CN102938758A - Detection method and terminal - Google Patents
Detection method and terminal Download PDFInfo
- Publication number
- CN102938758A CN102938758A CN2011102338540A CN201110233854A CN102938758A CN 102938758 A CN102938758 A CN 102938758A CN 2011102338540 A CN2011102338540 A CN 2011102338540A CN 201110233854 A CN201110233854 A CN 201110233854A CN 102938758 A CN102938758 A CN 102938758A
- Authority
- CN
- China
- Prior art keywords
- terminal
- data
- unit
- storage unit
- bus interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 74
- 238000012545 processing Methods 0.000 claims abstract description 58
- 238000000034 method Methods 0.000 claims abstract description 48
- 230000008569 process Effects 0.000 claims description 22
- 238000006243 chemical reaction Methods 0.000 claims description 9
- 238000012217 deletion Methods 0.000 claims description 5
- 230000037430 deletion Effects 0.000 claims description 5
- 241000700605 Viruses Species 0.000 description 52
- 238000010586 diagram Methods 0.000 description 12
- 230000002155 anti-virotic effect Effects 0.000 description 11
- 230000009471 action Effects 0.000 description 5
- 238000004140 cleaning Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000026676 system process Effects 0.000 description 2
- 208000003443 Unconsciousness Diseases 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a detection method and a terminal. The detection method is applied to a first terminal which is connected with a second terminal through a data bus interface. The first terminal comprises a first processing unit and a first storage unit for storing first data, and the second terminal comprises a second processing unit and a second storage unit for storing second data. The method includes: obtaining characteristic data from the first data; accessing the second storage unit through the data bus interface; and detecting whether target data matching with the characteristic data exist in the second data to obtain a detection result. The detection method solves the problem that malicious data detection cannot be performed under the condition that network environment and detection capacity do not exist in the prior art.
Description
Technical Field
The present invention relates to a terminal antivirus technology, and in particular, to a detection method and a terminal.
Background
At present, online antivirus is a novel network antivirus form of computer antivirus means, and the computer of a user is remotely checked and sterilized by a server of an antivirus company through the internet by utilizing a new generation network technology and combining an antivirus engine of antivirus software. The user can easily kill the virus on the local computer only by connecting the Internet without purchasing and installing antivirus software or upgrading.
In the process of research and practice of the prior art, the inventor of the present invention finds that, in the existing implementation, if the local operating system does not have a network environment or the network environment is damaged by viruses, local antivirus cannot be performed.
Disclosure of Invention
The embodiment of the invention provides a detection method and a terminal, and aims to solve the problem that malicious data cannot be detected in the prior art under the condition that a network environment is not provided.
To solve the foregoing technical problem, an embodiment of the present invention provides a detection method, which is applied to a first terminal, where the first terminal is connected to a second terminal through a data bus interface, the first terminal includes a first processing unit and a first storage unit that stores first data, and the second terminal includes a second processing unit and a second storage unit that stores second data, where the method includes:
obtaining feature data from the first data;
accessing the second storage unit through the data bus interface;
and detecting whether the second data has target data matched with the characteristic data or not to obtain a detection result.
Preferably, when the detection result indicates that matched target data exists, deleting the target data; or generating first prompt information and outputting the first prompt information; or
And when the detection result shows that no matched target data exists, generating second prompt information and outputting the second prompt information.
Preferably, before obtaining the feature data from the first data, the method further comprises:
obtaining new feature data from a third terminal through a network interface different from the data bus interface;
updating the new feature data into the first storage unit.
Preferably, the data bus interface includes: a Universal Serial Bus (USB) interface, a universal serial data bus (UART) interface or a 1394 network adapter bus interface.
Preferably, the accessing the second storage unit through the data bus interface includes:
and when the first processing unit and the second processing unit work, the first terminal accesses the second storage unit through the data bus interface.
Preferably, the second terminal further includes a conversion unit connected to the second storage unit, and the accessing the second storage unit through the data bus interface includes:
and when the first processing unit works and the second processing unit does not work, the first terminal accesses the second storage unit through the data bus interface and the conversion unit.
Correspondingly, an embodiment of the present invention further provides a terminal, where the terminal is connected to a second terminal through a data bus interface, and the second terminal includes a second processing unit and a second storage unit storing second data, where the terminal includes:
a first storage unit for storing first data;
a first acquiring unit configured to acquire feature data from the first data stored in the first storage unit;
the access unit is used for accessing the second data in the second storage unit through the data bus interface;
and the detection unit is used for detecting whether target data matched with the characteristic data acquired by the first acquisition unit exists in the second data accessed by the access unit to acquire a detection result.
Preferably, the terminal further includes: a deletion unit; or, a first generation unit or a second generation unit, and an output unit; wherein,
the deleting unit is used for deleting the target data when the detection result obtained by the detecting unit shows that the matched target data exists; or,
the first generating unit is used for generating first prompt information when the detection result obtained by the detecting unit shows that matched target data exists; or
The second generating unit generates second prompt information when the detection result obtained by the detecting unit shows that no matched target data exists;
the output unit is configured to output the first prompt information generated by the first generation unit, or output the second prompt information generated by the second generation unit.
Preferably, the method further comprises the following steps:
a second obtaining unit, configured to obtain new feature data from a third terminal through a network interface different from the data bus interface; and updating the new feature data to the first storage unit;
the first storage unit is further configured to store the new feature data acquired by the second acquisition unit.
Preferably, the connection of the terminal with the second terminal through the data bus interface specifically includes:
the terminal is connected with the second terminal through a Universal Serial Bus (USB) interface, a universal serial bus (UART) interface or a 1394 network adapter bus interface.
Preferably, the terminal is a PAD of a tablet computer, and the second terminal is a BASE; or the terminal is a BASE and the second terminal is a PAD.
Preferably, the terminal further includes: a first processing unit, wherein the first acquisition unit, the access unit and the detection unit are integrated in the first processing unit.
Correspondingly, an embodiment of the present invention further provides a terminal, where the terminal is connected to a second terminal through a data bus interface, and the second terminal includes a second processing unit and a second storage unit storing second data, where the terminal includes:
a storage unit for storing first data;
the mainboard is used for connecting the storage unit on the terminal with the second storage unit on the second terminal through a data bus interface on the mainboard;
and the processing unit is used for obtaining characteristic data from the first data, accessing the second data in the second storage unit through a data bus interface on the mainboard, detecting whether target data matched with the characteristic data exists in the second data, and obtaining a detection result.
Preferably, a display unit is further included in connection with the processing, wherein,
the processing unit is further used for deleting the target data when the detection result shows that the matched target data exists; or generating first prompt information and outputting the first prompt information to the display unit; or, the device is further configured to generate second prompt information when the detection result indicates that there is no matched target data, and output the second prompt information to the display unit;
and the display unit is used for displaying the first prompt message or the second prompt message output by the processing unit.
Preferably, the processing unit is further configured to obtain new feature data from a third terminal through a network interface different from the data bus interface; and updating the new feature data into the storage unit.
According to the technical scheme, the first terminal and the second terminal are connected through the data bus interface, so that the problem that malicious data of the second terminal can be detected under the condition that the first terminal and the second terminal do not have other specific network environments and the second terminal does not have the capability of being detected is solved, the malicious data are cleaned, or the second prompt information is generated and output, and therefore cleaning operation is facilitated.
Drawings
Fig. 1 is a flowchart of a detection method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a first structure of a terminal according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a second structure of a terminal according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an embodiment of a hybrid-architecture-based system according to the present invention;
fig. 5 is a schematic diagram of a first application example of a detection method based on a hybrid architecture system according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a second application example of a detection method based on a hybrid architecture system according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a third application example of a detection method based on a hybrid architecture system according to an embodiment of the present invention.
Detailed Description
In order to make the technical field of the invention better understand the scheme of the embodiment of the invention, the embodiment of the invention is further described in detail with reference to the drawings and the implementation mode.
Please refer to fig. 1, which is a flowchart illustrating a detection method according to an embodiment of the present invention; the detection method is applied to a first terminal, the first terminal comprises a first processing unit and a first storage unit for storing first data, the second terminal comprises a second processing unit and a second storage unit for storing second data, and the method comprises the following steps:
step 101: the first terminal obtains characteristic data from the first data;
first data are obtained from the first storage unit, and the first data are analyzed to obtain characteristic data of the first data.
Step 102: the first terminal accesses the second storage unit through the data bus interface;
wherein the step includes two embodiments, one of accessing the second memory location via the data bus interface includes: and when the first processing unit and the second processing unit work, the first terminal accesses the second storage unit through the data bus interface.
Alternatively, the second terminal may further include a conversion unit connected to the second storage unit, and the accessing the second storage unit through the data bus interface includes:
and when the first processing unit works and the second processing unit does not work, the first terminal accesses the second storage unit through the data bus interface and the conversion unit.
Wherein the data bus interface may include: a Universal Serial Bus (USB) interface, a universal serial bus (UART) interface, or a 1394 network adapter bus interface, but is not limited thereto.
Step 103: and the first terminal detects whether target data matched with the characteristic data exists in the second data or not to obtain a detection result.
When the detection result shows that matched target data exist, the first terminal deletes the target data; or the first terminal generates first prompt information and outputs the first prompt information; or
And when the detection result shows that no matched target data exists, the first terminal generates second prompt information and outputs the second prompt information.
Preferably, before the first terminal obtains the feature data from the first data, the method may further include: the first terminal obtains the characteristic data from a third terminal through a network interface different from the data bus interface; and storing the characteristic data to the first storage unit.
That is, in order to update the feature data stored therein, the method may further include: the first terminal can also obtain new feature data from a third terminal through the network interface; and updating the new feature data into the first storage unit. This step may be performed before the step of obtaining the feature data from the first data, or may be performed after the step of obtaining a detection result, or of course, may be performed during the step of performing the step of the method, and this embodiment is not limited.
The updating mode can be real-time updating, timing updating, or the two updating modes can be interactively realized.
Optionally, in this embodiment of the present invention, the first terminal and the second terminal may be terminals of the same type, or terminals of different types. Of course, the operating systems run by the first terminal and the second terminal may be different or the same, and this example is not limited. For example, the operating system of the first terminal may be a Windows operating system or an Android operating system, and of course, the operating system of the second terminal may be a Windows operating system or an Android operating system.
In the embodiment of the invention, as the first terminal and the second terminal are connected by adopting the data bus interface, the first terminal can access the data of the second terminal through the data bus interface, detect whether the accessed data has target data matched with the characteristic data of the first terminal or not, obtain the detection result, and find out whether malicious data (such as advertisement application data, Trojan application data, virus data and the like leak system information or damage application data of the system) exists in the second terminal according to the detection result. Therefore, the problem that the first terminal can assist in checking whether malicious data exists in the second terminal under the condition that the first terminal and the second terminal do not have other network environments and the second terminal does not have detection capability is solved.
Further, according to the detection result, it may be determined whether to delete the target data (i.e. to clean up malicious data) or generate a prompt message, that is, when the detection result indicates that there is matching target data, the target data may be directly deleted, or a prompt message may be generated, and the prompt message may be displayed by itself, or the prompt message may be output to the second terminal, and the second terminal performs corresponding processing according to the prompt message, for example, the second terminal directly deletes the target data, or the second terminal prompts the user to perform a cleaning operation, and the like.
The embodiment of the invention realizes that under the condition that the first terminal and the second terminal do not have other network environments and the second terminal does not have the capability of being detected, the malicious data of the second terminal can be detected, and the malicious data can be cleaned or the second prompt message can be generated and output, so that the cleaning operation can be conveniently carried out.
Correspondingly, an embodiment of the present invention further provides a terminal, a schematic structural diagram of which is shown in fig. 2 in detail, where the terminal is connected to a second terminal through a data bus interface, the second terminal includes a second processing unit and a second storage unit for storing second data, and the terminal 2 includes: the device comprises a first storage unit 21, a first acquisition unit 22, an access unit 23, a detection unit 24 and a data bus interface 25, wherein the first storage unit 21 is used for storing first data; the first obtaining unit 22 is configured to obtain feature data from the first data stored in the first storage unit; the access unit 23 is configured to access the second storage unit through the data bus interface 25; the detecting unit 24 is configured to detect whether there is target data that matches the feature data acquired by the first acquiring unit in the second data accessed by the accessing unit, and acquire a detection result.
Optionally, the terminal may further include: a deleting unit, configured to delete the target data when the detection result obtained by the detecting unit indicates that there is matched target data;
optionally, the terminal may further include: the device comprises an output unit and a first generation unit or a second generation unit, wherein the first generation unit is used for generating first prompt information when the detection result obtained by the detection unit shows that matched target data exists; the second generating unit generates second prompt information when the detection result obtained by the detecting unit shows that no matched target data exists; the output unit is configured to output the first prompt information generated by the first generation unit, or output the second prompt information generated by the second generation unit.
Optionally, the terminal may further include: a deletion unit; and a first generating unit or a second generating unit; and an output unit; the functions and actions of the various units are described in detail above and will not be described in detail herein.
Optionally, the terminal may further include: a second obtaining unit, configured to obtain new feature data from a third terminal through a network interface different from the data bus interface; and updating the new feature data to the first storage unit (such as a malicious data feature library and the like); the first storage unit is further configured to store the new feature data acquired by the second acquisition unit.
The second obtaining unit updates the feature database in three ways:
the first method is as follows: the detection can be performed before the first obtaining unit obtains the feature data from the first data, that is, before the terminal detects the feature data, the feature database of the terminal is updated in time, and during detection, the detection and matching can be performed based on the updated feature database;
and the second method comprises the following steps: the detection can be performed after the detection unit obtains a detection result, that is, the terminal updates its own feature database after the detection is finished, and the detection is performed based on the old feature database to detect the match;
and the third is that: the method can be executed in the process execution process of the terminal, that is, when the terminal in this embodiment has an environment with independent network resources and system, the feature database (i.e. malicious data feature database) of the terminal can be downloaded and updated consciously without the user's intention.
The above updating manner of the feature database may include real time, timing, or both.
In the embodiment of the present invention, the connection of the terminal with the second terminal through the data bus interface specifically includes: the terminal is connected with the second terminal through a Universal Serial Bus (USB) interface, a universal serial bus (UART) interface or a 1394 network adapter bus interface, and may further include other data bus interfaces, which is not limited in this embodiment.
Optionally, in this embodiment, the terminal (i.e., the first terminal) may also be a functional mobile phone or a smart phone, and the second terminal is a computer or a tablet computer; on the contrary, the first terminal can also be a computer or a tablet computer, and the second terminal can be a functional mobile phone or a smart mobile phone and the like; or the first terminal and the second terminal are a functional mobile phone, a smart mobile phone, a computer or a tablet computer at the same time; but is not limited thereto.
Optionally, the terminal may further include: the first processing unit, wherein the first obtaining unit, the accessing unit, and the detecting unit may be integrated in the first processing unit, or may be deployed independently, which is not limited in this embodiment.
Optionally, the terminal may be a tablet computer with a Windows operating system, and the second terminal may be a computer with a Windows operating system; or, the terminal may also be a computer with a Windows operating system; the second terminal can also be a tablet computer with a Windows operating system; or the terminal is a tablet computer with a Windows operating system, and the second terminal is a computer platform with an Android operating system; or the terminal is a tablet computer with an Android operating system; the second terminal is a computer with a Windows operating system.
The implementation processes of the functions and actions of each unit of the terminal are described in detail in the corresponding implementation processes in the above method, and are not described herein again.
Correspondingly, an embodiment of the present invention further provides a terminal, a schematic structural diagram of which is shown in fig. 3 in detail, where the terminal is connected to a second terminal through a data bus interface, the second terminal includes a second processing unit and a second storage unit for storing second data, and the terminal includes: a storage unit 31, a motherboard 32 and a processing unit 33, wherein the storage unit 31, such as a conventional hard disk or a Flash memory card, is used for storing first data; the main board 32 is configured to connect the storage unit on the terminal and the second storage unit on the second terminal through a data bus interface on the main board; the processing unit 33, such as a CPU/EC/MCU of an X86 architecture or an ARM architecture, is configured to obtain feature data from the first data, access the second data in the second storage unit through a data bus interface on the motherboard, detect whether target data matching the feature data exists in the second data, and obtain a detection result.
Optionally, the terminal further includes: a display unit connected to the processing unit, wherein,
the processing unit is further used for deleting the target data when the detection result shows that the matched target data exists; or generating first prompt information and outputting the first prompt information to the display unit; or, the device is further configured to generate second prompt information when the detection result indicates that there is no matched target data, and output the second prompt information to the display unit;
and the display unit is used for displaying the first prompt message or the second prompt message output by the processing unit.
Of course, in this embodiment, after the processing unit deletes the target data, the processing unit may further output a deletion result to a display unit, and the display unit is further configured to display the deletion result of the processing unit.
The processing unit is further used for obtaining new characteristic data from a third terminal through a network interface different from the data bus interface; and updating the new feature data into the storage unit.
Optionally, the terminal further includes an input unit connected to the processing unit, and configured to receive an exit or cleaning instruction input by a user after inputting a user operation and outputting the first prompt information or the second prompt information.
The specific updating method and process are described in detail above, and are not described herein again.
Optionally, in this embodiment, the terminal and the second terminal may be different terminals, but operating systems executed by the terminal and the second terminal may be the same or different, which is described in detail above and is not described herein again.
The implementation processes of the functions and the functions of the units included in the terminal are described in detail in the corresponding implementation processes of the above method, and are not described again here.
To facilitate understanding by those skilled in the art, the following description will be given by way of specific examples,
the embodiment of the invention can be applied to a hybrid architecture (hybrid) system consisting of a first terminal and a second terminal, wherein the first terminal and the second terminal are connected through a data bus interface, and the hybrid architecture system can be formed by combining two independent terminal devices and can also comprise a portable terminal of the first terminal and the second terminal. For example, the hybrid architecture system may be composed of a notebook computer and a smart phone which are independent from each other, or may be a notebook computer with the hybrid architecture system.
Wherein the first terminal may comprise a first hardware system, such as a slave system based on an X86 architecture or ARM architecture processor; the second terminal may include a second hardware system, such as a host system based on an X86 architecture or ARM architecture processor. That is, the first terminal and the second terminal may be based on the same hardware architecture or may be based on different hardware architectures. In addition, the master system and the slave system may distinguish the two systems according to importance or priority or processing capability or power consumption (for example, the master system corresponds to high importance, high priority, high processing capability or high power consumption, and the slave system is opposite to the above), or may be distinguished only for naming purpose, and is not limited to importance or priority or processing capability or power consumption of the systems.
Further, the second terminal may include a second hardware system having a second operating system, such as a second hardware system installed with a desktop device operating system (such as Windows, Linux, or MacOS) or with a portable device operating system (such as Android, Symbian, or iOS); the first terminal may comprise a first hardware system having a first operating system, such as a first hardware system installed with a desktop device operating system (such as Windows, Linux or MacOS) or with a portable device operating system (such as Android, Symbian or iOS). That is, the first operating system and the second operating system may be the same or different, as long as they can run on the corresponding hardware systems. Preferably, the second terminal is based on an X86 architecture processor and is provided with a main system of a desktop operating system; the first terminal is based on an ARM architecture processor and is provided with a slave system of a portable equipment operating system.
The first terminal is connected with the second terminal through the data bus interface, the first terminal can access data of the second terminal through the data bus interface, and whether the accessed data is matched with target data of characteristic data (malicious data) stored in the first terminal is detected, so that a detection result is obtained.
The data bus interface, such as a USB interface, a UART interface, or a 1394 network adapter bus interface, may be a custom data interface, and the data interface only needs to satisfy data communication between two devices.
Taking a notebook with a hybrid system architecture as an example, the first terminal and the second terminal are two relatively independent systems, and can work independently or be connected together to work. The second terminal is arranged on the host side relative to the single-system notebook, and is provided with a processing unit, an input unit and a storage unit, but is not provided with a display unit; the first terminal is arranged on the display screen side relative to the single-system notebook and is provided with a processing unit, an input unit, a storage unit and a display unit. When the first terminal and the second terminal are connected and work in combination, the two terminals may share part of a hardware unit, such as a display unit. When the first terminal and the second terminal are connected through the data bus interface, the first terminal and the second terminal can be used, and the first terminal and the second terminal can also be used, namely, the running result/output content of the application (including the operating system) in the first terminal and/or the second terminal can be displayed through the display unit.
That is, in the portable terminal constituting the hybrid system architecture, a device like a tablet computer (PAD) having a slave system corresponds to the first terminal in the embodiment of the present application, and a host device (BASE) having a master system corresponds to the second terminal in the embodiment of the present application.
Fig. 4 is a schematic diagram of a hybrid architecture based system according to an embodiment of the present invention. In this embodiment, the hybrid architecture system platform includes a Primary Environment (PE) and a Secondary Environment (SE) connected by a data bus interface, where the primary Environment and the secondary Environment may both include a hardware system and a software system, and in this example, the primary Environment includes: a second hardware system (such as a base hardware system, or a hardware system of a smart phone, etc.) and a second operating system (not shown in the figure) running on the base or the smart phone are taken as examples; assisting the environment to include: a first hardware system (such as a pad hardware system, or a computer hardware system, etc.) and a first operating system (not shown in the figure) running on the pad or the computer hardware system are taken as examples; in this embodiment, the virus data is searched and killed, but not limited thereto, and the implementation process is as follows:
1. the PE comprises a searching and killing software Agent unit (Agent), and the SE comprises a searching and killing software Service unit (Service); the Agent can be integrated in a software system or a hardware system; similarly, the Service may also be integrated in a software system or a hardware system, and this example is not limited.
Of course, the SE may also include a searching and killing software service unit, and the PE may also include a searching and killing software agent unit, which are similar to each other in implementation process, and this embodiment is described by taking only one of them as an example.
2. The Agent of the PE is responsible for collecting data including a software and hardware system of the PE and sending the collected data to the Service of the SE;
3. after receiving the data sent by the Agent, the Service of the SE analyzes and detects the data, and matches the data with the virus characteristics in the virus characteristic library of the SE to obtain a corresponding result; if the result indicates that there is matching target data (i.e., virus data), the target data can be deleted directly; or generating a first prompt message and outputting the first prompt message; and if the result shows that the matched target data does not exist, generating second prompt information and outputting the second prompt information.
In this embodiment, for example, but not limited to, if the matching is successful, that is, the result indicates that there is matched target data (i.e., virus data), the warning information carrying the virus data is sent to the Agent of the PE;
4. and after receiving the warning information sent by the Service of the SE, the Agent of the PE performs necessary operation on the PE system.
Specifically, after receiving the warning message sent by the Service, the Agent of the PE may process the virus data according to the predetermined severity level (i.e., the policy of removing the virus, etc.). Such as: files with higher levels and more serious levels are directly cleared; the general problem of the level is informed to the user through the prompt message, and the input operation of the user is received through the input unit, so that the processing mode is determined.
Further, this embodiment may further include:
5. the Service of the SE is also responsible for updating the virus signature library through the network interface.
For example, while updating the virus feature library, the Service of the SE may perform local online antivirus for the PE host operating system, which is not limited to this manner, and may be in other manners.
In the embodiment of the invention, in the hybrid architecture system, under the condition of no network environment or poor network environment, the SE can detect the virus data existing in the PE through the USB or other channels (UART, 1394), and can realize the virus data killing or prompt a user and the like.
In the following embodiments of fig. 5 and 6, all workflows (including forward and reverse) are in a state of combining a base and a pad, a hardware system of the base includes an attack and kill software Agent unit (Agent), a hardware system of the pad includes an attack and kill software Service unit (Service), and both the base and the pad are in a working state; the base and the pad can communicate through a data bus interface (such as a channel of USB/UART/1394 and the like); the virus signature library in this embodiment may be different depending on the operating system platform that needs the antivirus service. For example, a windows operating system runs on base, and an android operating system runs on pad. Then in the forward flow, the pad saves and updates the windows virus signature library. The base saves and updates the android operating system in the reverse flow. As shown in fig. 5 and 6:
fig. 5 is a schematic diagram of a first application example of a detection method based on a hybrid architecture system according to an embodiment of the present invention, in this embodiment, a hardware system of a pad includes a searching and killing software agent service unit, a hardware system of a Base includes a searching and killing software agent unit, and this embodiment takes virus data detection and virus data searching and killing as an example, and its implementation process includes:
(1) scanning all files needing virus searching and killing of a current system by an Agent on a Base hardware system, and collecting data of all the files;
(2) an Agent on the Base hardware system sends data to Service on the pad through a data bus interface (such as a USB/UART/1394 channel);
(3) the Service on the pad hardware system matches the feature data of each file in the received data with the virus features of the virus feature library to obtain a corresponding result;
if the result shows that virus data exists, the target data can be directly deleted; or generating a first prompt message and outputting the first prompt message; and if the result shows that the virus data does not exist, generating second prompt information and outputting the second prompt information.
In this embodiment, the step (4) is executed upon successful matching
(4) If the matching is successful, namely the result shows that matched target data (namely virus data) exists, the Service on the pad hardware system sends the successful matching result to the Agent on the Base through the data bus interface; (the present embodiment is described by taking one of the modes as an example)
(5) And according to the returned matching success result, the Agent on the Base hardware system processes the data of the file corresponding to the matching success result, such as directly clearing or prompting the user to operate, and the like.
On the basis of the above, the method may further include: service on base can update the virus feature library before (1), after (5), or between (1) to (5) in real time or at regular time.
Fig. 6 is a schematic diagram of a second application example of a detection method based on a hybrid architecture system according to an embodiment of the present invention; in this embodiment, taking the example that the Base hardware system includes the checking and killing software agent service unit, and the Pad hardware system includes the checking and killing software agent unit, the embodiment takes the example of detecting virus data and checking and killing virus data, and its implementation process includes:
(1) and the Agent in the Pad hardware system scans all files needing virus searching and killing of the current system and collects data needed by all the files. Certainly, in this step, the Agent on the Pad may also start to scan all files of the current system that need to check and kill viruses after receiving a command for detecting virus checking and killing data sent by Service on the base platform, and collect data needed by all files;
(2) and the Agent on the Pad hardware system sends data to Service on the Base platform through a data bus interface (such as a USB/UART/1394 channel).
(3) The Service on the Base hardware system matches the characteristic data of each file with the virus characteristic library to obtain a corresponding result; if the result shows that virus data exists, the target data can be directly deleted; or generating a first prompt message and outputting the first prompt message; and if the result shows that the virus data does not exist, generating second prompt information and outputting the second prompt information.
The example takes the generation of the first prompt message as an example.
(4) And the Service on the Base hardware system sends the generated first prompt information to the Agent on the Pad platform through the data bus interface.
(5) And the Agent on the Pad hardware system processes the current file (such as directly clearing or prompting the user to operate) according to the received first prompt information.
On the basis of the above, the present example may further include: service on the Base hardware system can update the virus feature library in real time or at regular time, and the update process is described in detail above.
In the embodiment of the invention, under the condition that neither Base nor Pad has a network environment, because the Base and the Pad are connected through the data bus interface, the Base can search the virus data on the Pad through the data bus interface, and further, when the virus data is determined to exist, the virus data can be directly searched and killed, and prompt information can also be generated; on the contrary, the Pad can also search the virus data on the Base through the data bus interface, and further can directly search and kill the virus data when determining that the virus data exists, and can also generate prompt information. Therefore, the embodiment solves the problem that in the environment that neither Base nor Pad in the working state has a network, one terminal can search whether the other terminal has virus data or not, and can further search and kill the virus data, and certainly, when one of the Base and the Pad has a specific network environment, the Base or the Pad in the specific network environment can update the virus database of the terminal.
Furthermore, in the embodiment of the invention, the Pad scans and kills viruses on the Base system by utilizing the independent system resource of the Pad, so that the occupied system resource of the Base is reduced, and the use degree and the satisfaction degree of a user are improved. Meanwhile, in the embodiment of the invention, because the Pad and the Base are connected in a data bus (such as USB, UART or 1394), the problem that virus can not be searched and killed after the virus Trojan intercepts the network card drive is avoided.
Further, in the embodiment of the present invention, since the Pad itself has independent network resources and system environment, the virus feature library can be downloaded and updated consciously without the user's unconsciousness.
In the above embodiment, a process that one end of the bus interface can be used for checking and killing virus data when both Base and Pad connected through the data bus interface are in an operating state is described. Of course, the embodiment of the present invention is also applicable to the case where, when one terminal is in the working state and the other terminal is in the non-working state, the terminal in the working state may also perform virus data searching and killing on the terminal in the non-working state through the data bus interface, and the implementation process is as shown in fig. 7.
Fig. 7 is a schematic diagram illustrating a third application example of the detection method based on the hybrid architecture system according to the embodiment of the present invention; the implementation process comprises the following steps:
a SATA/USB converter (i.e., a conversion unit) is integrated on the base hardware system, and the converter is configured to perform data format conversion, for example, a format of data on a notebook hard disk (e.g., a storage unit such as a SATA hard disk, an SDD hard disk, etc.) can be converted into a data format that can be recognized by the Pad hardware system; and the pad hardware system provides working power supply for the base hardware system and the pad hardware system. When the base hardware system cannot be started or cannot work, the pad hardware system uses the characteristic (namely, through the data bus interface and the converter) to perform virus detection and virus killing on data on the hard disk of the base. The specific process is described in detail above.
In this embodiment, the SATA/USB converter is only for illustration, and in practical applications, one end of the conversion unit is a data bus interface between Pad and Base, and the other end is an interface of the storage unit.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that those skilled in the art can make various improvements and modifications without departing from the principle of the present invention, and these improvements and modifications should also be construed as the protection scope of the present invention.
Claims (15)
1. A detection method is applied to a first terminal, the first terminal is connected with a second terminal through a data bus interface, the first terminal comprises a first processing unit and a first storage unit for storing first data, the second terminal comprises a second processing unit and a second storage unit for storing second data, and the method comprises the following steps:
obtaining feature data from the first data;
accessing the second storage unit through the data bus interface;
and detecting whether the second data has target data matched with the characteristic data or not to obtain a detection result.
2. The method of claim 1,
deleting the target data when the detection result shows that the matched target data exists; or generating first prompt information and outputting the first prompt information; or
And when the detection result shows that no matched target data exists, generating second prompt information and outputting the second prompt information.
3. The method of claim 1 or 2, wherein prior to obtaining feature data from the first data, the method further comprises:
obtaining new feature data from a third terminal through a network interface different from the data bus interface;
updating the new feature data into the first storage unit.
4. The method of claim 1 or 2, wherein the data bus interface comprises: a Universal Serial Bus (USB) interface, a universal serial data bus (UART) interface or a 1394 network adapter bus interface.
5. The method of claim 1 or 2, wherein said accessing said second memory location via said data bus interface comprises:
and when the first processing unit and the second processing unit work, the first terminal accesses the second storage unit through the data bus interface.
6. The method according to claim 1 or 2, wherein the second terminal further comprises a conversion unit connected to the second storage unit, and the accessing the second storage unit through the data bus interface comprises:
and when the first processing unit works and the second processing unit does not work, the first terminal accesses the second storage unit through the data bus interface and the conversion unit.
7. A terminal, characterized in that the terminal is connected with a second terminal through a data bus interface, the second terminal comprising a second processing unit and a second storage unit for storing second data, wherein the terminal comprises:
a first storage unit for storing first data;
a first acquiring unit configured to acquire feature data from the first data stored in the first storage unit;
the access unit is used for accessing the second data in the second storage unit through the data bus interface;
and the detection unit is used for detecting whether target data matched with the characteristic data acquired by the first acquisition unit exists in the second data accessed by the access unit to acquire a detection result.
8. The terminal of claim 7, further comprising: a deletion unit; or, a first generation unit or a second generation unit, and an output unit; wherein,
the deleting unit is used for deleting the target data when the detection result obtained by the detecting unit shows that the matched target data exists; or,
the first generating unit is used for generating first prompt information when the detection result obtained by the detecting unit shows that matched target data exists; or
The second generating unit generates second prompt information when the detection result obtained by the detecting unit shows that no matched target data exists;
the output unit is configured to output the first prompt information generated by the first generation unit, or output the second prompt information generated by the second generation unit.
9. The terminal of claim 7, further comprising:
a second obtaining unit, configured to obtain new feature data from a third terminal through a network interface different from the data bus interface; and updating the new feature data to the first storage unit;
the first storage unit is further configured to store the new feature data acquired by the second acquisition unit.
10. The terminal of claim 7, wherein the connection of the terminal to the second terminal via the data bus interface specifically comprises:
the terminal is connected with the second terminal through a Universal Serial Bus (USB) interface, a universal serial bus (UART) interface or a 1394 network adapter bus interface.
11. The terminal of claim 7, wherein the terminal is a PAD of a tablet computer, and the second terminal is a BASE; or the terminal is a BASE and the second terminal is a PAD.
12. The terminal of claim 7, further comprising: a first processing unit, wherein the first acquisition unit, the access unit and the detection unit are integrated in the first processing unit.
13. A terminal, characterized in that the terminal is connected with a second terminal through a data bus interface, the second terminal comprising a second processing unit and a second storage unit for storing second data, wherein the terminal comprises:
a storage unit for storing first data;
the mainboard is used for connecting the storage unit on the terminal with the second storage unit on the second terminal through a data bus interface on the mainboard;
and the processing unit is used for obtaining characteristic data from the first data, accessing the second data in the second storage unit through a data bus interface on the mainboard, detecting whether target data matched with the characteristic data exists in the second data, and obtaining a detection result.
14. The terminal of claim 13, further comprising a display unit coupled to the process, wherein,
the processing unit is further used for deleting the target data when the detection result shows that the matched target data exists; or generating first prompt information and outputting the first prompt information to the display unit; or, the device is further configured to generate second prompt information when the detection result indicates that there is no matched target data, and output the second prompt information to the display unit;
and the display unit is used for displaying the first prompt message or the second prompt message output by the processing unit.
15. The terminal of claim 13, wherein the processing unit is further configured to obtain new feature data from a third terminal via a network interface different from the data bus interface; and updating the new feature data into the storage unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102338540A CN102938758A (en) | 2011-08-15 | 2011-08-15 | Detection method and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102338540A CN102938758A (en) | 2011-08-15 | 2011-08-15 | Detection method and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102938758A true CN102938758A (en) | 2013-02-20 |
Family
ID=47697627
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102338540A Pending CN102938758A (en) | 2011-08-15 | 2011-08-15 | Detection method and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102938758A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424439A (en) * | 2013-09-09 | 2015-03-18 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN108920985A (en) * | 2018-07-12 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of flash data operation monitoring method, device, equipment and system |
| CN111159704A (en) * | 2019-12-31 | 2020-05-15 | 奇安信科技集团股份有限公司 | Virtual memory data leakage detection method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1889773A (en) * | 2006-07-18 | 2007-01-03 | 毛兴鹏 | Mobile phone virtus examining and protecting method and system based on base station |
| CN101222697A (en) * | 2007-01-09 | 2008-07-16 | 上海晨兴电子科技有限公司 | Method for using mobile terminal as computer extended application |
| CN101308533A (en) * | 2008-06-30 | 2008-11-19 | 华为技术有限公司 | Method, apparatus and system for virus checking and killing |
| CN101437314A (en) * | 2008-12-19 | 2009-05-20 | 深圳华为通信技术有限公司 | Method for automatically using network document, mobile terminal and customer equipment |
| EP2348440A2 (en) * | 2009-12-24 | 2011-07-27 | Intel Corporation | Collaborative malware detection and prevention on mobile devices |
-
2011
- 2011-08-15 CN CN2011102338540A patent/CN102938758A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1889773A (en) * | 2006-07-18 | 2007-01-03 | 毛兴鹏 | Mobile phone virtus examining and protecting method and system based on base station |
| CN101222697A (en) * | 2007-01-09 | 2008-07-16 | 上海晨兴电子科技有限公司 | Method for using mobile terminal as computer extended application |
| CN101308533A (en) * | 2008-06-30 | 2008-11-19 | 华为技术有限公司 | Method, apparatus and system for virus checking and killing |
| CN101437314A (en) * | 2008-12-19 | 2009-05-20 | 深圳华为通信技术有限公司 | Method for automatically using network document, mobile terminal and customer equipment |
| EP2348440A2 (en) * | 2009-12-24 | 2011-07-27 | Intel Corporation | Collaborative malware detection and prevention on mobile devices |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424439A (en) * | 2013-09-09 | 2015-03-18 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN108920985A (en) * | 2018-07-12 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of flash data operation monitoring method, device, equipment and system |
| CN111159704A (en) * | 2019-12-31 | 2020-05-15 | 奇安信科技集团股份有限公司 | Virtual memory data leakage detection method and device |
| CN111159704B (en) * | 2019-12-31 | 2022-09-09 | 奇安信科技集团股份有限公司 | Virtual memory data leakage detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2667314B1 (en) | System and method for detection and treatment of malware on data storage devices | |
| RU2601148C1 (en) | System and method for detecting anomalies when connecting devices | |
| CN106874366B (en) | Software information processing method and device | |
| US20180082061A1 (en) | Scanning device, cloud management device, method and system for checking and killing malicious programs | |
| CN106709346B (en) | Document handling method and device | |
| CN102663288A (en) | Virus killing method and device thereof | |
| CN104798080A (en) | Dynamic selection and loading of anti-malware signatures | |
| CN105095759A (en) | File detection method and device | |
| CN105022949A (en) | Handheld device for evidence fixing of Android phones and fixing method | |
| US20100071064A1 (en) | Apparatus, systems, and methods for content selfscanning in a storage system | |
| TWI537829B (en) | Method, system and computer program product for restoring a previous version of a virtual machine image | |
| CN114462044A (en) | UEFI (unified extensible firmware interface) firmware vulnerability static detection method and device based on taint analysis | |
| CN103268439A (en) | Method executed outside mobile terminal for detecting safety of mobile terminal and corresponding equipment | |
| CN102938758A (en) | Detection method and terminal | |
| CN103714269A (en) | Virus identification method and device | |
| CN104200164B (en) | Loader virus searching and killing method, device and terminal | |
| US10200374B1 (en) | Techniques for detecting malicious files | |
| CN105138366A (en) | Recognition software silent installation method and device | |
| CN113254248B (en) | Fault diagnosis method, system and computing device | |
| CN108647284B (en) | Method and device for recording user behavior, medium and computing equipment | |
| US8572732B2 (en) | System, method, and computer program product for enabling communication between security systems | |
| WO2014059854A1 (en) | Method and apparatus for repairing files | |
| CN103699838B (en) | The recognition methods of virus and equipment | |
| RU2583712C2 (en) | System and method of detecting malicious files of certain type | |
| US9705912B2 (en) | Device, system and method for processing virus files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130220 |