METHOD, APPARATUS AND TERMINAL FOR DETECTING A MALWARE FILE
First Claim
1. A method for detecting a malware file, comprising:
- acquiring a file to be inspected;
determining an entropy vector of the file; and
inspecting, using a trained inspection model, the determined entropy vector of the file to ascertain whether the file is a malware file, wherein a file type of the file is identical to a model file type corresponding to the inspection model.
3 Assignments
0 Petitions
Accused Products
Abstract
The present application discloses a method, an apparatus and a terminal for detecting a malware file. One embodiment of the method comprises: obtaining a file to be inspected; determining an entropy vector of the file; and inspecting the entropy vector of the file using a trained inspection model to determine if the file is a malware file, wherein a file type of the file is identical to the file type corresponding to the inspection model. This embodiment extracts the entropy vector of the file and determines if the file is a malware file based on the entropy vector of the file. Therefore, the technical problems existed in the art, such as a low speed, a poor capacity and a low efficiency of detecting and destroying the malware file, are addressed and the efficiency of detecting and destroying the malware file is enhanced.
-
Citations
15 Claims
-
1. A method for detecting a malware file, comprising:
-
acquiring a file to be inspected; determining an entropy vector of the file; and inspecting, using a trained inspection model, the determined entropy vector of the file to ascertain whether the file is a malware file, wherein a file type of the file is identical to a model file type corresponding to the inspection model. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for detecting a malware file, the apparatus comprising:
-
a processor; a memory storing computer-readable instructions; wherein, when the computer-readable instructions are executed by the processor, the processor is operable to; acquire a file to be inspected; determine an entropy vector of the file; and inspect, using a trained inspection model, the determined entropy vector of the file to ascertain whether the file is a malware file, wherein a file type of the file is identical to a model file type corresponding to the inspection model. - View Dependent Claims (9, 10, 15)
-
-
11. A computer storage medium storing computer-readable instructions, wherein, when the computer-readable instructions are executed by a processor, the processor is operable to:
obtain a file to be inspected, determine an entropy vector of the file; and
inspect, using a trained inspection model, the determined entropy vector of the file to ascertain whether the file is a malware file, wherein a file type of the file is identical to a model file type corresponding to the inspection model.- View Dependent Claims (12, 13, 14)
Specification