CN109815703A

CN109815703A - The demenstration method and server, terminal, system of computer virus operation

Info

Publication number: CN109815703A
Application number: CN201811646156.1A
Authority: CN
Inventors: 万仁国
Original assignee: 360 Enterprise Safety Technology (zhuhai) Co Ltd; Beijing Qianxin Technology Co Ltd
Current assignee: 360 Enterprise Safety Technology (zhuhai) Co Ltd; Beijing Qianxin Technology Co Ltd
Priority date: 2018-12-29
Filing date: 2018-12-29
Publication date: 2019-05-28

Abstract

The invention discloses the demenstration methods and server-side, terminal, system of a kind of operation of computer virus, are related to technical field of network security, main purpose is the problem of being analyzed computer virus, in practice process, only residing within the theoretical knowledge analysis phase.Major programme includes: that terminal is requested to server-side transmission demonstration；Server-side receives the demonstration request that terminal is sent；Extract operating environment corresponding with the computer virus information and computer virus sample；The virtual machine for being configured with the operating environment is called, and the computer virus sample is run by the virtual machine, and generate the procedural information for running the computer virus sample；The procedural information is issued to terminal corresponding with the terminal iidentification；Terminal receives generated procedural information after the corresponding computer virus sample of the operation computer virus information that the server issues, and shows the procedural information.

Description

The demenstration method and server, terminal, system of computer virus operation

Technical field

The present invention relates to a kind of technical field of network security, more particularly to a kind of demenstration method of computer virus operation And server, terminal, system.

Background technique

With the raising of network security attention degree, viral wooden horse etc. understands the computer virus that cause damages to network security Progress into the sight of people.Wherein, due to the computer viruses such as viral wooden horse have propagation is fast, infection rapidly, destroy rapidly, The characteristics such as stealing control, are analyzed, in practice process to this kind of computer virus, only reside within theoretical knowledge analysis Stage then will lead to the secondary propagation of this kind of computer virus when there is misoperation using theoretical knowledge, and pollution is broken Bad current computer environment, more very then will lead to computer and system in case of system halt, network paralysis, can not only bring serious economy Loss, it is also possible to therefore and violate the law and take the rap.Therefore, when being analyzed computer virus, being practiced, it is Control computer virus occur it is secondary propagate, pollution, situations such as destroying, the demonstration of computer virus operation become it is a kind of urgently Problem to be solved.

Summary of the invention

In view of this, the present invention provides the demenstration method and server, terminal, system of a kind of computer virus operation, it is main Syllabus is to analyze computer virus, in practice process, only resides within the theoretical knowledge analysis phase, once it utilizes It when misoperation occurs in theoretical knowledge, then will lead to the secondary propagation of this kind of computer virus, pollute, destroy current computer The problem of environment.

According to the present invention on one side, a kind of demenstration method of computer virus operation is provided, comprising:

The demonstration request that terminal is sent is received, the demonstration request carries computer virus information and end to be demonstrated End mark；

Extract operating environment corresponding with the computer virus information and computer virus sample；

The virtual machine for being configured with the operating environment is called, and the computer virus sample is run by the virtual machine This, and generate the procedural information for running the computer virus sample；

The procedural information is issued to terminal corresponding with the terminal iidentification.

Further, the method also includes:

Computer virus library is generated, is stored in the computer virus sample database corresponding from different computer virus information Operating environment and computer virus sample；

It is described to extract corresponding with computer virus information operating environment and computer virus sample includes:

Operating environment corresponding with the computer virus information and computer are extracted from the computer virus library Virus Sample.

Further, the generation computer virus library includes:

Obtain computer virus code；

Conversed analysis is carried out to the computer virus code, searching has aggressive viral code, and to the disease Malicious code carries out Weakening treatment；

Viral code compiling computer Virus Sample according to the source code after conversed analysis and after Weakening treatment, and Configure executable operating environment corresponding with the computer virus sample；

Computer virus sample database is generated according to the computer virus sample and the operating environment.

Further, the method also includes:

The Authority Verification request that the terminal is sent is received, carries identity information, terminal in the Authority Verification request Mark；

After passing through Authority Verification according to the identity information, the number between terminal corresponding with the terminal iidentification is established According to connection.

Further, the method also includes:

According to the permission of identity information configuration executable operation corresponding with the terminal iidentification, the executable operation Operation include computer virus sample task calling, presentation information displaying and operation, identity authority management, computeritis Malicious sample management.

Further, the method also includes:

The operation requests that the terminal is sent are received, include terminal iidentification and operation information in the operation requests；

After determining the terminal iidentification has the permission of executable operation to the operation information, the operation will be run The result that information obtains is issued to corresponding terminal.

According to the present invention on one side, the demenstration method of another computer virus operation is provided, comprising:

Demonstration request is sent to server-side, the demonstration request carries computer virus information and terminal to be demonstrated Mark；

It is produced after receiving the corresponding computer virus sample of the operation computer virus information that the server issues Raw procedural information, and show the procedural information.

Further, the method also includes:

To the server-side sending permission checking request, identity information, terminal mark are carried in the Authority Verification request Know；

After the server-side passes through Authority Verification according to the identity information, the data between the server-side are established Connection.

Further, the method also includes:

Operation requests are sent to server-side, include terminal iidentification and operation information, the operation in the operation requests Information includes the calling of computer virus sample task, the displaying of presentation information and operation, identity authority management, computer virus Sample management；

After the server-side determines that the terminal iidentification has the permission of executable operation to the operation information, receive The procedural information that the operation operation information that the server-side issues obtains, and show the procedural information.

According to the present invention on one side, a kind of server-side is provided, comprising:

Receiving module, for receiving the demonstration request of terminal transmission, the demonstration request carries computer to be demonstrated Virus Info and terminal iidentification；

Extraction module, for extracting operating environment corresponding with the computer virus information and computer virus sample This；

Calling module, for calling the virtual machine for being configured with the operating environment, and by described in virtual machine operation Computer virus sample, and generate the procedural information for running the computer virus sample；

Module is issued, for the procedural information to be issued to terminal corresponding with the terminal iidentification.

Further, the server-side further include: generation module,

The generation module, for generating computer virus library, be stored in the computer virus sample database from it is different The corresponding operating environment of computer virus information and computer virus sample；

The extraction module is specifically used for extracting from the computer virus library corresponding with the computer virus information Operating environment and computer virus sample.

Further, the generation module includes:

Acquiring unit, for obtaining computer virus code；

Processing unit, for carrying out conversed analysis to the computer virus code, searching has aggressive viral generation Code, and Weakening treatment is carried out to the viral code；

Configuration unit, for being calculated according to the source code after conversed analysis and the compiling of the viral code after Weakening treatment Machine Virus Sample, and configure executable operating environment corresponding with the computer virus sample；

Generation unit, for generating computer virus sample according to the computer virus sample and the operating environment Library.

Further, the server-side includes: to establish module,

The receiving module is also used to receive the Authority Verification that the terminal is sent and requests, in the Authority Verification request Carry identity information, terminal iidentification；

It is described to establish module, for establishing and the terminal iidentification after passing through Authority Verification according to the identity information Data connection between corresponding terminal.

Further, the server-side further include:

Configuration module, for the permission operated to can be performed according to identity information configuration is corresponding with the terminal iidentification, The operation of the executable operation includes the displaying and operation, rights relating the person of the calling, presentation information of computer virus sample task Limit management, computer virus sample management.

Further, the receiving module, is also used to receive the operation requests that the terminal is sent, in the operation requests Including terminal iidentification and operation information；

It is described to issue module, it is also used to when the power for determining the terminal iidentification to the operation information with executable operation After limit, the result that the operation information obtains will be run and be issued to corresponding terminal.

According to the present invention on one side, a kind of terminal is provided, comprising:

Sending module, for sending demonstration request to server-side, the demonstration request carries computeritis to be demonstrated Malicious information and terminal iidentification；

Receiving module, for receiving the corresponding computeritis of the operation computer virus information that the server issues Generated procedural information after malicious sample, and show the procedural information.

Further, the terminal further include: module is established,

The sending module is also used to the server-side sending permission checking request, is taken in the Authority Verification request With identity information, terminal iidentification；

It is described to establish module, it is used for after the server-side passes through Authority Verification according to the identity information, foundation and institute State the data connection between server-side.

Further, the sending module is also used to send operation requests to server-side, includes eventually in the operation requests End mark and operation information, the operation information include the calling of computer virus sample task, presentation information displaying and Operation, identity authority management, computer virus sample management；

The receiving module, for can be performed when the server-side determines that the terminal iidentification has the operation information After the permission of operation, the procedural information that the operation operation information that the server-side issues obtains is received, and show the mistake Journey information.

According to an aspect of the present invention, a kind of storage medium is provided, at least one is stored in the storage medium to hold Row instruction, the executable instruction make processor execute the corresponding operation of demenstration method such as the operation of above-mentioned computer virus.

According to an aspect of the present invention, provide a kind of computer equipment, comprising: processor, memory, communication interface and Communication bus, the processor, the memory and the communication interface complete mutual communication by the communication bus；

For the memory for storing an at least executable instruction, it is above-mentioned that the executable instruction executes the processor The corresponding operation of demenstration method of computer virus operation.

According to an aspect of the present invention, another storage medium is provided, at least one is stored in the storage medium can It executes instruction, the executable instruction makes processor execute the corresponding operation of demenstration method such as the operation of above-mentioned computer virus.

According to an aspect of the present invention, another computer equipment is provided, comprising: processor, memory, communication interface And communication bus, the processor, the memory and the communication interface complete mutual lead to by the communication bus Letter；

According to an aspect of the present invention, a kind of demo system of computer virus operation is provided, comprising: server, end End,

The terminal, for sending demonstration request to server-side, the demonstration request carries computeritis to be demonstrated Malicious information and terminal iidentification；

The server-side, for receiving the demonstration request of terminal transmission, the demonstration request carries calculating to be demonstrated Machine Virus Info and terminal iidentification；

The server-side is also used to extract operating environment corresponding with the computer virus information and computer virus Sample；

The server-side is also used to call the virtual machine for being configured with the operating environment, and is run by the virtual machine The computer virus sample, and generate the procedural information for running the computer virus sample；

The server-side is also used to for the procedural information to be issued to terminal corresponding with the terminal iidentification.

The terminal is also used to receive the corresponding computer of the operation computer virus information that the server issues Generated procedural information after Virus Sample, and show the procedural information.

By above-mentioned technical proposal, technical solution provided in an embodiment of the present invention is at least had the advantage that

The present invention provides the demenstration methods and server-side, terminal, system of a kind of operation of computer virus.With existing to meter Calculation machine virus is analyzed, in practice process, is only resided within the theoretical knowledge analysis phase and is compared, the embodiment of the present invention passes through clothes It is engaged in after the demonstration request that end reception terminal is sent, according to the computer virus information and terminal iidentification extraction carried in demonstration request Then corresponding operating environment and computer virus sample run this computer virus by configuring operating environment in virtual machine Sample, and generated procedural information will be run and be issued to terminal, terminal is shown after receiving the procedural information issued, real The combination for having showed theoretical operation and practice when to computer virus analysis is reduced in computer virus demonstration analytic process Secondary propagation is improved to the person's of being demonstrated efficiency of teaching, live to virus attack analysis is controlled in computer virus presentation process Range, the case where to reduce computer contamination, thus provide it is a kind of clean, close rule, efficient presentation process.

The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.

Detailed description of the invention

By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:

Fig. 1 shows a kind of demenstration method flow chart of computer virus operation provided in an embodiment of the present invention；

Fig. 2 shows a kind of structural schematic diagrams of teaching platform provided in an embodiment of the present invention；

Fig. 3 shows the demenstration method flow chart of another computer virus operation provided in an embodiment of the present invention；

Fig. 4 shows the structural schematic diagram that data store in a kind of server-side provided in an embodiment of the present invention；

Fig. 5 shows the demenstration method flow chart of another computer virus operation provided in an embodiment of the present invention；

Fig. 6 shows the demenstration method flow chart of another computer virus operation provided in an embodiment of the present invention；

Fig. 7 shows a kind of device block diagram of server-side provided in an embodiment of the present invention；

Fig. 8 shows the device block diagram of another server-side provided in an embodiment of the present invention；

Fig. 9 shows a kind of terminal installation block diagram provided in an embodiment of the present invention；

Figure 10 shows another terminal installation block diagram provided in an embodiment of the present invention；

Figure 11 shows a kind of computer equipment structural schematic diagram provided in an embodiment of the present invention；

Figure 12 shows another computer equipment structural schematic diagram provided in an embodiment of the present invention；

Figure 13 shows a kind of structural schematic diagram of the demo system of computer virus operation provided in an embodiment of the present invention.

Specific embodiment

Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.

In order to make different operators can analyze, practice the operating condition of computer virus, formed to computeritis Operation teaching link is practiced in poison operation, and the embodiment of the invention provides a kind of methods of demonstration of computer virus operation, such as Fig. 1 institute Show, which comprises

101, the demonstration request that terminal is sent is received.

Wherein, the demonstration request carries computer virus information and terminal iidentification to be demonstrated, the terminal packet The terminal of different operation identity is included, different operation identity corresponds to different terminal iidentifications, for example, operation of teacher identity is corresponding Terminal iidentification is th01, th02 etc., and it is st01, st02, st03 etc. that student, which operates the corresponding terminal iidentification of identity, and the present invention is real Example is applied to be not specifically limited.The computer virus information includes different types of computer virus title, such as viral wooden horse, compacted Parasitosis poison etc., the embodiment of the present invention is not specifically limited.

It should be noted that current service end can dock the corresponding terminal of multiple and different operation identity, such as current service The terminal of 2,3 operation of teacher identity of end connection, also can connect the terminal of 4,10 students' operation identity, and the present invention is real Example is applied to be not specifically limited.In addition, the operator of different operation identity can be by downloading peace on a different computer Demenstration method corresponding end application equipped with the operation of current computer virus realizes the connection between server-side, from And the teaching platform of a completion is formed, the schematic diagram of teaching platform server-side as shown in Figure 2 and terminal.

102, operating environment corresponding with the computer virus information and computer virus sample are extracted.

Wherein, when the operating environment includes operation computer virus, the object of computer virus attack, attack model It encloses, the operating system that can be run etc., for example, worm-type virus is the virus that the whole network is propagated, and in the present embodiment, operating environment is set It is set to the host that IP is 001-003, then the worm-type virus host that then only attack IP is 001-003, the embodiment of the present invention, which is not done, to be had Body limits.The computer virus sample is the sample program with the execution different virus propagation in specific operation environment, and Computer virus sample in the embodiment of the present invention is the Virus after attenuation, that is, referring to reduces poison for original virus Property or delete toxicity, so that secondary infection will not be generated in presentation process.

It should be noted that computer virus sample is stored in the computer virus library in current service end, so as to root According to the corresponding operating environment of computer virus information extraction and computer virus sample.

103, the virtual machine for being configured with the operating environment is called, and the computer virus is run by the virtual machine Sample, and generate the procedural information for running the computer virus sample.

Wherein, the server-side can call multiple virtual machines to realize the operational process of different computer virus samples, It before calling, needs to configure virtual machine according to operating environment, so that computer virus sample is being matched with operation ring It is run in the virtual machine in border, realizes the purpose of teaching demonstration.The procedural information be computer virus sample at runtime, specifically Attack process, and contamination step etc., for example, under the operating environment of IP01, IP02, procedural information is with target of attack The detailed process of IP01 and IP02 is infected for worm-type virus, filename, system program including infection etc., the embodiment of the present invention is not It is specifically limited.

It should be noted that due to virtual machine be simulated by software, it is with complete hardware system function, operate in Complete computer in one completely isolated environment therefore can be with infected by computer virus sample using virtual machine configuration Operating environment, contamination limitation of the different computer viruses in presentation process is realized, to avoid to computeritis Secondary propagation when poison is analyzed and practiced.In addition, multiple virtual machines can be called in current service end to support, run different behaviour Make the computer virus sample under environment.

104, the procedural information is issued to terminal corresponding with the terminal iidentification.

For the embodiment of the present invention, in order to be shown to different operation personnel, virtual machine in current service end is run The process of computer virus sample be demonstrated to the different operation personnel of terminal and check, procedural information can be issued to each end End identifies in corresponding terminal, so that operator checks.

It should be noted that being directed to the execution of computer virus sample, teacher's body can be received respectively in current service end Part or pupilage terminal iidentification, and by run computer virus sample complete procedure information be issued to teacher's identity or In terminal corresponding to the terminal iidentification of person's pupilage.

The present invention provides a kind of demenstration method of computer virus operation, the embodiment of the present invention is received eventually by server-side After the demonstration request that end is sent, corresponding operation is extracted according to the computer virus information and terminal iidentification that carry in demonstration request Then environment and computer virus sample run this computer virus sample by configuring operating environment in virtual machine, and will Procedural information caused by running is issued to terminal, and terminal is shown after receiving the procedural information issued, realizes to meter The combination of theoretical operation and practice when calculation machine virus analysis is reduced to the secondary biography in computer virus demonstration analytic process It broadcasts, improves to the person's of being demonstrated efficiency of teaching, live range is being analyzed to control virus attack in computer virus presentation process, The case where to reduce computer contamination, to provide a kind of clean, conjunction rule, efficient presentation process.

The embodiment of the invention provides the demenstration methods of another computer virus operation, as shown in figure 3, the method packet It includes:

201, computer virus library is generated.

For the embodiment of the present invention, in order to match different operation environment and corresponding computer virus sample, and will meter Calculation machine Virus Sample is stored in preset storage location, so as to directly according to computer virus granular computing machine virus-like This, is stored with operating environment corresponding from different computer virus information and computeritis in the computer virus sample database Malicious sample.In addition, the computer virus sample in the computer virus library is stored in advance, and match corresponding operation Environment at runtime so as to virtual machine is directly run according to matched operating environment.

It should be noted that for the computer virus sample in computer virus library, the operator with administration authority Member can be managed the computer virus sample in computer virus library by the access interface at current service end, including right New computer virus sample is added in computer virus library, the operating environment of computer virus sample is updated, and is deleted Computer virus sample in computer virus library etc., the embodiment of the present invention is not specifically limited.

Further, in order to be refined and be extended to step 201, in the embodiment of the present invention, step 201 specifically be can wrap It includes: obtaining computer virus code；Conversed analysis is carried out to the computer virus code, searching has aggressive viral generation Code, and Weakening treatment is carried out to the viral code；According to the source code after conversed analysis and the virus after Weakening treatment Code compilation computer virus sample, and configure executable operating environment corresponding with the computer virus sample；According to The computer virus sample and the operating environment generate computer virus sample database.

For the embodiment of the present invention, in order to avoid computer virus sample generates secondary propagation, the meter of acquisition at runtime Calculation machine viral code is original, complete computer virus code, by conversed analysis method, finds out to have in code and attack The viral code of hitting property, toxicity, then carries out Weakening treatment to this viral code, and the Weakening treatment includes will have attack Property coding change be no aggressive code, or reduce aggressive, and directly delete with aggressive code.Example Such as, it is the path for changing system file with aggressive viral code in certain computer virus, and is closed in deletion system file In the system file of start-up operation system, Weakening treatment may include the path for changing system file, no longer deletion system file In system file about start-up operation system, can also include the path for not changing system file, no longer deletion system file The system file of middle start-up operation system, the embodiment of the present invention are not specifically limited.

In addition, the configuration of operating environment is directed to, since computer virus sample is transported in the virtual machine at current service end Capable, therefore, when running the object and range that computer virus sample can be attacked to limit virtual machine, configuration and computer The corresponding executable operating environment of Virus Sample passes through system in virtual machine for example, worm-type virus is the virus that the whole network is propagated Running paper catalogue is come the propagable firing area of worm-type virus is written is host IP1, host ip 2 etc., and the embodiment of the present invention is not It is specifically limited.

202, according to the permission of identity information configuration executable operation corresponding with the terminal iidentification.

For the embodiment of the present invention, in order to make the operator of different identity execute different rights using current service end Operation, at current service end according to the permission of the different executable operations of identity information configuration.Wherein, the executable operation Operation includes the displaying and operation, identity authority management, computer virus of the calling, presentation information of computer virus sample task The permission of sample management, the corresponding executable operation of different identity information is different, in the embodiment of the present invention, including demonstrator's body Part, the person's of being demonstrated identity, such as Faculty and Students, corresponding permission are that the executable operation of demonstrator's identity includes computer The displaying and operation of the calling, presentation information of sample task, identity authority management, computer virus sample management, the person of being demonstrated The executable operation of identity includes the displaying and operation of presentation information, and the embodiment of the present invention is not specifically limited.In addition, identity information Configuring permission corresponding with terminal iidentification is by demonstrator's identity or the person's of being demonstrated identity and terminal iidentification, executable operation Permission is bound, for example, teacher A has carried out the registration of demonstrator's identity, when the identity information using teacher A passes through terminal 01 Afterwards, the permission of server-side configuration is that teacher A includes the calling of computer sample task, drills using the permission that terminal 01 can be performed Show displaying and operation, identity authority management, the computer virus sample management of information.

It should be noted that the calling of the computer virus sample task is that can distribute to different terminals to identify to correspond to Computer virus sample, for example, the terminal of teacher's mark is by selecting different computer virus samples in current service end It is handed down to the terminal of different student identifications, virus 1 is such as selected to be handed down to the terminal of student 1, student 2, student 3, selection virus 2 It is handed down to the terminal of student 4, student 5, the terminal of student identification, can basis after receiving corresponding computer virus information Computer virus information sends demonstration request to current service end.The displaying and operation of the presentation information is to computer viruses The displaying and operation of postrun procedural information, further, the displaying of presentation information can also be stored in advance including demonstrator The file content that is shown to the person of being demonstrated of needs, such as curricula, and the operation of presentation information is to believe in the process of displaying It is annotated in breath, for example, after feeding back to teacher side by server-side after student annotates, teacher is according to the content of annotation It being audited, student side is fed back to by server-side after teacher annotates, student learns according to the content of annotation, this Inventive embodiments are not specifically limited.The identity authority management includes that the terminal of demonstrator's identity can choose addition terminal work For the terminal of the person's of being demonstrated identity, the embodiment of the present invention is not specifically limited.The computer virus sample management includes to meter Generation, deletion, the modification of computer virus sample etc. in calculation machine virus base, for example, when teacher side receives student side feedback Annotation content after, modified according to annotation content to computer virus sample, then again carry out computer virus operation Demonstration, to complete the interactive teaching and learning between teacher and student.

203, the Authority Verification request that the terminal is sent is received.

For the embodiment of the present invention, in order to determine whether terminal can meet executable behaviour to the operation requests that server-side is sent The permission of work needs to receive the Authority Verification request of terminal transmission, carries identity information, terminal in the Authority Verification request Mark.Wherein, the identity information is demonstrator or the identity name of the person's of being demonstrated registration terminal, telephone number, identity card Number, student number etc., terminal iidentification are the mark of registration terminal configuration, such as terminal 01, terminal 02, and the embodiment of the present invention is not done It is specific to limit.

204, it after passing through Authority Verification according to the identity information, establishes between terminal corresponding with the terminal iidentification Data connection.

For the embodiment of the present invention, for mistake after alloing current service end and each terminal to carry out computer virus operation The upload for issuing and operating of journey information, in identity information by after Authority Verification, current service end with pass through Authority Verification The corresponding terminal of terminal iidentification establishes data connection, to carry out data transmission.

205, the demonstration request that terminal is sent is received.

This step is identical as step 101 method shown in FIG. 1, and details are not described herein.

For example, current service end receives the demonstration request that terminal 01, terminal 0101, terminal 0102, terminal 0103 are sent, In, the demonstration request of teacher's terminal 01 includes demonstrating viral wooden horse a, viral wooden horse b, viral wooden horse c, and student terminal 0101 is drilled Show viral wooden horse b to be demonstrated in the demonstration request of viral wooden horse a to be demonstrated in request, student terminal 0102, student terminal Viral wooden horse c to be demonstrated in 0103 demonstration request.

206, operating environment corresponding with the computer virus information and meter are extracted from the computer virus library Calculation machine Virus Sample.

This step is identical as step 102 method shown in FIG. 1, and details are not described herein.

For example, worm-type virus sample and corresponding operating environment are extracted from computer virus library as the master of IP1-IP3 Machine extracts viral wooden horse sample and corresponding operating environment from computer virus library as the host of IP1-IP5.

207, the virtual machine for being configured with the operating environment is called, and the computer virus is run by the virtual machine Sample, and generate the procedural information for running the computer virus sample.

This step is identical as step 103 method shown in FIG. 1, and details are not described herein.

208, the procedural information is issued to terminal corresponding with the terminal iidentification.

This step is identical as step 104 method shown in FIG. 1, and details are not described herein.

It should be noted that as shown in figure 4, passing through memory module in current service end for the computeritis of executable operation The related letter such as the displaying and operation of the calling, presentation information of malicious sample task, identity authority management, computer virus sample management Breath be respectively stored in task call module, course management module, account management module, in sample management module.And for difference Computer virus sample carried out in different operating environments respectively, viral wooden horse sample 1 of such as imparting knowledge to students leads in practical environment 1 Virtual machine operation is crossed, viral wooden horse sample 2 of imparting knowledge to students is run in practical environment 2 by virtual machine, and viral wooden horse sample 3 of imparting knowledge to students exists It is run in practical environment 3 by virtual machine.

209, the operation requests that the terminal is sent are received.

For the embodiment of the present invention, in order not to same identity information personnel to the procedural information being issued in each terminal into The operation of row different rights, receives the operation requests that terminal is sent, and includes terminal iidentification and operation letter in the operation requests Breath.

It 210, will be described in operation after determining the terminal iidentification has the permission of executable operation to the operation information The result that operation information obtains is issued to corresponding terminal.

For example, the operation information in the operation requests of teacher side 01 is identity authority management, teacher side 01 passes through identity account After number being verified, addition terminal 06 is therefore the restriction as student side is issued in terminal 06, i.e. terminal by student side 06 can only log in the Authority Verification that pupilage is account.

For another example, the operation information in the operation requests of teacher side 02 is the deletion of viral wooden horse 1, then current service end confirms It after permission passes through, will be deleted in viral 1 re-computation machine virus base of wooden horse, and fed back to teacher side 02 and delete result.

The present invention provides the demenstration method of another computer virus operation, the embodiment of the present invention is received by server-side After the demonstration request that terminal is sent, corresponding behaviour is extracted according to the computer virus information and terminal iidentification that carry in demonstration request Make environment and computer virus sample, then runs this computer virus sample by configuring operating environment in virtual machine, and Procedural information caused by running is issued to terminal, and terminal is shown after receiving the procedural information issued, is realized pair The combination of theoretical operation and practice when computer virus is analyzed is reduced to the secondary biography in computer virus demonstration analytic process It broadcasts, improves to the person's of being demonstrated efficiency of teaching, live range is being analyzed to control virus attack in computer virus presentation process, The case where to reduce computer contamination, to provide a kind of clean, conjunction rule, efficient presentation process.

The embodiment of the invention provides the demenstration methods of another computer virus operation, as shown in figure 5, the method packet It includes:

301, demonstration request is sent to server-side.

Wherein, the demonstration request carries computer virus information and terminal iidentification to be demonstrated, the server-side It can connect the terminal of different operation identity, and different operation identity corresponds to different terminal iidentifications.The computer virus Information includes different types of computer virus title, such as viral wooden horse, worm-type virus etc., and the embodiment of the present invention does not do specific limit It is fixed.

It should be noted that the server-side can dock the corresponding terminal of multiple and different operation identity, present terminal can Think the terminal of demonstrator's identity, or the terminal of the person's of being demonstrated identity, the embodiment of the present invention are not specifically limited.

302, after receiving the corresponding computer virus sample of the operation computer virus information that the server issues Generated procedural information, and show the procedural information.

Wherein, the procedural information be the procedural information be computer virus sample at runtime, specifically attacked Journey, and contamination step etc., the computer virus sample is to store into the computer virus library of server-side, and server-side can With the operational process for calling multiple virtual machines to realize different computer virus samples, before calling, need according to operation ring Border configures virtual machine, so that computer virus sample is run in the virtual machine for being matched with operating environment, realizes teaching The purpose of demonstration.

The present invention provides the demenstration methods of another computer virus operation, and the embodiment of the present invention to server-side by sending out After the demonstration request sent, the postrun procedural information of computer virus sample is received, is shown, realizes to computeritis The combination of theoretical operation and practice when poison analysis is reduced to the secondary propagation in computer virus demonstration analytic process, is improved To the person's of being demonstrated efficiency of teaching, in the range to control virus attack analysis scene in computer virus presentation process, to reduce The case where computer is contaminated, to provide a kind of clean, conjunction rule, efficient presentation process.

The embodiment of the invention provides the demenstration methods of another computer virus operation, as shown in fig. 6, the method packet It includes:

401, Xiang Suoshu server-side sending permission checking request.

For the embodiment of the present invention, in order to make the operator of different identity execute different rights using current service end Operation, in server-side according to the permission of the different executable operations of identity information verifying, to server-side sending permission checking request. Identity information, terminal iidentification are carried in the Authority Verification request, the identity information includes demonstrator's identity, the person of being demonstrated Identity, such as Faculty and Students, corresponding permission are that the executable operation of demonstrator's identity includes the tune of computer sample task With, the displaying of presentation information and operation, identity authority management, computer virus sample management, the executable behaviour of the person's of being demonstrated identity Make displaying and operation including presentation information, the embodiment of the present invention is not specifically limited.

402, it after the server-side passes through Authority Verification according to the identity information, establishes between the server-side Data connection.

For the embodiment of the present invention, for procedural information after alloing server-side and terminal to carry out computer virus operation The upload for issuing and operating, in identity information by the way that after Authority Verification, present terminal and server-side establish data connection, so as into The transmission of row data.

403, demonstration request is sent to server-side.

This step is identical as step 301 method shown in fig. 5, and details are not described herein.

404, after receiving the corresponding computer virus sample of the operation computer virus information that the server issues Generated procedural information, and show the procedural information.

This step is identical as step 302 method shown in fig. 5, and details are not described herein.

405, operation requests are sent to server-side.

It include eventually in the operation requests to realize the different operation purpose of present terminal for the embodiment of the present invention End mark and operation information, the operation information include the calling of computer virus sample task, presentation information displaying and Operation, identity authority management, computer virus sample management.Wherein, the calling of computer virus sample task is that can distribute Corresponding computer virus sample is identified to different terminals；The displaying and operation of presentation information are postrun to computer virus The displaying and operation of procedural information, operate to be annotated in the procedural information of displaying；The identity authority management includes drilling The terminal of the person's of showing identity can choose terminal of the addition terminal as the person's of being demonstrated identity；The computer virus sample management packet It includes to generation, deletion, the modification of computer virus sample etc. in computer virus library, to complete between teacher and student Interactive teaching and learning.

406, after the server-side determines that the terminal iidentification has the permission of executable operation to the operation information, The procedural information that the operation operation information that the server-side issues obtains is received, and shows the procedural information.

For example, the operation information in the operation requests of student side 03 is the displaying of worm-type virus, and after Authority Verification, clothes End be engaged in by worm-type virus sample in virtual machine operation computer virus library, the procedural information of operation is issued, it is current whole End is received, and procedural information is shown.

Further, as the realization to method shown in above-mentioned Fig. 1, the embodiment of the invention provides a kind of server-sides, such as Shown in Fig. 7, which includes: receiving module 51, extraction module 52, calling module 53, issues module 54.

Receiving module 51, for receiving the demonstration request of terminal transmission, the demonstration request carries calculating to be demonstrated Machine Virus Info and terminal iidentification；

Extraction module 52, for extracting operating environment corresponding with the computer virus information and computer virus sample This；

Calling module 53 runs institute for calling the virtual machine for being configured with the operating environment, and by the virtual machine Computer virus sample is stated, and generates the procedural information for running the computer virus sample；

Module 54 is issued, for the procedural information to be issued to terminal corresponding with the terminal iidentification.

The present invention provides a kind of apparatus for demonstrating of computer virus operation, the embodiment of the present invention is received eventually by server-side After the demonstration request that end is sent, corresponding operation is extracted according to the computer virus information and terminal iidentification that carry in demonstration request Then environment and computer virus sample run this computer virus sample by configuring operating environment in virtual machine, and will Procedural information caused by running is issued to terminal, and terminal is shown after receiving the procedural information issued, realizes to meter The combination of theoretical operation and practice when calculation machine virus analysis is reduced to the secondary biography in computer virus demonstration analytic process It broadcasts, improves to the person's of being demonstrated efficiency of teaching, live range is being analyzed to control virus attack in computer virus presentation process, The case where to reduce computer contamination, to provide a kind of clean, conjunction rule, efficient presentation process.

Further, as the realization to method shown in above-mentioned Fig. 3, the embodiment of the invention provides another server-side, As shown in figure 8, the server-side includes: receiving module 61, extraction module 62, calling module 63, issues module 64, generation module 65, module 66, configuration module 67 are established.

Receiving module 61, for receiving the demonstration request of terminal transmission, the demonstration request carries calculating to be demonstrated Machine Virus Info and terminal iidentification；

Extraction module 62, for extracting operating environment corresponding with the computer virus information and computer virus sample This；

Calling module 63 runs institute for calling the virtual machine for being configured with the operating environment, and by the virtual machine Computer virus sample is stated, and generates the procedural information for running the computer virus sample；

Module 64 is issued, for the procedural information to be issued to terminal corresponding with the terminal iidentification.

Further, the server-side further include: generation module 65,

The generation module 65, for generating computer virus library, be stored in the computer virus sample database with not Corresponding operating environment and computer virus sample with computer virus information；

The extraction module 62 is specifically used for extracting and the computer virus information pair from the computer virus library The operating environment and computer virus sample answered.

Further, the generation module 65 includes:

Acquiring unit 6501, for obtaining computer virus code；

Processing unit 6502, for carrying out conversed analysis to the computer virus code, searching has aggressive disease Malicious code, and Weakening treatment is carried out to the viral code；

Configuration unit 6503, for according to the source code after conversed analysis and the compiling of the viral code after Weakening treatment Computer virus sample, and configure executable operating environment corresponding with the computer virus sample；

Generation unit 6504, for generating computer virus according to the computer virus sample and the operating environment Sample database.

Further, the server-side includes: to establish module 66,

The receiving module 61 is also used to receive the Authority Verification request that the terminal is sent, the Authority Verification request In carry identity information, terminal iidentification；

It is described to establish module 66, for establishing and the terminal mark after passing through Authority Verification according to the identity information Know the data connection between corresponding terminal.

Further, the server-side further include:

Configuration module 67, for the power according to identity information configuration executable operation corresponding with the terminal iidentification Limit, the operation of the executable operation include the displaying and operation, identity of the calling, presentation information of computer virus sample task Rights management, computer virus sample management.

Further, the receiving module 61 is also used to receive the operation requests that the terminal is sent, the operation requests In include terminal iidentification and operation information；

It is described to issue module 64, it is also used to that there is executable operation to the operation information when the determining terminal iidentification After permission, the result that the operation information obtains will be run and be issued to corresponding terminal.

The present invention provides the apparatus for demonstrating of another computer virus operation, the embodiment of the present invention is received by server-side After the demonstration request that terminal is sent, corresponding behaviour is extracted according to the computer virus information and terminal iidentification that carry in demonstration request Make environment and computer virus sample, then runs this computer virus sample by configuring operating environment in virtual machine, and Procedural information caused by running is issued to terminal, and terminal is shown after receiving the procedural information issued, is realized pair The combination of theoretical operation and practice when computer virus is analyzed is reduced to the secondary biography in computer virus demonstration analytic process It broadcasts, improves to the person's of being demonstrated efficiency of teaching, live range is being analyzed to control virus attack in computer virus presentation process, The case where to reduce computer contamination, to provide a kind of clean, conjunction rule, efficient presentation process.

Further, as the realization to method shown in above-mentioned Fig. 5, the embodiment of the invention provides a kind of terminals, such as Fig. 9 Shown, which includes: sending module 71, receiving module 72.

Sending module 71, for sending demonstration request to server-side, the demonstration request carries computer to be demonstrated Virus Info and terminal iidentification；

Receiving module 72, for receiving the corresponding computer of the operation computer virus information that the server issues Generated procedural information after Virus Sample, and show the procedural information.

The present invention provides the apparatus for demonstrating of another computer virus operation, and the embodiment of the present invention to server-side by sending out After the demonstration request sent, the postrun procedural information of computer virus sample is received, is shown, realizes to computeritis The combination of theoretical operation and practice when poison analysis is reduced to the secondary propagation in computer virus demonstration analytic process, is improved To the person's of being demonstrated efficiency of teaching, in the range to control virus attack analysis scene in computer virus presentation process, to reduce The case where computer is contaminated, to provide a kind of clean, conjunction rule, efficient presentation process.

Further, as the realization to method shown in above-mentioned Fig. 6, the embodiment of the invention provides a kind of terminals, such as scheme Shown in 10, which includes: sending module 81, receiving module 82, establishes module 83.

Sending module 81, for sending demonstration request to server-side, the demonstration request carries computer to be demonstrated Virus Info and terminal iidentification；

Receiving module 82, for receiving the corresponding computer of the operation computer virus information that the server issues Generated procedural information after Virus Sample, and show the procedural information.

Further, the terminal further include: module 83 is established,

The sending module 81 is also used to the server-side sending permission checking request, in the Authority Verification request Carry identity information, terminal iidentification；

It is described to establish module 83, for when the server-side according to the identity information pass through Authority Verification after, establish and Data connection between the server-side.

Further, the sending module 81 is also used to send operation requests to server-side, includes in the operation requests Terminal iidentification and operation information, the operation information include the displaying of the calling of computer virus sample task, presentation information And operation, identity authority management, computer virus sample management；

The receiving module 82, for determining that the terminal iidentification has and can hold to the operation information when the server-side After the permission of row operation, the procedural information that the operation operation information that the server-side issues obtains is received, and described in displaying Procedural information.

A kind of storage medium is provided according to an embodiment of the present invention, and it is executable that the storage medium is stored at least one The demenstration method of the operation of the computer virus in above-mentioned any means embodiment can be performed in instruction, the computer executable instructions.

Figure 11 shows a kind of structural schematic diagram of the computer equipment provided according to an embodiment of the present invention, the present invention Specific embodiment does not limit the specific implementation of computer equipment.

As shown in figure 11, which may include: processor (processor) 902, communication interface (Communications Interface) 904, memory (memory) 906 and communication bus 908.

Wherein: processor 902, communication interface 904 and memory 906 complete mutual lead to by communication bus 908 Letter.

Communication interface 904, for being communicated with the network element of other equipment such as client or other servers etc..

Processor 902, for executing program 910, the demenstration method that can specifically execute above-mentioned computer virus operation is real Apply the correlation step in example.

Specifically, program 910 may include program code, which includes computer operation instruction.

Processor 902 may be central processor CPU or specific integrated circuit ASIC (Appl ication Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention Road.The one or more processors that computer equipment includes can be same type of processor, such as one or more CPU；? It can be different types of processor, such as one or more CPU and one or more ASIC.

Memory 906, for storing program 910.Memory 906 may include high speed RAM memory, it is also possible to further include Nonvolatile memory (non-volati le memory), for example, at least a magnetic disk storage.

Program 910 specifically can be used for so that processor 902 executes following operation:

Another storage medium is provided according to an embodiment of the present invention, and the storage medium is stored at least one and can hold The demonstration side of the operation of the computer virus in above-mentioned any means embodiment can be performed in row instruction, the computer executable instructions Method.

Figure 12 shows the structural schematic diagram of another computer equipment provided according to an embodiment of the present invention, this hair Bright specific embodiment does not limit the specific implementation of computer equipment.

As shown in figure 12, which may include: processor (processor) 1002, communication interface (Communications Interface) 1004, memory (memory) 1006 and communication bus 1008.

Wherein: processor 1002, communication interface 1004 and memory 1006 are completed each other by communication bus 1008 Communication.

Communication interface 1004, for being communicated with the network element of other equipment such as client or other servers etc..

Processor 1002 can specifically execute the demenstration method of above-mentioned computer virus operation for executing program 1010 Correlation step in embodiment.

Specifically, program 1010 may include program code, which includes computer operation instruction.

Processor 1002 may be central processor CPU or specific integrated circuit ASIC (Appl ication Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention Road.The one or more processors that computer equipment includes can be same type of processor, such as one or more CPU；? It can be different types of processor, such as one or more CPU and one or more ASIC.

Memory 1006, for storing program 1010.Memory 1006 may include high speed RAM memory, it is also possible to also Including nonvolatile memory (non-volati le memory), for example, at least a magnetic disk storage.

Program 1010 specifically can be used for so that processor 1002 executes following operation:

The embodiment of the invention provides a kind of demo systems of computer virus operation, as shown in figure 13, comprising: server-side 1101, terminal 1102,

The terminal 1102, for sending demonstration request to server-side, the demonstration request carries calculating to be demonstrated Machine Virus Info and terminal iidentification；

The server-side 1101, for receiving the demonstration request of terminal transmission, the demonstration request carries to be demonstrated Computer virus information and terminal iidentification；

The server-side 1101 is also used to extract operating environment corresponding with the computer virus information and computer Virus Sample；

The server-side 1101 is also used to call the virtual machine for being configured with the operating environment, and passes through the virtual machine The computer virus sample is run, and generates the procedural information for running the computer virus sample；

The server-side 1101 is also used to for the procedural information to be issued to terminal corresponding with the terminal iidentification.

The terminal 1102 is also used to receive the corresponding meter of the operation computer virus information that the server issues Generated procedural information after calculation machine Virus Sample, and show the procedural information.

The present invention provides a kind of demonstration of computer virus operation, the embodiment of the present invention receives terminal by server-side and sends out After the demonstration request sent, corresponding operating environment is extracted according to the computer virus information and terminal iidentification that carry in demonstration request And computer virus sample, this computer virus sample then is run by configuring operating environment in virtual machine, and will operation Generated procedural information is issued to terminal, and terminal is shown after receiving the procedural information issued, realizes to computer The combination of theoretical operation and practice when virus analysis is reduced to the secondary propagation in computer virus demonstration analytic process, is mentioned Height is to the person's of being demonstrated efficiency of teaching, in the range to control virus attack analysis scene in computer virus presentation process, with drop The case where low computer is contaminated, to provide a kind of clean, conjunction rule, efficient presentation process.

Algorithm and display are not inherently related to any particular computer, virtual system, or other device provided herein. Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs required by this kind of system Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.

In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this specification.

Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as a separate embodiment of the present invention.

Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose It replaces.

In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed Meaning one of can in any combination mode come using.

Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice Microprocessor or digital signal processor (DSP) realize the management method and dress of asset data according to an embodiment of the present invention The some or all functions of some or all components in setting.The present invention is also implemented as described here for executing Method some or all device or device programs (for example, computer program and computer program product).This The program that the realization of sample is of the invention can store on a computer-readable medium, or can have one or more signal Form.Such signal can be downloaded from an internet website to obtain, and perhaps be provided on the carrier signal or with any other Form provides.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame Claim.

The embodiment of the invention also includes:

The demenstration method that A1, a kind of computer virus are run, comprising:

A2, method according to a1, the method also includes:

A3, the method according to A2, the generation computer virus library include:

Obtain computer virus code；

A4, method according to a1, the method also includes:

A5, method according to a4, the method also includes:

A6, method according to a5, the method also includes:

The demenstration method that B7, a kind of computer virus are run, comprising:

B8, the method according to B7, the method also includes:

B9, the method according to B8, the method also includes:

C10, a kind of server-side, comprising:

C11, the server-side according to C10, the server-side further include: generation module,

C12, the server-side according to C11, the generation module include:

Acquiring unit, for obtaining computer virus code；

C13, the server-side according to C10, the server-side include: to establish module,

C14, the server-side according to C13, the server-side further include:

C15, the server-side according to C14,

The receiving module is also used to receive the operation requests that the terminal is sent, and includes terminal in the operation requests Mark and operation information；

D16, a kind of terminal, comprising:

D17, the terminal according to D16, the terminal further include: module is established,

D18, the terminal according to D17,

The sending module, is also used to send operation requests to server-side, include terminal iidentification in the operation requests with And operation information, the operation information include the calling of computer virus sample task, the displaying of presentation information and operation, identity Rights management, computer virus sample management；

E19, a kind of storage medium are stored with an at least executable instruction, the executable instruction in the storage medium The corresponding operation of demenstration method for the computer virus operation for executing processor as described in any one of A1-A6.

F20, a kind of computer equipment, comprising: processor, memory, communication interface and communication bus, the processor, The memory and the communication interface complete mutual communication by the communication bus；

The memory executes the processor such as storing an at least executable instruction, the executable instruction The corresponding operation of demenstration method of the operation of computer virus described in any one of A1-A6.

G21, a kind of storage medium are stored with an at least executable instruction, the executable instruction in the storage medium The corresponding operation of demenstration method for the computer virus operation for executing processor as described in any one of B7-B9.

H22, a kind of computer equipment, comprising: processor, memory, communication interface and communication bus, the processor, The memory and the communication interface complete mutual communication by the communication bus；

The memory executes the processor such as storing an at least executable instruction, the executable instruction The corresponding operation of demenstration method of the operation of computer virus described in any one of B7-B9.

The demo system that I23, a kind of computer virus are run characterized by comprising C10-C15 is described in any item Server-side and the described in any item terminals of D16-D18.

Claims

1. a kind of demenstration method of computer virus operation characterized by comprising

The demonstration request that terminal is sent is received, the demonstration request carries computer virus information and terminal mark to be demonstrated Know；

The virtual machine for being configured with the operating environment is called, and the computer virus sample is run by the virtual machine, and Generate the procedural information for running the computer virus sample；

2. the method according to claim 1, wherein the method also includes:

Computer virus library is generated, is stored with behaviour corresponding from different computer virus information in the computer virus sample database Make environment and computer virus sample；

Operating environment corresponding with the computer virus information and computer virus are extracted from the computer virus library Sample.

3. a kind of demenstration method of computer virus operation characterized by comprising

Demonstration request is sent to server-side, the demonstration request carries computer virus information and terminal mark to be demonstrated Know；

Caused by receiving after the corresponding computer virus sample of the operation computer virus information that the server issues Procedural information, and show the procedural information.

4. a kind of server-side characterized by comprising

Receiving module, for receiving the demonstration request of terminal transmission, the demonstration request carries computer virus to be demonstrated Information and terminal iidentification；

Extraction module, for extracting operating environment corresponding with the computer virus information and computer virus sample；

Calling module runs the calculating for calling the virtual machine for being configured with the operating environment, and by the virtual machine Machine Virus Sample, and generate the procedural information for running the computer virus sample；

5. a kind of terminal characterized by comprising

Sending module, for sending demonstration request to server-side, the demonstration request carries computer virus letter to be demonstrated Breath and terminal iidentification；

Receiving module, for receiving the corresponding computer virus sample of the operation computer virus information that the server issues Generated procedural information after this, and show the procedural information.

6. a kind of storage medium, it is stored with an at least executable instruction in the storage medium, the executable instruction makes to handle Device executes the corresponding operation of demenstration method such as computer virus of any of claims 1-2 operation.

7. a kind of computer equipment, comprising: processor, memory, communication interface and communication bus, the processor described are deposited Reservoir and the communication interface complete mutual communication by the communication bus；

The memory executes the processor as right is wanted for storing an at least executable instruction, the executable instruction The corresponding operation of demenstration method for asking computer virus described in any one of 1-2 to run.

8. a kind of storage medium, it is stored with an at least executable instruction in the storage medium, the executable instruction makes to handle Device executes the corresponding operation of demenstration method of computer virus operation as claimed in claim 3.

9. a kind of computer equipment, comprising: processor, memory, communication interface and communication bus, the processor described are deposited Reservoir and the communication interface complete mutual communication by the communication bus；

The memory executes the processor as right is wanted for storing an at least executable instruction, the executable instruction The corresponding operation of demenstration method of the operation of computer virus described in asking 3.

10. a kind of demo system of computer virus operation characterized by comprising server-side and power as claimed in claim 4 Benefit require 5 described in terminal.