This section provides background information related to the present disclosure which is not necessarily prior art.
With the growing popularity of the Internet, the demand is high for network security performance. After a user logs on to the Internet using a computer, the computer may be infected by a virus or Trojan for a variety of reasons. In the prior art, there are two methods for identifying the virus or Trojan.
The first method is a feature scanning method. With this method, if the user finds an unknown virus, the virus is analyzed, a virus feature is extracted according to characteristics of the virus, and the extracted virus feature is added to a virus feature database. In the foregoing virus scanning process, if a suspicious file is found, the suspicious file is compared with virus features in the virus feature database to determine whether the suspicious file is infected by a virus. One disadvantage is that this method cannot identify an unknown virus. With the rise in different types of viruses, especially in the development of polymorphic viruses and hidden viruses, the virus feature database is becoming larger. In view of the foregoing, this method cannot satisfy the requirement for rapidly scanning and killing an unknown virus.
The second method is a human rule behavior heuristic scanning method. With this method, a virus sample is manually analyzed, behavior rules of the virus sample are summarized, and the summarized behavior rules are saved in a database. When the suspicious file is found, runtime behavior of the suspicious file is compared with behavior rules which are stored in advance one by one. If a behavior rule matching the runtime behavior of the suspicious file is found, the suspicious file is determined as the virus. This method may identify some unknown viruses. With the continued development of new viruses, unknown viruses continuously appear and the virus behavior changes. The method of manually analyzing and summarizing the virus behavior is inefficient and does not satisfy the requirement of efficiently scanning and killing the viruses.
In summary, one technical issue to be solved is enhancing the efficiency of scanning and killing new viruses.