PROTECTING METHOD AND SYSTEM FOR MALICIOUS CODE, AND MONITOR APPARATUS
First Claim
Patent Images
1. A protecting method for malicious code, comprising:
- circulating a monitor module obtained from a combination of a plurality of antivirus systems by a monitor apparatus in a communication system, so as to monitor at least one electronic apparatus in the communication system;
when the monitor module is circulated to one of the electronic apparatuses in the communication system, detecting whether there is a malicious code by the monitor module;
when the malicious code is detected by the monitor module, deciding a protection result by the monitor module; and
executing one or more corresponding process actions based on the protection result;
wherein when the malicious code is detected by the monitor module, the step of deciding the protection result by the monitor module comprises;
in a condition that the monitor module is an admixture model, selecting at least one of the antivirus systems as a selected module, and obtaining the protection result corresponding to the malicious code by the selected module; and
in a condition that the monitor module is an association model, obtaining the protection result corresponding to the malicious code by associating the antivirus systems.
1 Assignment
0 Petitions
Accused Products
Abstract
A protecting method and system for malicious code, and a monitor apparatus are provided. The monitor apparatus circulates a monitor module obtained from a combination of a plurality of antivirus systems in a communication system, so as to monitor a plurality of electronic apparatuses in the communication system. When the monitor module is circulated to one of the electronic apparatuses and the malicious code is detected, a protection result is decided and one or more corresponding process actions are executed based on the protection result by the monitor module.
98 Citations
17 Claims
-
1. A protecting method for malicious code, comprising:
-
circulating a monitor module obtained from a combination of a plurality of antivirus systems by a monitor apparatus in a communication system, so as to monitor at least one electronic apparatus in the communication system; when the monitor module is circulated to one of the electronic apparatuses in the communication system, detecting whether there is a malicious code by the monitor module; when the malicious code is detected by the monitor module, deciding a protection result by the monitor module; and executing one or more corresponding process actions based on the protection result; wherein when the malicious code is detected by the monitor module, the step of deciding the protection result by the monitor module comprises; in a condition that the monitor module is an admixture model, selecting at least one of the antivirus systems as a selected module, and obtaining the protection result corresponding to the malicious code by the selected module; and in a condition that the monitor module is an association model, obtaining the protection result corresponding to the malicious code by associating the antivirus systems. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A protecting system for malicious code, comprising:
-
an electronic apparatus, located in a communication system; and a monitor apparatus, located in the communication system, communicating with the electronic apparatus by a communication device, and circulating a monitor module obtained from a combination of a plurality of antivirus systems in the communication system, so as to monitor the electronic apparatus in the communication system; wherein when the monitor module is circulated to the electronic apparatus, the electronic apparatus detects whether there is a malicious code by the monitor module, and when the malicious code is detected by the monitor module, the electronic apparatus decides a protection result by the monitor module and executes one or more corresponding process actions based on the protection result, wherein when the malicious code is detected by the monitor module in a condition that the monitor module is an admixture model, the electronic apparatus selects at least one of the antivirus systems as a selected module and obtains the protection result corresponding to the malicious code by the selected module; when the malicious code is detected by the monitor module in a condition that the monitor module is an association model, the electronic apparatus associates the antivirus systems to obtain the protection result corresponding to the malicious code. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A monitor apparatus, comprising:
-
a communication device, establishing a connection with an electronic apparatus in a communication system; a storage device, comprising a behavior analysis module and a behavior prediction module; and a processor, coupled to the communication device and the storage device, wherein the processor circulates a monitor module obtained from a combination of a plurality of antivirus systems to the electronic apparatus in the communication system by the communication device, so as to monitor the electronic apparatus in the communication system, wherein the processor drives the behavior analysis module to analyze at least one aggressive behavior corresponding to at least one malicious code received from the electronic apparatus to obtain a behavior characteristic vector, and the processor drives the behavior prediction module to execute a behavior prediction based on the behavior characteristic vector to obtain an evolution bias vector corresponding to the antivirus systems comprised in the monitor module, so as to decide that the monitor module selects at least one of the antivirus systems to decide a protection result or associates the antivirus systems to decide the protection result by the evolution bias vector. - View Dependent Claims (16, 17)
-
Specification