| 摘要 |
一种获取病毒码的方法及装置与机器可读取储存介质,所述方法包括:获取一病毒样本集合中的每个病毒样本包括的字串;根据每个字串在一非病毒样本集合中出现的第一频率和在所述病毒样本集合中出现的第二频率,选择字串作为侯选病毒特征码;根据包括侯选病毒特征码的病毒样本的数目和包括所述侯选病毒特征码的非病毒样本的数目,计算所述侯选病毒特征码的资讯熵;以及根据资讯熵从所述侯选病毒特征码中选择病毒特征码。本发明能够即时分析出最新的病毒特征码,并且能够保证得到的病毒特征码为最佳的特征码,覆盖变种病毒的能力较强。; selecting several of the strings as candidate virus signatures according to a first frequency in which each of the strings appears in a non-virus sample set and a second frequency in which each of the strings appears in the virus sample set; calculating an information entropy of each of the candidate virus signatures according to a number of virus samples including the candidate virus signatures and a number of non-virus samples including the candidate virus signatures; and selecting at least one virus signature from the candidate virus signatures according to the information entropy. The present invention can immediately analyze newest virus signatures, ensure that the acquired virus signature is a best virus signature, and have a better capability for overwriting variant viruses. |
