CN106407812A - Linux real-time virus killing method and apparatus - Google Patents
Linux real-time virus killing method and apparatus Download PDFInfo
- Publication number
- CN106407812A CN106407812A CN201611051408.7A CN201611051408A CN106407812A CN 106407812 A CN106407812 A CN 106407812A CN 201611051408 A CN201611051408 A CN 201611051408A CN 106407812 A CN106407812 A CN 106407812A
- Authority
- CN
- China
- Prior art keywords
- file
- function
- antivirus
- virus
- linux
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a Linux real-time virus killing method and apparatus. The method comprises the steps of receiving a running command of an application, and obtaining an identifier of the application; loading preset hijack function library and dynamic library; running the application and identifying a file operation function in the application; and searching for the hijack function library according to the identifier of the application and the file operation function, and if the hijack function library is found, running a hijack function, judging whether files operated by the file operation function are subjected to virus killing or not according to a running result of the hijack function, and judging whether the file operation function in the dynamic library runs or not according to a virus killing result of the files. According to the Linux real-time virus killing apparatus provided by the invention, the files can be subjected to the virus killing for different applications in a Linux system, so that the flexibility and real-time property of file virus killing are improved.
Description
Technical field
The present invention relates to field of information security technology, the method and device of more particularly to a kind of Linux antivirus in real time.
Background technology
In linux system, how to ensure the safety of file operation, thus ensureing the peace of internal network or whole system
Quan Xing, is the important topic of field of information security technology.
At present, the method for the antivirus of conventional file under Linux includes user's selection antivirus and is manually set timing antivirus etc.
Method, only user select use antivirus software active killing, or arrived user setting the antivirus cycle in the case of,
File can be killed virus it is impossible in guarantee system file safety.If in program is run, being employed routine call
File is not killed virus in time, or if linux system does not have killing virus for a long time, the safety of whole system more cannot
Ensure.
Content of the invention
Based on this it is necessary to for the problem that for application program, linux system file cannot be killed virus, provide one
The method planting Linux antivirus in real time, methods described includes:
Receive the operation order of application program, and obtain the mark of application program;
Load default abduction function library and dynamic base;
Run described application program and identify the file manipulation function in described application program;
Described abduction function library, described abduction letter are searched according to the mark of described application program, described file manipulation function
Number storehouse includes the corresponding relation between described file manipulation function, the mark of described application program and abduction function, if finding,
Then run described abduction function, and judged whether to described file operation according to the described operation result kidnapping function
The file of function operation is killed virus, and judges whether to run the file in described dynamic base according to the antivirus result of described file
Handling function.
Wherein in an embodiment, the described operation result according to described abduction function judges whether described file is grasped
The file making function operation is killed virus, including:
Obtain the fileinfo in described file manipulation function;
According to described fileinfo, call external service program, and sentenced according to the operation result of described external service program
Break and whether described file is killed virus.
Wherein in an embodiment, methods described also includes:
When described kidnap function operation result be need described file is killed virus when, described file is carried out every
From.
Wherein in an embodiment, described external service program is called according to described fileinfo, and according to described outer
The operation result of portion's service routine judges whether described file is killed virus, including:
According to described fileinfo, search default virus document storehouse, and the lookup result according to described virus document storehouse
Judge whether described file is killed virus.
Wherein in an embodiment, according to described fileinfo, before searching the step in default virus document storehouse,
Methods described also includes:
According to described fileinfo, search default trusted file storehouse, and the lookup result according to described trusted file storehouse
Judge whether to search described virus document storehouse.
The real-time virus method of Linux provided by the present invention, can be directed to different application programs pair in linux system
File is killed virus, and improves motility and the real-time of file antivirus.
The real-time virus method of Linux provided by the present invention, can be directed to different application programs in linux system,
By kidnapping the file manipulation function of described application call, and judge whether to run institute according to the described operation kidnapping function
State file manipulation function, by kidnapping the operation of function, the file operated by file manipulation function is killed virus, improve literary composition
The motility of part antivirus and real-time.
Wherein in an embodiment, the real-time virus method of Linux provided by the present invention, can pass through external service program
To needing the file killed virus and do not need the trusted file killed virus to be defined and safeguard, there is provided flexible
Antivirus for linux system file.
The present invention also provides a kind of real-time virus killing device of Linux, including:
Application program receiver module, for receiving the operation order of application program, and obtains the mark of application program;
Function library load-on module, for loading default abduction function library and dynamic base;
Function identification module, for running described application program and identifying the file manipulation function in described application program;
File antivirus module, for searching described abduction according to the mark of described application program, described file manipulation function
Function library, described abduction function library includes described file manipulation function, the mark of described application program and kidnaps between function
Corresponding relation, if finding,
Then run described abduction function, and judged whether to described file operation according to the described operation result kidnapping function
The file of function operation is killed virus, and judges whether to run the file in described dynamic base according to the antivirus result of described file
Handling function.
Wherein in an embodiment, described file antivirus module, including:
Fileinfo acquiring unit, for obtaining the fileinfo in described file manipulation function;
File antivirus unit, for according to described fileinfo, calling external service program, and according to described external service
The operation result of program judges whether described file is killed virus.
Wherein in an embodiment, also include:
File isolation module, for when described kidnap function operation result be need described file is killed virus when,
Described file is isolated.
Wherein in an embodiment, described file antivirus unit, including:
Virus document searches subelement, for according to described fileinfo, searching default virus document storehouse, and according to institute
The lookup result stating virus document storehouse judges whether described file is killed virus.
Wherein in an embodiment, described file antivirus unit, also include:
Trusted file searches subelement, for according to described fileinfo, searching default trusted file storehouse, and according to institute
The lookup result stating trusted file storehouse judges whether to search described virus document storehouse.
The real-time virus killing device of Linux provided by the present invention, can be directed to different application programs in linux system,
By kidnapping the file manipulation function of described application call, and judge whether to run institute according to the described operation kidnapping function
State file manipulation function, by kidnapping the operation of function, the file operated by file manipulation function is killed virus, improve literary composition
The motility of part antivirus and real-time.
Wherein in an embodiment, the real-time virus killing device of Linux provided by the present invention, external service program can be passed through
To needing the file killed virus and do not need the trusted file killed virus to be defined and safeguard, there is provided flexible
Antivirus for linux system file.
Brief description
Fig. 1 is the flow chart of the real-time virus method of Linux in an embodiment;
Fig. 2 is the position view kidnapping storehouse in the real-time virus method of Linux in an embodiment;
Fig. 3 is the flow chart of the real-time virus method of Linux in another embodiment;
Fig. 4 is the flow chart of the real-time virus method of Linux in another embodiment;
Fig. 5 is the flow chart of the real-time virus method of Linux in further embodiment;
Fig. 6 is the structure chart of the real-time virus killing device of Linux in an embodiment;
Fig. 7 is the structure chart of the real-time virus killing device of Linux in another embodiment;
Fig. 8 is the structure chart of the real-time virus killing device of Linux in another embodiment.
Specific embodiment
Fig. 1 is the flow chart of the real-time virus method of Linux in an embodiment, in an embodiment as shown in Figure 1
The real-time virus method of Linux, including:
Step S100, receives the operation order of application program, and obtains the mark of application program.
Specifically, the mark of described application program refers to the mark for distinguishing different application, or distinguishes different answering
With the labelling of the feature of program, including any one in the programs categories of application program, title, version number.
Step S200, loads default abduction function library and dynamic base.
Specifically, described default abduction function library, including open series of functions, close function, create series letter
Number, read function, write function etc..
System loads described abduction function library first, reloads dynamic base, that is, the C storehouse commonly used.
As shown in Fig. 2 the abduction storehouse that the present embodiment is provided, after loading in linux system position.In user application layer
Under, kidnap warehouse compartment in dynamic base closer to user application layer position, with represent kidnap storehouse in abduction function preferentially quilt
Call, such as kidnap in storehouse and do not kidnap function accordingly, then call the function in dynamic base.In Fig. 2, abduction storehouse and dynamic base are all
It is connected to the kernel portion of Linux bottom.Repeat no more.
Step S300, runs described application program and identifies the file manipulation function in described application program.
Specifically, after running described application program, the file manipulation function in program is identified, when recognizing file
During handling function, that is, carry out subsequent step S400.
Step S400, searches described abduction function library, institute according to the mark of described application program, described file manipulation function
State and kidnap the corresponding relation that function library includes between described file manipulation function, the mark of described application program and abduction function,
If not finding abduction function corresponding with the mark of described file manipulation function and described application program, call described dynamic base
In file manipulation function;If finding,
Then run described abduction function, and judged whether to described file operation according to the described operation result kidnapping function
The file of function operation is killed virus, and judges whether to run the file in described dynamic base according to the antivirus result of described file
Handling function.
Specifically, described function library of kidnapping includes the mark of described file manipulation function and described application program and kidnaps letter
Corresponding relation between number.For example, when the file of the file manipulation function open action setting application program A needs according to described
When the operation result of abduction function judges whether to need antivirus, the file manipulation function open of described application program A is in described misfortune
Hold in function library.Operation result as kidnapped function is not virus document for described file, then call the file in dynamic base to grasp
Make function, the operation result as kidnapped function is virus document for described file, then file is killed virus, and according to antivirus
Result further determines whether to call the file manipulation function in dynamic base.
The real-time virus method of Linux provided by the present invention, can be directed to different application programs in linux system,
By kidnapping the file manipulation function of described application call, and judge whether to run institute according to the described operation kidnapping function
State file manipulation function, by kidnapping the operation of function, the file operated by file manipulation function is killed virus, improve literary composition
The motility of part antivirus and real-time.
Wherein in an embodiment, described abduction function library, absolute path is saved in stage door file, i.e.
Be saved in/etc/ld.so.preload file in.The real-time virus method of Linux that the present embodiment is provided, by described abduction
Function library is saved in stage door file it is ensured that described abduction function library is added prior to dynamic base, improves pin further
Efficiency to the file antivirus of different application.
Fig. 3 is the flow chart of the real-time virus method of Linux in another embodiment, is in the method flow shown in Fig. 2
The specific embodiment of step S400, file operation monitoring method as shown in Figure 3, including:
Step S410, obtains the fileinfo in described file manipulation function.
Specifically, obtain the fileinfo in described file manipulation function, including the absolute path of file, filename etc. is believed
Breath.
Step S420, according to described fileinfo, calls external service program, and the fortune according to described external service program
Row result judges whether described file is killed virus.
Specifically, described call external service program, including whether being virus document according to fileinfo to described file
It is determined, and judge whether described file is killed virus according to the operation result of external program.
By the combination setting to fileinfo, application program, it is possible to achieve the specific file behaviour to application-specific
Make the file operated by function to be killed virus.File manipulation function open as specified application A carries out virus for needs and looks into
The handling function of the file killing, the file 1 as opened according to file manipulation function open calls external service program, and according to
The operation result of external service program judges whether to need file 1 is killed virus, and the operation result of such as external service program is
Described file 1 is virus document, then the described operation result kidnapping function is to need described file 1 is killed virus, and according to
The result of antivirus judges whether the file manipulation function open in operation state storehouse;Operation result as external service program is institute
Stating file 1 is not virus document, and the operation result of described abduction function is not need file 1 is killed virus, and calls dynamic base
In file manipulation function open.
The real-time virus method of Linux provided by the present invention, can pass through the spy to application-specific for the external service program
Determine the combination setting that the file operated by file manipulation function is killed virus, there is provided flexible is civilian for linux system
The virus method of part.
Wherein in an embodiment, described abduction function library, absolute path is saved in stage door file, i.e.
Be saved in/etc/ld.so.preload file in.The real-time virus method of Linux that the present embodiment is provided, by described abduction
Function library is saved in stage door file it is ensured that described abduction function library is added prior to dynamic base, improves pin further
Efficiency to the file antivirus of different application.
Fig. 4 is the flow chart of the real-time virus method of Linux in another embodiment;Fig. 4 is the method flow shown in Fig. 2
Another specific embodiment of middle step S400, file operation monitoring method as shown in Figure 4, including:
Step S410, obtains the fileinfo in described file manipulation function.
Specifically, obtain the fileinfo in described file manipulation function, including the absolute path of file, filename etc. is believed
Breath.
Step S420, according to described fileinfo, calls external service program, and the fortune according to described external service program
Row result judges whether described file is killed virus.
Step S430, when the described operation result kidnapping function is to need described file is killed virus, to described literary composition
Part is isolated.
Specifically, after file is killed virus, whether the present embodiment furthermore provides file to be isolated sentences
Disconnected option.If judged result is to need file is isolated, then execute file isolation step.As when described abduction function
Operation result (after calling external service program, the operation result of external service program is virus document for described file) is needs
When file is killed virus, the step that file is isolated can be executed further.When the described operation result kidnapping function is not need
When file is killed virus, then do not need to execute file isolation.
The real-time virus method of Linux that the present embodiment is provided, is carrying out application call antivirus in real time to file
On the basis of, provide file to isolate, improve the safety of file further it is ensured that the operation safety of whole linux system.
Fig. 5 is the flow chart of the real-time virus method of Linux in further embodiment, and Linux as shown in Figure 5 kills in real time
Malicious method, including:
Step S410, obtains the fileinfo in described file manipulation function.
Step S420 ', according to described fileinfo, search default trusted file storehouse, and according to described trusted file storehouse
Lookup result judge whether to search described virus document storehouse.
Specifically, described trusted file storehouse, can be given and do not need to carry out virus in the way of using blacklist or white list
The trusted file of killing, improves the killing efficiency of file.
Step S420, according to described fileinfo, searches default virus document storehouse, and according to described virus document storehouse
Lookup result judges whether described file is killed virus.
Specifically, described virus document storehouse, can carry out real-time more new virus according to demand it is ensured that the standard of file antivirus
Really rate.
The real-time virus method of Linux that the present embodiment is provided, by outside trusted file storehouse and virus document storehouse, carries
Kill virus in real time for more efficient linux system file.
Fig. 6 is the structure chart of the real-time virus killing device of Linux in an embodiment, and Linux as shown in Figure 6 kills virus in real time
Device includes:
Application program receiver module 100, for receiving the operation order of application program, and obtains the mark of application program;
Function library load-on module 200, for loading default abduction function library and dynamic base;
Function identification module 300, for running described application program and identifying the file operation letter in described application program
Number;
File antivirus module 400, searches described abduction letter according to the mark of described application program, described file manipulation function
Number storehouse, described abduction function library includes right between described file manipulation function, the mark of described application program and abduction function
Should being related to, if not finding abduction function corresponding with the mark of described file manipulation function and described application program, calling institute
State the file manipulation function in dynamic base;If finding, run described abduction function, and according to the described operation kidnapping function
Result judges whether the file of described file manipulation function operation is killed virus, and is judged according to the antivirus result of described file
Whether run the file manipulation function in described dynamic base.
The real-time virus killing device of Linux provided by the present invention, can be directed to different application programs in linux system,
By kidnapping the file manipulation function of described application call, and judge whether to run institute according to the described operation kidnapping function
State file manipulation function, by kidnapping the operation of function, the file operated by file manipulation function is killed virus, improve literary composition
The motility of part antivirus and real-time.Fig. 7 is the structure chart of the real-time virus killing device of Linux in another embodiment, as Fig. 7 institute
The real-time virus killing device of Linux shown includes:
Application program receiver module 100, for receiving the operation order of application program, and obtains the mark of application program;
Function library load-on module 200, for loading default abduction function library and dynamic base;
Function identification module 300, for running described application program and identifying the file operation letter in described application program
Number;
File antivirus module 400, for searching described misfortune according to the mark of described application program, described file manipulation function
Hold function library, described abduction function library includes described file manipulation function, the mark of described application program and kidnaps between function
Corresponding relation, if not finding abduction function corresponding with the mark of described file manipulation function and described application program, adjust
With the file manipulation function in described dynamic base;If finding, it is right to be judged whether according to the described operation result kidnapping function
The file of described file manipulation function operation is killed virus, and judges whether to run described moving according to the antivirus result of described file
File manipulation function in state storehouse.
File isolation module 500, for being to need described file is killed virus when the described operation result kidnapping function
When, described file is isolated.
The real-time virus killing device of Linux that the present embodiment is provided, is carrying out application call antivirus in real time to file
On the basis of, provide file to isolate, improve the safety of file further it is ensured that the operation safety of whole linux system.
Fig. 8 is the structure chart of the real-time virus killing device of Linux in another embodiment, and Linux as shown in Figure 8 kills in real time
Malicious device, including:
Fileinfo acquiring unit 410, for obtaining the fileinfo in described file manipulation function;
File antivirus unit 420, for according to described fileinfo, calling external service program, and according to described outside
The operation result of service routine judges whether described file is killed virus, including:
Virus document searches subelement 421, for according to described fileinfo, searching default virus document storehouse, and root
Judge whether described file is killed virus according to the lookup result in described virus document storehouse.
Trusted file searches subelement 422, for according to described fileinfo, searching default trusted file storehouse, and root
Judge whether to search described virus document storehouse according to the lookup result in described trusted file storehouse.
The real-time virus killing device of Linux that the present embodiment is provided, by outside trusted file storehouse and virus document storehouse, carries
Kill virus in real time for more efficient linux system file.
Embodiment described above only have expressed the several embodiments of the present invention, and its description is more concrete and detailed, but simultaneously
Therefore the restriction to the scope of the claims of the present invention can not be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, some deformation can also be made and improve, these broadly fall into the guarantor of the present invention
Shield scope.Therefore, the protection domain of patent of the present invention should be defined by claims.
Claims (10)
1. a kind of method of Linux antivirus in real time is it is characterised in that methods described includes:
Receive the operation order of application program, and obtain the mark of application program;
Load default abduction function library and dynamic base;
Run described application program and identify the file manipulation function in described application program;
Described abduction function library, described abduction function library are searched according to the mark of described application program, described file manipulation function
Including the corresponding relation between described file manipulation function, the mark of described application program and abduction function, if finding, transport
The described abduction function of row, and judge whether the literary composition to the operation of described file manipulation function according to the described operation result kidnapping function
Part is killed virus, and judges whether to run the file manipulation function in described dynamic base according to the antivirus result of described file.
2. Linux according to claim 1 in real time antivirus method it is characterised in that described according to described abduction function
Operation result judge whether to described file manipulation function operation file kill virus, including:
Obtain the fileinfo in described file manipulation function;
According to described fileinfo, call external service program, and according to the operation result judgement of described external service program be
No described file is killed virus.
3. the method for Linux according to claim 2 antivirus in real time is it is characterised in that methods described also includes:
When the described operation result kidnapping function is to need described file is killed virus, described file is isolated.
4. Linux according to claim 2 in real time antivirus method it is characterised in that described according to described fileinfo,
Call external service program, and judge whether described file is killed virus according to the operation result of described external service program,
Including:
According to described fileinfo, search default virus document storehouse, and judged according to the lookup result in described virus document storehouse
Whether described file is killed virus.
5. the method for Linux according to claim 4 antivirus in real time is it is characterised in that according to described fileinfo, look into
Before looking for the step in default virus document storehouse, methods described also includes:
According to described fileinfo, search default trusted file storehouse, and judged according to the lookup result in described trusted file storehouse
Whether search described virus document storehouse.
6. a kind of device of Linux antivirus in real time is it is characterised in that include:
Application program receiver module, for receiving the operation order of application program, and obtains the mark of application program;
Function library load-on module, for loading default abduction function library and dynamic base;
Function identification module, for running described application program and identifying the file manipulation function in described application program;
File antivirus module, for searching described abduction function according to the mark of described application program, described file manipulation function
Storehouse, described abduction function library includes described file manipulation function, the mark of described application program and kidnaps the correspondence between function
Relation, if finding,
Then run described abduction function, and judged whether to described file manipulation function according to the described operation result kidnapping function
The file of operation is killed virus, and judges whether to run the file operation in described dynamic base according to the antivirus result of described file
Function.
7. the device of Linux according to claim 6 antivirus in real time, it is characterised in that described file antivirus module, wraps
Include:
Fileinfo acquiring unit, for obtaining the fileinfo in described file manipulation function;
File antivirus unit, for according to described fileinfo, calling external service program, and according to described external service program
Operation result judge whether described file is killed virus.
8. the device of Linux according to claim 6 antivirus in real time is it is characterised in that also include:
File isolation module, for when the described operation result kidnapping function is to need described file is killed virus, to institute
State file to be isolated.
9. the device of Linux according to claim 7 antivirus in real time, it is characterised in that described file antivirus unit, wraps
Include:
Virus document searches subelement, for according to described fileinfo, searching default virus document storehouse, and according to described disease
The lookup result of malicious library judges whether described file is killed virus.
10. the device of Linux according to claim 9 antivirus in real time, it is characterised in that described file antivirus unit, is gone back
Including:
Trusted file searches subelement, for according to described fileinfo, searching default trusted file storehouse, and according to described can
The lookup result of letter library judges whether to search described virus document storehouse.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611051408.7A CN106407812B (en) | 2016-11-24 | 2016-11-24 | The method and device that Linux kills virus in real time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611051408.7A CN106407812B (en) | 2016-11-24 | 2016-11-24 | The method and device that Linux kills virus in real time |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106407812A true CN106407812A (en) | 2017-02-15 |
| CN106407812B CN106407812B (en) | 2019-02-12 |
Family
ID=58081781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611051408.7A Active CN106407812B (en) | 2016-11-24 | 2016-11-24 | The method and device that Linux kills virus in real time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106407812B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7325251B1 (en) * | 2003-12-16 | 2008-01-29 | Symantec Corporation | Method and system to prevent peer-to-peer (P2P) worms |
| CN102012992A (en) * | 2010-11-19 | 2011-04-13 | 奇智软件(北京)有限公司 | Method and device for monitoring real-time protection document |
| CN103198253A (en) * | 2013-03-29 | 2013-07-10 | 北京奇虎科技有限公司 | Method and system of file operation |
| CN105721387A (en) * | 2014-12-01 | 2016-06-29 | 北京蓝光引力网络股份有限公司 | Method for preventing network hijack |
-
2016
- 2016-11-24 CN CN201611051408.7A patent/CN106407812B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7325251B1 (en) * | 2003-12-16 | 2008-01-29 | Symantec Corporation | Method and system to prevent peer-to-peer (P2P) worms |
| CN102012992A (en) * | 2010-11-19 | 2011-04-13 | 奇智软件(北京)有限公司 | Method and device for monitoring real-time protection document |
| CN103198253A (en) * | 2013-03-29 | 2013-07-10 | 北京奇虎科技有限公司 | Method and system of file operation |
| CN105721387A (en) * | 2014-12-01 | 2016-06-29 | 北京蓝光引力网络股份有限公司 | Method for preventing network hijack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106407812B (en) | 2019-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10581879B1 (en) | Enhanced malware detection for generated objects | |
| US9935972B2 (en) | Emulator-based malware learning and detection | |
| CN106709325B (en) | Method and device for monitoring program | |
| US11288362B2 (en) | System and method for creating antivirus records for antivirus applications | |
| US20160057159A1 (en) | Semantics-aware android malware classification | |
| US20160021174A1 (en) | Computer implemented method for classifying mobile applications and computer programs thereof | |
| CN112632531A (en) | Malicious code identification method and device, computer equipment and medium | |
| CN109711171A (en) | Software vulnerability location method and device, system, storage medium, and electronic device | |
| WO2018017498A1 (en) | Inferential exploit attempt detection | |
| KR101851233B1 (en) | Apparatus and method for detection of malicious threats included in file, recording medium thereof | |
| WO2017040957A1 (en) | Process launch, monitoring and execution control | |
| CN107247902A (en) | Malware categorizing system and method | |
| CN110543765A (en) | malicious software detection method | |
| CN105095758B (en) | Screen locking applied program processing method, device and mobile terminal | |
| CN109800569A (en) | Program identification method and device | |
| CN109800571A (en) | Event-handling method and device and storage medium and electronic device | |
| CN105205398B (en) | It is a kind of that shell side method is looked into based on APK shell adding software dynamic behaviours | |
| CN106557694B (en) | Linux file operation monitoring method and device | |
| CN103116724B (en) | The method of locator(-ter) sample hazardous act and device | |
| CN108040036A (en) | A kind of industry cloud Webshell safety protecting methods | |
| CN113127868A (en) | Script identification method, device, equipment and storage medium | |
| CN102426634A (en) | Source code back door discovery method | |
| CN106407812A (en) | Linux real-time virus killing method and apparatus | |
| CN106650439A (en) | Suspicious application program detection method and device | |
| CN106657022B (en) | Linux method for network access control and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100190 Zhongguancun street, Haidian District, Beijing, No. 22, A1305, 13 Applicant after: Beijing net an Technology Limited by Share Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun street, No. 22, building 1301 Applicant before: Beijing Rising Information Technology Co., Ltd |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |