CN109271787A - A kind of operating system security active defense method and operating system - Google Patents
A kind of operating system security active defense method and operating system Download PDFInfo
- Publication number
- CN109271787A CN109271787A CN201810715441.8A CN201810715441A CN109271787A CN 109271787 A CN109271787 A CN 109271787A CN 201810715441 A CN201810715441 A CN 201810715441A CN 109271787 A CN109271787 A CN 109271787A
- Authority
- CN
- China
- Prior art keywords
- operating system
- inspection
- submodule
- check
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer And Data Communications (AREA)
- Stored Programmes (AREA)
Abstract
The present invention relates to a kind of operating system security active defense method and operating systems.The operating system security active defense method includes the following steps: validity checking step, checks the legitimacy of Initiative Defense program itself, and in the case where checking legal, load operating Initiative Defense program is loaded;And defence checking step, system safety inspection is carried out using Initiative Defense program.Operations according to the instant invention system and operating system security active defense method, it can be found that the rogue program invaded using undocumented loophole, moreover, having the detectability to the exogenous code that key position occurs.
Description
Technical field
The present invention relates to computer technology, specifically operating system security active defense method and a kind of operating system.
Background technique
With the development of payment technology, using Android as the intelligent operating system of representative because interface function is abundant, applies
It develops the reasons such as convenient and is widely used on intelligent POS, the popularity rate of intelligent POS is higher and higher.Promoting payment experience
Simultaneously as Android system belongs to the general-purpose operating system, and version updating is frequent, inevitably exists a large amount of such as slow
The security breaches deposited spilling, propose the types such as power.
Industry common practice is to timely update security patch by establishing vulnerability monitoring mechanism to slow down the shadow of loophole at present
It rings, but this can not defend the 0Day loophole that do not repaired by official that small range is propagated.
Since transaction application is all mounted in Android operation system, these loopholes can be to intelligent POS overall security
It threatens.It is therefore desirable to find a kind of defense mechanism that can slow down unknown loophole and threaten, it can find that in time system enters
Behavior is invaded, and is locked and is alerted.
Being disclosed in the information of background parts of the present invention, it is only intended to increase understanding of the overall background of the invention, without answering
When being considered as recognizing or imply that the information constitutes the prior art already known to those of ordinary skill in the art in any form.
Summary of the invention
In view of the above problems, the present invention is intended to provide a kind of safe condition and key component for capableing of active detecting system
The operating system security active defense method whether invaded and a kind of operating system.
Operating system security active defense method of the invention, which is characterized in that include the following steps:
Validity checking step checks the legitimacy of Initiative Defense program itself, loads in the case where checking legal
Run the load of Initiative Defense program;And
Checking step is defendd, carries out system safety inspection using Initiative Defense program.
Optionally, the defence checking step is periodically executed.
Optionally, include a sub-steps below or multiple sub-steps in the defence checking step:
Execute the file system check sub-step of the inspection of file system;
The critical processes for executing the inspection of critical processes check sub-step;
Execute the configuration inspection sub-step of the security configuration inspection of operating system;
The network communication for executing the inspection of network communication checks sub-step;
The system resource for executing the inspection of system resource occupancy situation checks sub-step;And
Check the customized inspection sub-step of the customized system exception behavior of user.
Optionally, in file system check sub-step, check whether the file system key position in operating system is deposited
Unknown file other than white list, also, the position checked is located at the catalogue where system executable program and configuration file.
Optionally, it is checked in sub-step in the critical processes, is checked in operating system with the presence or absence of except white list
Privilege process.
Optionally, in the configuration inspection sub-step, check whether crucial security configuration is tampered.
Optionally, it is checked in sub-step in the network communication, checks all TCP/UDP externally listened to of operating system
Whether port is all in white list.
Optionally, it is checked in sub-step in the system resource, identification rogue program long-time CPU occupies excessively high or frequent
Memory application or frequent access violation.
Optionally, rear further in the case where the problem of checking system security presence in the defence checking step
Have:
Safe action executes step, and Initiative Defense program executes scheduled safe action automatically.
Optionally, the operating system is the operating system of POS terminal.
Operating system of the invention, which is characterized in that have kernel module in the system kernel of the operating system,
The kernel module has:
Validity checking submodule is checked for the legitimacy to Initiative Defense program itself, is legal feelings checking
Load operating Initiative Defense program loads under condition;And
Defence checks submodule, for carrying out system safety inspection using Initiative Defense program.
Optionally, the defence checks that module includes a submodule below or multiple submodule:
Execute the file system check submodule of the inspection of file system;
The critical processes for executing the inspection of critical processes check submodule;
Execute the configuration inspection submodule of the security configuration inspection of operating system;
The network communication for executing the inspection of network communication checks submodule;
The system resource for executing the inspection of system resource occupancy situation checks submodule;And
Check the customized inspection submodule of the customized system exception behavior of user.
Optionally, the operating system is the operating system of POS terminal.
Operating system of the invention, which is characterized in that executable file mould is integrated in the firmware of the operating system
Block, the executable file module have:
Validity checking submodule is checked for the legitimacy to Initiative Defense program itself, is legal feelings checking
Load operating Initiative Defense program loads under condition;And
Defence checks submodule, for carrying out system safety inspection using Initiative Defense program.
Optionally, the defence checks that module includes a submodule below or multiple submodule:
Execute the file system check submodule of the inspection of file system;
The critical processes for executing the inspection of critical processes check submodule;
Execute the configuration inspection submodule of the security configuration inspection of operating system;
The network communication for executing the inspection of network communication checks submodule;
The system resource for executing the inspection of system resource occupancy situation checks submodule;And
Check the customized inspection submodule of the customized system exception behavior of user.
Optionally, the operating system is the operating system of POS terminal.
Computer-readable medium of the invention, is stored thereon with computer program, which is characterized in that the computer program quilt
Processor realizes above-mentioned operating system security active defense method when executing.
Computer equipment of the invention, including memory, processor and storage are on a memory and can be on a processor
The computer program of operation, which is characterized in that the processor realizes above-mentioned operating system when executing the computer program
Safe active defense method.
The safe active defense method of operations according to the instant invention system and operating system propose a kind of for intelligence
Whether the Initiative Defense scheme of POS terminal operating system, the safe condition and key component for capableing of active detecting system are entered
Invade, compared with other schemes of same type, have the characteristics that it is versatile, unknown threat can be defendd.
It is used to illustrate the specific reality of certain principles of the invention together with attached drawing by include this paper attached drawing and then
Mode is applied, other feature possessed by methods and apparatus of the present invention and advantage will become more concrete or explained
It is bright.
Detailed description of the invention
Fig. 1 is the flow chart for indicating operating system security active defense method of the invention.
Fig. 2 is a specific embodiment for indicating validity checking step S100.
Fig. 3 is the organigram of the operating system of one embodiment of the present invention.
Fig. 4 is that the defence of one embodiment of the present invention checks the organigram of module.
Fig. 5 is the block diagram of the operating system of a further embodiment of the present invention.
Fig. 6 is to indicate that the defence of a further embodiment of the present invention checks the organigram of module.
Specific embodiment
What is be described below is some in multiple embodiments of the invention, it is desirable to provide to basic understanding of the invention.And
It is not intended to and confirms crucial or conclusive element of the invention or limit scope of the claimed.
A primary object of the invention is, one section of Initiative Defense program generation is embedded in the firmware of operating system
Code, which is integrated in system kernel or firmware, if be integrated in system kernel, is presented as one
Android kernel module is presented as an executable file if integrated in firmware.Its physical storage locations can be
Boot subregion, can also be in System subregion.
Another primary object of the invention is, defines the behavioural characteristic of the Initiative Defense program.Pass through these rows
For that can find the intrusion behavior for operating system in time, and execute corresponding safe action.
It is illustrated firstly, for operating system security active defense method of the invention.
Fig. 1 is the flow chart for indicating operating system security active defense method of the invention.
As shown in Figure 1, operating system security active defense method of the invention includes:
Validity checking step S100: checking the legitimacy of Initiative Defense program itself, in the case where checking legal
The load of load operating Initiative Defense program;
It defends checking step S200: carrying out system safety inspection using Initiative Defense program;And
Safe action executes step S300: Initiative Defense program executes scheduled safe action automatically.
Then, the particular content of these steps is illustrated.Illustrate with operating system the case where being POS terminal below
It is illustrated.
Validity checking step S100 is for ensuring that the legitimacy of Initiative Defense program itself, and the method for inspection is by POS
The self-test of terminal is completed, and the content of inspection includes the executable file of Initiative Defense program itself and the digital signature of configuration file
It is whether legal, whether the process status of Initiative Defense program normal etc..If firmware validity checking program notes abnormalities, touch
Send out terminal failure or self-destruction.
Fig. 2 is a specific embodiment for indicating validity checking step S100.
As shown in Fig. 2, starting operating system, the number for reading Initiative Defense program in step s 2 are signed in step sl
Name, corresponding public key in read operation system in step s3, whether digital signature checked is legal in step s 4, if legal then
Continue the checking step (i.e. defence checking step S200) of next step in step s 5, if inspection result be it is illegal, prompt
Check failure.
Initiative Defense program in the present invention is to start execution automatically early period in starting operating system.If Initiative Defense journey
Sequence is integrated in system kernel, then execution is directly initialized by kernel.If program is integrated in firmware, straight by Init process
Initialization is connect to execute.After the validity checking step of Initiative Defense program is completed, then automatic load operating, continues into defence
Thus checking step S200 confirms the safe condition of system.
Particular content as defence checking step S200 can enumerate following inspection:
(1) check the file of file system key position whether all in white list;
(2) check the kernel module of load whether all in white list;
(3) check the process run with superuser whether all in white list;
(4) check whether all processes being currently running all derive from known location;
(5) process of resource occupation exception is checked for;
(6) check whether operating system key configuration is consistent with predefined value;
(7) check network intercepting port whether all in white list;
(8) other customized abnormal behaviors of user are checked.
In the present invention, one timer is arranged, then as an embodiment for defence checking step S200
Defence checking step S200 is periodically carried out, active inspection is carried out to operating system security environment as a result,.
It is some scopes of examination for illustrating defence checking step S200 above.If for defending checking step
If the content of S200 is classified, it can substantially be divided into following a few classes:
(a) inspection of file system;
(b) inspection of critical processes;
(c) the security configuration inspection of operating system;
(d) inspection of network communication;
(e) system resource occupancy situation inspection;And
(f) inspection of the customized system exception behavior of other users.
Then, the particular content of classification, which is illustrated, to be checked for these.
(a) to the inspection of file system.
Purpose for file system check is to check file system key position with the presence or absence of unknown other than white list
File, the position of inspection are located at the catalogue where system executable program and configuration file, and the file of inspection includes but is not limited to:
1) file system root directory :/
2) path included in PATH environmental variance, including/sbin;/system/bin;/ system/xbin etc., and should wrap
Include the file relevant to power is proposed such as su/busybox;
3) crucial system directory, such as/system/lib/modules.
(b) for the inspection of system core process
For system core process inspection the purpose is to check in operating system with the presence or absence of the privilege process except white list,
Detection methods include but is not limited to:
1) check the kernel module loaded whether all in white list;
2) it checks with non-shell and the process of application user's operation whether all in white list;
3) check whether the start command row of process and position derive from common catalogue, if exist without corresponding executable file
Process.
(c) for the security configuration inspection of system
For system security configuration inspection the purpose is to check whether crucial security configuration is tampered, detection methods are mainly
By reading configuration information, trial illegal operation etc., including but not limited to:
1) system security attribute value is checked, such as ro.secure and ro.debuggable;
2) check whether security mechanism opens, such as randomize_va_space;
3) crucial subregion and file attribute are checked, if whether system subregion is ro;
4) illegal operation is attempted, such as with non-privileged users operational diagnostics program, access unauthorized path is attempted or promotes permission, in advance
Phase failure.
(d) for the network communication inspection of system
For system network communication inspection the purpose is to check whether to open unknown network service, these services may be
It is created by wooden horse, whether main means are to check all ports TCP/UDP externally listened to all in white list.
(e) for the inspection of system resource occupancy situation
For system resource occupancy situation inspection the purpose is to identify some characteristic behaviors of rogue program when using loophole,
Such as long-time CPU occupies excessively high, frequent memory application, frequent access violation.
In addition, after noting abnormalities in the checking process for defending checking step S200, it then can be with further progress safety
It is optional step that movement, which executes the step S300(step).It is executed in step S300 in safe action, Initiative Defense program is automatic
Execute scheduled safe action.For example, such as safety locking intelligence POS, or triggering self-destruction operation etc..It further can also be same
When, the modes such as screen shows, audible alarm inform that user, or backstage send a warning message and give management platform.
It is the operating system packet being illustrated by taking the operating system of operating system POS terminal as an example, but of the invention above
Contain but is not limited to the operating system in POS.
Operating system security active defense method of the invention is explained above, sequentially for operating system of the invention
It is illustrated.
Fig. 3 is the organigram of the operating system of one embodiment of the present invention.
As shown in Fig. 2, having kernel module 110 in the system kernel 100 of operating system of the invention, in kernel module
110 have: validity checking submodule 111, check for the legitimacy to Initiative Defense program itself, are checking as conjunction
Load operating Initiative Defense program loads in the case where method;Defence checks submodule 112, for being carried out using Initiative Defense program
System safety inspection;And safe action execution module 113, scheduled safe action is executed by Initiative Defense program automatically.
Fig. 4 is that the defence of one embodiment of the present invention checks the organigram of module.As shown in figure 3, defence checks
Module 112 includes a submodule below or multiple submodule: executing file system check of the inspection of file system
Module 11;The critical processes for executing the inspection of critical processes check submodule 12;Execute the security configuration inspection of operating system
Configuration inspection submodule 13;The network communication for executing the inspection of network communication checks submodule 14;It executes system resource and occupies feelings
The system resource of condition inspection checks submodule 15 and checks the customized inspection submodule of the customized system exception behavior of user
Block 16.
Then, the operating system of a further embodiment of the present invention is illustrated.
Fig. 5 is the block diagram of the operating system of a further embodiment of the present invention.As shown in figure 4, a further embodiment of the present invention
Operating system firmware 200 in be integrated with executable file module 210.Wherein, executable file module 210 has: legal
Property check submodule 211, the legitimacy of Initiative Defense program itself is checked, check be it is legal in the case where load fortune
The load of row Initiative Defense program;Defence checks submodule 212, carries out system safety inspection using Initiative Defense program;And peace
Full action executing module 113, executes scheduled safe action using Initiative Defense program automatically.
Fig. 6 is that the defence of a further embodiment of the present invention checks the organigram of module.The defence checks module 212
Including a submodule below or multiple submodule: executing the file system check submodule 21 of the inspection of file system;
The critical processes for executing the inspection of critical processes check submodule 22;Execute the configuration inspection of the security configuration inspection of operating system
Submodule 23;The network communication for executing the inspection of network communication checks submodule 24;Execute the inspection of system resource occupancy situation
System resource checks submodule 25 and checks the customized inspection submodule 26 of the customized system exception behavior of user.
Further, the present invention also provides a kind of computer-readable mediums, are stored thereon with computer program, and feature exists
In the computer program realizes above-mentioned operating system security active defense method when being executed by processor.
Further, the present invention also provides a kind of computer equipments, including memory, processor and storage are on a memory
And the computer program that can be run on a processor, which is characterized in that the processor is realized when executing the computer program
Above-mentioned operating system security active defense method.
Operations according to the instant invention system and operating system security active defense method, it can be found that using undocumented
The rogue program of loophole invasion, moreover, having the detectability to the exogenous code that key position occurs.
More than, example primarily illustrates operating system and operating system security active defense method of the invention.Although
Only some of a specific embodiment of the invention are described, but those of ordinary skill in the art are it is to be appreciated that originally
Invention can implemented without departing from its spirit in range in many other form.Therefore, the example shown and embodiment party
Formula is considered as illustrative and not restrictive, is not departing from the spirit and scope of the present invention as defined in appended claims
In the case where, the present invention may cover various modification and replacement.
Claims (18)
1. a kind of operating system security active defense method characterized by comprising
Validity checking step checks the legitimacy of Initiative Defense program itself, loads in the case where checking legal
Run the load of Initiative Defense program;And
Checking step is defendd, carries out system safety inspection using Initiative Defense program.
2. operating system security active defense method as described in claim 1, which is characterized in that
Periodically execute the defence checking step.
3. operating system security active defense method as described in claim 1, which is characterized in that
Include a sub-steps below or multiple sub-steps in the defence checking step:
Execute the file system check sub-step of the inspection of file system;
The critical processes for executing the inspection of critical processes check sub-step;
Execute the configuration inspection sub-step of the security configuration inspection of operating system;
The network communication for executing the inspection of network communication checks sub-step;
The system resource for executing the inspection of system resource occupancy situation checks sub-step;And
Check the customized inspection sub-step of the customized system exception behavior of user.
4. operating system security active defense method as claimed in claim 3, which is characterized in that
In file system check sub-step, check the file system key position in operating system with the presence or absence of other than white list
Unknown file, also, check position be located at the catalogue where system executable program and configuration file.
5. operating system security active defense method as claimed in claim 3, which is characterized in that
It is checked in sub-step in the critical processes, is checked in operating system with the presence or absence of the privilege process except white list.
6. operating system security active defense method as claimed in claim 3, which is characterized in that
In the configuration inspection sub-step, check whether crucial security configuration is tampered.
7. operating system security active defense method as claimed in claim 3, which is characterized in that
Check in sub-step whether all to check all ports TCP/UDP externally listened to of operating system in the network communication
In white list.
8. operating system security active defense method as claimed in claim 3, which is characterized in that
It is checked in sub-step in the system resource, identification rogue program long-time CPU occupies excessively high or frequent memory application
Or frequent access violation.
9. operating system security active defense method as described in claim 1, which is characterized in that when the defence checking step
In in the case where the problem of checking system security presence, after be further equipped with:
Safe action executes step, and Initiative Defense program executes scheduled safe action automatically.
10. the operating system security active defense method as described in claim 1 ~ 9 any one, which is characterized in that
The operating system is the operating system of POS terminal.
11. a kind of operating system, which is characterized in that have kernel module in the system kernel of the operating system, described
Kernel module has:
Validity checking submodule is checked for the legitimacy to Initiative Defense program itself, is legal feelings checking
Load operating Initiative Defense program loads under condition;And
Defence checks submodule, for carrying out system safety inspection using Initiative Defense program.
12. operating system as claimed in claim 11, which is characterized in that
The defence checks that module includes a submodule below or multiple submodule:
Execute the file system check submodule of the inspection of file system;
The critical processes for executing the inspection of critical processes check submodule;
Execute the configuration inspection submodule of the security configuration inspection of operating system;
The network communication for executing the inspection of network communication checks submodule;
Execute the inspection of system resource occupancy situation system resource check submodule and
Check the customized inspection submodule of the customized system exception behavior of user.
13. the operating system as described in claim 11 or 12, which is characterized in that
The operating system is the operating system of POS terminal.
14. a kind of operating system, which is characterized in that be integrated with executable file module, institute in the firmware of the operating system
Executable file module is stated to have:
Validity checking submodule is checked for the legitimacy to Initiative Defense program itself, is legal feelings checking
Load operating Initiative Defense program loads under condition;And
Defence checks submodule, for carrying out system safety inspection using Initiative Defense program.
15. operating system as claimed in claim 14, which is characterized in that
The defence checks that module includes a submodule below or multiple submodule:
Execute the file system check submodule of the inspection of file system;
The critical processes for executing the inspection of critical processes check submodule;
Execute the configuration inspection submodule of the security configuration inspection of operating system;
The network communication for executing the inspection of network communication checks submodule;
The system resource for executing the inspection of system resource occupancy situation checks submodule;And
Check the customized inspection submodule of the customized system exception behavior of user.
16. the operating system as described in claims 14 or 15, which is characterized in that
The operating system is the operating system of POS terminal.
17. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that the computer program is processed
Operating system security active defense method described in any one of claim 1 ~ 10 is realized when device executes.
18. a kind of computer equipment, can run on a memory and on a processor including memory, processor and storage
Computer program, which is characterized in that the processor is realized any one in claim 1 ~ 10 when executing the computer program
Operating system security active defense method described in.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810715441.8A CN109271787A (en) | 2018-07-03 | 2018-07-03 | A kind of operating system security active defense method and operating system |
| PCT/CN2019/093831 WO2020007249A1 (en) | 2018-07-03 | 2019-06-28 | Operating system security active defense method and operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810715441.8A CN109271787A (en) | 2018-07-03 | 2018-07-03 | A kind of operating system security active defense method and operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109271787A true CN109271787A (en) | 2019-01-25 |
Family
ID=65152833
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810715441.8A Pending CN109271787A (en) | 2018-07-03 | 2018-07-03 | A kind of operating system security active defense method and operating system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109271787A (en) |
| WO (1) | WO2020007249A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020007249A1 (en) * | 2018-07-03 | 2020-01-09 | ***股份有限公司 | Operating system security active defense method and operating system |
| CN110688653A (en) * | 2019-09-29 | 2020-01-14 | 北京可信华泰信息技术有限公司 | Client security protection method and device and terminal equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571476A (en) * | 2010-12-27 | 2012-07-11 | ***股份有限公司 | Method and device for monitoring terminal command line in real time |
| CN103473508A (en) * | 2013-09-17 | 2013-12-25 | 肖楠 | Security verification method during kernel operation of operation system |
| CN104809401A (en) * | 2015-05-08 | 2015-07-29 | 南京大学 | Method for protecting integrity of kernel of operating system |
| CN104899511A (en) * | 2015-05-21 | 2015-09-09 | 成都中科慧创科技有限公司 | Program behavior algorithm based active defense method |
| CN107944232A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of design method and system of the Active Defending System Against based on white list technology |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103324887B (en) * | 2013-07-05 | 2016-12-28 | 百度在线网络技术(北京)有限公司 | Prevention-Security device, method and the mobile terminal of mobile terminal |
| CN103473498B (en) * | 2013-09-12 | 2016-03-23 | 深圳市文鼎创数据科技有限公司 | Application security verification method and terminal |
| KR20160037415A (en) * | 2014-09-29 | 2016-04-06 | 박성빈 | Method for preventing illegal copying software |
| US10423777B2 (en) * | 2016-04-14 | 2019-09-24 | Endgame, Inc. | Preventing execution of malicious instructions based on address specified in a branch instruction |
| CN106203125A (en) * | 2016-07-11 | 2016-12-07 | 北京小米移动软件有限公司 | Operating system and safety detection method, safety detection device and terminal |
| CN107491693A (en) * | 2017-07-24 | 2017-12-19 | 南京南瑞集团公司 | A kind of industry control operating system active defense method with self-learning property |
| CN109271787A (en) * | 2018-07-03 | 2019-01-25 | ***股份有限公司 | A kind of operating system security active defense method and operating system |
-
2018
- 2018-07-03 CN CN201810715441.8A patent/CN109271787A/en active Pending
-
2019
- 2019-06-28 WO PCT/CN2019/093831 patent/WO2020007249A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571476A (en) * | 2010-12-27 | 2012-07-11 | ***股份有限公司 | Method and device for monitoring terminal command line in real time |
| CN103473508A (en) * | 2013-09-17 | 2013-12-25 | 肖楠 | Security verification method during kernel operation of operation system |
| CN104809401A (en) * | 2015-05-08 | 2015-07-29 | 南京大学 | Method for protecting integrity of kernel of operating system |
| CN104899511A (en) * | 2015-05-21 | 2015-09-09 | 成都中科慧创科技有限公司 | Program behavior algorithm based active defense method |
| CN107944232A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of design method and system of the Active Defending System Against based on white list technology |
Non-Patent Citations (2)
| Title |
|---|
| 何远德等: "基于白名单与主动防御混搭的安卓终端安全应用研究", 《西南民族大学学报(自然科学版)》 * |
| 张宝社等: "《Linux网络技术》", 30 June 1999, 中国科学技术大学出版社 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020007249A1 (en) * | 2018-07-03 | 2020-01-09 | ***股份有限公司 | Operating system security active defense method and operating system |
| CN110688653A (en) * | 2019-09-29 | 2020-01-14 | 北京可信华泰信息技术有限公司 | Client security protection method and device and terminal equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020007249A1 (en) | 2020-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11687653B2 (en) | Methods and apparatus for identifying and removing malicious applications | |
| CN106991324B (en) | Malicious code tracking and identifying method based on memory protection type monitoring | |
| CN111931166B (en) | Application program anti-attack method and system based on code injection and behavior analysis | |
| CN109829309A (en) | Terminal device system protection method and device | |
| US10733296B2 (en) | Software security | |
| US20140053267A1 (en) | Method for identifying malicious executables | |
| US11012449B2 (en) | Methods and cloud-based systems for detecting malwares by servers | |
| CN109299135A (en) | Abnormal inquiry recognition methods, identification equipment and medium based on identification model | |
| KR20190067542A (en) | Computing apparatus and method thereof robust to encryption exploit | |
| CN110619217A (en) | Method and device for actively defending malicious mining program | |
| Vaidya et al. | Security issues in language-based software ecosystems | |
| KR20080047261A (en) | Anomaly malicious code detection method using process behavior prediction technique | |
| EP3394785A1 (en) | Detecting malicious software | |
| CN109271787A (en) | A kind of operating system security active defense method and operating system | |
| CN107122664B (en) | Safety protection method and device | |
| CN109784051B (en) | Information security protection method, device and equipment | |
| CN112035831A (en) | Data processing method, device, server and storage medium | |
| CN116340931A (en) | RASP-based SCA linkage protection method, device, equipment and medium | |
| CN113595986B (en) | Intelligent contract intercepting method and device based on intelligent contract firewall framework | |
| CN114003913B (en) | Operation control method and device for application program | |
| CN113076540B (en) | Attack detection method and device, electronic equipment and storage medium | |
| EP3394786A1 (en) | Software security | |
| CN115203691A (en) | Safety monitoring method, device, equipment and storage medium for electric power mobile terminal | |
| CN115730308A (en) | Runtime protection method and device based on memory check | |
| CN116684161A (en) | Program running method, program running device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190125 |
|
| RJ01 | Rejection of invention patent application after publication |