[go: up one dir, main page]

CN106407812B - The method and device that Linux kills virus in real time - Google Patents

The method and device that Linux kills virus in real time Download PDF

Info

Publication number
CN106407812B
CN106407812B CN201611051408.7A CN201611051408A CN106407812B CN 106407812 B CN106407812 B CN 106407812B CN 201611051408 A CN201611051408 A CN 201611051408A CN 106407812 B CN106407812 B CN 106407812B
Authority
CN
China
Prior art keywords
file
function
virus
library
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611051408.7A
Other languages
Chinese (zh)
Other versions
CN106407812A (en
Inventor
程广连
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Net An Technology Ltd By Share Ltd
Original Assignee
Beijing Net An Technology Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Net An Technology Ltd By Share Ltd filed Critical Beijing Net An Technology Ltd By Share Ltd
Priority to CN201611051408.7A priority Critical patent/CN106407812B/en
Publication of CN106407812A publication Critical patent/CN106407812A/en
Application granted granted Critical
Publication of CN106407812B publication Critical patent/CN106407812B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention provides a kind of method and device that Linux kills virus in real time, which comprises receives the operation order of application program, and obtains the mark of application program;Load preset abduction function library and dynamic base;It runs the application program and identifies the file manipulation function in the application program;The abduction function library is searched according to the mark of the application program, the file manipulation function, if finding, then run the abduction function, and judge whether that the file operated to the file manipulation function is killed virus according to the operation result for kidnapping function, and judge whether to run the file manipulation function in the dynamic base according to the antivirus result of the file.The real-time virus killing device of Linux provided by the present invention can kill virus to file for different application programs in linux system, improve the flexibility and real-time of file antivirus.

Description

The method and device that Linux kills virus in real time
Technical field
The present invention relates to field of information security technology, more particularly to a kind of method and device that Linux kills virus in real time.
Background technique
In linux system, how to guarantee the safety of file operation, to guarantee the peace of internal network or whole system Quan Xing is the important topic of field of information security technology.
Currently, the method for common file antivirus includes that user selects antivirus and periodically antivirus etc. is manually set under Linux Method, only in the case where user's selection is using antivirus software active killing or having arrived the antivirus period set by user, Can kill virus to file, it cannot be guaranteed that in system file safety.If in program operation, by application call File is not killed virus in time, or if linux system does not have killing viral for a long time, the safety of whole system more cannot get It ensures.
Summary of the invention
Based on this, it is necessary to one can not be provided aiming at the problem that application program kills virus to linux system file The method that kind Linux kills virus in real time, which comprises
The operation order of application program is received, and obtains the mark of application program;
Load preset abduction function library and dynamic base;
It runs the application program and identifies the file manipulation function in the application program;
The abduction function library, the abduction letter are searched according to the mark of the application program, the file manipulation function Number library includes the corresponding relationship between the file manipulation function, the mark of the application program and abduction function, if finding,
The abduction function is then run, and is judged whether according to the operation result for kidnapping function to the file operation The file of function operation is killed virus, and judges whether to run the file in the dynamic base according to the antivirus result of the file Handling function.
It is described in one of the embodiments, to judge whether to grasp the file according to the operation result for kidnapping function The file for making function operation is killed virus, comprising:
Obtain the file information in the file manipulation function;
According to the file information, external service program is called, and is sentenced according to the operation result of the external service program It is disconnected whether to kill virus to the file.
In one of the embodiments, the method also includes:
When it is described kidnap function operation result be need kill virus to the file when, to the file carry out every From.
It is described in one of the embodiments, that external service program is called according to the file information, and according to described outer The operation result of portion's service routine judges whether to kill virus to the file, comprising:
According to the file information, preset virus document library is searched, and according to the lookup result in the virus document library Judge whether to kill virus to the file.
In one of the embodiments, before the step of according to the file information, searching preset virus document library, The method also includes:
According to the file information, preset trusted file library is searched, and according to the lookup result in the trusted file library Judge whether to search the virus document library.
The real-time virus method of Linux provided by the present invention can be directed to different application programs pair in linux system File is killed virus, and the flexibility and real-time of file antivirus are improved.
The real-time virus method of Linux provided by the present invention can be directed to different application programs in linux system, Judge whether to run institute by kidnapping the file manipulation function of the application call, and according to the operation for kidnapping function File manipulation function is stated, the operation by kidnapping function kills virus to file operated by file manipulation function, improves text The flexibility and real-time of part antivirus.
The real-time virus method of Linux provided by the present invention in one of the embodiments, can pass through external service program The file killed virus and the trusted file for not needing to kill virus are defined and are safeguarded, is provided flexible and convenient For the antivirus of linux system file.
The present invention also provides a kind of real-time virus killing devices of Linux, comprising:
Application program receiving module for receiving the operation order of application program, and obtains the mark of application program;
Function library loading module, for loading preset abduction function library and dynamic base;
Function identification module, for running the application program and identifying the file manipulation function in the application program;
File antivirus module, for searching the abduction according to the mark of the application program, the file manipulation function Function library, the function library of kidnapping includes between the file manipulation function, the mark of the application program and abduction function Corresponding relationship, if finding,
The abduction function is then run, and is judged whether according to the operation result for kidnapping function to the file operation The file of function operation is killed virus, and judges whether to run the file in the dynamic base according to the antivirus result of the file Handling function.
The file antivirus module in one of the embodiments, comprising:
The file information acquiring unit, for obtaining the file information in the file manipulation function;
File antivirus unit, for calling external service program according to the file information, and according to the external service The operation result of program judges whether to kill virus to the file.
In one of the embodiments, further include:
File isolation module, for when it is described kidnap function operation result be need kill virus to the file when, The file is isolated.
The file antivirus unit in one of the embodiments, comprising:
Virus document searches subelement, for searching preset virus document library, and according to institute according to the file information The lookup result for stating virus document library judges whether to kill virus to the file.
The file antivirus unit in one of the embodiments, further includes:
Trusted file searches subelement, for searching preset trusted file library, and according to institute according to the file information The lookup result for stating trusted file library judges whether to search the virus document library.
The real-time virus killing device of Linux provided by the present invention can be directed to different application programs in linux system, Judge whether to run institute by kidnapping the file manipulation function of the application call, and according to the operation for kidnapping function File manipulation function is stated, the operation by kidnapping function kills virus to file operated by file manipulation function, improves text The flexibility and real-time of part antivirus.
The real-time virus killing device of Linux provided by the present invention in one of the embodiments, can pass through external service program The file killed virus and the trusted file for not needing to kill virus are defined and are safeguarded, is provided flexible and convenient For the antivirus of linux system file.
Detailed description of the invention
Fig. 1 is the flow chart of the real-time virus method of Linux in one embodiment;
Fig. 2 be one embodiment in the real-time virus method of Linux in kidnap library position view;
Fig. 3 is the flow chart of the real-time virus method of Linux in another embodiment;
Fig. 4 is the flow chart of the real-time virus method of Linux in another embodiment;
Fig. 5 is the flow chart of the real-time virus method of Linux in further embodiment;
Fig. 6 is the structure chart of the real-time virus killing device of Linux in one embodiment;
Fig. 7 is the structure chart of the real-time virus killing device of Linux in another embodiment;
Fig. 8 is the structure chart of the real-time virus killing device of Linux in another embodiment.
Specific embodiment
Fig. 1 is the flow chart of the real-time virus method of Linux in one embodiment, in one embodiment as shown in Figure 1 The real-time virus method of Linux, comprising:
Step S100, receives the operation order of application program, and obtains the mark of application program.
Specifically, the mark of the application program refers to the mark for distinguishing different application, or distinguishes difference and answer Any one with the label of the feature of program, in programs categories, title, version number including application program.
Step S200 loads preset abduction function library and dynamic base.
Specifically, the preset abduction function library, including open series of functions, close function, create series letter Number, read function, write function etc..
System loads the abduction function library first, reloads dynamic base, i.e., the common library C.
As shown in Fig. 2, the present embodiment provided by kidnap library, after load in linux system position.In user application layer Under, warehouse compartment is kidnapped in dynamic base closer to the position of user application layer, to indicate to kidnap the preferentially quilt of the abduction function in library It calls, does not kidnap function accordingly as kidnapped in library, then call the function in dynamic base.In Fig. 2, library and dynamic base are kidnapped all It is connected to the kernel portion of Linux bottom.It repeats no more.
Step S300 runs the application program and identifies the file manipulation function in the application program.
Specifically, identified after running the application program to the file manipulation function in program, when recognizing file When handling function, i.e. progress subsequent step S400.
Step S400 searches the abduction function library, institute according to the mark of the application program, the file manipulation function Stating and kidnapping function library includes the corresponding relationship between the file manipulation function, the mark of the application program and abduction function, If not finding abduction function corresponding with the mark of the file manipulation function and the application program, the dynamic base is called In file manipulation function;If finding,
The abduction function is then run, and is judged whether according to the operation result for kidnapping function to the file operation The file of function operation is killed virus, and judges whether to run the file in the dynamic base according to the antivirus result of the file Handling function.
Specifically, described kidnap the mark and kidnap letter that function library includes the file manipulation function and the application program Corresponding relationship between number.For example, when the file of the file manipulation function open action of setting application program A is needed according to When the operation result of abduction function judges whether to need to kill virus, the file manipulation function open of the application program A is in the misfortune It holds in function library.It is not virus document that the operation result for such as kidnapping function, which is the file, then the file in dynamic base is called to grasp Make function, it is virus document that the operation result for such as kidnapping function, which is the file, then kills virus to file, and according to antivirus As a result it further determines whether to call the file manipulation function in dynamic base.
The real-time virus method of Linux provided by the present invention can be directed to different application programs in linux system, Judge whether to run institute by kidnapping the file manipulation function of the application call, and according to the operation for kidnapping function File manipulation function is stated, the operation by kidnapping function kills virus to file operated by file manipulation function, improves text The flexibility and real-time of part antivirus.
The abduction function library, absolute path are stored in stage door file in one of the embodiments, that is, Be stored in/etc/ld.so.preload file in.The real-time virus method of Linux provided by the present embodiment, by the abduction Function library is stored in stage door file, it is ensured that the abduction function library is added prior to dynamic base, further increases needle To the efficiency of the file antivirus of different application.
Fig. 3 is the flow chart of the real-time virus method of Linux in another embodiment, is in method flow shown in Fig. 2 The specific embodiment of step S400, file operation monitoring method as shown in Figure 3, comprising:
Step S410 obtains the file information in the file manipulation function.
Specifically, the file information in the file manipulation function is obtained, and the absolute path including file, the letter such as filename Breath.
Step S420 calls external service program according to the file information, and according to the fortune of the external service program Row result judges whether to kill virus to the file.
It specifically, the calling external service program, including according to the file information whether is virus document to the file It is determined, and judges whether to kill virus to the file according to the operation result of external program.
By the combination setting to the file information, application program, the specific file behaviour to application-specific may be implemented Make file operated by function to kill virus.If the file manipulation function open of specified application A is to need to carry out virus to look into The handling function of the file killed, as the file 1 opened according to file manipulation function open calls external service program, and according to The operation result of external service program judges whether to need to kill virus to file 1, as the operation result of external service program is The file 1 is virus document, then the operation result for kidnapping function kills virus to the file 1 for needs, and according to The result of antivirus judges whether the file manipulation function open in operation state library;If the operation result of external service program is institute Stating file 1 is not virus document, and the operation result for kidnapping function is not need to kill virus to file 1, calls dynamic base In file manipulation function open.
The real-time virus method of Linux provided by the present invention, can be by external service program to the spy of application-specific Determine the combination setting that file operated by file manipulation function kills virus, provides flexible and convenient for linux system text The virus method of part.
The abduction function library, absolute path are stored in stage door file in one of the embodiments, that is, Be stored in/etc/ld.so.preload file in.The real-time virus method of Linux provided by the present embodiment, by the abduction Function library is stored in stage door file, it is ensured that the abduction function library is added prior to dynamic base, further increases needle To the efficiency of the file antivirus of different application.
Fig. 4 is the flow chart of the real-time virus method of Linux in another embodiment;Fig. 4 is method flow shown in Fig. 2 Another specific embodiment of middle step S400, file operation monitoring method as shown in Figure 4, comprising:
Step S410 obtains the file information in the file manipulation function.
Specifically, the file information in the file manipulation function is obtained, and the absolute path including file, the letter such as filename Breath.
Step S420 calls external service program according to the file information, and according to the fortune of the external service program Row result judges whether to kill virus to the file.
Step S430, when the operation result for kidnapping function is to need to kill virus to the file, to the text Part is isolated.
Specifically, the present embodiment furthermore provides whether sentence to what file was isolated after killing virus to file Disconnected option.If judging result is to need that file is isolated, then file isolation step is executed.Such as, when the abduction function Operation result (after calling external service program, it is virus document that the operation result of external service program, which is the file) is needs When killing virus to file, the step of file is isolated can be further executed.When the operation result for kidnapping function is not need When killing virus to file, then do not need to execute file isolation.
The real-time virus method of Linux provided by the present embodiment is carrying out what application call was killed virus in real time to file On the basis of, file isolation is provided, the safety of file is further increased, guarantees the operational safety of entire linux system.
Fig. 5 is the flow chart of the real-time virus method of Linux in further embodiment, and Linux as shown in Figure 5 is killed in real time Malicious method, comprising:
Step S410 obtains the file information in the file manipulation function.
Step S420 ' searches preset trusted file library according to the file information, and according to the trusted file library Lookup result judge whether to search the virus document library.
Specifically, the trusted file library, can be provided by the way of blacklist or white list and not needed to carry out virus The trusted file of killing improves the killing efficiency of file.
Step S420 searches preset virus document library according to the file information, and according to the virus document library Lookup result judges whether to kill virus to the file.
Specifically, the virus document library, can carry out real-time more new virus according to demand, guarantee the standard of file antivirus True rate.
The real-time virus method of Linux provided by the present embodiment is mentioned by external trusted file library and virus document library It kills virus in real time for more efficient linux system file.
Fig. 6 is the structure chart of the real-time virus killing device of Linux in one embodiment, and Linux as shown in FIG. 6 kills virus in real time Device includes:
Application program receiving module 100 for receiving the operation order of application program, and obtains the mark of application program;
Function library loading module 200, for loading preset abduction function library and dynamic base;
Function identification module 300, for running the application program and identifying the file operation letter in the application program Number;
File antivirus module 400 searches the abduction letter according to the mark of the application program, the file manipulation function Number library, the function library of kidnapping includes pair between the file manipulation function, the mark of the application program and abduction function It should be related to, if not finding abduction function corresponding with the mark of the file manipulation function and the application program, call institute State the file manipulation function in dynamic base;If finding, the abduction function is run, and according to the operation for kidnapping function As a result judge whether that the file operated to the file manipulation function is killed virus, and judged according to the antivirus result of the file Whether file manipulation function in the dynamic base is run.
The real-time virus killing device of Linux provided by the present invention can be directed to different application programs in linux system, Judge whether to run institute by kidnapping the file manipulation function of the application call, and according to the operation for kidnapping function File manipulation function is stated, the operation by kidnapping function kills virus to file operated by file manipulation function, improves text The flexibility and real-time of part antivirus.Fig. 7 is the structure chart of the real-time virus killing device of Linux in another embodiment, such as Fig. 7 institute The real-time virus killing device of the Linux shown includes:
Application program receiving module 100 for receiving the operation order of application program, and obtains the mark of application program;
Function library loading module 200, for loading preset abduction function library and dynamic base;
Function identification module 300, for running the application program and identifying the file operation letter in the application program Number;
File antivirus module 400, for searching the misfortune according to the mark of the application program, the file manipulation function Function library is held, the function library of kidnapping includes between the file manipulation function, the mark of the application program and abduction function Corresponding relationship, if not finding abduction function corresponding with the mark of the file manipulation function and the application program, adjust With the file manipulation function in the dynamic base;If finding, judged whether pair according to the operation result for kidnapping function The file of the file manipulation function operation is killed virus, and is judged whether to run described move according to the antivirus result of the file File manipulation function in state library.
File isolation module 500, for being to need to kill virus to the file when the operation result for kidnapping function When, the file is isolated.
The real-time virus killing device of Linux provided by the present embodiment is carrying out what application call was killed virus in real time to file On the basis of, file isolation is provided, the safety of file is further increased, guarantees the operational safety of entire linux system.
Fig. 8 is the structure chart of the real-time virus killing device of Linux in another embodiment, and Linux as shown in Figure 8 is killed in real time Malicious device, comprising:
The file information acquiring unit 410, for obtaining the file information in the file manipulation function;
File antivirus unit 420, for calling external service program according to the file information, and according to the outside The operation result of service routine judges whether to kill virus to the file, comprising:
Virus document searches subelement 421, for searching preset virus document library, and root according to the file information Judge whether to kill virus to the file according to the lookup result in the virus document library.
Trusted file searches subelement 422, for searching preset trusted file library, and root according to the file information Judge whether to search the virus document library according to the lookup result in the trusted file library.
The real-time virus killing device of Linux provided by the present embodiment is mentioned by external trusted file library and virus document library It kills virus in real time for more efficient linux system file.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously Limitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention Protect range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.

Claims (10)

1. a kind of method that Linux kills virus in real time, which is characterized in that the described method includes:
The operation order of application program is received, and obtains the mark of application program;
Load preset abduction function library and dynamic base;
It runs the application program and identifies the file manipulation function in the application program;
The abduction function library, the abduction function library are searched according to the mark of the application program, the file manipulation function It is transported including the corresponding relationship between the file manipulation function, the mark of the application program and abduction function if finding The row abduction function, and the text operated to the file manipulation function is judged whether according to the operation result for kidnapping function Part is killed virus, and judges whether to run the file manipulation function in the dynamic base according to the antivirus result of the file, In, the file manipulation function in the dynamic base includes the file manipulation function in the application program.
2. the method that Linux according to claim 1 kills virus in real time, which is characterized in that described according to the abduction function Operation result judge whether to the file manipulation function operate file kill virus, comprising:
Obtain the file information in the file manipulation function;
According to the file information, external service program is called, and is according to the judgement of the operation result of the external service program It is no to kill virus to the file.
3. the method that Linux according to claim 2 kills virus in real time, which is characterized in that the method also includes:
When the operation result for kidnapping function is to need to kill virus to the file, the file is isolated.
4. the method that Linux according to claim 2 kills virus in real time, which is characterized in that it is described according to the file information, External service program is called, and judges whether to kill virus to the file according to the operation result of the external service program, Include:
According to the file information, preset virus document library is searched, and is judged according to the lookup result in the virus document library Whether kill virus to the file.
5. the method that Linux according to claim 4 kills virus in real time, which is characterized in that according to the file information, look into Before the step of looking for preset virus document library, the method also includes:
According to the file information, preset trusted file library is searched, and is judged according to the lookup result in the trusted file library Whether the virus document library is searched.
6. a kind of device that Linux kills virus in real time characterized by comprising
Application program receiving module for receiving the operation order of application program, and obtains the mark of application program;
Function library loading module, for loading preset abduction function library and dynamic base;
Function identification module, for running the application program and identifying the file manipulation function in the application program;
File antivirus module, for searching the abduction function according to the mark of the application program, the file manipulation function Library, the function library of kidnapping includes the correspondence between the file manipulation function, the mark of the application program and abduction function Relationship, if finding,
The abduction function is then run, and is judged whether according to the operation result for kidnapping function to the file manipulation function The file of operation is killed virus, and judges whether to run the file operation in the dynamic base according to the antivirus result of the file Function, wherein the file manipulation function in the dynamic base includes the file manipulation function in the application program.
7. the device that Linux according to claim 6 kills virus in real time, which is characterized in that the file antivirus module, packet It includes:
The file information acquiring unit, for obtaining the file information in the file manipulation function;
File antivirus unit, for calling external service program according to the file information, and according to the external service program Operation result judge whether to kill virus to the file.
8. the device that Linux according to claim 6 kills virus in real time, which is characterized in that further include:
File isolation module, for when it is described kidnap function operation result be need kill virus to the file when, to institute File is stated to be isolated.
9. the device that Linux according to claim 7 kills virus in real time, which is characterized in that the file antivirus unit, packet It includes:
Virus document searches subelement, for searching preset virus document library, and according to the disease according to the file information The lookup result of malicious library judges whether to kill virus to the file.
10. the device that Linux according to claim 9 kills virus in real time, which is characterized in that the file antivirus unit, also Include:
Trusted file searches subelement, for according to the file information, searching preset trusted file library, and according to it is described can The lookup result of letter library judges whether to search the virus document library.
CN201611051408.7A 2016-11-24 2016-11-24 The method and device that Linux kills virus in real time Active CN106407812B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611051408.7A CN106407812B (en) 2016-11-24 2016-11-24 The method and device that Linux kills virus in real time

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611051408.7A CN106407812B (en) 2016-11-24 2016-11-24 The method and device that Linux kills virus in real time

Publications (2)

Publication Number Publication Date
CN106407812A CN106407812A (en) 2017-02-15
CN106407812B true CN106407812B (en) 2019-02-12

Family

ID=58081781

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611051408.7A Active CN106407812B (en) 2016-11-24 2016-11-24 The method and device that Linux kills virus in real time

Country Status (1)

Country Link
CN (1) CN106407812B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7325251B1 (en) * 2003-12-16 2008-01-29 Symantec Corporation Method and system to prevent peer-to-peer (P2P) worms
CN102012992A (en) * 2010-11-19 2011-04-13 奇智软件(北京)有限公司 Method and device for monitoring real-time protection document
CN103198253A (en) * 2013-03-29 2013-07-10 北京奇虎科技有限公司 Method and system of file operation
CN105721387A (en) * 2014-12-01 2016-06-29 北京蓝光引力网络股份有限公司 Method for preventing network hijack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7325251B1 (en) * 2003-12-16 2008-01-29 Symantec Corporation Method and system to prevent peer-to-peer (P2P) worms
CN102012992A (en) * 2010-11-19 2011-04-13 奇智软件(北京)有限公司 Method and device for monitoring real-time protection document
CN103198253A (en) * 2013-03-29 2013-07-10 北京奇虎科技有限公司 Method and system of file operation
CN105721387A (en) * 2014-12-01 2016-06-29 北京蓝光引力网络股份有限公司 Method for preventing network hijack

Also Published As

Publication number Publication date
CN106407812A (en) 2017-02-15

Similar Documents

Publication Publication Date Title
US20160057159A1 (en) Semantics-aware android malware classification
US10581879B1 (en) Enhanced malware detection for generated objects
Bazrafshan et al. A survey on heuristic malware detection techniques
CN100401224C (en) Computer anti-virus protection system and method
Liangboonprakong et al. Classification of malware families based on n-grams sequential pattern features
US20160021174A1 (en) Computer implemented method for classifying mobile applications and computer programs thereof
US10783239B2 (en) System, method, and apparatus for computer security
Mosli et al. A behavior-based approach for malware detection
CN107480527A (en) Extort the prevention method and system of software
US20190163901A1 (en) Computer device and method of identifying whether container behavior thereof is abnormal
Lee et al. Screening smartphone applications using malware family signatures
US11475127B2 (en) Information processing device and information processing method
Apvrille et al. Identifying unknown android malware with feature extractions and classification techniques
CN110543765A (en) malicious software detection method
CN105095758B (en) Screen locking applied program processing method, device and mobile terminal
CN106557694B (en) Linux file operation monitoring method and device
Albishry et al. An attribute extraction for automated malware attack classification and detection using soft computing techniques
KR101589652B1 (en) System and method for detecting and inquiring metamorphic malignant code based on action
CN106407812B (en) The method and device that Linux kills virus in real time
Deepserish et al. PET-Droid: Android malware detection using static analysis
CN106657022B (en) Linux method for network access control and device
CN113127868A (en) Script identification method, device, equipment and storage medium
CN106778235A (en) Linux file operation control method and device
CN114372519A (en) Model training method, API request filtering method, device and storage medium
CN107247901A (en) Linux functions kidnap method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100190 Zhongguancun street, Haidian District, Beijing, No. 22, A1305, 13

Applicant after: Beijing net an Technology Limited by Share Ltd

Address before: 100190 Beijing City, Haidian District Zhongguancun street, No. 22, building 1301

Applicant before: Beijing Rising Information Technology Co., Ltd

GR01 Patent grant
GR01 Patent grant