CN109711169A - Means of defence and device, system, storage medium, the electronic device of system file - Google Patents
Means of defence and device, system, storage medium, the electronic device of system file Download PDFInfo
- Publication number
- CN109711169A CN109711169A CN201811645250.5A CN201811645250A CN109711169A CN 109711169 A CN109711169 A CN 109711169A CN 201811645250 A CN201811645250 A CN 201811645250A CN 109711169 A CN109711169 A CN 109711169A
- Authority
- CN
- China
- Prior art keywords
- operation behavior
- file
- system file
- default access
- legal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 36
- 230000006399 behavior Effects 0.000 claims description 139
- 230000015654 memory Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 15
- 238000001514 detection method Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 8
- 230000001681 protective effect Effects 0.000 claims description 6
- 230000026676 system process Effects 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of means of defence of system file and device, system, storage medium, electronic devices, wherein this method comprises: the type of the file destination in identification equipment;When the type of the file destination is system file, the operation behavior that the file destination is initiated is detected;Judge whether the operation behavior is legal according to the default access range of the system file, wherein the corresponding permissions list of the default access range is arranged in server local.Through the invention, solve causes to be easy the technical issues of being attacked since the permission of system file is excessive in the related technology.
Description
Technical field
The present invention relates to computer fields, means of defence and device, system in particular to a kind of system file,
Storage medium, electronic device.
Background technique
System file is the basic of the normal operation of system, once controlled by viral malice, caused by influence and lose non-
Chang great.
In the related technology, because system file is the file below system, and system itself is usually safety, so being
System file is all not required to be protected, and default is considered as safe.In this way it is easy to cause to run the leakage of the security protection of the system
Hole.
For the above problem present in the relevant technologies, at present it is not yet found that the solution of effect.
Summary of the invention
The embodiment of the invention provides a kind of means of defence of system file and device, system, storage medium, electronics dresses
It sets.
According to one embodiment of present invention, a kind of means of defence of system file is provided, comprising: in identification equipment
The type of file destination;When the type of the file destination is system file, the operation row that the file destination is initiated is detected
For;Judge whether the operation behavior is legal according to the default access range of the system file, wherein the default access model
Corresponding permissions list is enclosed to be arranged in server local.
Optionally, according to the default access range of the system file judge the operation behavior it is whether legal include: true
Predetermined registration operation behavior set corresponding to the fixed default access range;Judge whether the predetermined registration operation behavior set includes institute
State operation behavior;When the predetermined registration operation behavior set includes the operation behavior, determine that the operation behavior is legal;Institute
When to state predetermined registration operation behavior set do not include the operation behavior, determine that the operation behavior is illegal.
Optionally, before the default access range according to the system file judges whether the operation behavior is legal,
The method also includes: all valid operation behaviors of the system file are collected by big data platform, by all conjunctions
Method operation behavior is set as the default access range, wherein the big data platform is runs institute under multiple security contexts
State the platform of system file.
Optionally, the system file includes system program or system process, identifies the type of the file destination in equipment
It include: the system that identification runs the file destination;When the system is operating system, the mesh is identified by file suffixes
Mark the type of file, wherein the file destination includes following one: program, process, the type includes following one: being
System file, user file.
Optionally, after the default access range according to the system file judges whether the operation behavior is legal,
The method also includes: when the operation behavior is legal, the operation behavior of letting pass;When the operation behavior is illegal,
Intercept the operation behavior.
According to another embodiment of the invention, a kind of protective device of system file is provided, comprising: identification module,
The type of file destination in equipment for identification;Detection module, for the type in the file destination be system file when,
Detect the operation behavior that the file destination is initiated;Judgment module, for being sentenced according to the default access range of the system file
Whether the operation behavior of breaking is legal, wherein the corresponding permissions list of the default access range is arranged in server local.
Optionally, the judgment module includes: the first determination unit, for determining corresponding to the default access range
Predetermined registration operation behavior set;Judging unit, for judging whether the predetermined registration operation behavior set includes the operation behavior;The
Two determination units, for determining that the operation behavior is legal when the predetermined registration operation behavior set includes the operation behavior;
When the predetermined registration operation behavior set does not include the operation behavior, determine that the operation behavior is illegal.
Optionally, described device further include: setup module, in the judgment module according to the pre- of the system file
If before extent of competence judges whether the operation behavior is legal, all conjunctions of the system file are collected by big data platform
All valid operation behaviors are set the default access range by method operation behavior, wherein the big data platform is
The platform of the system file is run under multiple security contexts.
Optionally, the system file includes system program or system process, and the identification module includes: the first identification list
Member runs the system of the file destination for identification;Second recognition unit, for leading to when the system is operating system
Cross the type that file suffixes identifies the file destination, wherein the file destination includes following one: program, process, it is described
Type includes following one: system file, user file.
Optionally, described device further include: management module, for sentencing according to the default access range of the system file
After whether the operation behavior of breaking is legal, when the operation behavior is legal, the operation behavior of letting pass;It goes in the operation
When being illegal, the operation behavior is intercepted.
The present embodiment additionally provides a kind of guard system of system file, including server and client side, the server
It include: identification module, the type of the file destination in equipment for identification;Detection module, for the class in the file destination
When type is system file, the operation behavior that the file destination is initiated is detected;Judgment module, for according to the system file
Default access range judges whether the operation behavior is legal, wherein the corresponding permissions list setting of the default access range
In server local;The client is connect with the server, is used for the system file described in local runtime.
According to still another embodiment of the invention, a kind of storage medium is additionally provided, meter is stored in the storage medium
Calculation machine program, wherein the computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
According to still another embodiment of the invention, a kind of electronic device, including memory and processor are additionally provided, it is described
Computer program is stored in memory, the processor is arranged to run the computer program to execute any of the above-described
Step in embodiment of the method.
Through the invention, the operation behavior initiated by detection system file, and according to the default power of the system file
Limit range judges whether the operation behavior of system file is legal, and then whether decision-making system file is utilized by rogue program, can be with
Loss caused by system file is utilized by rogue program is prevented or reduced, solves the permission in the related technology due to system file
It is excessive and cause to be easy the technical issues of being attacked.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is a kind of hardware block diagram of the protection server of system file of the embodiment of the present invention;
Fig. 2 is a kind of flow chart of the means of defence of system file according to an embodiment of the present invention;
Fig. 3 is the application scenario diagram of the embodiment of the present invention;
Fig. 4 is the structural block diagram of the protective device of file according to the system in the embodiment of the present invention.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application
Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
The embodiment of the application a part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people
Member's every other embodiment obtained without making creative work, all should belong to the model of the application protection
It encloses.It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can be mutual group
It closes.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
Embodiment 1
Embodiment of the method provided by the embodiment of the present application one can mobile terminal, terminal, server or
It is executed in similar arithmetic unit.For running on the server, Fig. 1 is a kind of the anti-of system file of the embodiment of the present invention
Protect the hardware block diagram of server.As shown in Figure 1, server 10 may include one or more (only showing one in Fig. 1)
(processor 102 can include but is not limited to the processing dress of Micro-processor MCV or programmable logic device FPGA etc. to processor 102
Set) and memory 104 for storing data, optionally, above-mentioned server can also include setting for the transmission of communication function
Standby 106 and input-output equipment 108.It will appreciated by the skilled person that structure shown in FIG. 1 is only to illustrate,
The structure of above-mentioned server is not caused to limit.For example, server 10 may also include it is more or less than shown in Fig. 1
Component, or with the configuration different from shown in Fig. 1.
Memory 104 can be used for storing computer program, for example, the software program and module of application software, such as this hair
The corresponding computer program of means of defence of one of bright embodiment system file, processor 102 are stored in by operation
Computer program in reservoir 104 realizes above-mentioned method thereby executing various function application and data processing.Storage
Device 104 may include high speed random access memory, may also include nonvolatile memory, as one or more magnetic storage device,
Flash memory or other non-volatile solid state memories.In some instances, memory 104 can further comprise relative to processing
The remotely located memory of device 102, these remote memories can pass through network connection to server 10.The example of above-mentioned network
Including but not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Transmitting device 106 is used to that data to be received or sent via a network.Above-mentioned network specific example may include
The wireless network that the communication providers of server 10 provide.In an example, transmitting device 106 includes a network adapter
(Network Interface Controller, referred to as NIC), can be connected by base station with other network equipments so as to
It is communicated with internet.In an example, transmitting device 106 can be radio frequency (Radio Frequency, referred to as RF)
Module is used to wirelessly be communicated with internet.
A kind of means of defence of system file is provided in the present embodiment, and Fig. 2 is one kind according to an embodiment of the present invention
The flow chart of the means of defence of system file, as shown in Fig. 2, the process includes the following steps:
Step S202 identifies the type of the file destination in equipment;
The equipment of the present embodiment can be computer, notebook, printer, camera, and USB flash disk etc. can access network either
The electronic equipment that can be controlled.
Step S204 detects the operation that the file destination is initiated when the type of the file destination is system file
Behavior;
The scheme of the present embodiment further includes determining default access range corresponding with the system file.
Step S206 judges whether the operation behavior is legal according to the default access range of the system file, wherein
The corresponding permissions list of the default access range is arranged in server local.
Through the above steps, the operation behavior initiated by detection system file, and according to the default of the system file
Extent of competence judges whether the operation behavior of system file is legal, and then whether decision-making system file is utilized by rogue program, can
To prevent or reduce loss caused by system file is utilized by rogue program, solves the power in the related technology due to system file
It limits excessive and causes to be easy the technical issues of being attacked.
Optionally, judging whether the operation behavior is legal according to the default access range of the system file includes:
S11 determines predetermined registration operation behavior set corresponding to the default access range;
Default access range is the extent of competence that system file can execute, including the first predetermined registration operation row that can be executed
For set, it can such as network, can control printer, user software etc. can be opened, and execute the (cannot be forbidden)
Two predetermined registration operation behavior set, can such as open other systems file, it is not possible to modify system file etc..
S12 judges whether the predetermined registration operation behavior set includes the operation behavior;
S13 determines that the operation behavior is legal when the predetermined registration operation behavior set includes the operation behavior;?
When the predetermined registration operation behavior set does not include the operation behavior, determine that the operation behavior is illegal.Such as current operation
Behavior is networking operation, then when can be determined as legal, current operation behavior to modify system file, is determined as illegal.
In the present embodiment, judge whether the operation behavior is legal in the default access range according to the system file
Before, scheme further include: all valid operation behaviors that the system file is collected by big data platform, by all conjunctions
Method operation behavior is set as the default access range, wherein the big data platform is runs institute under multiple security contexts
State the platform of system file.The system file can will be run in multiple application environments, such as in server-side in multiple equipment
Detect multiple equipment for being mounted with the system file, the operation behavior that collecting device generates after running the system file, then into
Row selection selects valid operation behavior therein, the toggle rate of operation behavior is such as determined as legal behaviour greater than preset threshold
Make behavior, the toggle rate of operation behavior is determined as valid operation behavior less than or equal to preset threshold;On the other hand, may be used
To judge to operate whether collected operation behavior is valid operation behavior according to operating result, operation behavior is generated default
The operation behavior of operating result is determined as valid operation behavior, and operation behavior is not generated to being determined as illegally for predetermined registration operation result
Operation behavior, wherein each operation behavior is corresponding with operating result.
Optionally, the system file includes system program or system process, identifies the type of the file destination in equipment
Include:
S21, the system that identification runs the file destination;The system of operating file can be operating system, operation system
Deng the permission of operating system is relatively high.
S22 identifies the type of the file destination by file suffixes, wherein institute when the system is operating system
Stating file destination includes following one: program, process, the type includes following one: system file, user file.System
There are many suffix of file, such as exe, com, bin: executable file;C, cc, cpp, java, pas: program source code;bat,
Sh: command file;Txt, doc: text data, text document;Lib, dll: library file;Zip, rar: compressed file;mpeg,
Mov, rm: multimedia file.It on the other hand, can be (publicly-owned, private by data type classifications to the file below operating system
Have), privately owned file is system file, and publicly-owned file is then user file or alternative document, and then determines that privately owned file is to need
The file type of protection, publicly-owned file are to be not required to file type to be protected.The present embodiment is except through suffix identification target text
Except the type of part, the label information (being such as user file with user name label) of file destination, liveness can also be passed through
(it is system file that liveness, which is greater than threshold value), the father file or storage location of the file destination (trigger system text to identify
The father file of part is centainly also a system file, is stored in system disk).
In the present embodiment, judge whether the operation behavior is legal in the default access range according to the system file
Later, further includes: when the operation behavior is legal, the operation behavior of letting pass;When the operation behavior is illegal, intercept
The operation behavior.
Optionally, the executing subject of above-mentioned steps can be the server etc. of the one or more clients of connection, client
Can be mobile terminal, PC etc., server can be SOCKS server, security server etc., but not limited to this.It is applying
When server end, server arrives multiple client by network connection, and priority assignation and security protection are carried out to it, and Fig. 3 is this
The application scenario diagram of inventive embodiments, server connect multiple client, the target text that server-side identification is run on the client
The operation behavior that part and the file destination are initiated intercepts the operation row in server-side when operation behavior is illegal
For.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing
The part that technology contributes can be embodied in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
Embodiment 2
A kind of protective device of system file is additionally provided in the present embodiment, can be terminal or server, the device
For realizing above-described embodiment and preferred embodiment, the descriptions that have already been made will not be repeated.As used below, term
The combination of the software and/or hardware of predetermined function may be implemented in " module ".Although device is preferably described in following embodiment
It is realized with software, but the realization of the combination of hardware or software and hardware is also that may and be contemplated.
Fig. 4 is the structural block diagram of the protective device of file according to the system in the embodiment of the present invention, can be applied in client
Or in server, as shown in figure 4, the device includes: identification module 40, detection module 42, judgment module 44, wherein
Identification module 40, for identification type of the file destination in equipment;
When detection module 42 for the type in the file destination is system file, detects the file destination and initiate
Operation behavior;
Judgment module 44, for judging whether the operation behavior closes according to the default access range of the system file
Method, wherein the corresponding permissions list of the default access range is arranged in server local.
Optionally, the judgment module includes: the first determination unit, for determining corresponding to the default access range
Predetermined registration operation behavior set;Judging unit, for judging whether the predetermined registration operation behavior set includes the operation behavior;The
Two determination units, for determining that the operation behavior is legal when the predetermined registration operation behavior set includes the operation behavior;
When the predetermined registration operation behavior set does not include the operation behavior, determine that the operation behavior is illegal.
Optionally, described device further include: setup module, in the judgment module according to the pre- of the system file
If before extent of competence judges whether the operation behavior is legal, all conjunctions of the system file are collected by big data platform
All valid operation behaviors are set the default access range by method operation behavior, wherein the big data platform is
The platform of the system file is run under multiple security contexts.
Optionally, the system file includes system program or system process, and the identification module includes: the first identification list
Member runs the system of the file destination for identification;Second recognition unit, for leading to when the system is operating system
Cross the type that file suffixes identifies the file destination, wherein the file destination includes following one: program, process, it is described
Type includes following one: system file, user file.
Optionally, described device further include: management module, for sentencing according to the default access range of the system file
After whether the operation behavior of breaking is legal, when the operation behavior is legal, the operation behavior of letting pass;It goes in the operation
When being illegal, the operation behavior is intercepted.
Embodiment additionally provides a kind of guard system of system file, including server and client side, the server packet
It includes: identification module, for identification type of the file destination in equipment;Detection module, for the type in the file destination
When for system file, the operation behavior that the file destination is initiated is detected;Judgment module, for according to the pre- of the system file
If extent of competence judges whether the operation behavior is legal, wherein the corresponding permissions list setting of the default access range exists
Server local;The client is connect with the server, is used for the system file described in local runtime.
It should be noted that terminal and server is only difference of the scheme in executing subject, in above-mentioned protective device
Each example and optinal plan equally adapt in the server, and generate identical technical effect.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong
Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any
Combined form is located in different processors.
Embodiment 3
The embodiments of the present invention also provide a kind of storage medium, computer program is stored in the storage medium, wherein
The computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
Optionally, in the present embodiment, above-mentioned storage medium can be set to store by executing based on following steps
Calculation machine program:
S1 identifies the type of the file destination in equipment;
S2 detects the operation behavior that the file destination is initiated when the type of the file destination is system file;
S3 judges whether the operation behavior is legal according to the default access range of the system file, wherein described pre-
If the corresponding permissions list of extent of competence is arranged in server local.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (Read-
Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard
The various media that can store computer program such as disk, magnetic or disk.
The embodiments of the present invention also provide a kind of electronic device, including memory and processor, stored in the memory
There is computer program, which is arranged to run computer program to execute the step in any of the above-described embodiment of the method
Suddenly.
Optionally, above-mentioned electronic device can also include transmission device and input-output equipment, wherein the transmission device
It is connected with above-mentioned processor, which connects with above-mentioned processor.
Optionally, in the present embodiment, above-mentioned processor can be set to execute following steps by computer program:
S1 identifies the type of the file destination in equipment;
S2 detects the operation behavior that the file destination is initiated when the type of the file destination is system file;
S3 judges whether the operation behavior is legal according to the default access range of the system file, wherein described pre-
If the corresponding permissions list of extent of competence is arranged in server local.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment
Example, details are not described herein for the present embodiment.
Above-mentioned the embodiment of the present application serial number is for illustration only, does not represent the advantages or disadvantages of the embodiments.
In above-described embodiment of the application, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment
The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others
Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module
It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the application whole or
Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code
Medium.
The above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art
For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered
It is considered as the protection scope of the application.
Claims (10)
1. a kind of means of defence of system file characterized by comprising
Identify the type of the file destination in equipment;
When the type of the file destination is system file, the operation behavior that the file destination is initiated is detected;
Judge whether the operation behavior is legal according to the default access range of the system file, wherein the default access
The corresponding permissions list of range is arranged in server local.
2. the method according to claim 1, wherein the default access range according to the system file judges institute
State whether operation behavior is legal to include:
Determine predetermined registration operation behavior set corresponding to the default access range;
Judge whether the predetermined registration operation behavior set includes the operation behavior;
When the predetermined registration operation behavior set includes the operation behavior, determine that the operation behavior is legal;Described default
When operation behavior set does not include the operation behavior, determine that the operation behavior is illegal.
3. the method stated according to claim 1, which is characterized in that judging institute according to the default access range of the system file
State operation behavior it is whether legal before, the method also includes:
All valid operation behaviors that the system file is collected by big data platform set all valid operation behaviors
It is set to the default access range, wherein the big data platform is that the system file is run under multiple security contexts
Platform.
4. the method stated according to claim 1, which is characterized in that the system file includes system program or system process, is known
The type of file destination in other equipment includes:
The system that identification runs the file destination;
When the system is operating system, the type of the file destination is identified by file suffixes, wherein the target text
Part includes following one: program, process, the type includes following one: system file, user file.
5. the method stated according to claim 1, which is characterized in that judging institute according to the default access range of the system file
State operation behavior it is whether legal after, the method also includes:
When the operation behavior is legal, the operation behavior of letting pass;When the operation behavior is illegal, the operation is intercepted
Behavior.
6. a kind of protective device of system file characterized by comprising
Identification module, for identification type of the file destination in equipment;
When detection module for the type in the file destination is system file, the operation that the file destination is initiated is detected
Behavior;
Judgment module judges whether the operation behavior is legal for the default access range according to the system file, wherein
The corresponding permissions list of the default access range is arranged in server local.
7. device according to claim 6, which is characterized in that the judgment module includes:
First determination unit, for determining predetermined registration operation behavior set corresponding to the default access range;
Judging unit, for judging whether the predetermined registration operation behavior set includes the operation behavior;
Second determination unit, for when the predetermined registration operation behavior set includes the operation behavior, determining the operation row
It is legal;When the predetermined registration operation behavior set does not include the operation behavior, determine that the operation behavior is illegal.
8. a kind of guard system of system file, including server and client side, which is characterized in that
The server includes:
Identification module, for identification type of the file destination in equipment;
When detection module for the type in the file destination is system file, the operation that the file destination is initiated is detected
Behavior;
Judgment module judges whether the operation behavior is legal for the default access range according to the system file, wherein
The corresponding permissions list of the default access range is arranged in server local;
The client is connect with the server, is used for the system file described in local runtime.
9. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer
Program is arranged to perform claim when operation and requires method described in 1 to 5 any one.
10. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory
Sequence, the processor are arranged to run the computer program in method described in perform claim 1 to 5 any one of requirement.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2018104203696 | 2018-05-04 | ||
| CN201810420369.6A CN108683652A (en) | 2018-05-04 | 2018-05-04 | A kind of method and device of the processing attack of Behavior-based control permission |
| CN201810668277.XA CN108846287A (en) | 2018-06-26 | 2018-06-26 | A kind of method and device of detection loophole attack |
| CN201810668277X | 2018-06-26 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109711169A true CN109711169A (en) | 2019-05-03 |
Family
ID=66259682
Family Applications (11)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811645703.4A Active CN109766699B (en) | 2018-05-04 | 2018-12-29 | Operation behavior intercepting method and device, storage medium and electronic device |
| CN201811640165.XA Active CN109766696B (en) | 2018-05-04 | 2018-12-29 | Method and device for setting software permission, storage medium and electronic device |
| CN201811641292.1A Active CN110443041B (en) | 2018-05-04 | 2018-12-29 | Method, device and system for managing equipment authority, storage medium and electronic device |
| CN201811645563.0A Active CN109711171B (en) | 2018-05-04 | 2018-12-29 | Method, device and system for positioning software bugs, storage medium and electronic device |
| CN201811640656.4A Active CN109829308B (en) | 2018-05-04 | 2018-12-29 | Control policy management method and device, storage medium and electronic device |
| CN201811640220.5A Pending CN109871690A (en) | 2018-05-04 | 2018-12-29 | The management method and device of equipment permission, storage medium, electronic device |
| CN201811645720.8A Pending CN109766700A (en) | 2018-05-04 | 2018-12-29 | Access control method and device, the storage medium, electronic device of file |
| CN201811641170.2A Active CN109829310B (en) | 2018-05-04 | 2018-12-29 | Similar attack defense method, device, system, storage medium and electronic device |
| CN201811645250.5A Pending CN109711169A (en) | 2018-05-04 | 2018-12-29 | Means of defence and device, system, storage medium, the electronic device of system file |
| CN201811645506.2A Pending CN109711170A (en) | 2018-05-04 | 2018-12-29 | Protect the method and device of the abnormal operation behavior of PDF |
| CN201811640174.9A Pending CN109871689A (en) | 2018-05-04 | 2018-12-29 | Hold-up interception method and device, storage medium, the electronic device of operation behavior |
Family Applications Before (8)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811645703.4A Active CN109766699B (en) | 2018-05-04 | 2018-12-29 | Operation behavior intercepting method and device, storage medium and electronic device |
| CN201811640165.XA Active CN109766696B (en) | 2018-05-04 | 2018-12-29 | Method and device for setting software permission, storage medium and electronic device |
| CN201811641292.1A Active CN110443041B (en) | 2018-05-04 | 2018-12-29 | Method, device and system for managing equipment authority, storage medium and electronic device |
| CN201811645563.0A Active CN109711171B (en) | 2018-05-04 | 2018-12-29 | Method, device and system for positioning software bugs, storage medium and electronic device |
| CN201811640656.4A Active CN109829308B (en) | 2018-05-04 | 2018-12-29 | Control policy management method and device, storage medium and electronic device |
| CN201811640220.5A Pending CN109871690A (en) | 2018-05-04 | 2018-12-29 | The management method and device of equipment permission, storage medium, electronic device |
| CN201811645720.8A Pending CN109766700A (en) | 2018-05-04 | 2018-12-29 | Access control method and device, the storage medium, electronic device of file |
| CN201811641170.2A Active CN109829310B (en) | 2018-05-04 | 2018-12-29 | Similar attack defense method, device, system, storage medium and electronic device |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811645506.2A Pending CN109711170A (en) | 2018-05-04 | 2018-12-29 | Protect the method and device of the abnormal operation behavior of PDF |
| CN201811640174.9A Pending CN109871689A (en) | 2018-05-04 | 2018-12-29 | Hold-up interception method and device, storage medium, the electronic device of operation behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (11) | CN109766699B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112311851A (en) * | 2020-09-25 | 2021-02-02 | 新华三大数据技术有限公司 | Network policy configuration method and device |
| CN112765663A (en) * | 2021-01-25 | 2021-05-07 | 北京北信源信息安全技术有限公司 | File access control method, device, equipment, server and storage medium |
| CN113051550A (en) * | 2021-03-30 | 2021-06-29 | 深信服科技股份有限公司 | Terminal equipment, protection method and device thereof and readable storage medium |
| CN113515389A (en) * | 2020-04-09 | 2021-10-19 | 奇安信安全技术(珠海)有限公司 | Calling method, device and system of intermediate interface, storage medium and electronic device |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110347655A (en) * | 2019-06-12 | 2019-10-18 | 江苏富山软件科技有限公司 | A kind of distributed file system access frame |
| CN112395537A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Website tamper-proofing method and device, storage medium and electronic device |
| CN110532764B (en) * | 2019-08-19 | 2022-03-11 | 维沃移动通信有限公司 | Authority processing method, mobile terminal and readable storage medium |
| CN110968872A (en) * | 2019-11-20 | 2020-04-07 | 北京国舜科技股份有限公司 | File vulnerability detection processing method and device, electronic equipment and storage medium |
| CN110908822B (en) * | 2019-11-26 | 2022-02-22 | 珠海格力电器股份有限公司 | Intelligent hardware anti-false-collision method and device, storage medium and electronic equipment |
| CN111049855B (en) * | 2019-12-25 | 2022-02-01 | 北京天融信网络安全技术有限公司 | Label-based policy configuration method and device |
| CN111143225B (en) * | 2019-12-26 | 2024-05-14 | 深圳市元征科技股份有限公司 | Vulnerability processing method of automobile diagnosis software and related products |
| CN111881467B (en) * | 2020-06-12 | 2022-10-28 | 海光信息技术股份有限公司 | Method and device for protecting file by using security processor, CPU and computer equipment |
| WO2022032950A1 (en) * | 2020-08-10 | 2022-02-17 | 华为技术有限公司 | Defense method, defense apparatus and defense system for malicious software |
| CN112149159A (en) * | 2020-08-26 | 2020-12-29 | 网神信息技术(北京)股份有限公司 | Permission setting method and device of terminal, electronic equipment and storage medium |
| CN112769806B (en) * | 2020-12-31 | 2023-06-23 | 北京明朝万达科技股份有限公司 | Method and device for controlling operation behaviors on terminal equipment and electronic equipment |
| CN113032830A (en) * | 2021-03-26 | 2021-06-25 | 北京有竹居网络技术有限公司 | Electronic equipment control method and device and electronic equipment |
| CN113395288B (en) * | 2021-06-24 | 2022-06-24 | 浙江德迅网络安全技术有限公司 | Active defense DDOS system based on SDWAN |
| CN113625968B (en) * | 2021-08-12 | 2024-03-01 | 网易(杭州)网络有限公司 | File authority management method and device, computer equipment and storage medium |
| CN114338139B (en) * | 2021-12-27 | 2023-03-24 | 北京安博通科技股份有限公司 | Method for internet behavior management supporting terminal type control |
| CN115062588A (en) * | 2022-05-11 | 2022-09-16 | 华为技术有限公司 | Method and electronic equipment for converting file format |
| CN115967548B (en) * | 2022-12-04 | 2024-04-09 | 深圳市众志天成科技有限公司 | Safety protection index optimization method based on big data information safety and artificial intelligence system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1702590A (en) * | 2004-12-02 | 2005-11-30 | 联想(北京)有限公司 | Method for establishing trustable operational environment in a computer |
| CN103294950A (en) * | 2012-11-29 | 2013-09-11 | 北京安天电子设备有限公司 | High-power secret information stealing malicious code detection method and system based on backward tracing |
| CN103440460A (en) * | 2013-09-09 | 2013-12-11 | 中国农业银行股份有限公司 | Application system change validation method and system |
| CN103839003A (en) * | 2012-11-22 | 2014-06-04 | 腾讯科技(深圳)有限公司 | Malicious file detection method and device |
| CN104361285A (en) * | 2014-11-20 | 2015-02-18 | 工业和信息化部电信研究院 | Method and device for detecting security of application programs of mobile devices |
| CN106228067A (en) * | 2016-07-15 | 2016-12-14 | 江苏博智软件科技有限公司 | Malicious code dynamic testing method and device |
| CN106295328A (en) * | 2015-05-20 | 2017-01-04 | 阿里巴巴集团控股有限公司 | File test method, Apparatus and system |
| CN106529290A (en) * | 2016-10-11 | 2017-03-22 | 北京金山安全软件有限公司 | Malicious software protection method and device and electronic equipment |
| CN106775903A (en) * | 2017-02-24 | 2017-05-31 | 北京小米移动软件有限公司 | Java.policy update method and device |
| CN104318160B (en) * | 2014-10-29 | 2017-12-26 | 北京奇虎科技有限公司 | The method and apparatus of killing rogue program |
Family Cites Families (68)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9307397B2 (en) * | 2005-04-29 | 2016-04-05 | Jasper Technologies, Inc. | Method for enabling a wireless device with customer-specific services |
| CN100465983C (en) * | 2006-09-15 | 2009-03-04 | 毛德操 | Method for controlling file access in operation system according to user's action history |
| US7954158B2 (en) * | 2006-12-19 | 2011-05-31 | International Business Machines Corporation | Characterizing computer attackers |
| CN101217396B (en) * | 2007-12-29 | 2010-08-11 | 华中科技大学 | An Ad hoc network invasion detecting method and system based on trust model |
| US20100005514A1 (en) * | 2008-07-01 | 2010-01-07 | Chengdu Huawei Symantec Technologies Co., Ltd. | Method, system and server for file rights control |
| CN101667230B (en) * | 2008-09-02 | 2013-10-23 | 北京瑞星信息技术有限公司 | Method and device for monitoring script execution |
| CN101697212A (en) * | 2009-10-15 | 2010-04-21 | 金蝶软件(中国)有限公司 | ERP system and method and device for controlling user permissions thereof |
| CN101827096B (en) * | 2010-04-09 | 2012-09-05 | 潘燕辉 | Cloud computing-based multi-user collaborative safety protection system and method |
| CN101834875B (en) * | 2010-05-27 | 2012-08-22 | 华为技术有限公司 | Method, device and system for defending DDoS (Distributed Denial of Service) attacks |
| US20120297461A1 (en) * | 2010-12-02 | 2012-11-22 | Stephen Pineau | System and method for reducing cyber crime in industrial control systems |
| US20120159567A1 (en) * | 2010-12-21 | 2012-06-21 | Enterproid Hk Ltd | Contextual role awareness |
| CN102622536B (en) * | 2011-01-26 | 2014-09-03 | 中国科学院软件研究所 | Method for catching malicious codes |
| US9275345B1 (en) * | 2011-02-11 | 2016-03-01 | Allure Security Technology, Inc. | System level user behavior biometrics using feature extraction and modeling |
| US20140032733A1 (en) * | 2011-10-11 | 2014-01-30 | Citrix Systems, Inc. | Policy-Based Application Management |
| US9143530B2 (en) * | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Secure container for protecting enterprise data on a mobile device |
| CN102567675B (en) * | 2012-02-15 | 2015-09-30 | 合一网络技术(北京)有限公司 | Method for managing user right under a kind of operation system and system |
| CN103313343B (en) * | 2012-03-13 | 2018-12-18 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus for realizing user access control |
| WO2014062804A1 (en) * | 2012-10-16 | 2014-04-24 | Citrix Systems, Inc. | Application wrapping for application management framework |
| CN103020529B (en) * | 2012-10-31 | 2015-12-09 | 中国航天科工集团第二研究院七○六所 | A kind of software vulnerability analytical approach based on model of place |
| CN103020512B (en) * | 2012-11-26 | 2015-03-04 | 清华大学 | Realization method and control system for safe control flow of system |
| CN102945356B (en) * | 2012-12-12 | 2015-11-18 | 上海交通大学 | The access control method of search engine under cloud environment and system |
| US9245128B2 (en) * | 2013-03-06 | 2016-01-26 | Microsoft Technology Licensing, Llc | Limiting enterprise applications and settings on devices |
| CN103198253B (en) * | 2013-03-29 | 2016-03-30 | 北京奇虎科技有限公司 | The method and system of operating file |
| CN103440140A (en) * | 2013-09-11 | 2013-12-11 | 昆山富泰科电脑有限公司 | System for classifying applications of intelligent device and setting use permission |
| CN103559446B (en) * | 2013-11-13 | 2017-02-08 | 厦门市美亚柏科信息股份有限公司 | Dynamic virus detection method and device for equipment based on Android system |
| CN103617379B (en) * | 2013-11-29 | 2016-08-17 | 乐视云计算有限公司 | A kind of method for broadcasting multimedia file and player |
| IL229907A (en) * | 2013-12-10 | 2015-02-26 | David Almer | Mobile device with improved security |
| CN103646215A (en) * | 2013-12-23 | 2014-03-19 | 北京奇虎科技有限公司 | Application installation control method, related system and related device |
| WO2015100545A1 (en) * | 2013-12-30 | 2015-07-09 | 华为终端有限公司 | Method and device for rights management |
| US9519758B2 (en) * | 2014-02-04 | 2016-12-13 | Pegasus Media Security, Llc | System and process for monitoring malicious access of protected content |
| CN105224868B (en) * | 2014-06-03 | 2019-07-23 | 腾讯科技(深圳)有限公司 | The detection method and device of system vulnerability attack |
| CN104239801B (en) * | 2014-09-28 | 2017-10-24 | 北京奇虎科技有限公司 | The recognition methods of 0day leaks and device |
| CN104239764B (en) * | 2014-10-15 | 2017-07-07 | 北京奇虎科技有限公司 | The management-control method and device of terminal device and its systemic-function |
| CN104462985A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Detecting method and device of bat loopholes |
| CN104468563A (en) * | 2014-12-03 | 2015-03-25 | 北京奇虎科技有限公司 | Website bug protection method, device and system |
| CN104573515A (en) * | 2014-12-19 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | Virus processing method, device and system |
| CN104506630B (en) * | 2014-12-25 | 2019-04-16 | 深圳市华宝电子科技有限公司 | Permissions data generation method, server and system based on user role |
| CN104468632A (en) * | 2014-12-31 | 2015-03-25 | 北京奇虎科技有限公司 | Loophole attack prevention method, device and system |
| CN104680084B (en) * | 2015-03-20 | 2017-12-12 | 北京瑞星信息技术股份有限公司 | The method and system of privacy of user is protected in computer |
| CN106295344A (en) * | 2015-05-15 | 2017-01-04 | 中兴通讯股份有限公司 | A kind of method and apparatus ensureing terminal security |
| CN104899511B (en) * | 2015-05-21 | 2018-01-19 | 成都中科慧创科技有限公司 | A kind of active defense method based on program behavior algorithm |
| CN106529230A (en) * | 2015-09-11 | 2017-03-22 | 上海中和软件有限公司 | Role-based permission control mechanism |
| US9740877B2 (en) * | 2015-09-22 | 2017-08-22 | Google Inc. | Systems and methods for data loss prevention while preserving privacy |
| CN106650438A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Method and device for detecting baleful programs |
| CN105323384A (en) * | 2015-11-25 | 2016-02-10 | 上海斐讯数据通信技术有限公司 | Method for switching multi-scenario mode and mobile terminal |
| US10958435B2 (en) * | 2015-12-21 | 2021-03-23 | Electro Industries/ Gauge Tech | Providing security in an intelligent electronic device |
| CN107103245B (en) * | 2016-02-23 | 2022-08-02 | 中兴通讯股份有限公司 | File authority management method and device |
| CN107229860A (en) * | 2016-03-24 | 2017-10-03 | 中国电子科技集团公司电子科学研究院 | The method and system of safety management desktop application in environment is concentrated |
| CN106055986A (en) * | 2016-05-06 | 2016-10-26 | 北京优炫软件股份有限公司 | Method and device for permission control |
| CN107451159A (en) * | 2016-05-31 | 2017-12-08 | ***通信集团广东有限公司 | A kind of data bank access method and device |
| CN107508783A (en) * | 2016-06-14 | 2017-12-22 | 阿里巴巴集团控股有限公司 | A kind for the treatment of method and apparatus of data |
| CN106169047A (en) * | 2016-07-11 | 2016-11-30 | 北京金山安全软件有限公司 | Method and device for opening monitoring camera and electronic equipment |
| CN107872433A (en) * | 2016-09-27 | 2018-04-03 | 腾讯科技(深圳)有限公司 | A kind of auth method and its equipment |
| CN106384051A (en) * | 2016-09-29 | 2017-02-08 | 汉兴德创(武汉)科技有限公司 | Cloud computing-based multi-user cooperative security protection system |
| CN106548048A (en) * | 2016-10-28 | 2017-03-29 | 北京优炫软件股份有限公司 | A kind of method for Process flowchart, device and system |
| CN108062479A (en) * | 2016-11-08 | 2018-05-22 | 杭州施强教育科技有限公司 | A kind of enterprise management system user right collocation method |
| CN106874761A (en) * | 2016-12-30 | 2017-06-20 | 北京邮电大学 | A kind of Android system malicious application detection method and system |
| CN107016283B (en) * | 2017-02-15 | 2019-09-10 | 中国科学院信息工程研究所 | Android privilege-escalation attack safety defense method and device based on integrity verification |
| CN107066889A (en) * | 2017-04-25 | 2017-08-18 | 北京洋浦伟业科技发展有限公司 | A kind of data access control method and system based on geographical location information |
| CN107169359A (en) * | 2017-06-06 | 2017-09-15 | 北京奇虎科技有限公司 | Utilize the document means of defence and device, electronic equipment for triggering file realization |
| CN107391977B (en) * | 2017-07-04 | 2020-11-24 | 创新先进技术有限公司 | Permission control and automatic switching method, device and equipment |
| CN107480551B (en) * | 2017-07-06 | 2020-11-20 | 网易(杭州)网络有限公司 | File management method and device |
| CN107392016A (en) * | 2017-07-07 | 2017-11-24 | 四川大学 | A kind of web data storehouse attack detecting system based on agency |
| CN107508801B (en) * | 2017-08-04 | 2020-09-08 | 安徽智圣通信技术股份有限公司 | Method and device for preventing file from being tampered |
| CN107657169B (en) * | 2017-10-10 | 2020-02-21 | 泰康保险集团股份有限公司 | Authority management method, device, medium and electronic equipment |
| CN107832590A (en) * | 2017-11-06 | 2018-03-23 | 珠海市魅族科技有限公司 | Terminal control method and device, terminal and computer-readable recording medium |
| CN107896210A (en) * | 2017-11-14 | 2018-04-10 | 北京知道创宇信息技术有限公司 | Safety protecting method, device, server and storage medium |
| CN109063436A (en) * | 2018-07-30 | 2018-12-21 | 中国石油化工股份有限公司 | Support the enterprise-level authority managing and controlling and methods for using them more applied |
-
2018
- 2018-12-29 CN CN201811645703.4A patent/CN109766699B/en active Active
- 2018-12-29 CN CN201811640165.XA patent/CN109766696B/en active Active
- 2018-12-29 CN CN201811641292.1A patent/CN110443041B/en active Active
- 2018-12-29 CN CN201811645563.0A patent/CN109711171B/en active Active
- 2018-12-29 CN CN201811640656.4A patent/CN109829308B/en active Active
- 2018-12-29 CN CN201811640220.5A patent/CN109871690A/en active Pending
- 2018-12-29 CN CN201811645720.8A patent/CN109766700A/en active Pending
- 2018-12-29 CN CN201811641170.2A patent/CN109829310B/en active Active
- 2018-12-29 CN CN201811645250.5A patent/CN109711169A/en active Pending
- 2018-12-29 CN CN201811645506.2A patent/CN109711170A/en active Pending
- 2018-12-29 CN CN201811640174.9A patent/CN109871689A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1702590A (en) * | 2004-12-02 | 2005-11-30 | 联想(北京)有限公司 | Method for establishing trustable operational environment in a computer |
| CN103839003A (en) * | 2012-11-22 | 2014-06-04 | 腾讯科技(深圳)有限公司 | Malicious file detection method and device |
| CN103294950A (en) * | 2012-11-29 | 2013-09-11 | 北京安天电子设备有限公司 | High-power secret information stealing malicious code detection method and system based on backward tracing |
| CN103440460A (en) * | 2013-09-09 | 2013-12-11 | 中国农业银行股份有限公司 | Application system change validation method and system |
| CN104318160B (en) * | 2014-10-29 | 2017-12-26 | 北京奇虎科技有限公司 | The method and apparatus of killing rogue program |
| CN104361285A (en) * | 2014-11-20 | 2015-02-18 | 工业和信息化部电信研究院 | Method and device for detecting security of application programs of mobile devices |
| CN106295328A (en) * | 2015-05-20 | 2017-01-04 | 阿里巴巴集团控股有限公司 | File test method, Apparatus and system |
| CN106228067A (en) * | 2016-07-15 | 2016-12-14 | 江苏博智软件科技有限公司 | Malicious code dynamic testing method and device |
| CN106529290A (en) * | 2016-10-11 | 2017-03-22 | 北京金山安全软件有限公司 | Malicious software protection method and device and electronic equipment |
| CN106775903A (en) * | 2017-02-24 | 2017-05-31 | 北京小米移动软件有限公司 | Java.policy update method and device |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113515389A (en) * | 2020-04-09 | 2021-10-19 | 奇安信安全技术(珠海)有限公司 | Calling method, device and system of intermediate interface, storage medium and electronic device |
| CN113515389B (en) * | 2020-04-09 | 2024-03-01 | 奇安信安全技术(珠海)有限公司 | Method and device for calling intermediate interface, system, storage medium and electronic device |
| CN112311851A (en) * | 2020-09-25 | 2021-02-02 | 新华三大数据技术有限公司 | Network policy configuration method and device |
| CN112311851B (en) * | 2020-09-25 | 2022-04-01 | 新华三大数据技术有限公司 | Network policy configuration method and device |
| CN112765663A (en) * | 2021-01-25 | 2021-05-07 | 北京北信源信息安全技术有限公司 | File access control method, device, equipment, server and storage medium |
| CN112765663B (en) * | 2021-01-25 | 2024-04-26 | 北京北信源信息安全技术有限公司 | File access control method, device, equipment, server and storage medium |
| CN113051550A (en) * | 2021-03-30 | 2021-06-29 | 深信服科技股份有限公司 | Terminal equipment, protection method and device thereof and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109766699B (en) | 2022-02-15 |
| CN109871690A (en) | 2019-06-11 |
| CN109766700A (en) | 2019-05-17 |
| CN110443041B (en) | 2022-09-30 |
| CN109871689A (en) | 2019-06-11 |
| CN109711171A (en) | 2019-05-03 |
| CN109766696A (en) | 2019-05-17 |
| CN109829308B (en) | 2022-02-15 |
| CN109829308A (en) | 2019-05-31 |
| CN109766699A (en) | 2019-05-17 |
| CN109711170A (en) | 2019-05-03 |
| CN109829310B (en) | 2021-04-27 |
| CN109766696B (en) | 2021-01-15 |
| CN109711171B (en) | 2021-07-20 |
| CN110443041A (en) | 2019-11-12 |
| CN109829310A (en) | 2019-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109711169A (en) | Means of defence and device, system, storage medium, the electronic device of system file | |
| US9130983B2 (en) | Apparatus and method for detecting abnormality sign in control system | |
| CN104052734B (en) | It the attack detecting that is identified using global device-fingerprint and prevents | |
| EP3138263B1 (en) | Method and system for providing reference architecture pattern-based permissions management | |
| US10354070B2 (en) | Thread level access control to socket descriptors and end-to-end thread level policies for thread protection | |
| US20160197951A1 (en) | Method and system for virtual asset assisted extrusion and intrusion detection and threat scoring in a cloud computing environment | |
| US20160366186A1 (en) | Data socket descriptor based policies for application and data behavior and security | |
| CN104683333A (en) | Method for implementing abnormal traffic interception based on SDN | |
| CN106302223A (en) | A kind of method and apparatus of aggregation group flow shunt | |
| US20150188933A1 (en) | Dynamic selection of network traffic for file extraction and shellcode detection | |
| US11399034B2 (en) | System and method for detecting and preventing network intrusion of malicious data flows | |
| CN104901971A (en) | Method and device for carrying out safety analysis on network behaviors | |
| CN106326736A (en) | Data processing method and system | |
| CN112134893A (en) | Internet of things safety protection method and device, electronic equipment and storage medium | |
| UA120517C2 (en) | Device and method for controlling a communication network | |
| Lin et al. | Inferring openflow rules by active probing in software-defined networks | |
| CN104506548A (en) | Data packet redirecting device as well as safety protection method and system for virtual machine | |
| CN103024056B (en) | Data processing method, load equalizer and cloud system | |
| CN109800571A (en) | Event-handling method and device and storage medium and electronic device | |
| CN108197468A (en) | A kind of Intranet attack intelligent protection system of mobile memory medium | |
| CN107846351A (en) | A kind of chat messages sensitive information encryption method and device | |
| CN105868632B (en) | Method and device for intercepting and releasing DHCP (dynamic host configuration protocol) | |
| CN109284608A (en) | Extort recognition methods, device and equipment, the security processing of software | |
| CN109218315B (en) | Safety management method and safety management device | |
| CN104717188A (en) | Asset object security protection system and method in industrial control firewall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province Applicant after: Qianxin Safety Technology (Zhuhai) Co.,Ltd. Applicant after: QAX Technology Group Inc. Address before: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province Applicant before: 360 ENTERPRISE SECURITY TECHNOLOGY (ZHUHAI) Co.,Ltd. Applicant before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190503 |
|
| RJ01 | Rejection of invention patent application after publication |