CN107944232A - A kind of design method and system of the Active Defending System Against based on white list technology - Google Patents
A kind of design method and system of the Active Defending System Against based on white list technology Download PDFInfo
- Publication number
- CN107944232A CN107944232A CN201711294100.XA CN201711294100A CN107944232A CN 107944232 A CN107944232 A CN 107944232A CN 201711294100 A CN201711294100 A CN 201711294100A CN 107944232 A CN107944232 A CN 107944232A
- Authority
- CN
- China
- Prior art keywords
- white list
- storehouse
- program
- client
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013461 design Methods 0.000 title claims abstract description 37
- 238000005516 engineering process Methods 0.000 title claims abstract description 35
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000009434 installation Methods 0.000 claims description 23
- 235000013399 edible fruits Nutrition 0.000 claims description 7
- 230000001360 synchronised effect Effects 0.000 claims description 7
- 230000003542 behavioural effect Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 7
- 238000012795 verification Methods 0.000 description 4
- 230000007123 defense Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of design method and system of the Active Defending System Against based on white list technology, belongs to security technology area.The design method of the Active Defending System Against ensure that the reliability in white list source by the hash value of the legal operating system mirror image of collection;By generating customization local white list storehouse for user, reduce network access, improve the recognition efficiency of program to a certain extent, ensure that the speed that operation program starts;It ensure that the actual effect and recognition efficiency of white list by obtaining operating system update patch in real time;Identification function is trusted by unknown program, solves the resource requirement of traditional white list technology, it is ensured that white list it is not limited.The method and system of the present invention can effectively solve blacklist problem encountered, be that one kind is reliable, efficiency, actual effect, and non-localized white list Active Defending System Against designs realization method and system.
Description
Technical field
The present invention relates to security technology area, specifically a kind of Active Defending System Against based on white list technology is set
Count method and system.
Background technology
As computer network is open, interconnectivity, the network information security faces the rogue program layer such as a variety of threats, virus
Go out not poor.Traditional black list techniques, which face blacklist storehouse, tends to be unlimited, and is difficult to tackle the safety such as zero-day attacks, particular attack
Threaten, security experts, which are eager to find a kind of technology, can solve blacklist problems faced.White list has just been proposed as one
When the technology queried by people, now by more and more security classes software applications in the design of Initiative Defense, but existing white
Name single product is confined to user-defined white list mostly, or needs powerful software resource with the credibility of recognizer,
The former is not safe enough, and the latter is very big to software resource quantitative requirement.
The content of the invention
The technical assignment of the present invention is in view of the deficiencies of the prior art, there is provided a kind of reliable, efficient, effectual property,
The design realization method and system of the not limited Active Defending System Against based on white list.
Abbreviation and Key Term explanation:
OS Operating System operating systems
The transplantable executable files of PE Portale Executable, belong to Windows operating system
A kind of (SuSE) Linux OS executable file formats of ELF Executable and Linkable Format
Inventory storehouse is a database for including application information (file size, level of trust, file hash value etc.)
White list storehouse is hash value, a database of level of trust for an application program comprising specified conditions
Encryption Algorithm in Hash information security fields, mainstream have Sha1, Sha256, Sha512, MD5, SM3 etc.;
The technical solution adopted by the present invention to solve the technical problems is:
1st, a kind of design method of the Active Defending System Against based on white list technology, its specific implementation step are:
1)Inventory is collected:Service terminal software collects the OS downloaded from operating system official website and installs mirror image, therefrom obtains operating system
From the hash value of tape program, generation inventory storehouse;
2)From the horse's mouth white list generation:In server-side, a total storehouse of white list is generated by inventory storehouse;
In client, according to the operating system version of user, corresponding local white list storehouse is generated by inventory storehouse, is stored in user
It is local;
3)Program Trust identifies:For the program run or installed in each client, all need to identify that it is before being initiated
It is no credible, it is necessary first to check that client is performed or the hash value of installation procedure whether there is in local white list storehouse, such as
Fruit is not in local white list storehouse, then the total storehouse of requesting query server-side white list;
4)Client local runtime management and control:Only have recognition result just to allow to run for believable program in client.
As further improved, step 1 of the invention)In, service terminal software, which is collected, comes from the download of operating system official website
OS installation mirror images in executable file, obtain the details of executable file, including filename, operating system version,
Filemodetime, file hash value, and its level of trust is arranged to white(Allow to perform), generation inventory storehouse.
As further improved, step 1 of the invention)In, the executable file is included under Windows operating system
ELF files under PE files, (SuSE) Linux OS.
As further improved, step 1 of the invention)In, the inventory storehouse is generated by the MySQL of server end.
As further improved, step 3 of the invention)In, if also do not needed in the total storehouse of white list in server-side
Carry out unknown program and trust identification, if program is by digital signature, whether verification digital signature is credible;If program
There is no digital signature, then carry out program behavior analysis to determine whether program is credible.
As further improved, step 4 of the invention)In, only have recognition result just to permit for believable program in client
Perhaps run, otherwise decide whether to run by user to client by recognition result and suggestion feedback.
It is further improved as the present invention, in server-side, using crawlers, the issue of operating system official website is obtained in real time
Renewal patch, more step 1)The inventory storehouse of foundation and step 2)The total storehouse of white list of foundation and local white list storehouse.
It is further improved as the present invention, to step 3)The recognition result of middle unknown program, first renewal arrive server-side
In the total storehouse of white list, then synchronized update is into local white list storehouse.
It is further improved as the present invention, to step 3)Middle unknown program recognition result is believable, after installation,
Installation directory generates the hash value of corresponding program, and only renewal is into local white list storehouse, without synchronized update to the white name of server
Single total storehouse.
2nd, the present invention also provides a kind of design system of the Active Defending System Against based on white list technology, wherein,
Server device includes:
Inventory collects module, installs mirror image for collecting the OS downloaded from operating system official website, therefrom obtains operating system and carry
The hash value of program, and generate inventory storehouse;
A total storehouse of white list generated by inventory storehouse is disposed in server-side;
Client device includes:
Detection module, for detecting and obtaining performed by client or the hash value of installation procedure;
Operating system version in client according to user, disposes a local white list storehouse generated by inventory storehouse;
Further include:
Trust identification module, for identifying performed by client or whether installation procedure is credible, first determine whether performed by client
Or whether the hash value of installation procedure is included in local white list storehouse, if not in local white list storehouse, requesting query clothes
The total storehouse of business end white list;
Communication module, receives the identification information for trusting identification module feedback, if identification information is credible, client-side program allows
Operation.
It is further improved as the present invention, trust identification module and be additionally operable to the not unknown program in the total storehouse of white list
Trust identification is carried out, if program is by digital signature, whether verification digital signature is credible;If program is without numeral
Signature, then carry out program behavior analysis to determine whether program is credible.
It is further improved as the present invention, further include:Real-time update module, collects module with inventory and trusts identification mould
Block is connected, and realizes the renewal in white list total storehouse, local white list storehouse.
The design method and system of a kind of Active Defending System Against based on white list technology of the present invention, with prior art phase
It is than caused beneficial effect:
The present invention forms the design method and system of an Active Defending System Against based on white list technology, legal by collecting
The hash value of operating system mirror image, ensure that the reliability in white list source;By generating customization local white list storehouse for user,
Reduce network access, improve the recognition efficiency of program to a certain extent, ensure that the speed that operation program starts;Pass through reality
When obtain operating system update patch and ensure that the actual effect and recognition efficiency of white list;Identification work(is trusted by unknown program
Can, solve the resource requirement of traditional white list technology, it is ensured that white list it is not limited.The method can be solved effectively
Blacklist problem encountered, therefore be that one kind is reliable, efficiency, actual effect, non-localized white list Active Defending System Against
Design implementation method.
Brief description of the drawings
Attached drawing 1 is a kind of flow chart of the design method of the Active Defending System Against based on white list technology of the present invention;
Attached drawing 2 is a kind of structure chart of the design system of the Active Defending System Against based on white list technology of the present invention.
Embodiment
1-2 below in conjunction with the accompanying drawings, to a kind of design method of Active Defending System Against based on white list technology of the present invention
And system is described in detail below.
Embodiment one(A kind of design method of the Active Defending System Against based on white list technology)
As shown in Figure 1, the design method of a kind of Active Defending System Against based on white list technology of the invention, it is implemented
Step is as follows:
1)Inventory is collected:Service terminal software collects the executable text come from the OS installation mirror images of operating system official website download
Part, obtains the details of executable file, such as filename, operating system version, filemodetime, file hash value
Deng, and its level of trust is arranged to white(Allow to perform), using MySQL, generation inventory storehouse.
【Design idea:The OS downloaded from operating system official website is collected by service terminal software mirror image is installed, therefrom obtain behaviour
Make hash value of the system from tape program, ensure that the reliability in white list source】
2)From the horse's mouth white list generation:In server-side, a total storehouse of white list is generated by inventory storehouse;
In client, according to the operating system version of user, corresponding local white list storehouse is generated by inventory storehouse, is stored in user
It is local;
【Design idea:User local is stored in by generating customization white list storehouse for user, reduces network access, Ke Yibao
User query speed is demonstrate,proved, the influence for starting speed to program is minimized, ensure that the speed that program starts to a certain extent
Degree】
3)Program Trust identifies:For the program run or installed in each client, all need to identify that it is before being initiated
It is no credible, it is necessary first to check that client is performed or the hash value of installation procedure whether there is in local white list storehouse, such as
Fruit is not in local white list storehouse, then the total storehouse of requesting query server-side white list.
4)Client local runtime management and control:Only have recognition result just to allow to run for believable program in client.
Step 1 of the present invention)In, for different types of operating system, executable file is included under Windows operating system
PE files, the ELF files under (SuSE) Linux OS.
The design method of above Active Defending System Against, the program for being directed to run or install in client are known journey
The situation of sequence, if the program run or installed in client is unknown program, then needs to provide unknown program and trusts identification journey
Sequence, it is specific as follows:
In step 3 of the present invention)In, if also not in the total storehouse of white list, need to carry out unknown program trust knowledge in server-side
Not, if program is by digital signature, whether verification digital signature is credible;If program does not have digital signature, into
Whether line program behavioural analysis is credible to determine program.【Design idea:It is credible to unknown program to identify, it ensure that white list
It is not limited, can suggest making program management and control strategy accordingly to user, so as to reduce user misoperation white list institute
The danger brought, and reduce requirement of traditional white list technology to program resource quantity】
In step 4 of the present invention)In, only have recognition result just to allow to run for believable program in client, otherwise tie identification
Fruit and suggestion feedback are decided whether to run to user by user.【Design idea:By client local runtime management and control program, give
The certain decision-making power of user, ensure that the flexibility of the system of defense】
In the present invention, need to be to the total storehouse of server-side white list, client to ensure the recognition efficiency of the actual effect of white list and program
Local white list storehouse real-time update is held, it is specific as follows:
5)The total storehouse real-time update of server-side white list:The total storehouse renewal of white list is mainly derived from two aspects:
a)Operating system patch, renewal installation kit for the issue of operating system official website, using crawlers, obtain renewal in real time
Patch, and inventory scanning is carried out to these renewals, update step 1)The inventory storehouse and the total storehouse of server-side white list of foundation;
b)To step 3)The recognition result of middle unknown program, updates in the total storehouse of server-side white list first.
【Design idea:The real-time update program of server-side, ensure that the actual effect in the total storehouse of server-side white list】
6)Client local white list storehouse real-time update:Local white list storehouse renewal is mainly derived from two aspects:
a)To step 3)The recognition result of middle unknown program, synchronized update identify unknown program and tie into local white list storehouse
Fruit is believable, and after installation, in the hash value of installation directory generation corresponding program, only renewal is into local white list storehouse, nothing
Synchronized update is needed to the total storehouse of server white list;
b)According to step 5)The inventory storehouse of renewal, synchronized update to local white list storehouse.
【Design idea:The renewal in client white list storehouse, ensure that client white list in local actual effect, so that
The hit rate of local program inquiry local white list is improved, the startup speed of program is ensure that on certain procedures】
To sum up in short, the present invention collects OS installations mirror image, renewal patch etc. by service terminal software comes from operating system official
The application program of square website, generation inventory storehouse;In client, for user different operating system version by the generation pair of inventory storehouse
The white list storehouse answered, is stored in user local;In server-side, dispose a white list Zong Ku and a unknown program trusts identification
Program, the total storehouse of white list gather the renewal patch of OS official websites issue in real time, and when user asks identification unknown program, identification knot
Fruit is updated into the total storehouse of white list and user's local white list storehouse at the same time;Only in white list and to trust(In vain)Program
It can be performed in user terminal.
Embodiment two(A kind of design system of the Active Defending System Against based on white list technology)
As shown in Figure 2, the present invention also provides a kind of design system of the Active Defending System Against based on white list technology, wherein,
Server device includes:
Inventory collects module, installs mirror image for collecting the OS downloaded from operating system official website, therefrom obtains operating system and carry
The hash value of program, and generate inventory storehouse;
In server-side by the total storehouse of white list that inventory storehouse generates;
Client device includes:
Detection module, for detecting and obtaining performed by client or the hash value of installation procedure;
Operating system version in client according to user, the local white list storehouse generated by inventory storehouse;
Further include:
Trust identification module:For identifying performed by client or whether installation procedure is credible, first determine whether performed by client
Or whether the hash value of installation procedure is included in local white list storehouse, if not in local white list storehouse, requesting query clothes
The total storehouse of business end white list;
Communication module, receives the identification information for trusting identification module feedback, if identification information is credible, client-side program allows
Operation.
In above-mentioned module basis, trust identification module and be additionally operable to know the unknown program not in the total storehouse of white list
Not, if program is by digital signature, whether verification digital signature is credible;If program does not have digital signature, into
Whether line program behavioural analysis is credible to determine program.
Real-time update module, collects module with inventory and trust identification module is connected, realize the total storehouse of white list, local white name
The renewal in single storehouse.
The design method and system of a kind of Active Defending System Against based on white list technology of the present invention, the letter of its processing and fabricating
Folk prescription just, processing and fabricating shown in by specification attached drawing.
It is the known technology of those skilled in the art in addition to the technical characteristic described in specification.
Claims (10)
- A kind of 1. design method of the Active Defending System Against based on white list technology, it is characterised in that its implement step be:1)Inventory is collected:Service terminal software collects the OS downloaded from operating system official website and installs mirror image, therefrom obtains operating system From the hash value of tape program, generation inventory storehouse;2)From the horse's mouth white list generation:In server-side, a total storehouse of white list is generated by inventory storehouse;In client, according to the operating system version of user, corresponding local white list storehouse is generated by inventory storehouse, is stored in user It is local;3)Program Trust identifies:For the program run or installed in each client, all need to identify that it is before being initiated It is no credible, it is necessary first to check that client is performed or the hash value of installation procedure whether there is in local white list storehouse, such as Fruit is not in local white list storehouse, then the total storehouse of requesting query server-side white list;4)Client local runtime management and control:Only have recognition result just to allow to run for believable program in client.
- 2. a kind of design method of Active Defending System Against based on white list technology according to claim 1, its feature exist In step 1)In, service terminal software collects the executable file come from the OS installation mirror images of operating system official website download, obtains Take the details of executable file, including filename, operating system version, filemodetime, file hash value, and by its Level of trust is arranged to white, generation inventory storehouse.
- 3. a kind of design method of Active Defending System Against based on white list technology according to claim 2, its feature exist In step 1)In, the executable file includes the PE files under Windows operating system, the ELF under (SuSE) Linux OS File.
- 4. a kind of design method of Active Defending System Against based on white list technology according to claim 1,2 or 3, it is special Sign is, step 1)In, the inventory storehouse is generated by the MySQL of server end.
- 5. a kind of design method of Active Defending System Against based on white list technology according to claim 1,2 or 3, it is special Sign is, step 3)In, if also not in the total storehouse of white list, need to carry out unknown program trust identification in server-side, such as Fruit program is by digital signature, then verifies whether digital signature is credible;If program does not have digital signature, into line program Whether behavioural analysis is credible to determine program.
- 6. a kind of design method of Active Defending System Against based on white list technology according to claim 1,2 or 3, it is special Sign is, step 4)In, only have recognition result just to allow to run for believable program in client, otherwise by recognition result and meaning See and feed back to user, decide whether to run by user.
- 7. a kind of design method of Active Defending System Against based on white list technology according to claim 1,2 or 3, it is special Sign is, in server-side, using crawlers, obtains the renewal patch issued operating system official website, more step 1 in real time)Establish Inventory storehouse and step 2)The total storehouse of white list of foundation and local white list storehouse.
- 8. a kind of design method of Active Defending System Against based on white list technology according to claim 5, its feature exist In to step 3)The recognition result of middle unknown program, updates in the total storehouse of server-side white list first, and then synchronized update is to originally In ground white list storehouse.
- 9. a kind of design method of Active Defending System Against based on white list technology according to claim 5, its feature exist In to step 3)Middle unknown program recognition result is believable, after installation, in the Hash of installation directory generation corresponding program Value, only renewal is into local white list storehouse, without synchronized update to the total storehouse of server white list.
- A kind of 10. design system of the Active Defending System Against based on white list technology, it is characterised in thatServer device includes:Inventory collects module, installs mirror image for collecting the OS downloaded from operating system official website, therefrom obtains operating system and carry The hash value of program, and generate inventory storehouse;A total storehouse of white list generated by inventory storehouse is disposed in server-side;Client device includes:Detection module, for detecting and obtaining performed by client or the hash value of installation procedure;Operating system version in client according to user, disposes a local white list storehouse generated by inventory storehouse;Further include:Trust identification module, for identifying performed by client or whether installation procedure is credible, first determine whether performed by client Or whether the hash value of installation procedure is included in local white list storehouse, if not in local white list storehouse, requesting query clothes The total storehouse of business end white list;Communication module, receives the identification information for trusting identification module feedback, if identification information is credible, client-side program allows Operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711294100.XA CN107944232A (en) | 2017-12-08 | 2017-12-08 | A kind of design method and system of the Active Defending System Against based on white list technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711294100.XA CN107944232A (en) | 2017-12-08 | 2017-12-08 | A kind of design method and system of the Active Defending System Against based on white list technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107944232A true CN107944232A (en) | 2018-04-20 |
Family
ID=61945311
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711294100.XA Pending CN107944232A (en) | 2017-12-08 | 2017-12-08 | A kind of design method and system of the Active Defending System Against based on white list technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107944232A (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108664772A (en) * | 2018-04-27 | 2018-10-16 | 北京可信华泰信息技术有限公司 | A method of ensureing security of system |
CN108830075A (en) * | 2018-06-13 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of application program management-control method of SSR centralized management platform |
CN108989304A (en) * | 2018-07-05 | 2018-12-11 | 北京广成同泰科技有限公司 | A kind of trusted software white list construction method |
CN109190366A (en) * | 2018-09-14 | 2019-01-11 | 郑州云海信息技术有限公司 | A kind of program processing method and relevant apparatus |
CN109271787A (en) * | 2018-07-03 | 2019-01-25 | ***股份有限公司 | A kind of operating system security active defense method and operating system |
CN109558752A (en) * | 2018-11-06 | 2019-04-02 | 北京威努特技术有限公司 | Method for quickly realizing file identification under host white list mechanism |
CN109740341A (en) * | 2018-12-25 | 2019-05-10 | 北京广成同泰科技有限公司 | A kind of program white list strategy fusion method and emerging system |
CN110162962A (en) * | 2019-05-30 | 2019-08-23 | 苏州浪潮智能科技有限公司 | Program security recognition methods, device, equipment and computer readable storage medium |
CN110188543A (en) * | 2019-05-21 | 2019-08-30 | 北京威努特技术有限公司 | White list library, white list program library update method and industrial control system |
CN110390195A (en) * | 2019-06-26 | 2019-10-29 | 苏州浪潮智能科技有限公司 | A kind of virtual environment intermediate range sort run management-control method and system |
CN110443050A (en) * | 2019-07-26 | 2019-11-12 | 武汉天喻软件股份有限公司 | A kind of processing method and system of forgery process in file transparent encrypting and deciphering system |
CN110889112A (en) * | 2019-10-23 | 2020-03-17 | 中国航天***科学与工程研究院 | Software operation unified control system and method based on white list mechanism |
CN111291355A (en) * | 2020-02-24 | 2020-06-16 | 广西电网有限责任公司防城港供电局 | Transformer substation system |
CN111966682A (en) * | 2020-08-14 | 2020-11-20 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
CN112417438A (en) * | 2020-10-28 | 2021-02-26 | 北京八分量信息科技有限公司 | Program white list based on active immune trusted cloud platform |
CN113469688A (en) * | 2021-07-23 | 2021-10-01 | 厦门慢雾科技有限公司 | Active risk identification model for private key safety management |
CN113836542A (en) * | 2021-10-13 | 2021-12-24 | 南方电网数字电网研究院有限公司 | Credible white list matching method, system and device |
CN114969719A (en) * | 2022-05-27 | 2022-08-30 | 南京网藤科技有限公司 | Method and system for preventing operation of false interception system through key module judgment |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103180862A (en) * | 2010-08-25 | 2013-06-26 | 前景公司 | System and method for server-coupled malware prevention |
CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
CN104380302A (en) * | 2012-06-07 | 2015-02-25 | 迈可菲公司 | Evaluating whether to block or allow installation of a software application |
CN104573525A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Special information service software vulnerability fixing system based on white lists |
CN105069352A (en) * | 2015-07-29 | 2015-11-18 | 浪潮电子信息产业股份有限公司 | Method for constructing trusted application program running environment on server |
CN106933605A (en) * | 2015-12-29 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of intelligent progress recognizing control method and system |
CN106997435A (en) * | 2017-04-14 | 2017-08-01 | 广东浪潮大数据研究有限公司 | A kind of method of operating system security prevention and control, apparatus and system |
CN107392012A (en) * | 2017-07-25 | 2017-11-24 | 广州平云信息科技有限公司 | Application method for managing and monitoring, device and the mobile device of mobile device |
-
2017
- 2017-12-08 CN CN201711294100.XA patent/CN107944232A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103180862A (en) * | 2010-08-25 | 2013-06-26 | 前景公司 | System and method for server-coupled malware prevention |
CN104380302A (en) * | 2012-06-07 | 2015-02-25 | 迈可菲公司 | Evaluating whether to block or allow installation of a software application |
CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
CN104573525A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Special information service software vulnerability fixing system based on white lists |
CN105069352A (en) * | 2015-07-29 | 2015-11-18 | 浪潮电子信息产业股份有限公司 | Method for constructing trusted application program running environment on server |
CN106933605A (en) * | 2015-12-29 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of intelligent progress recognizing control method and system |
CN106997435A (en) * | 2017-04-14 | 2017-08-01 | 广东浪潮大数据研究有限公司 | A kind of method of operating system security prevention and control, apparatus and system |
CN107392012A (en) * | 2017-07-25 | 2017-11-24 | 广州平云信息科技有限公司 | Application method for managing and monitoring, device and the mobile device of mobile device |
Non-Patent Citations (1)
Title |
---|
刘乐: "服务器操作***软件白名单管理", 《网络安全和信息化》 * |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108664772A (en) * | 2018-04-27 | 2018-10-16 | 北京可信华泰信息技术有限公司 | A method of ensureing security of system |
CN108830075A (en) * | 2018-06-13 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of application program management-control method of SSR centralized management platform |
CN109271787A (en) * | 2018-07-03 | 2019-01-25 | ***股份有限公司 | A kind of operating system security active defense method and operating system |
CN108989304A (en) * | 2018-07-05 | 2018-12-11 | 北京广成同泰科技有限公司 | A kind of trusted software white list construction method |
CN109190366A (en) * | 2018-09-14 | 2019-01-11 | 郑州云海信息技术有限公司 | A kind of program processing method and relevant apparatus |
CN109190366B (en) * | 2018-09-14 | 2021-11-19 | 郑州云海信息技术有限公司 | Program processing method and related device |
CN109558752B (en) * | 2018-11-06 | 2021-05-07 | 北京威努特技术有限公司 | Method for quickly realizing file identification under host white list mechanism |
CN109558752A (en) * | 2018-11-06 | 2019-04-02 | 北京威努特技术有限公司 | Method for quickly realizing file identification under host white list mechanism |
CN109740341A (en) * | 2018-12-25 | 2019-05-10 | 北京广成同泰科技有限公司 | A kind of program white list strategy fusion method and emerging system |
CN110188543A (en) * | 2019-05-21 | 2019-08-30 | 北京威努特技术有限公司 | White list library, white list program library update method and industrial control system |
CN110162962A (en) * | 2019-05-30 | 2019-08-23 | 苏州浪潮智能科技有限公司 | Program security recognition methods, device, equipment and computer readable storage medium |
CN110390195B (en) * | 2019-06-26 | 2021-05-25 | 苏州浪潮智能科技有限公司 | Method and system for managing and controlling program operation in virtual environment |
CN110390195A (en) * | 2019-06-26 | 2019-10-29 | 苏州浪潮智能科技有限公司 | A kind of virtual environment intermediate range sort run management-control method and system |
CN110443050A (en) * | 2019-07-26 | 2019-11-12 | 武汉天喻软件股份有限公司 | A kind of processing method and system of forgery process in file transparent encrypting and deciphering system |
CN110889112B (en) * | 2019-10-23 | 2022-03-04 | 中国航天***科学与工程研究院 | Software operation unified control system and method based on white list mechanism |
CN110889112A (en) * | 2019-10-23 | 2020-03-17 | 中国航天***科学与工程研究院 | Software operation unified control system and method based on white list mechanism |
CN111291355A (en) * | 2020-02-24 | 2020-06-16 | 广西电网有限责任公司防城港供电局 | Transformer substation system |
CN111966682A (en) * | 2020-08-14 | 2020-11-20 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
CN111966682B (en) * | 2020-08-14 | 2022-06-14 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
CN112417438A (en) * | 2020-10-28 | 2021-02-26 | 北京八分量信息科技有限公司 | Program white list based on active immune trusted cloud platform |
CN113469688A (en) * | 2021-07-23 | 2021-10-01 | 厦门慢雾科技有限公司 | Active risk identification model for private key safety management |
CN113836542A (en) * | 2021-10-13 | 2021-12-24 | 南方电网数字电网研究院有限公司 | Credible white list matching method, system and device |
CN114969719A (en) * | 2022-05-27 | 2022-08-30 | 南京网藤科技有限公司 | Method and system for preventing operation of false interception system through key module judgment |
CN114969719B (en) * | 2022-05-27 | 2023-12-08 | 南京网藤科技有限公司 | Method and system for preventing operation of error interception system through critical module judgment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107944232A (en) | A kind of design method and system of the Active Defending System Against based on white list technology | |
US11188635B2 (en) | File authentication method and apparatus | |
US10437997B2 (en) | Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning | |
US10348756B2 (en) | System and method for assessing vulnerability of a mobile device | |
D’Orazio et al. | Circumventing iOS security mechanisms for APT forensic investigations: A security taxonomy for cloud apps | |
Bortolameotti et al. | Decanter: Detection of anomalous outbound http traffic by passive application fingerprinting | |
AU2011336466B2 (en) | Detecting malicious software through contextual convictions, generic signatures and machine learning techniques | |
KR102152360B1 (en) | System and method for providing data reliability based on blockchain for iot services | |
CN107786564B (en) | Attack detection method and system based on threat intelligence and electronic equipment | |
CN103607393A (en) | Data safety protection method based on data partitioning | |
CN103986743A (en) | Method, apparatus and system for acquiring data in Internet of Things | |
Liu et al. | An integrated architecture for IoT malware analysis and detection | |
CN111585956B (en) | Website anti-brushing verification method and device | |
EP3970038B1 (en) | Siem system and methods for exfiltrating event data | |
CN105210076A (en) | Resilient and restorable dynamic device identification | |
US11783043B2 (en) | Methods for authentication of firmware images in embedded systems | |
EP3713196A1 (en) | Method and apparatuses for binding an edge computing device to a communication terminal for pre-processing data | |
CN106789849A (en) | CC attack recognitions method, node and system | |
CN111597543A (en) | Wide-area process access authority authentication method and system based on block chain intelligent contract | |
CN111464528A (en) | Network security protection method, system, computing device and storage medium | |
CN111740824B (en) | Trusted application management method and device | |
JP2015179416A (en) | Black list extending apparatus, black list extending method and black list extending program | |
CN110135153A (en) | The credible detection method and device of software | |
KR102107082B1 (en) | A Method For Detecting Counterfeit application in Mobile Device Based On Blockchain | |
KR20170127630A (en) | Ransom Ware Blocking Apparatus based on Whitelist and Method therefor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180420 |
|
RJ01 | Rejection of invention patent application after publication |