In this Internet information age, many companies have their own servers, their own websites and operating platforms, then the Internet network security has become an important part of the protection of their company secrets. Even personal computers are equipped with a variety of security guards, antivirus software and so on. So what kinds of security defense technology currently on the market?

The following computer training for these three technologies are explained in detail:

1. Cloud kill and cloud engine

Today many security vendors "cloud engine", mainly through the shortening of the anti-virus engine features update cycle to fight with the author of the virus speed, so as to achieve rapid suppression of the spread of viruses. The result of the spread of the virus. Of course, this is clearly not the essence of cloud security, but due to space constraints, this article does not discuss the topic of cloud security.

"Cloud engine" can be synchronized in real time with the cloud computing results, but due to network bandwidth constraints, in the limited scanning time, the cloud engine can only be extracted locally highly abstract data features sent to the cloud for matching, so the general cloud engine will choose the hash class features (usually full-text hash). The detection ability of hash-like features and samples is basically a 1:1 relationship, that is, a hash feature can usually only detect a sample.

Since the "cloud engine" uses hash-like features, each "disguised" virus sample is new to the cloud engine and needs to be "identified". We don't need to do precise calculations. We do not need to carry out precise calculations, we can draw the following conclusions: "cloud engine" from the collection of samples and transferred to the cloud to analyze, to the cloud to analyze the results, and then to the client can request the results of this cycle is much longer than the virus authors through the "virus obfuscator" batch generation of deformed viruses "The first time I've seen this, I've been able to get the results from the cloud, and then the client can request the results.

While the "cloud engine" can shorten the update cycle of anti-virus engine features and improve the response speed of security products, the role of the "virus obfuscator" batch-generated deformed viruses is merely a "cover-up". "The first time I've seen this, I've been able to see it in a few minutes.

2. Utilizing Big Data and Artificial Intelligence to guess the "disguise" of the virus

In recent years, a number of domestic security software have released their own Big Data or Artificial Intelligence based anti-virus engines.

In recent years, some domestic security software has released its own big data or "artificial intelligence"-based anti-virus engines. These engines are essentially based on statistical algorithms, by extracting features from massive samples in a fixed way, and performing statistics and analysis on the features to produce a computational model. In accordance with the computational model to be scanned samples to be classified, and thus predict whether the new sample is malicious classification.

Without data to back it up, I can't speculate on the effectiveness of such engines. But no matter how the algorithm works and how the samples are selected, there is one important condition that cannot be escaped, and that is the extraction of features. Let's make the following assumption: we can determine a person's gender basically accurately by appearance, dress, voice, demeanor, etc. This is like scanning explicit malicious code. If a person is put into a room, only the color, appearance, and other features of the room are visible, while the features related to the person himself are completely invisible, which is like obfuscated malicious code. Arranging a large number of people randomly into rooms with different colors and appearances, ask whether it is reliable to generate a computational model and speculate the gender of the people in a certain room through statistics and analysis only by the color and appearance of the room? I think the answer is no.