test packet information and test items, the test packet information can comprise a test packet storage address and the like, and the task list comprises the main task ID. The manual creation mode is as follows: a test primary task is created manually from the test package and one or more test items may be specified.
The main tasks in the memory have priority attributes, the priority is divided into three types, namely high, medium and low, and after the management server responds to the test nodes, the tasks are sent according to the priority order of the tasks. Preferably, the priority of the automatically created test main task can be defaulted to medium, and the manually created test main task can automatically select three priorities of high, medium and low, so as to avoid that some urgent tasks cannot be executed in time due to excessive tasks in the task queue when the urgent tasks exist. Correspondingly, the test subtask also has a priority attribute, and the priority attribute of the subtask is consistent with the priority attribute of the main task. After some subtasks are in the state of being failed to execute, the subtasks failed to execute are suspended again, the priority of the subtasks is kept unchanged, and the subtasks failed to execute are obtained again and executed after other subtasks with the same priority are executed. For example, one of the 10 subtasks fails to execute, and the subtask Q is acquired and executed by the test node after all the other 9 subtasks are executed.
S302, the test node requests a test task from the management server.
And the test node sends a request for acquiring the test task to the management server.
S303, the management server inquires whether the unexecuted test task exists or not, and sends the unexecuted subtask to the test node.
The management server receives a task acquisition request sent by the test node, preferentially inquires whether an unexecuted main task exists in the memory, sends the main task to the test node if the unexecuted main task exists, and further inquires whether an unexecuted sub task exists if the unexecuted main task does not exist.
Specifically, whether there is an unexecuted main task or subtask can be determined by querying the task list. The task list records the main task ID, the execution state of the main task, the sub task ID after the main task is split and the execution state of each sub task. When the task list is inquired, the execution state of the main task is inquired preferentially, and then the unexecuted main tasks are sent to different test nodes in sequence from high to low according to the priority.
S304, the test node creates one or more subtasks according to the main task and returns the subtasks to the management server.
After receiving a main task returned by a management server, a test node creates one or more subtasks according to a test project in the main task, allocates a subtask ID to each subtask according to the main task ID, and generates a main task execution report according to the execution condition of the main task, wherein the main task execution report comprises the main task ID, the execution state of the main task and the subtask ID; the subtask and main task execution report is then sent to the management server.
S305, the management server stores the subtasks and adds the subtask information to a task list.
And the management server receives a subtask and a main task execution report which are returned by the test node and are created according to the main task, stores the subtask into a memory, updates the execution state of the main task to be in execution according to the main task execution report, and adds the subtask ID into a task list.
Referring to fig. 4, fig. 4 is a flowchart of steps for acquiring and executing subtasks in the distributed virus signature sample verification method of the present invention. The steps include:
s401, the management server generates a main task and a task list according to the test packet, and stores the main task and the task list.
The management server can create a main task in an automatic creation mode, and specifically comprises the following steps: and monitoring the test packet storage server in a polling mode through a monitoring program, automatically generating a main task and a corresponding task list according to the test packet after finding that the test packet storage server has a newly stored test packet, and then storing the main task and the task list into a memory. The main task comprises a main task ID, priority description, test packet information and test items, the test packet information can comprise a test packet storage address and the like, and the task list comprises the main task ID.
The main tasks in the memory have priority attributes, the priority is divided into three types, namely high, medium and low, and after the management server responds to the test nodes, the tasks are sent according to the priority order of the tasks. Correspondingly, the subtasks created according to the main task also have priority attributes, and the priority attributes of the subtasks are consistent with the priority attributes of the main task. After the status of the subtask is execution failure, the subtask whose execution failed is suspended again, and its priority remains unchanged.
S402, the test node requests a test task from the management server.
And the test node sends a request for acquiring the test task to the management server.
S403, the management server inquires whether an unexecuted test task exists or not, and sends the unexecuted subtask to the test node.
The management server receives a task acquisition request sent by the test node, preferentially inquires whether an unexecuted main task exists in the memory, further inquires whether an unexecuted sub task exists if the unexecuted main task does not exist, and sends the unexecuted sub task to the test node.
Specifically, whether there is an unexecuted main task or subtask can be determined by querying the task list. The task list records the main task ID, the execution state of the main task, the sub task ID after the main task is split and the execution state of each sub task. When the task list is inquired, the execution state of the main task is inquired preferentially, after all the main tasks are in the execution completion state or the execution state, the execution state of the subtasks is inquired, and the unexecuted subtasks are sent to different test nodes in sequence from high to low according to the priority.
S404, the test node executes the subtasks and feeds back the execution result to the management server.
Referring to fig. 5, fig. 5 is a flowchart illustrating steps of a test node executing a subtask in the distributed virus signature sample verification method of the present invention, where the steps include:
s4041, downloading a test package according to the subtasks, wherein the test package comprises a scanning engine, a virus library, sample information and an expected result corresponding to the sample information.
Specifically, according to a test package download address contained in the subtask, a corresponding test package is downloaded from a test package storage server, where the test package includes a scan engine, a virus library, sample information, and an expected result corresponding to the sample information. The default of the sample corresponding to the sample information is a sample carrying virus characteristics in a virus library, the default of the expected result corresponding to the sample information is that the sample contains viruses, the expected result is stored together with the sample information, and the expected result can also be a result of manual compilation.
S4042, obtaining the characteristic sample according to the sample information in the test packet.
Searching a characteristic sample according to the characteristics in the sample information, firstly, inquiring whether a testing machine where a testing node is located stores the characteristic sample matched with the characteristics in the sample information, if so, directly calling the characteristic sample from the testing machine, and if not, downloading the characteristic sample from a sample storage server according to the address in the characteristic sample information.
S4043, detecting whether the characteristic sample contains virus characteristics in the virus library by using a scanning engine to obtain a detection result.
Installing a scanning engine into an android virtual machine through adb install, starting a new thread A, waiting for collection of scanning execution results through adblogcat, driving a tested scanning engine by using a uiautomator testing frame and simulating click scanning operation, and running the scanning engine in the virtual machine to detect whether the characteristic sample contains virus characteristics in the virus library to obtain a detection result.
S4044, it is determined whether the detected result is consistent with the expected result, and the determination result is returned to the management server.
And comparing the detection result with the expected result, recording the content of inconsistency between the detection result and the expected result to form difference data, and sending the difference data serving as a judgment result to the management server.
In addition, the test node also generates a subtask execution report according to the subtask execution condition and sends the subtask execution report to the management server. The subtask execution report records a subtask ID and a corresponding execution state, wherein the execution state includes completion of execution and execution failure, if the steps S4041-S4044 are successfully executed, the subtask is determined to be completed, and if the test packet downloading failure, the sample downloading failure, the engine initialization or the scanning failure and the like are encountered during the execution of the steps S4041-S4044, the subtask execution failure is determined.
S405, the management server stores the execution result fed back by the test node and updates the execution state of the subtask in the task list.
And the management server receives the judgment result and the subtask execution report fed back by the test node, stores the judgment result into a memory, and updates the execution state of the subtask in the task list according to the subtask execution report, wherein the execution state of the subtask comprises completion of execution and execution failure.
Further, the distributed virus characteristic sample verification method further comprises the following steps: the management server monitors the task list, and when all subtasks of the main task are updated to be finished, a test report corresponding to the main task is generated, wherein the test report can reflect the detection result corresponding to the subtasks, the difference data between the detection result and the expected result and the like; and when the execution state of the subtasks is monitored to be execution failure, adding the subtasks with execution failure into the unexecuted subtask queue for the test node to acquire and execute again.
In the method, the management server captures the task which fails to be executed by updating the task execution state, and recalls the task which fails to be executed for the test node to acquire and execute again, so that the success rate of task execution is improved.
Corresponding to the distributed virus characteristic sample verification method, the embodiment of the invention also provides a distributed virus characteristic sample verification system. As shown in fig. 6, the system includes: a test packet storage server 200, a sample storage server 300, a management server 100, and at least one test machine 400, the test machine 400 including a plurality of test nodes 410. The management server 100 is connected with the test packet storage server 200 through a wireless network or a limited network, and the testing machine 400 is connected with the management server 100, the test packet storage server 200 and the sample storage server 300 through a wireless network or a limited network.
The test packet storage server 200 is configured to store a test packet. The test package is generated by other compiling platforms, and can be formally sent out to a certain version of virus checking and killing software for users to use, namely, the package to be released.
The sample storage server 300 is used for storing the characteristic samples.
Referring to fig. 8, the management server 100 includes a task creating module 110, a querying module 120, an updating module 130, a task monitoring module 140, and a storing module 150.
The task creating module 110 is configured to create a main task and a task list corresponding to the main task according to the test package in the test package storage server 200. The task creating module 110 monitors the test packet storage server 200 in a polling manner, and when a new test packet is found to be stored in the test packet storage server 200, automatically generates a main task and a corresponding task list according to the test packet, and then stores the main task and the task list in a memory. The main task comprises a main task ID, priority description, test packet information and test items, the test packet information can comprise a test packet storage address and the like, and the task list can be used for recording the main task ID, the execution state of the main task, the sub task ID after the main task is split and the execution state of each sub task.
The query module 120 is configured to respond to a request of the test node 410 to obtain a test task, query whether an unexecuted main task exists in the storage module 150, if yes, send the main task to the test node, and if no, query whether an unexecuted sub task exists in the storage module, and send the unexecuted sub task to the test node. Specifically, whether there is an unexecuted main task or subtask can be determined by querying the task list. When the task list is inquired, the execution state of the main task is inquired preferentially, and after all the main tasks are in the execution completion state or the execution state, the execution state of the subtasks is inquired. And when the main task or the subtask is sent, the main task or the subtask is sent to different test nodes in sequence from high to low according to the priority of the main task or the subtask.
The updating module 130 is configured to add subtask information to the task list after receiving the subtask returned by the test node, and update the execution state of the corresponding subtask in the task list after receiving the determination result returned by the test node, where the execution state includes completion of execution and execution failure. Specifically, subtask information is added in the task list according to a main task execution report returned by the test node, and the execution state of the subtask is updated in the task list according to a subtask execution report returned by the test node.
The task monitoring module 140 is configured to monitor the task list, and generate a test report corresponding to the main task when all subtasks of the main task are updated to be completed; and when the execution state of the subtask is monitored to be execution failure, taking the subtask with execution failure as an unexecuted subtask for the test node to obtain again.
The storage module 150 is configured to store the main task and the task list created by the task creating module, the subtask and the determination result returned by the execution module, and the test report generated by the task monitoring module.
Referring to fig. 7, the test node 410 includes an obtaining module 411 and an executing module 412.
The obtaining module 411 is configured to obtain a test task from the management server, where the test task is a main task or a sub task.
The execution module 412 is configured to create one or more subtasks according to the main task when the test task returned by the management server is the main task, and send the subtasks to the management server, and download a test package according to the subtasks when the test task returned by the management server is the subtask, where the test package includes a scan engine, a virus library, sample information, and a corresponding expected result; acquiring a characteristic sample according to the sample information; detecting whether the characteristic sample carries virus characteristics in the virus library by using a scanning engine to obtain a detection result; and judging whether the detection result is consistent with the expected result or not, and sending the judgment result to a management server.
The execution module 412 includes an acquisition unit 4121, a detection unit 4122, and a determination unit 4123.
The obtaining unit 4121 is configured to download the test package from the test package storage server 200 according to the subtask, and further obtain the feature sample according to the sample information in the test package, where the obtaining unit 4121 includes: and inquiring whether the test machine 400 where the test node 410 is located stores a feature sample matched with the features in the sample information, if so, acquiring the feature sample from the test machine, and if not, downloading the feature sample from a sample storage server according to the address in the feature sample information.
The detecting unit 4122 is configured to detect, by using a scanning engine, whether the feature sample carries a virus feature in the virus library, so as to obtain a detection result.
The determination unit 4123 determines whether the detection result coincides with the expected result, and transmits the determination result to the management server 100.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention.

Claims (11)

1. A distributed virus characteristic sample verification method is characterized by comprising the following steps:
the method comprises the steps that a test node obtains a test task from a management server, wherein the test task is a main task or a subtask;
if the test task returned by the management server is a main task, creating a subtask according to the main task, and sending the subtask to the management server;
if the test task returned by the management server is a subtask, downloading a test packet according to the subtask, wherein the test packet comprises a scanning engine, a virus library, sample information and a corresponding expected result; acquiring a characteristic sample according to the sample information; detecting whether the characteristic sample carries virus characteristics in the virus library by using a scanning engine to obtain a detection result; judging whether the detection result is consistent with the expected result or not, and sending the judgment result to a management server;
the obtaining of the feature sample according to the sample information includes: and inquiring whether a test machine where the test node is located stores a feature sample matched with the features in the sample information, if so, directly calling the feature sample from the test machine, and if not, downloading the feature sample from a sample storage server according to the address in the feature sample information.
2. The method of claim 1, wherein the test node obtaining the test task from the management server comprises:
the test node sends a request for acquiring a test task to the management server;
the management server responds to a request of the test node, inquires whether an unexecuted main task exists, if so, the main task is sent to the test node, and if not, the management server inquires whether an unexecuted subtask exists and sends the unexecuted subtask to the test node;
and the test node receives the test task sent by the management server.
3. The method of claim 1, before the test node obtains the test task from the management server, further comprising: according to the test packets stored in the test packet storage server, a main task and a task list corresponding to the main task are created in the management server.
4. The method of claim 3, further comprising:
after receiving the subtasks returned by the test nodes, the management server stores the subtasks and adds subtask information to a task list;
and after receiving the judgment result returned by the test node, the management server stores the judgment result and updates the execution state of the corresponding subtask in the task list, wherein the execution state comprises completion of execution and execution failure.
5. The method of claim 4, further comprising: the management server monitors the task list, and when all subtasks of the main task are updated to be finished to be executed, a test report corresponding to the main task is generated; and when the execution state of the subtask is monitored to be execution failure, taking the subtask with execution failure as an unexecuted subtask for the test node to obtain again.
6. The method of claim 3,
the downloading of the test package according to the subtask includes: downloading a test package from the test package storage server according to the subtask;
the obtaining of the feature sample according to the sample information includes: and inquiring whether a test machine where the test node is located stores a feature sample matched with the features in the sample information, if so, obtaining the feature sample from the test machine, and if not, downloading the feature sample from a sample storage server according to the address in the feature sample information.
7. A distributed virus signature sample verification system is characterized by comprising a management server and at least one tester, wherein the tester comprises a plurality of test nodes,
the test node includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a test task from a management server, and the test task is a main task or a subtask;
the execution module is used for creating one or more subtasks according to the main task when the test task returned by the management server is the main task, sending the subtasks to the management server, and downloading a test package according to the subtasks when the test task returned by the management server is the subtask, wherein the test package comprises a scanning engine, a virus library, sample information and a corresponding expected result; acquiring a characteristic sample according to the sample information; detecting whether the characteristic sample carries virus characteristics in the virus library by using a scanning engine to obtain a detection result; judging whether the detection result is consistent with the expected result or not, and sending the judgment result to a management server;
the obtaining of the feature sample according to the sample information includes: and inquiring whether a test machine where the test node is located stores a feature sample matched with the features in the sample information, if so, directly calling the feature sample from the test machine, and if not, downloading the feature sample from a sample storage server according to the address in the feature sample information.
8. The system of claim 7, further comprising:
the test packet storage server is used for storing the test packets;
and the sample storage server is used for storing the characteristic samples.
9. The system of claim 8, wherein the management server comprises:
the task creating module is used for creating a main task and a task list corresponding to the main task according to the test packet stored in the test packet storage server;
the query module is used for responding to a request of the test node for acquiring the test task, querying whether an unexecuted main task exists in the storage module, if so, sending the main task to the test node, otherwise, querying whether an unexecuted subtask exists in the storage module, and sending the unexecuted subtask to the test node;
the updating module is used for adding subtask information into the task list after receiving the subtasks returned by the test node, and updating the execution state of the corresponding subtasks in the task list after receiving the judgment result returned by the test node, wherein the execution state comprises completion of execution and execution failure;
the task monitoring module is used for monitoring the task list and generating a test report corresponding to the main task after all subtasks of the main task are updated to be finished; when the execution state of the subtask is monitored to be execution failure, the subtask with execution failure is used as an unexecuted subtask for the test node to obtain again;
and the storage module is used for storing the main task and the task list created by the task creation module, the subtask and the judgment result returned by the execution module and the test report generated by the task monitoring module.
10. The system of claim 8, wherein the execution module comprises:
the obtaining unit is used for downloading the test package from the test package storage server according to the subtask, and is also used for obtaining the characteristic sample according to the sample information in the test package, and the obtaining unit comprises: inquiring whether a test machine where a test node is located stores a feature sample matched with the features in the sample information, if so, obtaining the feature sample from the test machine, and if not, downloading the feature sample from a sample storage server according to the address in the feature sample information;
the detection unit is used for detecting whether the characteristic sample carries the virus characteristics in the virus library by using a scanning engine to obtain a detection result;
and the judging unit is used for judging whether the detection result is consistent with the expected result or not and sending the judgment result to the management server.
11. A computer storage medium having stored therein at least one instruction or at least one program which is loaded and executed by a processor to implement the distributed virus signature sample verification method of any one of claims 1 to 6.
CN201610626302.9A 2016-08-03 2016-08-03 Distributed virus characteristic sample verification method and system Active CN106708727B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610626302.9A CN106708727B (en) 2016-08-03 2016-08-03 Distributed virus characteristic sample verification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610626302.9A CN106708727B (en) 2016-08-03 2016-08-03 Distributed virus characteristic sample verification method and system

Publications (2)

Publication Number Publication Date
CN106708727A CN106708727A (en) 2017-05-24
CN106708727B true CN106708727B (en) 2020-04-28

Family

ID=58939670

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610626302.9A Active CN106708727B (en) 2016-08-03 2016-08-03 Distributed virus characteristic sample verification method and system

Country Status (1)

Country Link
CN (1) CN106708727B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107391640B (en) * 2017-07-11 2020-12-08 浪潮云信息技术股份公司 Method for realizing automatic deployment of SQL Server database mirror mode
CN111212113B (en) * 2019-12-19 2024-05-14 国家电网有限公司 Virus sample distribution method, sending end, receiving end and system
CN111580946A (en) * 2020-04-28 2020-08-25 北京达佳互联信息技术有限公司 Port scanning method, device, equipment and storage medium
CN112817650B (en) * 2020-12-28 2022-04-26 浙江中控技术股份有限公司 Task creation method, device and system in laboratory management system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101202761B (en) * 2007-12-04 2010-11-03 赵晓宇 System of distributed resource scheduling and method thereof
US8307198B2 (en) * 2009-11-24 2012-11-06 Advanced Micro Devices, Inc. Distributed multi-core memory initialization
CN102710785B (en) * 2012-06-15 2014-12-03 哈尔滨工业大学 Cloud service node architecture in self-service tourism system, and service collaborating and balancing module and method among service nodes in self-service tourism system
CN102821162B (en) * 2012-08-24 2016-04-27 上海和辰信息技术有限公司 Towards the system of loose cloud node serve platform under system for cloud computing environment
CN104539681B (en) * 2014-12-23 2018-04-13 北京超图软件股份有限公司 The processing method of distributed GIS acceleration systems and GIS service

Also Published As

Publication number Publication date
CN106708727A (en) 2017-05-24

Similar Documents

Publication Publication Date Title
CN109302522B (en) Test method, test device, computer system, and computer medium
US8108456B2 (en) Method and apparatus for migrating the system environment on which the applications depend
US8166458B2 (en) Method and system for automated distributed software testing
CN110471831B (en) Automatic method and device for compatibility test
CN111124850A (en) MQTT server performance testing method, system, computer equipment and storage medium
CN106708727B (en) Distributed virus characteristic sample verification method and system
CN110765026B (en) Automatic test method, device, storage medium and equipment
US20150100832A1 (en) Method and system for selecting and executing test scripts
CN112989330B (en) Container intrusion detection method, device, electronic equipment and storage medium
CN107659455B (en) Method, storage medium, device and system for Mock data of iOS (internet operating system) end
CN108763089B (en) Test method, device and system
JP5754440B2 (en) Configuration information management server, configuration information management method, and configuration information management program
CN107704369B (en) Operation log recording method, electronic device, storage medium and system
US20150100831A1 (en) Method and system for selecting and executing test scripts
CN113114680B (en) Detection method and detection device for file uploading vulnerability
CN111831567B (en) Application test environment configuration method, device, system and medium
CN113157411B (en) Celery-based reliable configurable task system and device
CN113177001A (en) Vulnerability detection method and device for open source component
CN110727575B (en) Information processing method, system, device and storage medium
CN112860282A (en) Upgrading method and device of cluster plug-in and server
US10721260B1 (en) Distributed execution of a network vulnerability scan
KR20150030297A (en) Verification apparatus, terminal device, system, method and computer-readable medium for verifying application
CN111783094A (en) Data analysis method and device, server and readable storage medium
CN116303320A (en) Real-time task management method, device, equipment and medium based on log file
US9354962B1 (en) Memory dump file collection and analysis using analysis server and cloud knowledge base

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant