| 发明名称 | Two stage virus detection | ||
| 摘要 | A two stage virus detection system detects viruses in target files. In the first stage, a training application receives a master virus pattern file recording all known virus patterns and generates a features list containing fundamental virus signatures from the virus patterns, a novelty detection model, a classification model, and a set of segmented virus pattern files. In the second stage, a detection application scans a target file for viruses using the generated outputs from the first stage rather than using the master virus pattern file directly to do traditional pattern matching. The results of the scan can vary in detail depending on a fuzzy scan level. For fuzzy scan level “1,” the existence of a virus is returned. For fuzzy scan level “2,” the grant virus type found is returned. For fuzzy scan level “3,” the exact virus name is returned. This invention provides a solution for the problems caused by traditional virus detection solution: slow scanning speed, big pattern file, big burden on computation resource (CPU, RAM etc.), as well as heavy pattern updating traffic via networks. | ||
| 申请公布号 | US8935788(B1) | 申请公布日期 | 2015.01.13 |
| 申请号 | US200812252205 | 申请日期 | 2008.10.15 |
| 申请人 | Trend Micro Inc. | 发明人 | Diao Lili;Chan Vincent;Lu Patrick Mg |
| 分类号 | G06F11/30;G06F21/56 | 主分类号 | G06F11/30 |
| 代理机构 | Beyer Law Group LLP | 代理人 | Beyer Law Group LLP |
| 主权项 | 1. A method of detecting a virus in a target file comprising: receiving a scan level, wherein said scan level is a first scan level, a second scan level or a third scan level; locating in the target file, using a computer, one or more target virus features belonging to a features list, wherein the features list contains virus features extracted from a set of virus patterns in a virus pattern file that represent known viruses, said set of virus patterns defining a border within a feature space; generating a target feature vector from the one or more located target virus features representing said target file; determining whether said target feature vector is located within said border of the feature space and ending said method of detecting when it is determined that said target feature vector is not located within said border; when said scan level is said second scan level or said third scan level and it is determined that said target feature vector is located within said border, determining whether the target file belongs to a virus group from a plurality of virus groups and ending said method of detecting when it is determined that said target file does not belong to one of said virus groups; and when said scan level is said third scan level and it is determined that said target file belongs to a virus group from said plurality of virus groups, matching the target file against a subset of said set of virus patterns stored within a segment of said virus pattern file, wherein the segment of said virus pattern file is associated with the virus group. | ||
| 地址 | Tokyo JP | ||