发明名称 |
Active defense method on the basis of cloud security |
摘要 |
The present invention relates to an active defense method based on cloud security comprising: a client collecting and sending a program behavior launched by a program thereon and/or a program feature of the program launching the program behavior to a server; with respect to the program feature and/or the program behavior sent by the client, the server performing an analysis and comparison in its database, making a determination on the program based on the comparison result, and feeding back to the client; based on the feedback determination result, the client deciding whether to intercept the program behavior, terminate execution of the program and/or clean up the program, and restore the system environment. The invention introduces a cloud security architecture, and employs a behavior feature based on active defense to search and kill a malicious program, thereby ensuring network security. |
申请公布号 |
US9177141(B2) |
申请公布日期 |
2015.11.03 |
申请号 |
US201113817577 |
申请日期 |
2011.08.08 |
申请人 |
BEIJING QIHOO TECHNOLOGY COMPANY LIMITED;QIZHI SOFTWARE(BEIJING) COMPANY LIMITED |
发明人 |
Zhou Hongyi;Zheng Wenbin;Yu He;Fan Paul |
分类号 |
G06F21/56;H04L29/06 |
主分类号 |
G06F21/56 |
代理机构 |
Troutman Sanders LLP |
代理人 |
Troutman Sanders LLP |
主权项 |
1. An active defense method based on cloud security, comprising:
recording a black/white list in a database, which black/white list including different program features and corresponding program behaviors; receiving at least one program behavior and a program feature of a program from a client; comparing the received program feature/program behavior with the recorded program feature/program behavior in the database, and making a determination on the program based on the comparison result; feeding back the determination result to the client; wherein, said method further comprising based on the program features and the corresponding program behaviors thereof in the black/white list, performing an analysis of unknown program features and program behaviors of a first program and a second program to update the black/white list comprising establishing an associated relationship between the first program and the second program based on their program features and their program behaviors; when a program behavior of the first program is included into the black/white list, updating the black/white list by:
adding a program feature of the first program that corresponds to the program behavior of the first program to the black/white list, andadding a program behavior and a program feature of the second program into the black/white list based on the associated relationship between the first program and the second program; and/or when a program feature of the first program is included into the black/white list, updating the black/white list by:
adding a program behavior of the first program that corresponds to the program feature of the first program to the black/white list, andadding the program behavior and the program feature of the second program to the black/white list based on the associated relationship between the first program and the second program. |
地址 |
Beijing CN |