摘要 |
<p>The present disclosure provides a method and a server for discriminating a malicious attribute of a program. The method includes: acquiring action data of a program at a client (101); acquiring a malicious action and a malicious action value of the program according to the action data of the program and the sample data stored locally (102), wherein the sample data includes a malicious program sample set and a non-malicious program sample set, and the malicious action value reflects a malicious degree of the malicious action; determining a malicious attribute of the program according to the malicious action and/or the malicious action value of the program (103). The provided method and server can determine the malicious attribute of a report file which does not have the same sample in the background.</p> |