基于用户交互的恶意软件检测的设备、方法、介质

• Format: Patent
• Language: Chinese
• Published: 29.03.2024
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

本公开的实施例涉及基于用户交互的恶意软件检测。设备可以接收文件，该文件已经被下载到或者将被下载到用户设备并且将经历恶意软件检测过程。基于文件的一个或多个文件标识属性，设备可以获得标识与文件相关联的用户交互的元数据。元数据可以包括当文件在用户设备上被访问时执行的第一组用户交互或者当文件在一个或多个其它用户设备上被访问时执行的第二组用户交互。设备可以通过执行由元数据标识的用户交互并且执行恶意软件检测过程以确定文件是否是恶意软件来在沙盒环境中测试文件以获得结果。设备可以提供通知以在文件是恶意软件时使用户设备执行动作。 A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was accessed on one or more other user devices. The device may test the file in a sandbox environment to obtain a result by performing the user interactions identified by the metadata and executing the malware detection procedure to determine whether the file is malware. The d