WO2016095479A1 - 一种病毒处理方法、装置、***、设备和计算机存储介质 - Google Patents
一种病毒处理方法、装置、***、设备和计算机存储介质 Download PDFInfo
- Publication number
- WO2016095479A1 WO2016095479A1 PCT/CN2015/082604 CN2015082604W WO2016095479A1 WO 2016095479 A1 WO2016095479 A1 WO 2016095479A1 CN 2015082604 W CN2015082604 W CN 2015082604W WO 2016095479 A1 WO2016095479 A1 WO 2016095479A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- behavior
- virus
- virion
- client
- information
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3041—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is an input/output interface
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Definitions
- the present invention relates to the field of computer application technologies, and in particular, to a virus processing method, apparatus, system, device, and computer storage medium.
- Internet virus files are popular in the following ways: modify the user's default browser homepage and search engine in the machine system through cloud control commands, modify keyword search rankings, hijack browser pop-up advertisements, maliciously tamper with desktop shortcuts, and install users. Requires browser plugin malware, stealing user's private content, etc.
- the traditional anti-virus software mainly kills the malicious behavior of the file, and deletes the corresponding file when the malicious behavior is found.
- the behavior analysis and deletion of files on the client side of the machine system often fail to completely remove the virions, and the machine system is less secure.
- the present invention provides a virus processing method, apparatus, system, device and computer storage medium in order to improve the security of the machine system.
- the invention provides a virus processing method, the method comprising:
- the determining the virus family information corresponding to the virion behavior scanned by the client includes:
- the virion behavior information is matched with the behavior chain script library of the cloud to determine virus family information corresponding to the behavior of the malicious virion, wherein the behavior chain script library contains malicious virion behavior information of the virus family.
- the determining the virus family information corresponding to the virion behavior scanned by the client includes:
- virus family information from the identification result, wherein the virus family information is determined by the client matching the scanned virion behavior information with a client local behavior chain script library, wherein the behavior chain script library Contains information about the behavior of malicious virions of the virus family.
- the method further includes:
- the scan log reported by the client is analyzed to obtain updated virion behavior information
- the virus family information included in the scan log is matched with the behavior chain script library of the cloud to determine that the virus family information is inconsistent with the virus family information obtained from the identification result
- the virion line contained in the scan log Matching the virus family information determined by the information and the cloud behavior chain script library to determine the issued virus removal command, or using the artificially identified virus family information to determine the issued virus removal command
- the virion behavior information is behavior information obtained by scanning at least one of the following contents:
- the virus removal instruction includes instructions for:
- Lock the default home page modify the default browser search home page, download the specified tool software, or remove the associated content of malicious virion behavior.
- the invention also provides a virus processing method, the method comprising:
- the scan log is reported to the cloud service platform; and/or the local behavior chain script library is used to identify the virion behavior. If the malicious virion behavior is identified, the virus family information corresponding to the malicious virion behavior is reported to the virus family.
- a cloud service platform wherein the behavior chain script library contains malicious virion behavior information of a virus family;
- the method further comprises: if the malicious virion behavior is identified, the associated content of the malicious virion behavior is cleared.
- the method further includes:
- the virus removal instruction includes instructions for:
- Lock the default home page modify the default browser search home page, download the specified tool software, or remove the associated content of malicious virion behavior.
- the invention also provides a virus processing device, the device comprising:
- a virus determining unit configured to determine virus family information corresponding to the virion behavior scanned by the client
- a command issuing unit configured to send a virus clearing instruction corresponding to the virus family information determined by the virus determining unit to the client according to the correspondence between the virus family information and the virus clearing command, for the The client executes the virus clearing instruction to perform virion removal.
- the virus determining unit includes:
- a first receiving subunit configured to receive a scan log reported by the client, where the scan log includes virion behavior information scanned by the client;
- a matching subunit configured to match the virion behavior information with a behavior chain script library of the cloud, and determine virus family information corresponding to the behavior of the malicious virion, wherein the behavior chain script library includes malicious virion behavior information of the virus family .
- the virus determining unit includes:
- a second receiving subunit configured to receive an authentication result reported by the client
- Obtaining a subunit configured to obtain virus family information from the identification result, where the virus family information is determined by the client matching the scanned virion behavior information with a client local behavior chain script library, wherein The behavior chain script library contains malicious characters of the virus family Viral behavior information.
- the device further comprises:
- the joint analysis unit is configured to analyze the scan log reported by the client to obtain updated virion behavior information
- a library update unit for updating the behavior chain script library of the cloud by updating the virion behavior information for updating the behavior chain script library of the cloud by updating the virion behavior information.
- the command issuing unit uses the virus determined by the matching subunit.
- the family information is used to determine the issued virus clear instruction, or the artificially identified virus family information is used to determine the issued virus removal instruction.
- the virion behavior information is behavior information obtained by scanning at least one of the following contents:
- the virus removal instruction includes instructions for:
- Lock the default home page modify the default browser search home page, download the specified tool software, or remove the associated content of malicious virion behavior.
- the present invention also provides a virus processing apparatus, the apparatus comprising: at least one of a log reporting unit and a virus authentication unit, a behavior scanning unit, and an instruction processing unit;
- the behavior scanning unit is configured to scan a virion behavior
- the log reporting unit is configured to report the scan log to the cloud service platform
- the virus identification unit is configured to use the local behavior chain script library to identify the behavior of the virion. If the behavior of the malicious virion is identified, the virus family information corresponding to the behavior of the malicious virion is reported to the cloud service platform.
- the behavior chain script library includes malicious virus behavior information of a virus family
- the instruction processing unit is configured to receive and execute a virus removal instruction issued by the cloud service platform.
- the device further comprises:
- the virus clearing unit is configured to remove the related content of the malicious virion behavior if the virus identification unit identifies the malicious virion behavior.
- the device further comprises:
- the library update unit is configured to load the behavior chain script library of the cloud, and update the local behavior chain script library by using the cloud behavior chain script library.
- the virus removal instruction includes instructions for:
- Lock the default home page modify the default browser search home page, download the specified tool software, or remove the associated content of malicious virion behavior.
- the invention also provides a virus processing system, comprising: a client and a cloud processing platform;
- the cloud processing platform includes the first device described above;
- the client includes the second device described above.
- the client reports the scan log to the cloud service platform, and/or reports the virus family information to the cloud service platform after the virus family information is identified according to the scan log.
- the disease obtained by the cloud service platform after identifying the scan log After the virus family information, and/or receiving the virus family information from the client, the virus removal command corresponding to the virus family information is sent to the client for the client to execute the virus removal command.
- the method for issuing the virus removal instruction for the virus family information by the cloud in the invention is more personalized and precise to the virus processing, and the security of the machine system is improved compared with the method of behavior analysis and deletion of files by the client. Sex.
- FIG. 1 is a structural diagram of a system according to an embodiment of the present invention
- FIG. 2 is a flowchart of a method for processing a virus executed by a client according to an embodiment of the present invention
- FIG. 3 is a flowchart of a method for processing a virus executed by a cloud service platform according to an embodiment of the present invention
- FIG. 4 is a structural diagram of a device according to an embodiment of the present invention.
- FIG. 5 is a structural diagram of another apparatus according to an embodiment of the present invention.
- the embodiment of the present invention is mainly based on the system shown in FIG. 1 , which includes a client and a cloud service platform, wherein the client can be set in a machine system such as a PC, a mobile phone, a tablet computer, etc., and is responsible for the security of the machine system. .
- the client may have the following functions:
- virion refers to a viral parent, that is, an initial file for virus transmission, and various parent files and related behaviors are generated after execution of the parent, and the virus parent itself has files. Not necessarily all malicious.
- Malious virion refers to the malicious virus parent, ie this The body can release malicious subfiles or malicious network behavior.
- Virtual behavior includes all possible behaviors of the viral parent.
- the virion behavior can be behavior information obtained by scanning the following contents: process, load module, driver, service, rootkit (Rootkit means that its main function is to hide other Program process software, which may be one or more software combinations), startup items, IE related items, boot virus, system directory, desktop directory, start menu, common software, scripts, system components, login parts, system startup items Wait.
- Rootkit means that its main function is to hide other Program process software, which may be one or more software combinations
- startup items IE related items
- boot virus system directory
- desktop directory start menu
- common software scripts
- system components login parts
- system startup items Wait a malicious virus mother.
- the scan log is reported to the cloud service platform, and the scan log includes the virion behavior information scanned by the client, and is reported to the cloud service platform for analysis.
- the behavior chain script library contains the malicious virion behavior information of the virus family, and matches the virion behavior information scanned by the client with the behavior chain script library to determine whether the scanned virion behavior is a malicious virion behavior, and can further determine Virus family information.
- virus family refers to a group of malicious virions with similar behaviors, and malicious virions belonging to the same virus family usually belong to the same producer or from the same virus source file (for example, modified by the same virus source file) .
- the behavior information of malicious virions belonging to the same virus family is integrated, and the corresponding virus family information can be determined by the behavior of the malicious virion.
- the client-side behavior chain script library may be stored locally after loading the behavior chain script library of the cloud service platform.
- the client can periodically load the behavior chain script library from the cloud service platform and update the local behavior chain script library, that is, the following function 6).
- the virus family information here may be information such as a virus family ID (identification). That is to say, if the client family has already identified the virus family ID, the virus family ID is directly reported to the cloud service platform.
- the associated content of the malicious virion behavior in the machine system of the client is cleared.
- there may be a virus removal mechanism locally on the client to clear the associated content of malicious virions in the machine system where the client is located such as: stopping the service of the malicious virion, deleting the file of the malicious virion, Remove the registry key or related activity items of the malicious virion and fix the browser default home page.
- the file that may affect the operation of the machine system may be further initialized and repaired, that is, it is restored to the initial state, thereby ensuring that the machine system can work normally.
- the cloud service platform can have the following features:
- the first mode is to receive a scan log reported by the client, where the scan log includes the virion behavior information scanned by the client, and the virion behavior information is matched with the behavior chain script library of the cloud to determine the behavior of the malicious virion.
- Virus family information includes the virion behavior information scanned by the client
- the virion behavior information is matched with the behavior chain script library of the cloud to determine the behavior of the malicious virion.
- Virus family information includes malicious virion behavior information of the virus family.
- the behavior chain script library is obtained by analyzing the scan logs reported by the clients in each machine system, and can also be combined with the factors of manual analysis and setting.
- the second method directly receives the authentication result reported by the client, and the identification result includes The virus family information determined by the client after matching the scanned virion behavior information with the client's local behavior chain script library.
- the virus removal command corresponding to the virus family information is sent to the client.
- the correspondence between virus family information and virus removal instructions is maintained in the cloud service platform. These virus removal instructions are used to guide the client to operate to clear the behavior of the corresponding virus family. This correspondence can be manually set.
- the virus removal instructions described above may include, but are not limited to, an instruction to lock the default home page, an instruction to modify the default browser to search the home page, or download specified tool software.
- the specified tool software may be, for example, a security guard software, a system repair widget, a malicious plug-in removal tool, a browser protection tool, and the like.
- the virus removal command corresponding to the virus family information is configurable in the cloud, and the corresponding virus removal instruction can be added or adjusted according to the behavior analysis of the popular virus captured in real time.
- the cloud service platform can provide targeted guidance to the client to clear a type of virus, avoiding the problem that the client can only completely remove the virion caused by simply deleting the file.
- FIG. 2 is a flowchart of a method for processing a virus executed by a client according to an embodiment of the present invention. As shown in FIG. 2, the process mainly includes the following steps:
- the client scans for virion behavior in the machine system, such as scanning processes, loading modules, drivers, services, rootkits, startup items, IE related projects, boot viruses, System directory, desktop directory, start menu, common software, scripts, system components, login parts, system startup items, etc.
- the client reports the scan log to the cloud service platform.
- the client uses the local behavior chain script library to identify the scanned virion behavior. If the malicious virion behavior is identified, execute 204, which is only shown in Figure 2, if no malicious virions are identified. Behavior, which listens to the interface that the client communicates with the cloud service platform. It should be noted that the interface for monitoring the client to communicate with the cloud service platform is not necessarily an operation performed after the malicious virion behavior is not identified, and the persistent monitoring can also be maintained.
- the virion behavior scanned by the client can be matched with the behavior chain script library, where the matching can be a match of behavior characteristics or a script. Matching, etc., if there is a consistent behavioral feature or script, it is determined that the malicious virion behavior is identified, and the virus family information corresponding to the behavior of the malicious virion is determined.
- the virus family information corresponding to the behavior of the malicious virion is reported to the cloud service platform.
- the client can report the information of the machine system, such as the Globally Unique Identifier (GUID), so that the cloud service platform can distinguish the machine system that reports the information.
- GUID Globally Unique Identifier
- the client since the malicious virion behavior is identified, the associated content of the malicious virion behavior can be cleared at the client.
- the above 204 and 205 may be executed sequentially in any order, or may be performed simultaneously.
- FIG. 2 is only one of the execution sequences.
- the client starts to listen to the interface that the client communicates with the cloud service platform.
- the execution 206 is performed, that is, the virus clearing instruction issued by the cloud service platform is received and executed.
- FIG. 3 is a flowchart of a method for processing a virus executed by a cloud service platform according to an embodiment of the present invention. As shown in FIG. 3, the process may include the following steps:
- the cloud service platform receives the scan log reported by the client, and the scan log includes the virion behavior information scanned by the client.
- the virion behavior information in the scan log is matched with the behavior chain script library in the cloud to determine the virus family information corresponding to the malicious virion behavior information. Since the behavior chain script library of the cloud is obtained by analyzing the scan logs reported by the clients of each machine system, when the virion behavior is authenticated for one client, the scan of other machine systems is actually analyzed. Log.
- steps 301 and 302 are one of the execution branches, that is, after the scan log is received, and step 304 is performed after 302.
- step 304 is performed after 302.
- branch 303 There is also a branch, that is, if the virus family information reported by the client is received, that is, step 303, step 304 is directly executed.
- step 304 the virus removal command corresponding to the virus family information is sent to the client according to the correspondence between the virus family information and the virus removal command.
- the correspondence between the virus family information and the virus removal command is pre-loaded on the cloud service platform, and a corresponding virus removal command is set for each virus family to guide the client to perform virion removal.
- the cloud service platform determines that the virus family information is inconsistent with the virus family information reported by the client according to the scan log reported by the client, that is, the cloud service platform and If the authentication results of the client are inconsistent, the authentication result of the cloud service platform can be used as the standard, that is, the cloud service platform is indeed The virus removal command corresponding to the determined virus family information is sent to the client.
- the cloud service platform is inconsistent with the authentication result of the client, the human virus may be manually involved in the authentication, and the virus removal command corresponding to the virus family information identified by the human is sent to the client.
- FIG. 4 is a structural diagram of a first device according to an embodiment of the present invention.
- the device is installed in a cloud service platform.
- the device may include: a virus determining unit 41.
- the instruction delivery unit 42 may further include a joint analysis unit 43 and a library update unit 44.
- the virus determining unit 41 is responsible for determining the virus family information corresponding to the virion behavior scanned by the client. Specifically, the virus determining unit 41 may determine the virus family information in at least one of the following two manners, and the structure in the following two modes is taken as an example in FIG. 4 .
- the virus determining unit 41 performs virus identification on the cloud service platform according to the scan log reported by the client.
- the virus determining unit 41 may specifically include: a first receiving subunit 401 and a matching subunit 402.
- the first receiving sub-unit 401 is responsible for receiving the scan log reported by the client, and the scan log includes the virion behavior information scanned by the client.
- the matching sub-unit 402 matches the virion behavior information with the cloud behavior chain script library to determine the virus family information corresponding to the malicious virion behavior information, wherein the behavior chain script library contains the malicious virion behavior information of the virus family.
- the second method the virus determining unit 41 directly receives the virus family information reported by the client, that is, the virus authentication is performed on the client.
- the virus determining unit 41 specifically includes: a second receiving subunit 411 and an obtaining subunit 412.
- the second receiving subunit 411 receives the authentication result reported by the client.
- Acquisition subunit 412 The virus family information is obtained from the identification result, and the virus family information is determined by the client matching the scanned virion behavior with the client's local behavior chain script library, wherein the behavior chain script library contains the malicious virion behavior information of the virus family. .
- the instruction issuance unit 42 is configured to send a virus removal instruction corresponding to the virus family information determined by the virus determining unit 41 to the client according to the correspondence between the virus family information and the virus removal command, so that the client executes the virus. Clear the command to clear the virion.
- the correspondence between virus family information and virus removal instructions is maintained in the cloud service platform. These virus removal instructions are used to guide the client to operate to clear the behavior of the corresponding virus family. This correspondence can be manually set.
- the virus removal instructions described above may include, but are not limited to, an instruction to lock the default home page, an instruction to modify the default browser to search the home page, or download specified tool software.
- the specified tool software may be, for example, a security guard software, a system repair widget, a malicious plug-in removal tool, a browser protection tool, and the like.
- the virus removal command corresponding to the virus family information is configurable in the cloud, and the corresponding virus removal instruction can be added or adjusted according to the behavior analysis of the popular virus captured in real time.
- the virus removal command corresponding to the virus family information determined by the cloud service platform may be sent to the client.
- the cloud service platform is inconsistent with the authentication result of the client, the human virus may be manually involved in the authentication, and the virus removal command corresponding to the virus family information identified by the human is sent to the client.
- the above behavior chain script library is obtained by analyzing the scan logs reported by the clients in each machine system, and can also be combined with the factors of manual analysis and setting. As the virus continues to update, new virion behavior will continue to occur. Therefore, the cloud service platform needs timely action.
- the chain script library is updated.
- the joint analysis unit 43 analyzes the scan log reported by the client to obtain an updated virion behavior, and then the library update unit 44 updates the cloud's behavior chain script library by updating the virion behavior.
- FIG. 5 is a structural diagram of another virus processing apparatus according to an embodiment of the present invention.
- the apparatus is disposed in a client in a machine system.
- the apparatus may specifically include: a log reporting unit 52 and a virus identification.
- At least one of the units 53 (as in the case of including both of the units in FIG. 5), the behavior scanning unit 51, and the instruction processing unit 54, may further include a virus removing unit 55 and a library updating unit 56.
- the behavior scanning unit 51 is responsible for scanning the virion behavior information, that is, scanning all behavioral contents of the malicious virion in the machine system, and the virion behavior information may be behavior information obtained by scanning at least one of the following contents: Repairs, processes, load modules, drivers, services, rootkits, startup items, IE related projects, boot viruses, system directories, desktop directories, start menus, common software, scripts, system components, login parts, system startup items, etc.
- the log reporting unit 52 is configured to report the scan log to the cloud service platform, and the scan log includes the virion behavior information scanned by the behavior scanning unit 51, and reports it to the cloud service platform for analysis and identification.
- the virus identification unit 53 uses the local behavior chain script library to identify the behavior of the virion. If the behavior of the malicious virion is identified, the virus family information corresponding to the behavior information of the malicious virion is reported to the cloud service platform, wherein the behavior chain script library Contains information about the behavior of malicious virions of the virus family.
- the instruction processing unit 54 receives and executes the virus removal instruction issued by the cloud service platform.
- the virus removal instruction may include, but is not limited to, an instruction of locking the default home page, Modify the default browser search home page, download the specified tool software, or remove the associated content of malicious virion behavior.
- the virus removal unit 55 removes the associated content of the malicious virion behavior.
- the related content for clearing the behavior of the malicious virion may include, but is not limited to, stopping the service of the malicious virion, deleting the file, registry key or related activity item of the malicious virion, and repairing the default home page of the browser.
- the local behavior chain script library of the client is obtained by loading the behavior chain script library of the cloud service platform, and the client can periodically load the behavior chain script library from the cloud service platform and update the local behavior chain script library. .
- the library update unit 56 loads the behavior chain script library of the cloud, and updates the local behavior chain script library by using the cloud behavior chain script library.
- the method for issuing the virus removal command for the virus family information by the cloud in the present invention is more personalized and precise to the virus processing, and the machine system is improved compared with the method of behavior analysis and deletion of files by the client. Security.
- the virus clearing instruction issued by the cloud service platform for the virus family information in the present invention is not limited to the related content for clearing the behavior of the malicious virion, and may be, for example, locking the default home page, modifying the default browser search homepage, and downloading the specified tool software. Etc., the treatment of the virus is more diversified, which helps to completely eliminate the virus and strengthen the security of the machine system.
- the cloud service platform can update the behavior chain script library by synchronizing the scan logs reported by the clients of each machine system, thereby timely meeting the characteristics of the Internet-based virus update.
- the virus removal instructions for virus family information in the cloud service platform can be flexibly configured and can be added or adjusted in time to meet the rapid response requirements of the Internet era.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
- each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
- the above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium.
- the above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps.
- the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Quality & Reliability (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Information Transfer Between Computers (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (29)
- 一种病毒处理方法,其特征在于,该方法包括:确定客户端扫描的病毒体行为所对应的病毒家族信息;根据病毒家族信息与病毒清除指令之间的对应关系,将确定的病毒家族信息所对应的病毒清除指令下发给所述客户端,以供所述客户端执行所述病毒清除指令进行病毒体的清除。
- 根据权利要求1所述的方法,其特征在于,所述确定客户端扫描的病毒体行为所对应的病毒家族信息包括:接收所述客户端上报的扫描日志,所述扫描日志包含所述客户端扫描的病毒体行为信息;将所述病毒体行为信息与云端的行为链脚本库进行匹配,确定恶意病毒体行为对应的病毒家族信息,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息。
- 根据权利要求1所述的方法,其特征在于,所述确定客户端扫描的病毒体行为所对应的病毒家族信息包括:接收所述客户端上报的鉴定结果;从所述鉴定结果中获取病毒家族信息,所述病毒家族信息是所述客户端将扫描的病毒体行为信息与客户端本地的行为链脚本库进行匹配后确定的,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息。
- 根据权利要求2所述方法,其特征在于,该方法还包括:对客户端上报的扫描日志进行分析得到更新病毒体行为信息;利用更新病毒体行为信息更新云端的行为链脚本库。
- 根据权利要求2所述的方法,其特征在于,所述确定客户端扫描 的病毒体行为所对应的病毒家族信息还包括:接收所述客户端上报的鉴定结果;从所述鉴定结果中获取病毒家族信息,所述病毒家族信息是所述客户端将扫描的病毒体行为信息与客户端本地的行为链脚本库进行匹配后确定的,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息。
- 根据权利要求5所述的方法,其特征在于,该方法还包括:如果将扫描日志包含的病毒体行为信息与云端的行为链脚本库进行匹配确定出的病毒家族信息与从所述鉴定结果中获取的病毒家族信息不一致,则采用将扫描日志包含的病毒体行为信息与云端的行为链脚本库进行匹配确定出的病毒家族信息来确定下发的病毒清除指令,或者采用人为鉴定出的病毒家族信息来确定下发的病毒清除指令。
- 根据权利要求1至6任一权项所述的方法,其特征在于,所述病毒体行为信息为对以下内容中的至少一种进行扫描后得到的行为信息:进程、加载模块、驱动、服务、Rootkit、启动项、IE相关的项目、引导病毒、***目录、桌面目录、开始菜单、常用软件、脚本、***组件、登录部分、***启动项等。
- 根据权利要求1至6任一权项所述的方法,其特征在于,所述病毒清除指令包括以下操作的指令:锁定默认主页、修改默认浏览器搜索主页、下载指定工具软件或清除恶意病毒体行为的关联内容。
- 一种病毒处理方法,其特征在于,该方法包括:扫描病毒体行为;将扫描日志上报云端服务平台;和/或,利用本地的行为链脚本库, 对所述病毒体行为进行鉴定,如果鉴定出恶意病毒体行为,则将恶意病毒体行为对应的病毒家族信息上报给云端服务平台,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息;接收并执行所述云端服务平台下发的病毒清除指令。
- 根据权利要求9所述的方法,其特征在于,该方法还包括:如果鉴定出恶意病毒体行为,则清除恶意病毒体行为的关联内容。
- 根据权利要求9所述的方法,其特征在于,该方法还包括:加载云端的行为链脚本库,利用云端的行为链脚本库更新所述本地的行为链脚本库。
- 根据权利要求9至11任一权项所述的方法,其特征在于,所述病毒清除指令包括以下操作的指令:锁定默认主页、修改默认浏览器搜索主页、下载指定工具软件或清除恶意病毒体行为的关联内容。
- 一种病毒处理装置,其特征在于,该装置包括:病毒确定单元,用于确定客户端扫描的病毒体行为所对应的病毒家族信息;指令下发单元,用于根据病毒家族信息与病毒清除指令之间的对应关系,将所述病毒确定单元确定的病毒家族信息所对应的病毒清除指令下发给所述客户端,以供所述客户端执行所述病毒清除指令进行病毒体的清除。
- 根据权利要求13所述的装置,其特征在于,所述病毒确定单元包括:第一接收子单元,用于接收所述客户端上报的扫描日志,所述扫描 日志包含所述客户端扫描的病毒体行为信息;匹配子单元,用于将所述病毒体行为信息与云端的行为链脚本库进行匹配,确定恶意病毒体行为对应的病毒家族信息,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息。
- 根据权利要求13所述的装置,其特征在于,所述病毒确定单元包括:第二接收子单元,用于接收所述客户端上报的鉴定结果;获取子单元,用于从所述鉴定结果中获取病毒家族信息,所述病毒家族信息是所述客户端将扫描的病毒体行为信息与客户端本地的行为链脚本库进行匹配后确定的,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息。
- 根据权利要求14所述的装置,其特征在于,该装置还包括:联合分析单元,用于对客户端上报的扫描日志进行分析得到更新病毒体行为信息;库更新单元,用于利用更新病毒体行为信息更新云端的行为链脚本库。
- 根据权利要求14所述的装置,其特征在于,所述病毒确定单元还包括:第二接收子单元,用于接收所述客户端上报的鉴定结果;获取子单元,用于从所述鉴定结果中获取病毒家族信息,所述病毒家族信息是所述客户端将扫描的病毒体行为信息与客户端本地的行为链脚本库进行匹配后确定的,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息。
- 根据权利要求17所述的装置,其特征在于,如果所述匹配子单元确定出的病毒家族信息与所述获取子单元获取的病毒家族信息不一致,则所述指令下发单元采用所述匹配子单元确定出的病毒家族信息来确定下发的病毒清楚指令,或者采用人为鉴定出的病毒家族信息来确定下发的病毒清除指令。
- 根据权利要求13至18任一权项所述的装置,其特征在于,所述病毒体行为信息为对以下内容中的至少一种进行扫描后得到的行为信息:进程、加载模块、驱动、服务、Rootkit、启动项、IE相关的项目、引导病毒、***目录、桌面目录、开始菜单、常用软件、脚本、***组件、登录部分、***启动项等。
- 根据权利要求13至18任一权项所述的装置,其特征在于,所述病毒清除指令包括以下操作的指令:锁定默认主页、修改默认浏览器搜索主页、下载指定工具软件或清除恶意病毒体行为的关联内容。
- 一种病毒处理装置,其特征在于,该装置包括:日志上报单元和病毒鉴定单元中的至少一个、行为扫描单元以及指令处理单元;所述行为扫描单元,用于扫描病毒体行为;所述日志上报单元,用于将扫描日志上报云端服务平台;所述病毒鉴定单元,用于利用本地的行为链脚本库,对所述病毒体行为进行鉴定,如果鉴定出恶意病毒体行为,则将恶意病毒体行为对应的病毒家族信息上报给云端服务平台,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息;所述指令处理单元,用于接收并执行所述云端服务平台下发的病毒清除指令。
- 根据权利要求21所述的装置,其特征在于,该装置还包括:病毒清除单元,用于如果所述病毒鉴定单元鉴定出恶意病毒体行为,则清除恶意病毒体行为的关联内容。
- 根据权利要求21所述的装置,其特征在于,该装置还包括:库更新单元,用于加载云端的行为链脚本库,利用云端的行为链脚本库更新所述本地的行为链脚本库。
- 根据权利要求21至23任一权项所述的装置,其特征在于,所述病毒清除指令包括以下操作的指令:锁定默认主页、修改默认浏览器搜索主页、下载指定工具软件或清除恶意病毒体行为的关联内容。
- 一种病毒处理的***,该***包括:客户端和云端处理平台;所述云端处理平台包括如权利要求13至18任一权项所述的装置;所述客户端包括如权利要求21至23任一权项所述的装置。
- 一种设备,包括一个或者多个处理器;存储器;一个或者多个程序,所述一个或者多个程序存储在所述存储器中,当被所述一个或者多个处理器执行时:确定客户端扫描的病毒体行为所对应的病毒家族信息;根据病毒家族信息与病毒清除指令之间的对应关系,将确定的病毒家族信息所对应的病毒清除指令下发给所述客户端,以供所述客户端执 行所述病毒清除指令进行病毒体的清除。
- 一种设备,包括一个或者多个处理器;存储器;一个或者多个程序,所述一个或者多个程序存储在所述存储器中,当被所述一个或者多个处理器执行时:扫描病毒体行为;将扫描日志上报云端服务平台;和/或,利用本地的行为链脚本库,对所述病毒体行为进行鉴定,如果鉴定出恶意病毒体行为,则将恶意病毒体行为对应的病毒家族信息上报给云端服务平台,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息;接收并执行所述云端服务平台下发的病毒清除指令。
- 一种非易失性计算机存储介质,所述计算机存储介质存储有一个或者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备:确定客户端扫描的病毒体行为所对应的病毒家族信息;根据病毒家族信息与病毒清除指令之间的对应关系,将确定的病毒家族信息所对应的病毒清除指令下发给所述客户端,以供所述客户端执行所述病毒清除指令进行病毒体的清除。
- 一种非易失性计算机存储介质,所述计算机存储介质存储有一个或者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备:扫描病毒体行为;将扫描日志上报云端服务平台;和/或,利用本地的行为链脚本库,对所述病毒体行为进行鉴定,如果鉴定出恶意病毒体行为,则将恶意病毒体行为对应的病毒家族信息上报给云端服务平台,其中所述行为链脚本库包含病毒家族的恶意病毒体行为信息;接收并执行所述云端服务平台下发的病毒清除指令。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020167022493A KR20160125960A (ko) | 2014-12-19 | 2015-06-29 | 바이러스 처리 방법, 장치, 시스템 및 기기, 및 컴퓨터 저장 매체 |
EP15868991.9A EP3236381B1 (en) | 2014-12-19 | 2015-06-29 | Virus processing method, apparatus, system and device, and computer storage medium |
JP2016552611A JP6644001B2 (ja) | 2014-12-19 | 2015-06-29 | ウイルス処理方法、装置、システム、機器及びコンピュータ記憶媒体 |
US15/119,692 US10192053B2 (en) | 2014-12-19 | 2015-06-29 | Method, apparatus, system, device and computer storage medium for treating virus |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410802502.6A CN104573515A (zh) | 2014-12-19 | 2014-12-19 | 一种病毒处理方法、装置和*** |
CN201410802502.6 | 2014-12-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016095479A1 true WO2016095479A1 (zh) | 2016-06-23 |
Family
ID=53089553
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/082604 WO2016095479A1 (zh) | 2014-12-19 | 2015-06-29 | 一种病毒处理方法、装置、***、设备和计算机存储介质 |
Country Status (6)
Country | Link |
---|---|
US (1) | US10192053B2 (zh) |
EP (1) | EP3236381B1 (zh) |
JP (1) | JP6644001B2 (zh) |
KR (1) | KR20160125960A (zh) |
CN (1) | CN104573515A (zh) |
WO (1) | WO2016095479A1 (zh) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104573515A (zh) * | 2014-12-19 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | 一种病毒处理方法、装置和*** |
CN105991595B (zh) * | 2015-02-15 | 2020-08-07 | 华为技术有限公司 | 网络安全防护方法及装置 |
CN105512557A (zh) * | 2015-12-22 | 2016-04-20 | 北京奇虎科技有限公司 | 病毒处理方法、装置、***及移动终端 |
CN105528543A (zh) * | 2015-12-23 | 2016-04-27 | 北京奇虎科技有限公司 | 远程杀毒的方法、客户端、控制台及*** |
CN106934287B (zh) * | 2015-12-31 | 2020-02-11 | 北京金山安全软件有限公司 | 一种root病毒清理方法、装置及电子设备 |
CN106934288B (zh) * | 2015-12-31 | 2021-04-16 | 北京金山安全软件有限公司 | 一种root病毒清理方法、装置及电子设备 |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10826933B1 (en) | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
CN106446685A (zh) * | 2016-09-30 | 2017-02-22 | 北京奇虎科技有限公司 | 恶意文档的检测方法及装置 |
TW201901514A (zh) * | 2017-05-19 | 2019-01-01 | 關貿網路股份有限公司 | 程式異動監控與應變系統及方法 |
CN107231360A (zh) * | 2017-06-08 | 2017-10-03 | 上海斐讯数据通信技术有限公司 | 基于云网络的网络病毒防护方法、安全无线路由器和*** |
CN107885995A (zh) * | 2017-10-09 | 2018-04-06 | 阿里巴巴集团控股有限公司 | 小程序的安全扫描方法、装置以及电子设备 |
US10867039B2 (en) * | 2017-10-19 | 2020-12-15 | AO Kaspersky Lab | System and method of detecting a malicious file |
CN109829310B (zh) * | 2018-05-04 | 2021-04-27 | 360企业安全技术(珠海)有限公司 | 相似攻击的防御方法及装置、***、存储介质、电子装置 |
CN108898014B (zh) * | 2018-06-22 | 2022-09-27 | 珠海豹趣科技有限公司 | 一种病毒查杀方法、服务器及电子设备 |
CN112084504A (zh) * | 2020-09-21 | 2020-12-15 | 腾讯科技(深圳)有限公司 | 病毒文件的处理方法、装置、电子设备及可读存储介质 |
CN112364395A (zh) * | 2020-11-11 | 2021-02-12 | 中国信息安全测评中心 | 一种固态硬盘的安全防护方法及装置 |
CN112989349B (zh) * | 2021-04-19 | 2021-08-13 | 腾讯科技(深圳)有限公司 | 病毒检测方法、装置、设备及存储介质 |
CN113378161A (zh) * | 2021-06-23 | 2021-09-10 | 深信服科技股份有限公司 | 一种安全检测方法、装置、设备及存储介质 |
CN113722705B (zh) * | 2021-11-02 | 2022-02-08 | 北京微步在线科技有限公司 | 一种恶意程序清除方法及装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7210041B1 (en) * | 2001-04-30 | 2007-04-24 | Mcafee, Inc. | System and method for identifying a macro virus family using a macro virus definitions database |
CN102281540A (zh) * | 2011-09-08 | 2011-12-14 | 广东华仝九方科技有限公司 | 手机恶意软件查杀方法及*** |
CN104077525A (zh) * | 2014-06-13 | 2014-10-01 | 北京纳特比特科技有限公司 | 一种对终端数据信息进行处理的方法 |
CN104298920A (zh) * | 2014-10-14 | 2015-01-21 | 百度在线网络技术(北京)有限公司 | 一种病毒文件的处理方法、***及设备 |
CN104573515A (zh) * | 2014-12-19 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | 一种病毒处理方法、装置和*** |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6802028B1 (en) * | 1996-11-11 | 2004-10-05 | Powerquest Corporation | Computer virus detection and removal |
US7913305B2 (en) | 2004-01-30 | 2011-03-22 | Microsoft Corporation | System and method for detecting malware in an executable code module according to the code module's exhibited behavior |
CN100437614C (zh) * | 2005-11-16 | 2008-11-26 | 白杰 | 未知病毒程序的识别及清除方法 |
US20070180525A1 (en) * | 2006-01-30 | 2007-08-02 | Bagnall Robert J | Security system and method |
CN101098226B (zh) * | 2006-06-27 | 2011-02-09 | 飞塔公司 | 一种病毒在线实时处理***及其方法 |
US8201244B2 (en) | 2006-09-19 | 2012-06-12 | Microsoft Corporation | Automated malware signature generation |
US20100031093A1 (en) * | 2008-01-29 | 2010-02-04 | Inventec Corporation | Internal tracing method for network attack detection |
JP5144488B2 (ja) * | 2008-12-22 | 2013-02-13 | Kddi株式会社 | 情報処理システムおよびプログラム |
US8479286B2 (en) * | 2009-12-15 | 2013-07-02 | Mcafee, Inc. | Systems and methods for behavioral sandboxing |
US8464345B2 (en) | 2010-04-28 | 2013-06-11 | Symantec Corporation | Behavioral signature generation using clustering |
US9323928B2 (en) * | 2011-06-01 | 2016-04-26 | Mcafee, Inc. | System and method for non-signature based detection of malicious processes |
US8677493B2 (en) | 2011-09-07 | 2014-03-18 | Mcafee, Inc. | Dynamic cleaning for malware using cloud technology |
US9832211B2 (en) | 2012-03-19 | 2017-11-28 | Qualcomm, Incorporated | Computing device to detect malware |
CN102664875B (zh) * | 2012-03-31 | 2014-12-17 | 华中科技大学 | 基于云模式的恶意代码类别检测方法 |
AU2014213584B2 (en) | 2013-02-10 | 2018-01-18 | Paypal, Inc. | Method and product for providing a predictive security product and evaluating existing security products |
CN105989283B (zh) * | 2015-02-06 | 2019-08-09 | 阿里巴巴集团控股有限公司 | 一种识别病毒变种的方法及装置 |
-
2014
- 2014-12-19 CN CN201410802502.6A patent/CN104573515A/zh active Pending
-
2015
- 2015-06-29 JP JP2016552611A patent/JP6644001B2/ja active Active
- 2015-06-29 WO PCT/CN2015/082604 patent/WO2016095479A1/zh active Application Filing
- 2015-06-29 KR KR1020167022493A patent/KR20160125960A/ko not_active Application Discontinuation
- 2015-06-29 EP EP15868991.9A patent/EP3236381B1/en active Active
- 2015-06-29 US US15/119,692 patent/US10192053B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7210041B1 (en) * | 2001-04-30 | 2007-04-24 | Mcafee, Inc. | System and method for identifying a macro virus family using a macro virus definitions database |
CN102281540A (zh) * | 2011-09-08 | 2011-12-14 | 广东华仝九方科技有限公司 | 手机恶意软件查杀方法及*** |
CN104077525A (zh) * | 2014-06-13 | 2014-10-01 | 北京纳特比特科技有限公司 | 一种对终端数据信息进行处理的方法 |
CN104298920A (zh) * | 2014-10-14 | 2015-01-21 | 百度在线网络技术(北京)有限公司 | 一种病毒文件的处理方法、***及设备 |
CN104573515A (zh) * | 2014-12-19 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | 一种病毒处理方法、装置和*** |
Non-Patent Citations (1)
Title |
---|
See also references of EP3236381A4 * |
Also Published As
Publication number | Publication date |
---|---|
CN104573515A (zh) | 2015-04-29 |
JP6644001B2 (ja) | 2020-02-12 |
EP3236381A1 (en) | 2017-10-25 |
JP2017511923A (ja) | 2017-04-27 |
US10192053B2 (en) | 2019-01-29 |
EP3236381B1 (en) | 2022-05-11 |
KR20160125960A (ko) | 2016-11-01 |
US20170316206A1 (en) | 2017-11-02 |
EP3236381A4 (en) | 2018-05-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016095479A1 (zh) | 一种病毒处理方法、装置、***、设备和计算机存储介质 | |
JP5963008B2 (ja) | コンピュータシステムの分析方法および装置 | |
US8418250B2 (en) | Methods and apparatus for dealing with malware | |
CN101098226B (zh) | 一种病毒在线实时处理***及其方法 | |
CN103390130B (zh) | 基于云安全的恶意程序查杀的方法、装置和服务器 | |
US20200084230A1 (en) | Method And System For Modeling All Operations And Executions Of An Attack And Malicious Process Entry | |
US11775636B1 (en) | Systems and methods of detecting malicious powershell scripts | |
CN103078864A (zh) | 一种基于云安全的主动防御文件修复方法 | |
WO2012107255A1 (en) | Detecting a trojan horse | |
US8656494B2 (en) | System and method for optimization of antivirus processing of disk files | |
CN103473501A (zh) | 一种基于云安全的恶意软件追踪方法 | |
JP6254414B2 (ja) | 情報処理装置、情報処理システムおよび情報処理方法 | |
US20160371492A1 (en) | Method and system for searching and killing macro virus | |
US20170286684A1 (en) | Method for Identifying and Removing Malicious Software | |
Kazoleas et al. | A novel malicious remote administration tool using stealth and self-defense techniques | |
US11188644B2 (en) | Application behaviour control | |
JP6404771B2 (ja) | ログ判定装置、ログ判定方法、およびログ判定プログラム | |
EP3475867A1 (en) | Method for identifying and removing malicious software | |
Moreb | Malware Forensics for Volatile and Nonvolatile Memory in Mobile Devices | |
Mulukutla | Wolfsting: Extending Online Dynamic Malware Analysis Systems by Engaging Malware. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15868991 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2016552611 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 20167022493 Country of ref document: KR Kind code of ref document: A |
|
REEP | Request for entry into the european phase |
Ref document number: 2015868991 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15119692 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |