Method and device for determining malicious file

Assignee

• Hillstone Networks Co., Ltd. · US

Inventors

• Ye Zhao · 安丰镇, CN
• Wei Yuan · Foshan, CN
• Peng Lu · Lo Wu, CN
• Haixu Wang · Beijing, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/168
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

This application discloses a method and device for determining a malicious file. The method includes: whether a plurality of received file blocks meet a preset condition is judged. Herein, the plurality of file blocks are file blocks of a file to be detected, and the preset condition at least includes: a size condition of each of the plurality of file blocks and a sorting condition of each of the plurality of file blocks. When the plurality of file blocks do not meet the preset condition, a Hash eigenvalue of at least one header file block is calculated, wherein the at least one header file block is at least one file block cached in a device cache area according to the order of the file blocks. The plurality of file blocks are divided into subfiles with a preset quantity, and the Hash eigenvalue unrelated to the order of each subfile is calculated. Whether or not the file to be detected is the malicious file is judged based on the Hash eigenvalue of the at least one header file block and the Hash eigenvalue unrelated to the order of each subfile. Through this application, the problem that the file to be detected is difficult to be detected as the malicious file when the device has …