CN1349166A - Feedback alarm method to network virus source - Google Patents
Feedback alarm method to network virus source Download PDFInfo
- Publication number
- CN1349166A CN1349166A CN 01139003 CN01139003A CN1349166A CN 1349166 A CN1349166 A CN 1349166A CN 01139003 CN01139003 CN 01139003 CN 01139003 A CN01139003 A CN 01139003A CN 1349166 A CN1349166 A CN 1349166A
- Authority
- CN
- China
- Prior art keywords
- virus
- viral
- source
- branch center
- info
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
A feedback type method for alarming virus source on network. The main steps of the method are to build computer virus monitoring module and feedback type of alarming module. The invention can prevent virus from spread about on network.
Description
Technical field
The present invention relates to a kind of method of killing computer virus, specifically, is a kind of to the network virus source feedback alarm method.
Background technology
After computer discovery networking virus, existing killing poison technology is only carried out the killing poison to the computing machine of this locality, and not to the report of the source of this virus, causes virus still to be propagated on network, and the sender self of virus and not know that it sends disease mould.
Summary of the invention
The object of the present invention is to provide a kind ofly, enable to sound a warning and advise,, stop the propagation of networking virus so that networking virus is just carried out killing from the source to the source of virus to the viral source feedback alarm method.
The present invention sets up the feedback alarm method that sounds a warning and advise to the source of virus, and its step comprises sets up two modules: the computer virus monitoring modular of discovery Virus Info and killing virus and the feedback alarm module of alarming to viral source.
The said computer virus monitoring modular of setting up, its function is a monitoring network virus, set up three grades of antivirus system monitoring network viruses, these three grades of virus monitor systems adopt the tree topology structure, a viral central server is positioned at the root of system, and viral branch center server is positioned at the middle layer, and all viral branch center servers link to each other with viral central server, the virus prevention node links to each other with a nearest viral branch center server, has constituted the virus monitor system.After the virus prevention node uses the virus of virus monitor software discovery networking, obtain the source of networked virus, the date that virus arrives, the destination of virus transmission and the principal character of virus etc.; The said feedback alarm module of setting up, its function is killing virus and sounds a warning and advise to the source of virus, the feedback alarm module is located on each virus prevention node, comprise successively and get the Virus Info module and send out alert module to viral source with the killing virus of Virus Info connection, the computer virus monitoring modular is obtained the information of computer virus, send warning by E-mail mode to the source of this virus, and propose to look into poison suggestion and solution.
As above-mentioned, by the inventive method, make the source machine that comes of virus can obtain warning, like this, the killing of internet worm is to carry out on this viral route of transmission, can effectively stop virus to be propagated on network.
Description of drawings
Fig. 1 is the establishment step synoptic diagram of the inventive method.
Fig. 2 is a computer virus monitoring modular synoptic diagram of the present invention.
Fig. 3 is a feedback alarm module diagram of the present invention.
Fig. 4 is a virus feedback sequential synoptic diagram of the present invention.
Embodiment
Provide one embodiment of the present of invention according to Fig. 1~Fig. 3 below, and, further specify establishment step, purpose and the function of the inventive method in conjunction with description to this embodiment.
See also Fig. 1, the step of the inventive method comprises:
A. set up the computer virus monitoring modular 1 of finding Virus Info;
B. the feedback alarm module 2 of setting up killing virus and alarming to viral source (blazer).
See also Fig. 2, as shown in the figure, the computer virus monitoring modular 1 that present embodiment is set up is three grades of monitoring systems of a tree topology, it comprises a viral central server 11 that is positioned at the system root, two viral branch center servers 12 that are positioned at the system middle layer, they connect this virus central server 11 respectively; Five virus prevention nodes 13 are arranged, wherein three virus prevention nodes 13---a personal computer, a small-size computer and a workstation, they connect a viral branch center server 12 respectively; Other two virus prevention nodes 13 a---e-mail server and file server, they are connected with another viral branch center server 12 respectively; Five all virus prevention nodes 13 all report computer virus information to the viral branch center of corresponding (registration) server 12 respectively---and viral record, viral source, virus date of arrival, virus send the principal character of destination and virus etc., should report to viral central server 11 by virus branch center server 12 afterwards, 11 pairs of Virus Infos of this virus central server are added up, are analyzed and create the most current virus storehouse, and this most current virus storehouse is issued to each virus prevention node 13 step by step.
See also Fig. 3, in the present embodiment, all five virus prevention nodes 13 establish feedback alarm module 2 as shown in FIG. respectively, and it comprises successively gets Virus Info module 21 and send out alert module 22 to viral source with the killing virus of Virus Info connection.This virus prevention node 13 that is subjected to the computer virus invasion is accepted just the virus of this invasion to be carried out killing behind the most current virus storehouse, and as shown in Figure 4, viral source computing machine first is sent Email, send virus warning and suggestion, like this, this computing machine first is sent virus warning and suggestion to viral source computing machine second with E-mail mode except the virus that infects is carried out again the killing, thus, viral source is traced, and has stoped it to propagate on network.
Below will the realization that viral central server is 11 be described in detail to virus prevention node 13, intermediate supervision center (viral branch center server 12), hard core control center (viral central server 11) and virus prevention node 13---viral branch center server 12, viral branch center server 12---.(1) LAN (Local Area Network) virus prevention node (virus prevention node 13)
LAN (Local Area Network) virus prevention node comprises multiple function and polytype, look into, kill a ring of taking precautions against as directly carrying out virus in the antivirus system, LAN (Local Area Network) virus prevention node comprises e-mail virus strick precaution server, network file virus prevention server, virus prevention gateway, client virus prevention software etc.To at first realize the virus prevention software of client in the prototype software, and handle at the strick precaution of Email type networking virus emphatically.
The prototype software system adopts the file system monitor mode in client (virus prevention node 13).Client-side program is monitored Outlook or other email client software, and when its receiving E-mail, the variation of monitoring file system is called antivirus engine simultaneously to compare virus characteristic; If antivirus engine is found virus, promptly Virus Info (virus name, mail sources, outbox date, theme, sender, addressee etc.) is also therefrom extracted in virus killing automatically, and report simultaneously is local, and submits Virus Info to viral branch center server 12.After virus prevention node 13 uses the virus of virus monitor software discovery networking, obtain the source of networking virus, the date that virus arrives, the destination that virus sends, the principal characters of virus etc. are reported to the police to viral source by E-mail mode by Virus Info feedback software.(2) viral branch center server 12
Middle rank virus-related management center is that viral branch center server 12 will be safeguarded virus characteristic storehouse and two databases of virus information database.Each viral branch center server 12 server is the acknowledged client end, it comprise virus information database renewal, obtain requests such as up-to-date virus prevention software version, inquiry public information.
To the Virus Info that client is submitted to, each viral branch center server 12 will join these information (virus name, mail sources, outbox date, theme, sender, addressee etc.) in the virus information database automatically.Each viral branch center server 12 will carry out analytic statistics and with report display and printing, provide query function simultaneously to the Virus Info that client is submitted to.
Virus branch center server 12 will regularly be submitted the statistics of relevant Virus Info in the database to viral central server 11.Each viral branch center server 12 can also periodically ask to obtain up-to-date virus prevention software version and relevant virus characteristic storehouse from viral central server 11.(3) core virus-related management center, promptly viral central server 11
Virus is deposited up-to-date virus information database, up-to-date virus characteristic storehouse and virus prevention software version in the central server 11.
Virus central server 11 from 12 pairs of up-to-date virus characteristic storehouses of each viral branch center server of dynamic response, relevant virus information database and the request of virus prevention software upgrading.
To carry out analytic statistics again and provide query function simultaneously the statistical information that all viral branch center servers 12 are submitted in the virus information database of virus central server 11 with report display and printing.(4) client (virus prevention node 13)---intermediate virus-related management center (viral branch center server 12)
Communicating by letter between client and the intermediate virus-related management center is mainly: virus prevention node 13 is to renewal and 12 pairs of virus prevention node 13 request responding of viral branch center server of viral branch center server 12 request virus characteristic storehouse/virus prevention softwares; And virus prevention node 13 is submitted the request of Virus Info and the affirmation of viral branch center server 12 to viral branch center server 12.(5) intermediate virus-related management center (viral branch center server 12)---core virus-related management center (viral central server 11)
Communicating by letter between middle rank virus-related management center and the core virus-related management center is mainly: viral branch center server 12 is to the viral central server 11 storehouses renewal of request virus characteristic and 11 pairs of viral branch centers of viral central server server 12 request responding; And viral branch center server 12 is submitted the request of Virus Info and the affirmation of viral central server 11 to viral central server 11.
Claims (3)
1, a kind of to the network virus source feedback alarm method, its step comprises: a. sets up the computer virus monitoring modular (1) of finding Virus Info; B. the feedback alarm module (2) of setting up killing virus and alarming to viral source.
2, according to claim 1 to the network virus source feedback alarm method, it is characterized in that, the said computer virus monitoring modular (1) of setting up is to make up a tree topology virus monitor system, this system comprises that one is positioned at the viral central server (11) of this monitoring system root and has a viral branch center server (12) that is positioned at this system middle layer at least, all viral branch center servers (12) all connect this viral branch center server (11) respectively, and some virus prevention nodes (13) are arranged, each is taken precautions against node (13) and is connected with a nearest viral branch center server (12) respectively; After a virus prevention node (13) is found computer virus, report this viral branch center server (12) of its registration, this viral central server (12) reports viral central server (11) again, virus central server (11) obtains to generate the most current virus storehouse behind Virus Info, the virus characteristic, and this most current virus storehouse is distributed to each virus prevention node (13) killing virus step by step downwards.
3, according to claim 1 and 2 to the network virus source feedback alarm method, it is characterized in that, the said feedback alarm module (2) of setting up is to make up one to comprise that the killing virus that connects with virus base information successively that is located on each virus prevention node (13) getting Virus Info module (21) and sending out alert module (22) to viral source; After the viral branch center server (12) that virus prevention node (13) is accepted its registration divides the most current virus storehouse send, get Virus Info piece (21) killing virus by the killing virus of establishing thereon, and connect it after Virus Info sent into send out alert module (22) to viral source, this module (22) is sent warning message and suggestion sincere advice with E-mail mode to the computing machine that it is imported into virus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01139003 CN1349166A (en) | 2001-12-03 | 2001-12-03 | Feedback alarm method to network virus source |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01139003 CN1349166A (en) | 2001-12-03 | 2001-12-03 | Feedback alarm method to network virus source |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1349166A true CN1349166A (en) | 2002-05-15 |
Family
ID=4674934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 01139003 Pending CN1349166A (en) | 2001-12-03 | 2001-12-03 | Feedback alarm method to network virus source |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1349166A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104537304A (en) * | 2014-12-31 | 2015-04-22 | 北京奇虎科技有限公司 | File checking and killing method, device and system |
| CN106682507A (en) * | 2016-05-19 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Virus library acquiring method and device, equipment, server and system |
| CN115906079A (en) * | 2022-11-16 | 2023-04-04 | 北京微步在线科技有限公司 | File detection method, file detection system and file detection device |
-
2001
- 2001-12-03 CN CN 01139003 patent/CN1349166A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104537304A (en) * | 2014-12-31 | 2015-04-22 | 北京奇虎科技有限公司 | File checking and killing method, device and system |
| CN106682507A (en) * | 2016-05-19 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Virus library acquiring method and device, equipment, server and system |
| CN106682507B (en) * | 2016-05-19 | 2019-05-14 | 腾讯科技(深圳)有限公司 | The acquisition methods and device of virus base, equipment, server, system |
| US10990672B2 (en) | 2016-05-19 | 2021-04-27 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for obtaining virus library, device, server, and system |
| CN115906079A (en) * | 2022-11-16 | 2023-04-04 | 北京微步在线科技有限公司 | File detection method, file detection system and file detection device |
| CN115906079B (en) * | 2022-11-16 | 2024-06-07 | 北京微步在线科技有限公司 | File detection method, file detection system and file detection device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7921459B2 (en) | System and method for managing security events on a network | |
| US6034970A (en) | Intelligent messaging system and method for providing and updating a message using a communication device, such as a large character display | |
| CN110535722A (en) | A kind of full link operation and monitoring method of the micro services in cross-safety zone domain | |
| US8219663B2 (en) | Method of and apparatus for notification of state changes in a monitored system | |
| CN102156447B (en) | Basic automation-based plant-level equipment management and alarming system and method | |
| Van Renesse et al. | Willow: DHT, aggregation, and publish/subscribe in one protocol | |
| US20020032769A1 (en) | Network management method and system | |
| AU2003227207B2 (en) | centralized PLANT-monitoring controlLER and method | |
| US20020010803A1 (en) | Method, system and apparatus for establishing, monitoring, and managing connectivity for communication among heterogeneous systems | |
| US20050102382A1 (en) | System and method for network management using instant messaging | |
| US20080066082A1 (en) | Event Alerting System Using a Dynamic Local Grouping, and a Method Thereof | |
| US20040181685A1 (en) | System and method for handling distribution of alerts | |
| CN107222356A (en) | A kind of cloud monitoring system alarm method and system | |
| CN113259355B (en) | Industrial Internet identification slice management system based on SDN | |
| WO2003013057A2 (en) | Method and apparatus of detecting network activity | |
| CN108234161A (en) | For the access detection method and system of on-line off-line multitiered network framework | |
| CN1349166A (en) | Feedback alarm method to network virus source | |
| CN1607790A (en) | Method and system for the centralized collection of link state routing protocol data | |
| EP1518354A2 (en) | Windows management instrument synchronized repository provider | |
| US20070266159A1 (en) | System and Method for Communication Between Remote Objects and Local Proxies | |
| CN1356631A (en) | Distributed virus monitor architecture | |
| US6892234B2 (en) | Multi-tiered enterprise management system and method including a presentation services unit external to the enterprise | |
| US20030210701A1 (en) | Network supervisory control system | |
| JP2023108058A5 (en) | Communication methods and networking systems | |
| CN112822280B (en) | Decentralized Internet of things micro-service subscription and pushing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |