CN100437614C - 未知病毒程序的识别及清除方法 - Google Patents
未知病毒程序的识别及清除方法 Download PDFInfo
- Publication number
- CN100437614C CN100437614C CNB200610007610XA CN200610007610A CN100437614C CN 100437614 C CN100437614 C CN 100437614C CN B200610007610X A CNB200610007610X A CN B200610007610XA CN 200610007610 A CN200610007610 A CN 200610007610A CN 100437614 C CN100437614 C CN 100437614C
- Authority
- CN
- China
- Prior art keywords
- program
- virus
- behavioral data
- detected
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 268
- 238000000034 method Methods 0.000 title claims abstract description 178
- 230000003542 behavioural effect Effects 0.000 claims description 189
- 230000001066 destructive effect Effects 0.000 claims description 59
- 230000014509 gene expression Effects 0.000 claims description 44
- 230000006399 behavior Effects 0.000 abstract description 189
- 238000004140 cleaning Methods 0.000 abstract 1
- 230000006870 function Effects 0.000 description 30
- 230000008569 process Effects 0.000 description 24
- 238000013459 approach Methods 0.000 description 10
- 230000006378 damage Effects 0.000 description 5
- 238000012217 deletion Methods 0.000 description 5
- 230000037430 deletion Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000002155 anti-virotic effect Effects 0.000 description 4
- 230000000295 complement effect Effects 0.000 description 4
- 238000011084 recovery Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 241001269238 Data Species 0.000 description 3
- 230000035772 mutation Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 239000012467 final product Substances 0.000 description 2
- 230000013011 mating Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000005192 partition Methods 0.000 description 2
- 230000000505 pernicious effect Effects 0.000 description 2
- 239000002574 poison Substances 0.000 description 2
- 231100000614 poison Toxicity 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000001256 tonic effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 241000726445 Viroids Species 0.000 description 1
- 239000002253 acid Substances 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000007115 recruitment Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009385 viral infection Effects 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims (10)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB200610007610XA CN100437614C (zh) | 2005-11-16 | 2006-02-15 | 未知病毒程序的识别及清除方法 |
US12/093,948 US20080289042A1 (en) | 2005-11-16 | 2006-10-31 | Method for Identifying Unknown Virus and Deleting It |
EP06805121A EP1950663A1 (en) | 2005-11-16 | 2006-10-31 | A method for identifying unknown virus and deleting it |
PCT/CN2006/002920 WO2007056933A1 (fr) | 2005-11-16 | 2006-10-31 | Procede pour identifier des virus inconnus et les supprimer |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200510114945 | 2005-11-16 | ||
CN200510114945.7 | 2005-11-16 | ||
CNB200610007610XA CN100437614C (zh) | 2005-11-16 | 2006-02-15 | 未知病毒程序的识别及清除方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1936910A CN1936910A (zh) | 2007-03-28 |
CN100437614C true CN100437614C (zh) | 2008-11-26 |
Family
ID=37954410
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB200610007610XA Expired - Fee Related CN100437614C (zh) | 2005-11-16 | 2006-02-15 | 未知病毒程序的识别及清除方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20080289042A1 (zh) |
EP (1) | EP1950663A1 (zh) |
CN (1) | CN100437614C (zh) |
WO (1) | WO2007056933A1 (zh) |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8161548B1 (en) | 2005-08-15 | 2012-04-17 | Trend Micro, Inc. | Malware detection using pattern classification |
US7840958B1 (en) * | 2006-02-17 | 2010-11-23 | Trend Micro, Inc. | Preventing spyware installation |
TWI401582B (zh) * | 2008-11-17 | 2013-07-11 | Inst Information Industry | 用於一硬體之監控裝置、監控方法及其電腦程式產品 |
CN101739519B (zh) * | 2008-11-24 | 2013-01-16 | 财团法人资讯工业策进会 | 用于一硬件的监控装置及监控方法 |
KR101051641B1 (ko) * | 2010-03-30 | 2011-07-26 | 주식회사 안철수연구소 | 이동통신 단말 및 이를 이용한 행위기반 악성 코드 진단 방법 |
CN101924762B (zh) | 2010-08-18 | 2013-02-27 | 北京奇虎科技有限公司 | 一种基于云安全的主动防御方法 |
CN101923617B (zh) * | 2010-08-18 | 2013-03-20 | 北京奇虎科技有限公司 | 一种基于云的样本数据库动态维护方法 |
CN103106366B (zh) * | 2010-08-18 | 2016-05-04 | 北京奇虎科技有限公司 | 一种基于云的样本数据库动态维护方法 |
US8782791B2 (en) * | 2010-12-01 | 2014-07-15 | Symantec Corporation | Computer virus detection systems and methods |
CN102542186A (zh) * | 2010-12-15 | 2012-07-04 | 财团法人资讯工业策进会 | 恶意程序检测装置以及恶意程序检测方法 |
EP2584488B1 (en) * | 2011-09-20 | 2016-02-10 | Kaspersky Lab, ZAO | System and method for detecting computer security threats based on verdicts of computer users |
US8745578B2 (en) | 2011-12-04 | 2014-06-03 | International Business Machines Corporation | Eliminating false-positive reports resulting from static analysis of computer software |
CN102663286B (zh) | 2012-03-21 | 2015-05-06 | 北京奇虎科技有限公司 | 一种病毒apk的识别方法及装置 |
US9439077B2 (en) * | 2012-04-10 | 2016-09-06 | Qualcomm Incorporated | Method for malicious activity detection in a mobile station |
CN102708320B (zh) * | 2012-05-04 | 2015-05-06 | 北京奇虎科技有限公司 | 一种病毒apk的识别方法及装置 |
CN102867144B (zh) * | 2012-09-06 | 2015-08-19 | 北京奇虎科技有限公司 | 一种用于检测和清除计算机病毒的方法和装置 |
CN103678109B (zh) * | 2012-09-25 | 2018-01-05 | 腾讯科技(深圳)有限公司 | 一种转储文件分析方法、装置和*** |
CN104253797A (zh) * | 2013-06-27 | 2014-12-31 | 贝壳网际(北京)安全技术有限公司 | 蠕虫病毒的识别方法及装置 |
JP6084556B2 (ja) * | 2013-12-02 | 2017-02-22 | 日本電信電話株式会社 | バイト列抽出装置、バイト列抽出方法、および、バイト列抽出プログラム |
CN103927483B (zh) * | 2014-04-04 | 2016-11-16 | 西安电子科技大学 | 用于检测恶意程序的判定模型及恶意程序的检测方法 |
CN104573515A (zh) * | 2014-12-19 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | 一种病毒处理方法、装置和*** |
CN105488394B (zh) * | 2014-12-27 | 2018-06-12 | 哈尔滨安天科技股份有限公司 | 一种面向蜜罐***进行入侵行为识别和分类的方法及*** |
US10187410B2 (en) * | 2015-06-30 | 2019-01-22 | Microsoft Technology Licensing, Llc | Automatically preventing and remediating network abuse |
CN105912932A (zh) * | 2016-04-08 | 2016-08-31 | 周宏斌 | 一种威胁行为检测***和方法 |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030159064A1 (en) * | 2002-02-15 | 2003-08-21 | Kabushiki Kaisha Toshiba | Computer virus generation detection apparatus and method |
CN1147795C (zh) * | 2001-04-29 | 2004-04-28 | 北京瑞星科技股份有限公司 | 检测和清除已知及未知计算机病毒的方法、*** |
CN1567118A (zh) * | 2004-03-29 | 2005-01-19 | 四川大学 | 一种计算机病毒检测和识别***及方法 |
CN1625121A (zh) * | 2003-12-05 | 2005-06-08 | 中国科学技术大学 | 一种分层协同的网络病毒和恶意代码识别方法 |
CN1707383A (zh) * | 2004-06-10 | 2005-12-14 | 陈朝晖 | 通过进程和***轨迹分析阻断计算机病毒方法 |
CN1801031A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 运用程序行为知识库判断已知程序被攻击的方法 |
CN1801030A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 一种区分有害程序行为的方法 |
CN1818823A (zh) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | 基于程序行为分析的计算机防护方法 |
CN1889004A (zh) * | 2005-06-29 | 2007-01-03 | 联想(北京)有限公司 | 一种病毒处理方法 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005527873A (ja) * | 2001-09-14 | 2005-09-15 | コンピュータ アソシエイツ シンク,インコーポレイテッド | ウイルス検知システム |
US7409717B1 (en) * | 2002-05-23 | 2008-08-05 | Symantec Corporation | Metamorphic computer virus detection |
CN1308846C (zh) * | 2002-12-16 | 2007-04-04 | 联想(北京)有限公司 | 在硬盘上实现保护计算机操作***的方法 |
-
2006
- 2006-02-15 CN CNB200610007610XA patent/CN100437614C/zh not_active Expired - Fee Related
- 2006-10-31 WO PCT/CN2006/002920 patent/WO2007056933A1/zh active Application Filing
- 2006-10-31 EP EP06805121A patent/EP1950663A1/en not_active Withdrawn
- 2006-10-31 US US12/093,948 patent/US20080289042A1/en not_active Abandoned
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1147795C (zh) * | 2001-04-29 | 2004-04-28 | 北京瑞星科技股份有限公司 | 检测和清除已知及未知计算机病毒的方法、*** |
US20030159064A1 (en) * | 2002-02-15 | 2003-08-21 | Kabushiki Kaisha Toshiba | Computer virus generation detection apparatus and method |
CN1625121A (zh) * | 2003-12-05 | 2005-06-08 | 中国科学技术大学 | 一种分层协同的网络病毒和恶意代码识别方法 |
CN1567118A (zh) * | 2004-03-29 | 2005-01-19 | 四川大学 | 一种计算机病毒检测和识别***及方法 |
CN1707383A (zh) * | 2004-06-10 | 2005-12-14 | 陈朝晖 | 通过进程和***轨迹分析阻断计算机病毒方法 |
CN1801031A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 运用程序行为知识库判断已知程序被攻击的方法 |
CN1801030A (zh) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | 一种区分有害程序行为的方法 |
CN1818823A (zh) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | 基于程序行为分析的计算机防护方法 |
CN1889004A (zh) * | 2005-06-29 | 2007-01-03 | 联想(北京)有限公司 | 一种病毒处理方法 |
Also Published As
Publication number | Publication date |
---|---|
CN1936910A (zh) | 2007-03-28 |
EP1950663A1 (en) | 2008-07-30 |
WO2007056933A1 (fr) | 2007-05-24 |
US20080289042A1 (en) | 2008-11-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100437614C (zh) | 未知病毒程序的识别及清除方法 | |
CN100465978C (zh) | 被病毒程序破坏的数据恢复方法、装置及病毒清除方法 | |
US9715588B2 (en) | Method of detecting a malware based on a white list | |
Siddiqui et al. | Detecting internet worms using data mining techniques | |
CN101281571B (zh) | 防御未知病毒程序的方法 | |
CN100485703C (zh) | 一种计算机恶意代码处理方法和*** | |
CN102012987B (zh) | 自动二进制恶意代码行为分析*** | |
US20020162015A1 (en) | Method and system for scanning and cleaning known and unknown computer viruses, recording medium and transmission medium therefor | |
CN107004089A (zh) | 恶意软件检测方法及其*** | |
Dube et al. | Malware target recognition via static heuristics | |
LeDoux et al. | Malware and machine learning | |
Xu et al. | Probabilistic program modeling for high-precision anomaly classification | |
CN107103238A (zh) | 用于保护计算机***免遭恶意对象活动侵害的***和方法 | |
Lin et al. | Dimsum: Discovering semantic data of interest from un-mappable memory with confidence | |
CN101183414A (zh) | 一种程序检测的方法、装置及程序分析的方法 | |
WO2017039136A1 (ko) | 소스코드기반 소프트웨어 취약점 공격행위 분석시스템 | |
Le Charlier et al. | Dynamic detection and classification of computer viruses using general behaviour patterns | |
Blokhin et al. | Malware similarity identification using call graph based system call subsequence features | |
Eskandari et al. | To incorporate sequential dynamic features in malware detection engines | |
Ayub et al. | An i/o request packet (irp) driven effective ransomware detection scheme using artificial neural network | |
CN109800569A (zh) | 程序鉴别方法及装置 | |
Angelini et al. | Ropmate: Visually assisting the creation of rop-based exploits | |
Naidu et al. | A syntactic approach for detecting viral polymorphic malware variants | |
Alrabaee et al. | CPA: Accurate cross-platform binary authorship characterization using LDA | |
CN100373287C (zh) | 检测程序操作行为的方法及病毒程序检测、清除方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
ASS | Succession or assignment of patent right |
Free format text: FORMER OWNER: LI WEI LU ZHENGYU Owner name: BEIJING GIVETRUST CORP. Free format text: FORMER OWNER: BAI JIE Effective date: 20110421 |
|
C41 | Transfer of patent application or patent right or utility model | ||
COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100089 203, UNIT 1, BUILDING 16, XIAONANZHUANG, HAIDIAN DISTRICT, BEIJING TO: 100102 3A19, FOUR STORY APT., NO. 1, LIZE MIDDLE 1ST ROAD, CHAOYANG DISTRICT, BEIJING |
|
TR01 | Transfer of patent right |
Effective date of registration: 20110421 Address after: 100102 Beijing city Chaoyang District Lize a road No. 1 4 storey apartment 3A19 Patentee after: Technology Co., Ltd. Beijing Bo Xinyuan Address before: 100089 No. 203, building 16, little Nanzhuang, Beijing, Haidian District Co-patentee before: Li Wei Patentee before: Bai Jie Co-patentee before: Lu Zhengyu |
|
C56 | Change in the name or address of the patentee |
Owner name: PHOTON (BEIJING) INTERNATIONAL INFORMATION ENGINEE Free format text: FORMER NAME: BEIJING GIVETRUST CORP. |
|
CP01 | Change in the name or title of a patent holder |
Address after: 100102 Beijing city Chaoyang District Lize a road No. 1 4 storey apartment 3A19 Patentee after: Photon (Beijing) International Information Engineering Technology Research Co., Ltd. Address before: 100102 Beijing city Chaoyang District Lize a road No. 1 4 storey apartment 3A19 Patentee before: Technology Co., Ltd. Beijing Bo Xinyuan |
|
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081126 Termination date: 20150215 |
|
EXPY | Termination of patent right or utility model |