CN112100618B - Virus file detection method, system, equipment and computer storage medium - Google Patents
Virus file detection method, system, equipment and computer storage medium Download PDFInfo
- Publication number
- CN112100618B CN112100618B CN201910527253.7A CN201910527253A CN112100618B CN 112100618 B CN112100618 B CN 112100618B CN 201910527253 A CN201910527253 A CN 201910527253A CN 112100618 B CN112100618 B CN 112100618B
- Authority
- CN
- China
- Prior art keywords
- file
- path information
- target file
- virus
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 226
- 238000001514 detection method Methods 0.000 title claims abstract description 95
- 230000003068 static effect Effects 0.000 claims abstract description 26
- 238000004590 computer program Methods 0.000 claims description 54
- 238000000034 method Methods 0.000 claims description 34
- 230000004927 fusion Effects 0.000 claims description 33
- 238000013145 classification model Methods 0.000 claims description 24
- 238000009792 diffusion process Methods 0.000 abstract description 3
- 230000000875 corresponding effect Effects 0.000 description 20
- 238000004422 calculation algorithm Methods 0.000 description 10
- 238000004364 calculation method Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
Abstract
The application discloses a virus file detection method, a system, equipment and a computer storage medium, wherein target file path information of a target file on the equipment is obtained; and judging whether the target file is a virus file or not based on the regularity of the path information of the target file. According to the virus file detection method, whether the target file is the virus file is judged by means of the regularity of the path information of the target file, and the file path of the virus file on the device is not regular due to the diffusion of the virus file on the device, so that a hacker cannot hide the irregularity of the virus file on the file path, in the prior art, the hacker can avoid the virus file according to the static characteristics, and therefore the detection strength of the virus file can be improved. The virus file detection system, the virus file detection equipment and the computer readable storage medium also solve the corresponding technical problems.
Description
Technical Field
The present disclosure relates to the field of server security technologies, and in particular, to a method, a system, an apparatus, and a computer storage medium for detecting a virus file.
Background
In the application scenario of a server, a computer, etc., the device may be subjected to a virus attack, for example, the device is infected by a virus file, and therefore, the virus file needs to be detected during the use of the device.
The existing virus file detection method is to extract static characteristics of a file according to the content of the file, wherein the static characteristics of the file comprise an import and export function, an instruction sequence and the like of the file, and whether the file is a virus file is judged through the static characteristics of the file.
However, in the existing method for judging whether the file is a virus file according to the static characteristics of the file, the source of the static characteristic information of the file is single, and the behavior information of the file on different devices cannot be reflected; the static characteristics of the file have poor anti-interference capability and are easy to bypass detection by a hacker, and the detection strength is poor, for example, the hacker can regularly study the characteristics in a file detection system, change the static characteristics of the file by changing the content of the file, and bypass detection and the like.
In summary, how to improve the detection force of the device on the virus file is a problem to be solved by those skilled in the art.
Disclosure of Invention
The purpose of the application is to provide a virus file detection method, which can solve the technical problem of how to improve the detection force of equipment on virus files to a certain extent. The application also provides a virus file detection system, a device and a computer readable storage medium.
In order to achieve the above object, the present application provides the following technical solutions:
a method for detecting a virus file, comprising:
acquiring target file path information of a target file on equipment;
and judging whether the target file is a virus file or not based on the regularity of the path information of the target file.
Preferably, the determining whether the target file is a virus file based on the regularity of the path information of the target file includes:
carrying out hierarchical division on each target file path information to obtain corresponding hierarchical path information;
calculating the regularity score of the hierarchical path information of each hierarchy;
and judging whether the target file is a virus file or not based on the regularity score of the hierarchical path information of each hierarchy.
Preferably, the determining whether the target file is a virus file based on the regularity of the path information of the target file includes:
carrying out hierarchical division on each target file path information to obtain corresponding hierarchical path information;
selecting a preset number of hierarchical path information as target hierarchical path information;
calculating the regularity score of each target level path information;
and judging whether the target file is a virus file or not based on the regularity score of each target level path information.
Preferably, the hierarchical division of each target file path information includes:
and for each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from the tail to the head.
Preferably, the hierarchical division of each target file path information includes:
analyzing the type of the target file;
if the type of the target file is a document, regarding each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from beginning to end;
and if the type of the target file is an executable file, regarding each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from the tail to the head.
Preferably, the calculating the regularity score of the hierarchical path information of each hierarchy includes:
Counting the total number of non-repeated paths of the hierarchical path information of the same hierarchy;
the regularity score for the hierarchical path information for each hierarchy is calculated based on the total number of non-duplicate paths for each hierarchy and the total number of target file path information.
Preferably, the calculating the regularity score of the hierarchical path information based on the total number of non-duplicate paths and the total number of target file path information includes:
calculating the total value of all the total non-repeated paths;
calculating the quotient of the total value and the total number of the target file path information;
a variance of the total number of non-duplicate paths and the quotient value for each level is calculated and the variance is taken as the regularity score of the level path information.
Preferably, the determining whether the target file is a virus file based on the regularity score of the hierarchical path information of each hierarchy includes:
feature fusion is carried out on each regularity score to obtain a fusion regularity score;
inputting the fusion regularity score into a pre-trained virus file classification model, wherein the virus file classification model judges whether the target file is a virus file or not based on the fusion regularity score;
And obtaining a judging result of the virus file classification model.
Preferably, the feature fusing is performed on each of the regularity scores to obtain a fused regularity score, which includes:
and fusing the regularity scores and file information features of the target file to obtain the fused regularity scores, wherein the file information features comprise static feature information and version information.
Preferably, the fusing the regularity score and the file information feature of the target file includes:
and fusing the file information characteristics of each regularity score and the target file through a Bayesian decision theory algorithm.
Preferably, the obtaining the target file path information of the target file on the device includes:
and selecting a preset number of historical file path information as a preset number of target file path information in the historical file path information set when the target file is positioned in the equipment.
Preferably, the obtaining the target file path information of the target file on the device includes:
selecting a preset number of target devices carrying the target file from a target network structure to which the target file belongs;
And acquiring the target file path information of the target file in each target device.
A virus file detection system comprising:
the first acquisition module is used for acquiring target file path information of a target file on equipment;
the first judging module is used for judging whether the target file is a virus file or not based on the regularity of the path information of the target file.
A virus file detection apparatus comprising:
a memory for storing a computer program;
a processor for implementing the steps of any of the virus file detection methods described above when executing the computer program.
A computer readable storage medium having stored therein a computer program which when executed by a processor performs the steps of the method of virus file detection as described in any of the above.
The virus file detection method is applied to virus file detection equipment and is used for obtaining target file path information of target files on the equipment; and judging whether the target file is a virus file or not based on the regularity of the path information of the target file. According to the virus file detection method, the virus file detection equipment acquires the target file path information of the target file on the equipment, whether the target file is the virus file is judged by means of the regularity of the target file path information, the file path of the virus file on the equipment does not have regularity due to the diffusion of the virus file on the equipment, and a hacker cannot hide the irregularity of the virus file on the file path, so that whether the target file is the virus file can be judged according to the target file path information of the target file, and the hacker cannot hide the irregularity of the virus file on the file path, in the prior art, the virus file detection force is high, and in the prior art, the hacker can avoid the virus file according to the static characteristics, so that the virus file can escape detection, and compared with the existing method for judging whether the file is the virus file according to the static characteristics of the file, the virus file detection force can be improved. The virus file detection system, the virus file detection equipment and the computer readable storage medium also solve the corresponding technical problems.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
FIG. 1 is a first flowchart of a method for detecting a virus file according to an embodiment of the present application;
FIG. 2 is a second flowchart of a method for detecting a virus file according to an embodiment of the present application;
FIG. 3 is a third flowchart of a method for detecting a virus file according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a virus file detection system according to an embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of a virus file detection device according to an embodiment of the present application;
fig. 6 is another schematic structural diagram of a virus file detection apparatus according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
In the application scenario of a server, a computer, etc., the device may be subjected to a virus attack, for example, the device is infected by a virus file, and therefore, the virus file needs to be detected during the use of the device. The existing virus file detection method is to extract static characteristics of a file according to the content of the file, wherein the static characteristics of the file comprise an import and export function, an instruction sequence and the like of the file, and whether the file is a virus file is judged through the static characteristics of the file. However, in the existing method for judging whether the file is a virus file according to the static characteristics of the file, the source of the static characteristic information of the file is single, and the behavior information of the file on different devices cannot be reflected; the static characteristics of the file are poor in anti-interference capability and are easy to bypass detection by a hacker, the detection strength is poor, for example, the hacker can regularly study the characteristics in a file detection system, change the static characteristics of the file by changing the content of the file, bypass detection and the like, two function name character strings of FindFirstFile and FindNextFile are taken as static characteristics as examples, and the hacker can modify the two function name character strings or can avoid the detection of the virus file without using the two function name character strings. According to the virus file detection method, whether the target file is the virus file is judged by means of the regularity of the target file path information, and due to the fact that the virus file is spread on the device, the file path of the virus file on the device is not regular, and a hacker cannot hide the irregularity of the virus file on the file path, in the prior art, the hacker can avoid the virus file according to the static characteristics, and therefore the detection strength of the device on the virus file can be improved.
Referring to fig. 1, fig. 1 is a first flowchart of a method for detecting a virus file according to an embodiment of the present application.
The method for detecting the virus file provided by the embodiment of the application can comprise the following steps:
step S101: and acquiring target file path information of the target file on the equipment.
In practical application, the target file path information of the target file on different devices or the same device can be acquired first, the number of the target file path information can be determined according to practical needs, for example, in an intranet, the file path information of the target file on each device of the intranet can be acquired, that is, how many devices in the intranet have the target file, and how many pieces of target file path information can be acquired; the file path referred to in the application refers to a folder line that a user or the like experiences when searching for a file on a disk, for example, the file path of a readme.txt file may be C:_sers\pc\documents\readme.txt.
It should be noted that, the acquiring manner of the target file path information may be flexibly determined according to the actual situation, taking the installation position of the virus file detecting device in the intranet as an example, when the virus file detecting device is installed in the management server of the intranet, the management server may send a file path acquiring instruction corresponding to the target file to the device connected with the management server, and receive the target file path information returned by the device connected with the management server; when the virus file detection device is installed in the user device of the intranet, the user device may send a file path obtaining instruction to the management server, receive the target file path information counted by the management server, or in other manners, for example, the virus file detection device performs information interaction with the device in the intranet to obtain the target file path information.
In a specific application scenario, an intranet in which a virus file detection device is located may receive a target file for the first time, and only one target file path information may exist in the intranet, at this time, in order to ensure detection accuracy of the target file, when a preset number of target file path information corresponding to the target file is obtained, the preset number of history file path information may be selected as the preset number of target file path information in a history file path information set when the target file is located in the device, the preset number may be determined according to a set operation efficiency, detection accuracy and other requirements, for example, when the set operation efficiency is lower, a preset number of values may be set to be larger, for example, 70% of path information in the history file path information may be used as the target file path information. The history file path information is the already present target file path information.
In a specific application scene, when a plurality of target files exist in a target network structure, such as an intranet, where the target files are located, in order to ensure the validity of the target file path information, the target file path information of the target files in the intranet can be acquired in real time, and when the target file path information of the target files on the equipment is acquired, a preset number of target equipment carrying the target files can be selected from the target network structure where the target files belong; and acquiring target file path information of the target files in each target device.
Step S102: and judging whether the target file is a virus file or not based on the regularity of the path information of the target file.
In practical application, because the file paths of the virus files on different devices are flexible and various, and the normal files do not need to be spread, the file paths of the normal files on different devices are regular, and whether the target files are virus files can be judged based on the regularity of the target file path information after the target file path information of a preset number is acquired based on the file path regularity of the virus files and the normal files.
In practical applications, when judging whether the target file is a virus file based on the regularity of the path information of the target file, whether the target file is a virus file may be judged according to the regularity of the path information of all the target files, whether the target file is a virus file may be judged according to the regularity of the path information of part of the target files, and if the target file has A, B, C, whether the target file is a virus file may be judged according to the regularity reflected by A, B, C three path information, whether the target file is a virus file may be judged according to the regularity reflected by A, B only, whether the target file is a virus file may be judged according to the regularity reflected by part of the path information in A, B, C three path information, for example, whether the target file is a virus file may be judged according to the regularity of the path information of the first 3 layers in A, B, C. In addition, when determining whether the target file is a virus file based on the regularity of the target file path information, whether the target file is a virus file may be determined based on the regularity of the hierarchical path information in the target file path information, the hierarchical path information being path information of a certain hierarchy in the target file path information. In a specific application scene, keywords which are hidden in the path information and can judge the target file as a virus file can be collected, the number of the path information containing the keywords in the path information of the target file is determined, the ratio of the number of the path information to the total number of the path information of the target file is used as the regularity score of the path information of the target file, whether the regularity score is larger than a preset ratio is judged, if yes, the target file is judged to be the virus file, and the preset ratio can be determined according to the detection precision of the virus file in practical application.
The virus file detection method is applied to virus file detection equipment and is used for obtaining target file path information of target files on the equipment; and judging whether the target file is a virus file or not based on the regularity of the path information of the target file. According to the virus file detection method, the virus file detection equipment acquires the preset number of target file path information of the target files on the equipment, whether the target files are virus files is judged by means of the regularity of the target file path information, the file paths of the virus files on the equipment are not regular due to the diffusion of the virus files on the equipment, and a hacker cannot hide the irregularity of the virus files on the file paths, so that whether the target files are virus files can be judged according to the target file path information of the target files, and the hacker cannot hide the irregularity of the virus files on the file paths, so that the virus file detection strength is high.
Referring to fig. 2, fig. 2 is a second flowchart of a method for detecting a virus file according to an embodiment of the present application.
The method for detecting the virus file provided by the embodiment of the application can comprise the following steps:
step S201: and acquiring target file path information of the target file on the equipment.
Step S202: and carrying out hierarchical division on the path information of each target file to obtain corresponding hierarchical path information.
In practical application, the file path is generally provided with a plurality of folder lines, for example, file path C of the readme.txt file is \Users\pc\documents\readme.txt, the folder lines passing through the file path C\Users\pc document/txt are C, users, pc, documents, some folder lines can be determined by user selection, such as C, users, and the like, and the existence of the folder lines can enable the diversity of the target file path information to be stronger, but the file path information cannot represent whether the target file is a virus file, so that in order to improve the detection accuracy of the target file, the target file path information can be hierarchically divided, namely, the target file path information is converted into hierarchical path information with smaller granularity, and the specific division mode can be determined according to practical requirements.
In a specific application scenario, all folder lines in the file path information are connected together through connection characters, so that when hierarchical division is performed on all target file path information, each connection character in the target file path information can be used as a hierarchical division symbol for each target file path information, and hierarchical division is performed on the target file path information according to the division sequence from the end to the head. Taking the target file path information of/data/disk 2/admin/workspace/doc/readme.txt as an example, the connection character in the target file path information is/, so that the readme.txt in the target file path information can be divided into a first level, doc into a second level, workspace into a third level, admin into a fourth level, disk2 into a fifth level, and data into a sixth level according to the division order from the end to the head. Of course, other hierarchical dividing methods are also possible, and the application is not limited herein, for example, performing hierarchical division on the target file path information according to the division sequence from beginning to end. It should be noted that, the header referred to in this application refers to the left part of the target file path information, the tail referred to in this application refers to the right part of the target file path information, and the target file path information is/data/disk 2/admin/workspace/doc/readme.
In a specific application scene, when the type of the virus file is an executable file, the diversity of the file path information is mainly concentrated in the path of the software, namely, the diversity is mainly reflected at the tail part of the file path information; when the type of the virus file is a document, the diversity of the file path information is mainly concentrated in the system file, namely the system file appears in the file path information of the document type virus file, namely the file path information is mainly reflected in the head part of the file path information; therefore, in order to improve the judging accuracy of whether the target file is a virus file or not and the judging efficiency of whether the target file is a virus file or not, the type of the target file can be analyzed when the path information of each target file is classified according to the hierarchy of the folders; if the type of the target file is a document, regarding each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from beginning to end; if the type of the target file is an executable file, for each target file path information, each connection character in the target file path information is used as a hierarchy divider, and the target file path information is hierarchically divided according to the division sequence from tail to head. Namely, when the type of the target file is a document, the path information of the target file is directly subjected to hierarchical division according to the division sequence from beginning to end, so that the path information affecting whether the document is a virus file can be divided into the same layer at the highest probability and the highest speed, and the accuracy of the regularity score obtained by subsequent calculation is higher; when the path information of the target file is hierarchically partitioned according to the partitioning sequence from the tail to the head, the probability of influencing whether the path information of the file is the virus file is larger in different layers, so that the accuracy of the regularity score obtained by subsequent calculation is lower, the accuracy of judging whether the target file is the virus file can be improved, and the efficiency of judging whether the target file is the virus file can be improved.
Step S203: the regularity score of the hierarchical path information of each hierarchy is calculated.
In practical application, after hierarchical division is performed on path information of each target file to obtain corresponding hierarchical path information, the regularity score of the hierarchical path information of each hierarchy can be calculated.
In a specific application scenario, the total number of non-repeated paths of the hierarchical path information of the same hierarchy may be counted first, taking the hierarchical path information of the second hierarchy as an example, the total number of non-repeated paths in all the hierarchical path information belonging to the second hierarchy may be counted, it should be noted that, the total number of non-repeated paths refers to the number of different paths in the same hierarchy, taking the target file path information as D/ruanjian/zhangsan/cdf and E/ruanjian/liusi/wpo as examples, when the target file path information is divided in order from beginning to end, the first hierarchical path information of D/ruanjian/zhangsan/cdf is D, the second hierarchical path information is ruanjian, the third hierarchical path information is zhangsan, the fourth hierarchical path information is ruf, the first hierarchical path information of E/ruanjian/liusi/wpo is E, the second hierarchical path information is rujn, the third hierarchical path information is liusi, and the fourth hierarchical path information is wpo; then the total number of non-repeated paths of the first level path information of the two target file path information of D/ruanjian/zhangsan/cdf and E/ruanjian/liusi/wpo is 2, the total number of non-repeated paths of the second level path information is 1, and the total number of non-repeated paths of the third level path information and the fourth level path information is 2; then for each hierarchical level of hierarchical path information, a regularity score of the hierarchical level path information is calculated based on the total number of non-duplicate paths and the total number of target file path information.
Specifically, the ratio of the total number of non-repeated paths of the hierarchical path information of each hierarchy to the total number of the target file path information can be directly used as the regularity score of the hierarchical path information, and the total number of the target file path information is 2 when the target file path information is D/ruanjian/zhangsan/cdf and E/ruanjian/liusi/wpo, the regularity score of the first hierarchical path information is 2/2=1, the regularity score of the second hierarchical path information is 1/2=0.5, and the regularity score of the third hierarchical path information and the fourth hierarchical path information is 2/2=1; of course, the regularity score of the hierarchical path information of each hierarchy may also be determined based on the variance principle, and the step of calculating the regularity score of the hierarchical path information based on the total number of non-repeated paths and the total number of the target file path information may be specifically: calculating the total value of the total number of all non-repeated paths; calculating the quotient of the total value and the total number of the path information of the target file; for each hierarchical path information, calculating the variance of the total number of non-repeated paths and the quotient value of the hierarchical path information, and taking the variance as the regularity score of the hierarchical path information. Of course, the regularity score of the hierarchical path information of each hierarchy may be determined in other manners, and the present application is not limited herein, for example, a ratio of a total number of non-duplicate paths of each hierarchy to a total number of hierarchical levels of the target file path information may be used as the regularity score of the hierarchical path information.
Step S204: and judging whether the target file is a virus file or not based on the regularity score of the hierarchical path information of each hierarchy.
In practical application, after the regularity score of the hierarchical path information of each hierarchy is calculated, whether the target file is a virus file can be determined based on the regularity score of the hierarchical path information of each hierarchy, for example, an average value of all the regularity scores can be calculated based on the weight of each regularity score, then whether the average value is greater than a preset threshold value is determined, if yes, the target file is determined to be a virus file, and if not, the target file is determined to be a normal file. In a specific application scenario, in order to further improve the accuracy of judging the target file, after the target file is judged to be a virus file, further judgment can be performed on the target file based on static characteristics of the target file.
For a description of the relevant steps in this embodiment, please refer to the above embodiment, and the description is omitted herein.
In practical application, the effectiveness and invalidity of the hierarchical path information obtained by dividing the target file path information exist, that is, the hierarchical path information may act on the determination result of whether the target file is a virus file or not, and may also not act on the determination result of whether the target file is a virus file, so in order to improve the operation efficiency of the application, when determining whether the target file is a virus file based on the regularity of the target file path information, the hierarchical division may be performed on each target file path information to obtain corresponding hierarchical path information; selecting a preset number of hierarchical path information as target hierarchical path information; calculating the regularity score of each target level path information; and judging whether the target file is a virus file or not based on the regularity score of the path information of each target level. That is, only part of the hierarchical information in the path information of the target file can be analyzed to determine whether the target file is a virus file; in this embodiment, the process of hierarchically dividing each piece of target file path information to obtain corresponding hierarchical path information may refer to the above embodiment, that is, the target file path information is hierarchically divided in the order from the beginning to the end or from the end to the beginning, and accordingly, when a preset number of pieces of hierarchical path information are selected as target hierarchical path information, the preset number of pieces of hierarchical path information may be selected as target hierarchical path information according to the division order, and the target file path information is D/ruanjian/zhangsan/cdf, and the preset number is 2, where the target hierarchical path information is D and ruanjian when the target file path information is divided in the order from the end to the beginning, and the target hierarchical path information is cdf and zhangsan when the target file path information is divided in the order from the end to the end; in this embodiment, the process of calculating the regularity score of each target level path information and determining whether the target file is a virus file based on the regularity score of each target level path information may be referred to the description in other embodiments of the present application, and will not be described herein. It should be noted that, the number of the target level path information may be determined empirically according to the historical judgment on the target file, or according to the requirements of the operation efficiency, the detection accuracy and the like of the virus file detection method provided in the present application, for example, the critical path information for determining whether the target file is a virus file is the third and fourth level path information in the target path file information, in order to achieve both the operation efficiency and the detection accuracy, the number of the target level path information may be set to 4, and when the higher detection accuracy is required, the number of the target level path information may be set to 5, 6 and the like.
Referring to fig. 3, fig. 3 is a third flowchart of a method for detecting a virus file according to an embodiment of the present application.
The method for detecting the virus file provided by the embodiment of the application can comprise the following steps:
step S301: and acquiring target file path information of the target file on the equipment.
Step S302: and carrying out hierarchical division on the path information of each target file to obtain corresponding hierarchical path information.
Step S303: calculating the regularity score of the hierarchical path information of each hierarchy;
step S304: and carrying out feature fusion on each regularity score to obtain a fusion regularity score.
In practical application, since the rule of the file path of the virus file is difficult to determine, the target file can be judged by means of a trained virus file classification model, and the virus file classification model can be a model trained by a machine learning algorithm, such as a model trained by a neural network algorithm. In a specific application scenario, in order to improve the classification accuracy of the virus file classification model, feature fusion can be performed on each regularity score to obtain a fused regularity score, that is, all the regularity scores are fused into one regularity score, for example, all the regularity scores are fused into one vector, the vector is used as the fused regularity score, and all the regularity scores participate in the judgment process of the target file.
Specifically, in order to further improve the accuracy of judging the target file, the input data of the virus file classification model can be further enriched, then feature fusion is carried out on each regularity score, when the fused regularity score is obtained, each regularity score and the file information features of the target file can be fused, and the fused regularity score is obtained, wherein the file information features comprise static feature information and version information. Specifically, when the regularity scores and the file information features of the target file are fused, the regularity scores and the file information features of the target file can be fused through a bayesian decision theory algorithm, and other algorithms can be adopted to fuse the regularity scores and the file information features of the target file, such as a sparse representation theory algorithm, a deep learning theory algorithm and the like.
Step S305: and inputting the fusion regularity score into a pre-trained virus file classification model, wherein the virus file classification model is used for judging whether the target file is a virus file or not based on the fusion regularity score.
Step S306: and obtaining a judging result of the virus file classification model.
In practical application, after obtaining the fusion regularity score, the fusion regularity score may be input to a pre-trained virus file classification model, and then a discrimination result of the virus file classification model is obtained, and whether the target file is a virus file is determined based on the discrimination result.
For a description of the relevant steps in this embodiment, please refer to the above embodiment, and the description is omitted herein.
The application also provides a virus file detection system which has the corresponding effect of the virus file detection method. Referring to fig. 4, fig. 4 is a schematic structural diagram of a virus file detection system according to an embodiment of the present application.
The virus file detection system provided in the embodiment of the application may include:
a first obtaining module 101, configured to obtain target file path information of a target file on a device;
the first determining module 102 is configured to determine whether the target file is a virus file based on the regularity of the path information of the target file.
The first determining module may include:
the first dividing sub-module is used for carrying out hierarchical division on the path information of each target file to obtain corresponding hierarchical path information;
the first calculation sub-module is used for calculating the regularity score of the hierarchical path information of each hierarchy;
and the first judging sub-module is used for judging whether the target file is a virus file or not based on the regularity score of the hierarchical path information of each hierarchy.
The first determining module may include:
the second dividing sub-module is used for carrying out hierarchical division on the path information of each target file to obtain corresponding hierarchical path information;
the first selecting sub-module is used for selecting the preset number of hierarchical path information as target hierarchical path information;
the second calculation sub-module is used for calculating the regularity score of the path information of each target level;
and the second judging sub-module is used for judging whether the target file is a virus file or not based on the regularity score of the path information of each target level.
The embodiment of the application provides a virus file detection system, a first dividing sub-module may include:
and the first dividing unit is used for carrying out hierarchical division on the target file path information according to the division sequence from the tail to the head by taking each connection character in the target file path information as a hierarchical division symbol for each target file path information.
The embodiment of the application provides a virus file detection system, a first dividing sub-module may include:
the first analyzing unit is used for analyzing the type of the target file;
the second dividing unit is used for carrying out hierarchical division on the target file path information according to the division sequence from beginning to end by taking each connection character in the target file path information as a hierarchical division symbol for each target file path information when the type of the target file is a document;
And the third dividing unit is used for carrying out hierarchical division on the target file path information according to the division sequence from the tail to the head by taking each connection character in the target file path information as a hierarchical division symbol for each target file path information when the type of the target file is an executable file.
The embodiment of the application provides a virus file detection system, a first calculation submodule may include:
a first statistics sub-module for counting total number of non-repeated paths of hierarchical path information of the same hierarchy;
and a second calculation sub-module for calculating, for each hierarchical level of hierarchical path information, a regularity score of the hierarchical level path information based on the total number of non-duplicate paths and the total number of target file path information.
The embodiment of the present application provides a virus file detection system, where the second computing sub-module may include:
a first calculation unit configured to calculate a total value of a total number of all non-duplicate paths;
a second calculation unit for calculating a quotient of the total number and the total number of the target file path information;
and a third calculation unit for calculating, for each hierarchical path information, a variance of a sum of non-duplicate paths and a quotient of the hierarchical path information, and taking the variance as a regularity score of the hierarchical path information.
The virus file detection system provided in the embodiment of the present application is applied to virus file detection equipment, and the first judging submodule may include:
the first fusion submodule is used for carrying out feature fusion on each regularity score to obtain a fusion regularity score;
the first input submodule is used for inputting the fusion regularity score into a pre-trained virus file classification model, and the virus file classification model is used for judging whether the target file is a virus file or not based on the fusion regularity score;
the first acquisition submodule is used for acquiring a judging result of the virus file classification model.
The embodiment of the application provides a virus file detection system, a first fusion submodule may include:
and the second fusion sub-module is used for fusing the regularity scores and file information features of the target file to obtain fused regularity scores, wherein the file information features comprise static feature information and version information.
The virus file detection system provided in the embodiment of the present application is applied to virus file detection equipment, and the second fusion submodule may include:
the first fusion unit is used for fusing the regularity scores and the file information characteristics of the target file through a Bayesian decision theory algorithm.
The virus file detection system provided in the embodiment of the present application is applied to virus file detection equipment, and the first obtaining module may include:
the first selecting unit is used for selecting a preset number of historical file path information as a preset number of target file path information in the historical file path information set when the target files are located in different devices or the same device.
The embodiment of the application provides a virus file detection system, a first obtaining module may include:
the second selecting unit is used for selecting a preset number of target devices carrying the target file in the target network structure to which the target file belongs;
and the first acquisition unit is used for acquiring the target file path information of the target files in each target device.
The application also provides a virus file detection device and a computer readable storage medium, which have the corresponding effects of the virus file detection method provided by the embodiment of the application. Referring to fig. 5, fig. 5 is a schematic structural diagram of a virus file detection apparatus according to an embodiment of the present application.
The virus file detection device provided in the embodiment of the present application includes a memory 201 and a processor 202, where the memory 201 stores a computer program, and the processor 202 implements the following steps when executing the computer program stored in the memory 201:
Acquiring target file path information of a target file on different equipment or the same equipment;
and judging whether the target file is a virus file or not based on the regularity of the path information of the target file.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: carrying out hierarchical division on the path information of each target file to obtain corresponding hierarchical path information; calculating the regularity score of the hierarchical path information of each hierarchy; and judging whether the target file is a virus file or not based on the regularity score of the hierarchical path information of each hierarchy.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: carrying out hierarchical division on the path information of each target file to obtain corresponding hierarchical path information; selecting a preset number of hierarchical path information as target hierarchical path information; calculating the regularity score of each target level path information; and judging whether the target file is a virus file or not based on the regularity score of the path information of each target level.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: for each target file path information, each connection character in the target file path information is used as a hierarchy divider, and the target file path information is hierarchically divided according to the division sequence from the tail to the head.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: analyzing the type of the target file; if the type of the target file is a document, regarding each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from beginning to end; if the type of the target file is an executable file, for each target file path information, each connection character in the target file path information is used as a hierarchy divider, and the target file path information is hierarchically divided according to the division sequence from tail to head.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: counting the total number of non-repeated paths of the hierarchical path information of the same hierarchy; for each hierarchy of hierarchy path information, a regularity score of the hierarchy path information is calculated based on the total number of non-duplicate paths and the total number of target file path information.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: calculating the total value of the total number of all non-repeated paths; calculating the quotient of the total value and the total number of the path information of the target file; for each hierarchical path information, calculating the variance of the total number of non-repeated paths and the quotient value of the hierarchical path information, and taking the variance as the regularity score of the hierarchical path information.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: feature fusion is carried out on each regularity score to obtain a fusion regularity score; inputting the fusion regularity score into a pre-trained virus file classification model, wherein the virus file classification model is used for judging whether the target file is a virus file or not based on the fusion regularity score; and obtaining a judging result of the virus file classification model.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: and fusing the regularity scores and file information features of the target file to obtain fused regularity scores, wherein the file information features comprise static feature information and version information.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: and fusing the file information characteristics of each regularity score and the target file through a Bayesian decision theory algorithm.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: and selecting a preset number of historical file path information as a preset number of target file path information in the historical file path information set when the target files are located in different devices or the same device.
The virus file detection device provided by the embodiment of the application comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor specifically realizes the following steps when executing the computer program stored in the memory: selecting a preset number of target devices carrying the target file from a target network structure to which the target file belongs; and acquiring target file path information of the target files in each target device.
Referring to fig. 6, another virus file detection apparatus provided in an embodiment of the present application may further include: an input port 203 connected to the processor 202 for transmitting an externally input command to the processor 202; a display unit 204 connected to the processor 202, for displaying the processing result of the processor 202 to the outside; and the communication module 205 is connected with the processor 202 and is used for realizing communication between the virus file detection device and the outside. The display unit 204 may be a display panel, a laser scanning display, or the like; communication means employed by the communication module 205 include, but are not limited to, mobile high definition link technology (HML), universal Serial Bus (USB), high Definition Multimedia Interface (HDMI), wireless connection: wireless fidelity (WiFi), bluetooth communication, bluetooth low energy communication, ieee802.11s based communication.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented:
acquiring target file path information of a target file on different devices or the same device, wherein the target file path information comprises file paths of the target file on the device;
and judging whether the target file is a virus file or not based on the regularity of the path information of the target file.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: carrying out hierarchical division on the path information of each target file to obtain corresponding hierarchical path information; calculating the regularity score of the hierarchical path information of each hierarchy; and judging whether the target file is a virus file or not based on the regularity score of the hierarchical path information of each hierarchy.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: carrying out hierarchical division on the path information of each target file to obtain corresponding hierarchical path information; selecting a preset number of hierarchical path information as target hierarchical path information; calculating the regularity score of each target level path information; and judging whether the target file is a virus file or not based on the regularity score of the path information of each target level.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: for each target file path information, each connection character in the target file path information is used as a hierarchy divider, and the target file path information is hierarchically divided according to the division sequence from the tail to the head.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: analyzing the type of the target file; if the type of the target file is a document, regarding each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from beginning to end; if the type of the target file is an executable file, for each target file path information, each connection character in the target file path information is used as a hierarchy divider, and the target file path information is hierarchically divided according to the division sequence from tail to head.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: counting the total number of non-repeated paths of the hierarchical path information of the same hierarchy; for each hierarchy of hierarchy path information, a regularity score of the hierarchy path information is calculated based on the total number of non-duplicate paths and the total number of target file path information.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: calculating the total value of the total number of all non-repeated paths; calculating the quotient of the total value and the total number of the path information of the target file; for each hierarchical path information, calculating the variance of the total number of non-repeated paths and the quotient value of the hierarchical path information, and taking the variance as the regularity score of the hierarchical path information.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: feature fusion is carried out on each regularity score to obtain a fusion regularity score; inputting the fusion regularity score into a pre-trained virus file classification model, wherein the virus file classification model is used for judging whether the target file is a virus file or not based on the fusion regularity score; and obtaining a judging result of the virus file classification model.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: and fusing the regularity scores and file information features of the target file to obtain fused regularity scores, wherein the file information features comprise static feature information and version information.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: and fusing the file information characteristics of each regularity score and the target file through a Bayesian decision theory algorithm.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: and selecting a preset number of historical file path information as a preset number of target file path information in the historical file path information set when the target files are located in different devices or the same device.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are specifically implemented: selecting a preset number of target devices carrying the target file from a target network structure to which the target file belongs; obtaining target file path information of target files in each target device
The computer readable storage medium referred to in this application includes Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The description of the related parts in the virus file detection system, the device and the computer readable storage medium provided in the embodiments of the present application is referred to the detailed description of the corresponding parts in the virus file detection method provided in the embodiments of the present application, and will not be repeated here. In addition, the parts of the above technical solutions provided in the embodiments of the present application, which are consistent with the implementation principles of the corresponding technical solutions in the prior art, are not described in detail, so that redundant descriptions are avoided.
It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (12)
1. A method for detecting a virus file, comprising:
acquiring target file path information of a target file on equipment;
judging whether the target file is a virus file or not based on the regularity of the path information of the target file;
wherein the determining whether the target file is a virus file based on the regularity of the target file path information includes:
carrying out hierarchical division on each target file path information to obtain corresponding hierarchical path information;
and judging whether the target file is a virus file or not based on the regularity score of the hierarchical path information.
2. The method of claim 1, wherein the determining whether the target file is a virus file based on the regularity score of the hierarchical path information comprises:
Calculating the regularity score of the hierarchical path information of each hierarchy;
and judging whether the target file is a virus file or not based on the regularity score of the hierarchical path information of each hierarchy.
3. The method of claim 1, wherein the determining whether the target file is a virus file based on the regularity score of the hierarchical path information comprises:
selecting a preset number of hierarchical path information as target hierarchical path information;
calculating the regularity score of each target level path information;
and judging whether the target file is a virus file or not based on the regularity score of each target level path information.
4. A method according to claim 2 or 3, wherein said hierarchically dividing each of said target file path information comprises:
and for each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from the tail to the head.
5. A method according to claim 2 or 3, wherein said hierarchically dividing each of said target file path information comprises:
Analyzing the type of the target file;
if the type of the target file is a document, regarding each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from beginning to end;
and if the type of the target file is an executable file, regarding each piece of target file path information, taking each connection character in the target file path information as a hierarchy divider, and performing hierarchy division on the target file path information according to the division sequence from the tail to the head.
6. The method of claim 2, wherein said calculating the regularity score of the hierarchical path information for each hierarchy comprises:
counting the total number of non-repeated paths of the hierarchical path information of the same hierarchy;
the regularity score for the hierarchical path information for each hierarchy is calculated based on the total number of non-duplicate paths for each hierarchy and the total number of target file path information.
7. The method of claim 6, wherein the calculating the regularity score for the hierarchical path information based on the total number of non-duplicate paths and the total number of target file path information comprises:
Calculating the total value of all the total non-repeated paths;
calculating the quotient of the total value and the total number of the target file path information;
and calculating the variance of the total number of the non-repeated paths and the quotient value of each level, and taking the variance as the regularity score of the level path information.
8. The method of claim 2, wherein the determining whether the target file is a virus file based on the regularity score of the hierarchical path information of each hierarchy includes:
feature fusion is carried out on each regularity score to obtain a fusion regularity score;
inputting the fusion regularity score into a pre-trained virus file classification model, wherein the virus file classification model judges whether the target file is a virus file or not based on the fusion regularity score;
and obtaining a judging result of the virus file classification model.
9. The method of claim 8, wherein feature fusing each of the regularity scores to obtain a fused regularity score comprises:
and fusing the regularity scores and file information features of the target file to obtain the fused regularity scores, wherein the file information features comprise static feature information and version information.
10. A virus file detection system, comprising:
the first acquisition module is used for acquiring target file path information of a target file on equipment;
the first judging module is used for judging whether the target file is a virus file or not based on the regularity of the path information of the target file;
the first judging module is specifically configured to: carrying out hierarchical division on each target file path information to obtain corresponding hierarchical path information; and judging whether the target file is a virus file or not based on the regularity score of the hierarchical path information.
11. A virus file detection apparatus, characterized by comprising:
a memory for storing a computer program;
a processor for implementing the steps of the virus file detection method according to any one of claims 1 to 9 when executing said computer program.
12. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when executed by a processor, implements the steps of the virus file detection method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910527253.7A CN112100618B (en) | 2019-06-18 | 2019-06-18 | Virus file detection method, system, equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910527253.7A CN112100618B (en) | 2019-06-18 | 2019-06-18 | Virus file detection method, system, equipment and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112100618A CN112100618A (en) | 2020-12-18 |
| CN112100618B true CN112100618B (en) | 2023-12-29 |
Family
ID=73749332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910527253.7A Active CN112100618B (en) | 2019-06-18 | 2019-06-18 | Virus file detection method, system, equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112100618B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113569206A (en) * | 2021-06-30 | 2021-10-29 | 深信服科技股份有限公司 | Software identification method, system, equipment and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6721721B1 (en) * | 2000-06-15 | 2004-04-13 | International Business Machines Corporation | Virus checking and reporting for computer database search results |
| KR100468372B1 (en) * | 2004-04-09 | 2005-01-31 | 주식회사 잉카인터넷 | Apparatus and method for intercepting and detecting network virus using monitoring SMB/CIFS |
| CN102034047A (en) * | 2010-12-21 | 2011-04-27 | 姚志浩 | Automatic protection method for computer virus |
| CN106682511A (en) * | 2016-10-31 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Suspected virus file collection method and device |
| CN106709341A (en) * | 2016-06-30 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Virus processing method and device capable of aiming at file package |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6590481B2 (en) * | 2012-12-07 | 2019-10-16 | キヤノン電子株式会社 | Virus intrusion route specifying device, virus intrusion route specifying method and program |
| RU2622629C2 (en) * | 2015-03-31 | 2017-06-16 | Закрытое акционерное общество "Лаборатория Касперского" | Method of searching for the road by tree |
| CN106997367B (en) * | 2016-01-26 | 2020-05-08 | 华为技术有限公司 | Program file classification method, classification device and classification system |
| US10313369B2 (en) * | 2017-09-27 | 2019-06-04 | Symantec Corporation | Blocking malicious internet content at an appropriate hierarchical level |
-
2019
- 2019-06-18 CN CN201910527253.7A patent/CN112100618B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6721721B1 (en) * | 2000-06-15 | 2004-04-13 | International Business Machines Corporation | Virus checking and reporting for computer database search results |
| KR100468372B1 (en) * | 2004-04-09 | 2005-01-31 | 주식회사 잉카인터넷 | Apparatus and method for intercepting and detecting network virus using monitoring SMB/CIFS |
| CN102034047A (en) * | 2010-12-21 | 2011-04-27 | 姚志浩 | Automatic protection method for computer virus |
| CN106709341A (en) * | 2016-06-30 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Virus processing method and device capable of aiming at file package |
| CN106682511A (en) * | 2016-10-31 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Suspected virus file collection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112100618A (en) | 2020-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111382430B (en) | System and method for classifying objects of a computer system | |
| US10785241B2 (en) | URL attack detection method and apparatus, and electronic device | |
| KR102092691B1 (en) | Web page training methods and devices, and search intention identification methods and devices | |
| EP3467675B1 (en) | Mining method and server for social network account of target subject, and storage medium | |
| TWI451273B (en) | Method, system, and computer readable medium for link spam detection using smooth classification function | |
| US20150154305A1 (en) | Method of automated discovery of topics relatedness | |
| JP2020505707A (en) | Continuous learning for intrusion detection | |
| CN105447113B (en) | A kind of information analysis method based on big data | |
| De Souza et al. | Two-step ensemble approach for intrusion detection and identification in IoT and fog computing environments | |
| JP2019057268A (en) | System and method of machine learning of malware detection model | |
| CN103780453A (en) | Multilayer chat detection and classification | |
| US20140067784A1 (en) | Webpage information detection method and system | |
| CN103530365A (en) | Method and system for acquiring downloading link of resources | |
| Bhalerao et al. | Mapping the underground: Supervised discovery of cybercrime supply chains | |
| JP2020115320A (en) | System and method for detecting malicious file | |
| Boididou et al. | Learning to detect misleading content on twitter | |
| US20160314398A1 (en) | Attitude Detection | |
| CN109492118A (en) | A kind of data detection method and detection device | |
| CN107085568A (en) | A kind of text similarity method of discrimination and device | |
| CN113297840A (en) | Malicious traffic account detection method, device, equipment and storage medium | |
| CN112100618B (en) | Virus file detection method, system, equipment and computer storage medium | |
| CN111988327B (en) | Threat behavior detection and model establishment method and device, electronic equipment and storage medium | |
| JP6777612B2 (en) | Systems and methods to prevent data loss in computer systems | |
| Chai et al. | Assessing post usage for measuring the quality of forum posts | |
| CN105631336A (en) | System and method for detecting malicious files on mobile device, and computer program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |