| 发明名称 |
Method and Apparatus for Determining Behavior Information Corresponding to a Dangerous File |
| 摘要 |
A method for determining behavior information corresponding to a dangerous file in a computer device includes running the dangerous file in a virtual environment of the computer device when detecting existence of the dangerous file, wherein the virtual environment comprises at least one virtual API identical to at least one real API in a real environment of the computer device; monitoring behavior(s) of the dangerous file in the virtual environment to obtain the behavior information corresponding to the dangerous file. According to the solution of the present disclosure, it does not need to analyze disruptive behaviors of a dangerous file manually, the behavior information of the dangerous file can be quickly obtained in a virtual environment, thereby quickly and comprehensively repair the real system of the computer device. |
| 申请公布号 |
US2017124321(A1) |
申请公布日期 |
2017.05.04 |
| 申请号 |
US201515300770 |
申请日期 |
2015.06.25 |
| 申请人 |
BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) CO., LTD |
发明人 |
QIAN Keming;GUO Mingqiang |
| 分类号 |
G06F21/53 |
主分类号 |
G06F21/53 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for determining behavior information corresponding to a dangerous file in a computer device, comprising:
running the dangerous file in a virtual environment of the computer device when detecting existence of the dangerous file, wherein the virtual environment comprises at least one virtual API identical to at least one real API in a real environment of the computer device; and monitoring behavior of the dangerous file in the virtual environment to obtain the behavior information corresponding to the dangerous file. |
| 地址 |
Beijing CN |
