CN105740705A - LXC container-based host defense method and system - Google Patents
LXC container-based host defense method and system Download PDFInfo
- Publication number
- CN105740705A CN105740705A CN201510999175.2A CN201510999175A CN105740705A CN 105740705 A CN105740705 A CN 105740705A CN 201510999175 A CN201510999175 A CN 201510999175A CN 105740705 A CN105740705 A CN 105740705A
- Authority
- CN
- China
- Prior art keywords
- main frame
- user
- virtual
- machine environment
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an LXC container-based host defense method and system. The accuracy of operating data in each using process by a user can be ensured by creating an LXC container as a virtual fortress machine environment and replacing a host environment; and the condition that a host does not infect user data or threat data during next execution is ensured. According to the LXC container-based host defense method and system, the shortage that information residue removal and tampered document recovery after the host environment runs an application program or is maliciously attacked cannot be effectively implemented in the prior art is compensated; data residues and infection to the host environment when the user utilizes the host environment can be effectively eliminated; and malicious program, command, file and the like can be effectively prevented from being deposited in the host.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of main frame defence method based on LXC container and system.
Background technology
Existing hosted environment, run application program or by malicious attack after, hosted environment can cause information residual, file distort, and situation about cannot recover, and have a lot of malicious operation and file to adopt the state hidden and hide to be present in main frame at present, this equipment for being in long-time use, especially that security level required is higher equipment, beyond doubt a kind of serious potential safety hazard;Mostly traditional system environments method of reducing, be to utilize Recovery card that system environments is reduced, and this method is not largely effective, still can remain use vestige and some obstinate data, be unfavorable for maintenance host safety after system reducing.
Summary of the invention
For the defect existed in above-mentioned prior art, the present invention proposes a kind of main frame defence method based on LXC container and system, by creating LXC(LinuxContainer) container is as virtual fort machine environment, and substitute hosted environment, can ensure user service data accurate in each use procedure, and guarantee that main frame does not infect user data or threat data when performing next time.
Concrete summary of the invention includes:
A kind of main frame defence method based on LXC container, including:
Main frame is set up at least one LXC container, and creates main frame defence rule;
When user logs in main frame, distribute at random or selected a LXC container as virtual fort machine environment by user;Described user logs in main frame and includes: local log-on, Telnet;
User's operation in virtual fort machine environment is monitored, and defends dummy rules fort machine environment to detect in real time by main frame;
The data of user's operation information in virtual fort machine environment and generation outputting log file is extracted by regulation;
When user publishes main frame, reduce virtual fort machine environment, go back original host initial environment.
Further, described main frame defence rule includes: sensitive information, malicious file batch program, batch processing list, and wherein said sensitive information includes: sensitive order, sensitive program, sensitive data, sensitive trigger operation.
Further, described dummy rules fort machine environment is defendd to detect in real time by main frame, particularly as follows: user's operation behavior in virtual fort machine environment is mated with the data in main frame defence rule, and the interception operation behavior that the match is successful;When detect there is malicious file in virtual fort machine environment time, malicious file is put into batch processing list, and starts malicious file batch program, malicious file is processed.
Further, the described data extracting user's operation information in virtual fort machine environment and generation by regulation, and outputting log file, particularly as follows: defend that rule is set up user data information at described main frame to extract catalogue, extract the data of catalog extraction user operation information in virtual fort machine environment and generation according to described user data information, outputting log file also preserves.
Further, also include utilizing disk file snapshot tool that overall disk is done initial snapshot, when user publishes main frame, utilize described initial snapshot reduction data in magnetic disk.
A kind of main frame system of defense based on LXC container, including:
Main machine frame modeling block, for setting up at least one LXC container in main frame, and creates main frame defence rule;
Environment distribution module, for when user logs in main frame, distributing at random or selected a LXC container as virtual fort machine environment by user;Described user logs in main frame and includes: local log-on, Telnet;
Monitor and detection module, for user's operation in virtual fort machine environment is monitored, and is detected in real time by main frame defence dummy rules fort machine environment;
Daily record generation module, for extracting the data of user's operation information in virtual fort machine environment and generation by regulation, and outputting log file;
Main frame recovery module, when publishing main frame for user, reduces virtual fort machine environment, goes back original host initial environment.
Further, described main frame defence rule includes: sensitive information, malicious file batch program, batch processing list, and wherein said sensitive information includes: sensitive order, sensitive program, sensitive data, sensitive trigger operation.
Further, described dummy rules fort machine environment is defendd to detect in real time by main frame, particularly as follows: user's operation behavior in virtual fort machine environment is mated with the data in main frame defence rule, and the interception operation behavior that the match is successful;When detect there is malicious file in virtual fort machine environment time, malicious file is put into batch processing list, and starts malicious file batch program, malicious file is processed.
Further, described daily record generation module, specifically for: defending to set up user data information in rule at described main frame and extract catalogue, extract the data of catalog extraction user operation information in virtual fort machine environment and generation according to described user data information, outputting log file also preserves.
Further, also include reducing disk module, be used for utilizing disk file snapshot tool that overall disk is done initial snapshot, when user publishes main frame, utilize described initial snapshot reduction data in magnetic disk.
The invention has the beneficial effects as follows:
The present invention can effectively remove user and use the data remanence and infection that in hosted environment process, hosted environment are caused;
The present invention can effectively prevent rogue program, order, file etc. to be deposited with in main frame;
Further, the present invention extracts and preserves the data of user's operation information in virtual fort machine environment and generation, can be easy to later analysis and review;
Further, present invention achieves host disk reduction, on the basis that system environments is reduced, do and further reduce, it is possible to more effective removing user's residual data, infection data, and malicious data.
Accompanying drawing explanation
In order to be illustrated more clearly that the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of main frame defence method flow chart based on LXC container of the present invention;
Fig. 2 is a kind of main frame system of defense structure chart based on LXC container of the present invention.
Detailed description of the invention
In order to make those skilled in the art be more fully understood that the technical scheme in the embodiment of the present invention, and it is understandable to enable the above-mentioned purpose of the present invention, feature and advantage to become apparent from, and below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail.
The present invention gives a kind of main frame defence method embodiment based on LXC container, as it is shown in figure 1, include:
S101: set up at least one LXC container in main frame, and create main frame defence rule;
Such as: in main frame, set up WINDOWS7sp2 Ultimate and the LXC container of two kinds of operating systems of winxpsp3 version;Or in main frame, set up the LXC container of two WINDOWS7sp2 Ultimate operating systems;
S102: when user logs in main frame, distributes at random or is selected a LXC container as virtual fort machine environment by user;Described user logs in main frame and includes: local log-on, Telnet;
S103: user's operation in virtual fort machine environment is monitored, and defend dummy rules fort machine environment to detect in real time by main frame;
S104: extract the data of user's operation information in virtual fort machine environment and generation outputting log file by regulation;
S105: when user publishes main frame, reduces virtual fort machine environment, goes back original host initial environment.
Further, described main frame defence rule includes: sensitive information, malicious file batch program, batch processing list, and wherein said sensitive information includes: sensitive order, sensitive program, sensitive data, sensitive trigger operation.
Further, described dummy rules fort machine environment is defendd to detect in real time by main frame, particularly as follows: user's operation behavior in virtual fort machine environment is mated with the data in main frame defence rule, and the interception operation behavior that the match is successful;When detect there is malicious file in virtual fort machine environment time, malicious file is put into batch processing list, and starts malicious file batch program, malicious file is processed.
Further, the described data extracting user's operation information in virtual fort machine environment and generation by regulation, and outputting log file, particularly as follows: defend that rule is set up user data information at described main frame to extract catalogue, extract the data of catalog extraction user operation information in virtual fort machine environment and generation according to described user data information, outputting log file also preserves.
Further, also include utilizing disk file snapshot tool that overall disk is done initial snapshot, when user publishes main frame, utilize described initial snapshot reduction data in magnetic disk.
The present invention gives a kind of main frame system of defense embodiment based on LXC container, as in figure 2 it is shown, include:
Main machine frame modeling block 201, for setting up at least one LXC container in main frame, and creates main frame defence rule;
Environment distribution module 202, for when user logs in main frame, distributing at random or selected a LXC container as virtual fort machine environment by user;Described user logs in main frame and includes: local log-on, Telnet;
Monitor and detection module 203, for user's operation in virtual fort machine environment is monitored, and is detected in real time by main frame defence dummy rules fort machine environment;
Daily record generation module 204, for extracting the data of user's operation information in virtual fort machine environment and generation by regulation, and outputting log file;
Main frame recovery module 205, when publishing main frame for user, reduces virtual fort machine environment, goes back original host initial environment.
Further, described main frame defence rule includes: sensitive information, malicious file batch program, batch processing list, and wherein said sensitive information includes: sensitive order, sensitive program, sensitive data, sensitive trigger operation.
Further, described dummy rules fort machine environment is defendd to detect in real time by main frame, particularly as follows: user's operation behavior in virtual fort machine environment is mated with the data in main frame defence rule, and the interception operation behavior that the match is successful;When detect there is malicious file in virtual fort machine environment time, malicious file is put into batch processing list, and starts malicious file batch program, malicious file is processed.
Further, described daily record generation module 204, specifically for: defend that rule is set up user data information at described main frame and extract catalogue, extract the data of catalog extraction user operation information in virtual fort machine environment and generation according to described user data information, outputting log file also preserves.
Further, also include reducing disk module, be used for utilizing disk file snapshot tool that overall disk is done initial snapshot, when user publishes main frame, utilize described initial snapshot reduction data in magnetic disk.
In this specification, the embodiment of method adopts the mode gone forward one by one to describe, and for the embodiment of system, owing to it is substantially similar to embodiment of the method, so what describe is fairly simple, relevant part illustrates referring to the part of embodiment of the method.For prior art can not effectively solve hosted environment run application program or by malicious attack after, the deficiency that cleaning information residual, recovery file are distorted, the present invention proposes a kind of main frame defence method based on LXC container and system, and the present invention can effectively remove user and use the data remanence and infection that in hosted environment process, hosted environment are caused;The present invention can effectively prevent rogue program, order, file etc. to be deposited with in main frame;Further, the present invention extracts and preserves the data of user's operation information in virtual fort machine environment and generation, can be easy to later analysis and review;Further, present invention achieves host disk reduction, on the basis that system environments is reduced, do and further reduce, it is possible to more effective removing user's residual data, infection data, and malicious data.
Although depicting the present invention by embodiment, it will be appreciated by the skilled addressee that the present invention has many deformation and is varied without departing from the spirit of the present invention, it is desirable to appended claim includes these deformation and is varied without departing from the spirit of the present invention.
Claims (10)
1. the main frame defence method based on LXC container, it is characterised in that including:
Main frame is set up at least one LXC container, and creates main frame defence rule;
When user logs in main frame, distribute at random or selected a LXC container as virtual fort machine environment by user;
User's operation in virtual fort machine environment is monitored, and defends dummy rules fort machine environment to detect in real time by main frame;
The data of user's operation information in virtual fort machine environment and generation outputting log file is extracted by regulation;
When user publishes main frame, reduce virtual fort machine environment, go back original host initial environment.
2. the method for claim 1, it is characterized in that, described main frame defence rule includes: sensitive information, malicious file batch program, batch processing list, and wherein said sensitive information includes: sensitive order, sensitive program, sensitive data, sensitive trigger operation.
3. method as claimed in claim 2, it is characterized in that, described by main frame defend dummy rules fort machine environment detect in real time, particularly as follows: defend the data in rule to mate with main frame user's operation behavior in virtual fort machine environment, and intercept the operation behavior that the match is successful;When detect there is malicious file in virtual fort machine environment time, malicious file is put into batch processing list, and starts malicious file batch program, malicious file is processed.
4. the method as described in claim 1 or 2 or 3, it is characterized in that, the described data extracting user's operation information in virtual fort machine environment and generation by regulation, and outputting log file, particularly as follows: defend that rule is set up user data information at described main frame to extract catalogue, extract the data of catalog extraction user operation information in virtual fort machine environment and generation according to described user data information, outputting log file also preserves.
5. the method as described in claim 1 or 2 or 3, it is characterised in that also include utilizing disk file snapshot tool that overall disk is done initial snapshot, when user publishes main frame, utilizes described initial snapshot reduction data in magnetic disk.
6. the main frame system of defense based on LXC container, it is characterised in that including:
Main machine frame modeling block, for setting up at least one LXC container in main frame, and creates main frame defence rule;
Environment distribution module, for when user logs in main frame, distributing at random or selected a LXC container as virtual fort machine environment by user;
Monitor and detection module, for user's operation in virtual fort machine environment is monitored, and is detected in real time by main frame defence dummy rules fort machine environment;
Daily record generation module, for extracting the data of user's operation information in virtual fort machine environment and generation by regulation, and outputting log file;
Main frame recovery module, when publishing main frame for user, reduces virtual fort machine environment, goes back original host initial environment.
7. system as claimed in claim 6, it is characterized in that, described main frame defence rule includes: sensitive information, malicious file batch program, batch processing list, and wherein said sensitive information includes: sensitive order, sensitive program, sensitive data, sensitive trigger operation.
8. system as claimed in claim 7, it is characterized in that, described by main frame defend dummy rules fort machine environment detect in real time, particularly as follows: defend the data in rule to mate with main frame user's operation behavior in virtual fort machine environment, and intercept the operation behavior that the match is successful;When detect there is malicious file in virtual fort machine environment time, malicious file is put into batch processing list, and starts malicious file batch program, malicious file is processed.
9. the system as described in claim 6 or 7 or 8, it is characterized in that, described daily record generation module, specifically for: defend that rule is set up user data information at described main frame and extract catalogue, extract the data of catalog extraction user operation information in virtual fort machine environment and generation according to described user data information, outputting log file also preserves.
10. the system as described in claim 6 or 7 or 8, it is characterised in that also include reducing disk module, is used for utilizing disk file snapshot tool that overall disk is done initial snapshot, when user publishes main frame, utilizes described initial snapshot reduction data in magnetic disk.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510999175.2A CN105740705A (en) | 2015-12-28 | 2015-12-28 | LXC container-based host defense method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510999175.2A CN105740705A (en) | 2015-12-28 | 2015-12-28 | LXC container-based host defense method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105740705A true CN105740705A (en) | 2016-07-06 |
Family
ID=56296111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510999175.2A Pending CN105740705A (en) | 2015-12-28 | 2015-12-28 | LXC container-based host defense method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105740705A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804202A (en) * | 2020-12-30 | 2021-05-14 | 平安证券股份有限公司 | Multi-internetwork data security interaction method and device, server and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102682229A (en) * | 2011-03-11 | 2012-09-19 | 北京市国路安信息技术有限公司 | Malicious code behavior detection method based on virtualization technology |
| CN102821161A (en) * | 2012-08-24 | 2012-12-12 | 北京神州绿盟信息安全科技股份有限公司 | Method, device and system for network security auditing |
| CN103186740A (en) * | 2011-12-27 | 2013-07-03 | 北京大学 | Automatic detection method for Android malicious software |
| CN103377120A (en) * | 2012-04-24 | 2013-10-30 | 深圳市财付通科技有限公司 | Test method and device for application programs |
| CN103747089A (en) * | 2014-01-14 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | File transfer auditing system and method based on bastion machine |
| CN104765682A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Offline detection method and system for cross-site scripting vulnerability |
| CN104766011A (en) * | 2015-03-26 | 2015-07-08 | 国家电网公司 | Sandbox detection alarming method and system based on main engine characteristic |
-
2015
- 2015-12-28 CN CN201510999175.2A patent/CN105740705A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102682229A (en) * | 2011-03-11 | 2012-09-19 | 北京市国路安信息技术有限公司 | Malicious code behavior detection method based on virtualization technology |
| CN103186740A (en) * | 2011-12-27 | 2013-07-03 | 北京大学 | Automatic detection method for Android malicious software |
| CN103377120A (en) * | 2012-04-24 | 2013-10-30 | 深圳市财付通科技有限公司 | Test method and device for application programs |
| CN102821161A (en) * | 2012-08-24 | 2012-12-12 | 北京神州绿盟信息安全科技股份有限公司 | Method, device and system for network security auditing |
| CN103747089A (en) * | 2014-01-14 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | File transfer auditing system and method based on bastion machine |
| CN104766011A (en) * | 2015-03-26 | 2015-07-08 | 国家电网公司 | Sandbox detection alarming method and system based on main engine characteristic |
| CN104765682A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Offline detection method and system for cross-site scripting vulnerability |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804202A (en) * | 2020-12-30 | 2021-05-14 | 平安证券股份有限公司 | Multi-internetwork data security interaction method and device, server and storage medium |
| CN112804202B (en) * | 2020-12-30 | 2023-04-11 | 平安证券股份有限公司 | Multi-internetwork data security interaction method and device, server and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102047782B1 (en) | Method and apparatus for recognizing cyber threats using correlational analytics | |
| EP3411825B1 (en) | Systems and methods for modifying file backups in response to detecting potential ransomware | |
| CN106790186B (en) | Multi-step attack detection method based on multi-source abnormal event correlation analysis | |
| JP6432210B2 (en) | Security system, security method, security device, and program | |
| Hemsley et al. | A history of cyber incidents and threats involving industrial control systems | |
| WO2009093226A3 (en) | A method and apparatus for fingerprinting systems and operating systems in a network | |
| CN104778423B (en) | The webpage integrity assurance of watermark contrast based on file driving | |
| WO2007002398A3 (en) | System and method for virtualizing backup images | |
| CN109376537B (en) | Asset scoring method and system based on multi-factor fusion | |
| EP3430558B1 (en) | Detecting a deviation of a security state of a computing device from a desired security state | |
| TWI760655B (en) | data scanning system | |
| CN103559251B (en) | Data security protection method based on Information hiding | |
| CN105740705A (en) | LXC container-based host defense method and system | |
| CN104735069A (en) | High-availability computer cluster based on safety and reliability | |
| CN111083307A (en) | File detection and cracking method based on steganography | |
| CN102592078A (en) | Method for identifying self-propagation of malicious software by extracting function call sequence chacteristics | |
| CN111061593B (en) | Electronic evidence obtaining system and method | |
| CN111563256A (en) | Safe big data collection and storage method | |
| CN104850781A (en) | Method and system for dynamic multilevel behavioral analysis of malicious code | |
| CN109472139B (en) | Method and system for preventing Lesox virus from secondarily encrypting host document | |
| CN101415000B (en) | Method for preventing Dos aggression of business support system | |
| KR101725670B1 (en) | System and method for malware detection and prevention by checking a web server | |
| CN104809801A (en) | Processing method for image of paper money | |
| CN112565246A (en) | Network anti-attack system and method based on artificial intelligence | |
| CN106572083A (en) | Log processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160706 |
|
| RJ01 | Rejection of invention patent application after publication |