| 发明名称 |
METHOD AND DEVICE FOR IDENTIFYING COMPUTER VIRUS VARIANTS |
| 摘要 |
A method and apparatus for identifying computer virus variants are disclosed to improve the accuracy of virus identification and removal, and may relate to the field of internet technology. The method includes running a virus sample to be tested and recording an API call sequence produced during running of the virus sample. The method further includes obtaining a characteristic API call sequence for each one of a plurality of virus families, matching the API call sequence produced during running of the virus sample to be tested with the characteristic API call sequences of the virus families, and obtaining a matching result. The method also includes determining the virus sample to be tested is a virus variant by extent of a match between the API call sequence produced by the virus sample and any characteristic API call sequence of any one of the virus families. |
| 申请公布号 |
US2016232351(A1) |
申请公布日期 |
2016.08.11 |
| 申请号 |
US201615016048 |
申请日期 |
2016.02.04 |
| 申请人 |
Alibaba Group Holding Limited |
发明人 |
GUO Yuehua;TANG Honggang |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of identifying computer virus variants, the method comprising:
running a virus sample to be tested; recording an API (Application Program Interface) call sequence produced during the running of the virus sample; obtaining a plurality of characteristic API call sequences that respectively correspond to a plurality of virus families; matching the API call sequence with the plurality of characteristic API call sequences to obtain a matching result; and based on the matching result, determining whether the virus sample is a virus variant by extent of a match between the API call sequence and at least one of the plurality of characteristic API call sequences. |
| 地址 |
George Town KY |
