-
1.发明授权System and method for identifying a macro virus family using a macro virus definitions database 有权使用宏病毒定义数据库识别宏病毒系列的系统和方法公开(公告)号:US07210041B1
公开(公告)日:2007-04-24
申请号:US09846103
申请日:2001-04-30
CPC分类号: G06F21/56
摘要: A macro virus definitions database is maintained and includes a set of indices and associated macro virus definition data files. One or more of the macro virus definition data files are referenced by the associated index. Each macro virus definition data file defines macro virus attributes for known macro viruses. The sets of the indices and the macro virus definition data files are organized according to macro virus families. One or more strings stored in a suspect file are compared to the macro virus attributes defined in the one or more macro virus definition data files for each macro virus family in the macro virus definitions database. The macro virus family to which the suspect file belongs is determined from the indices for each of the macro virus definition data files at least partially containing the suspect file.
摘要翻译: 维护宏病毒定义数据库,并包括一组索引和关联的宏病毒定义数据文件。 一个或多个宏病毒定义数据文件由关联的索引引用。 每个宏病毒定义数据文件定义已知宏病毒的宏病毒属性。 索引集和宏病毒定义数据文件根据宏病毒系列进行组织。 将存储在可疑文件中的一个或多个字符串与宏病毒定义数据库中的每个宏病毒系列的一个或多个宏病毒定义数据文件中定义的宏病毒属性进行比较。 可疑文件所属的宏病毒系列由至少部分包含可疑文件的每个宏病毒定义数据文件的索引确定。
-
2.发明授权Heuristic detection of polymorphic computer viruses based on redundancy in viral code 失效基于病毒码冗余的多态计算机病毒的启发式检测公开(公告)号:US07266844B2
公开(公告)日:2007-09-04
申请号:US09963659
申请日:2001-09-27
IPC分类号: G06F11/00
CPC分类号: G06F21/563
摘要: Computer programs are analysed for the occurrence of redundant program instructions of program instruction using uninitialised variables. If the number of such instructions exceeds a threshold level, then the computer program is treated as containing a computer virus. This technique is useful in identifying new and polymorphic viruses.
摘要翻译: 对使用未初始化变量的程序指令的冗余程序指令的发生情况分析计算机程序。 如果这些指令的数量超过阈值水平,那么计算机程序被视为包含计算机病毒。 这种技术在鉴定新型和多态性病毒方面是有用的。
-
搜索结果
2 条记录 (耗时 0.008 秒)
