CN113268765B - Credential detection method, system, electronic device and storage medium - Google Patents

Credential detection method, system, electronic device and storage medium Download PDF

Info

Publication number
CN113268765B
CN113268765B CN202110486208.9A CN202110486208A CN113268765B CN 113268765 B CN113268765 B CN 113268765B CN 202110486208 A CN202110486208 A CN 202110486208A CN 113268765 B CN113268765 B CN 113268765B
Authority
CN
China
Prior art keywords
detection
credential
file
document
target file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110486208.9A
Other languages
Chinese (zh)
Other versions
CN113268765A (en
Inventor
郑云超
范渊
黄进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202110486208.9A priority Critical patent/CN113268765B/en
Publication of CN113268765A publication Critical patent/CN113268765A/en
Application granted granted Critical
Publication of CN113268765B publication Critical patent/CN113268765B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Human Computer Interaction (AREA)
  • Library & Information Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a credential detection method, a system, an electronic device and a storage medium, wherein the credential detection method comprises the following steps: inquiring whether a historical detection record of a target file exists in the system; executing a preset document inner credential detection task under the condition that the history detection record of the target document does not exist in the system; under the condition that a historical detection record of a target file exists in the system, whether the current modification time of the target file is consistent with the modification time of the target file recorded in the historical detection record of the target file or not and whether an intra-file evidence detection rule of a current intra-file evidence detection task is consistent with an intra-file evidence detection rule recorded in the historical detection record of the target file or not are judged, if yes, the detection of the target file is finished, and if not, the intra-file evidence detection task is executed. By the method and the device, the problem that a method for detecting the document interior credential is lacked in the related technology is solved, and the document interior credential can be quickly detected.

Description

Credential detection method, system, electronic device and storage medium
Technical Field
The present application relates to the field of information security, and in particular, to a credential detection method, system, electronic device, and storage medium.
Background
Many service systems store some access credentials in files, even in the clear, including a login account password of the system or service, a key code for accessing a specific service, a key for encrypting and decrypting data, and the like. These files may be files created by a user to store their own credentials, shared credentials of a group of users, a configuration file containing a system or service password, or source code containing an embedded password. The document in the file may be scanned out and used maliciously by an attacker who can easily access the relevant system or service through the legal document, which is extremely harmful.
There is no method and system for detecting credentials in documents in the prior art for a while.
Aiming at the problem that a method for detecting the document inside in the related art is lacked, no effective solution is provided at present.
Disclosure of Invention
In the embodiment, a credential detection method, a credential detection system, an electronic device and a storage medium are provided to solve the problem of the lack of a method for detecting a credential in a document in the related art.
In a first aspect, there is provided in this embodiment a credential detection method for detecting a credential within a document in a system, the method comprising:
inquiring whether a historical detection record of a target file exists in the system;
executing a preset document inner document detection task under the condition that the history detection record of the target document does not exist in the system, and creating the history detection record of the target document; the historical detection record comprises the modification time of the target file and a file internal evidence detection rule;
under the condition that the history detection record of the target file exists in the system, judging whether the current modification time of the target file is consistent with the modification time of the target file recorded in the history detection record of the target file, judging whether the document-in-file evidence detection rule of the current document-in-file evidence detection task is consistent with the document-in-file evidence detection rule recorded in the history detection record of the target file, if so, finishing the detection of the target file, if not, executing the document-in-file evidence detection task, and updating the history detection record of the target file.
In some of these embodiments, the document credential detection task comprises: searching whether preset credential keywords exist in the target file, if so, extracting credential contents in the target file according to a preset matching rule;
the document in-file certificate detection rule comprises a preset certificate keyword and a preset matching rule.
In some of these embodiments, prior to querying the system for the presence of the historical record of detection of the target file, the method further comprises: and judging whether the suffix name of the target file is matched with a preset suffix name rule or not, and if not, finishing the detection of the target file.
In some of these embodiments, prior to querying the system for the presence of the historical record of detection of the target file, the method further comprises: and judging whether the size of the target file is within a preset file size range, and if not, finishing the detection of the target file.
In some of these embodiments, there is provided a credential detection method for use with a system comprising a plurality of files, the method comprising:
detecting the file in the system by using the credential detection method of any one of the above;
and after the detection of all the files in the system is finished, reporting the credential detection result to the user.
In some of these embodiments, the credential detection result comprises:
detecting a file path of a file of the credential content, the detected credential keyword and the credential content corresponding to the credential keyword.
In some embodiments, the detecting a file in the system using the credential detection method of any of the above includes:
and detecting the files in the system by using any one of the credential detection methods according to a preset detection period.
In a second aspect, a credential detection system is provided in this embodiment, the credential detection system comprising a detection configuration module, a credential detection module, and a detection history module;
the credential detection module is configured to perform in-document credential detection on a file in a system, the in-document credential detection comprising: inquiring whether a historical detection record of a target file exists in the system; executing a preset document inner document detection task under the condition that the history detection record of the target document does not exist in the system, and creating the history detection record of the target document; the historical detection record comprises the modification time of the target file and a file inner credential detection rule; the document credential detection task comprises: searching whether preset credential keywords exist in the target file, if so, extracting credential content in the target file according to a preset matching rule; the document in-file certificate detection rules comprise preset certificate keywords and preset matching rules; under the condition that the history detection record of the target file exists in the system, judging whether the current modification time of the target file is consistent with the modification time of the target file recorded in the history detection record of the target file, judging whether the document-in-file credential detection rule of the current document-in-file credential detection task is consistent with the document-in-file credential detection rule recorded in the history detection record of the target file, if so, finishing the detection of the target file, if not, executing the document-in-file credential detection task, and updating the history detection record of the target file;
the detection configuration module is used for configuring the credential key words and the matching rules;
the detection history module is used for storing the history detection records of the files in the system.
In a third aspect, in this embodiment, an electronic device is provided, which includes a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the credential detection method according to the first aspect.
In a fourth aspect, in this embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the credential detection method of the first aspect.
Compared with the related art, the credential detection method, the credential detection system, the electronic device and the storage medium provided by the application solve the problem that the related art lacks a method for detecting the credential in the file by detecting the credential in the system.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram of a hardware structure of a terminal of a credential detection method according to an embodiment of the present application;
FIG. 2 is a flow diagram of a credential detection method provided by one embodiment;
FIG. 3 is a flow diagram of a credential detection method provided by one embodiment;
fig. 4 is a block diagram illustrating a credential detection system according to an embodiment of the present invention.
Detailed Description
For a clearer understanding of the objects, technical solutions and advantages of the present application, reference is made to the following description and accompanying drawings.
Unless defined otherwise, technical or scientific terms used herein shall have the same general meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of this application do not denote a limitation of quantity, either in the singular or the plural. The terms "comprises," "comprising," "has," "having," and any variations thereof, as referred to in this application, are intended to cover non-exclusive inclusions; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or modules, but may include other steps or modules (elements) not listed or inherent to such process, method, article, or apparatus. Reference throughout this application to "connected," "coupled," and the like is not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. In general, the character "/" indicates a relationship in which the objects associated before and after are an "or". The terms "first," "second," "third," and the like in this application are used for distinguishing between similar items and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the present embodiment may be executed in a terminal, a computer, or a similar computing device. For example, the present invention is executed on a terminal, and fig. 1 is a block diagram of a hardware structure of the terminal according to the credential detection method of the present embodiment. As shown in fig. 1, the terminal may include one or more processors 102 (only one shown in fig. 1) and a memory 104 for storing data, wherein the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA. The terminal may also include an input-output device 108. It will be understood by those of ordinary skill in the art that the structure shown in fig. 1 is merely an illustration and is not intended to limit the structure of the terminal described above. For example, the terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program and a module of application software, such as a computer program corresponding to the credential detection method in the present embodiment, and the processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, so as to implement the above-mentioned method. The memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input/output devices 108 may include a display, a mouse, a keyboard light device, and a touch screen, and are used for user interaction with the terminal, for example, the credential detection rule in the user profile and the terminal displays the credential detection result to the user.
In this embodiment, a credential detection method is provided for detecting a credential in a file in a system, fig. 2 is a flowchart of the credential detection method of this embodiment, as shown in fig. 2, the flowchart includes:
s201, inquiring whether a history detection record of a target file exists in a system;
in the case where the history of the target file does not exist in the system, step S202, and step S205 are executed.
S202, creating a history detection record of the target file.
Specifically, the history detection record comprises the modification time of the target file, if the history detection record of the target file does not exist, the target file is not detected before, the in-file credential detection task is executed on the target, and the history detection record of the target file is created for later inquiry.
In the case where there is a history of detection of the target file in the system, step S203 is executed.
S203, judging whether the current modification time of the target file is consistent with the modification time recorded in the historical detection record, and whether the document-in-file credential detection rule of the current document-in-file credential detection task is consistent with the document-in-file credential detection rule recorded in the historical detection record.
And if the current modification time of the target file is consistent with the modification time recorded in the historical detection record, and the in-file credential detection rule of the current in-file credential detection task is consistent with the in-file credential detection rule recorded in the historical detection record, ending the detection of the target file. If any inconsistency exists, for example, the current modification time of the target document is inconsistent with the modification time recorded in the history record, and/or the document-to-document credential detection rule of the current document-to-document credential detection task is inconsistent with the document-to-document credential detection rule recorded in the history record, step S204 and step S205 are executed.
And S204, updating the history detection record of the target file. Specifically, the updating of the detection record is to replace the document-in-file credential detection rule and the modification time of the document recorded in the history detection record with the current document-in-file credential detection rule and the modification time of the document.
S205, executing a preset document-in-file credential detection task.
In the credential detection method provided in this embodiment, before executing the in-document credential detection task, it is first queried whether there is a historical detection record of the target document in the system, and if the current modification time of the target document is consistent with the modification time recorded in the historical detection record, and the in-document credential detection rule of the in-document credential detection task in the current document is consistent with the in-document credential detection rule recorded in the historical detection record, it is determined that the target document has not been modified or changed after the historical detection, and the in-document credential detection rule of this detection and the historical detection has not changed, so that the detection is not performed again in this case, and the detection speed of the in-document in the system can be increased.
As an implementation manner, the preset document credential detection task includes: searching whether preset credential keywords exist in the target file, if so, extracting credential content in the target file according to a preset matching rule; the document in-file certificate detection rule comprises a preset certificate keyword and a preset matching rule.
Specifically, the credential keywords are keywords for identifying the credential, such as: password, pass, pwd, login, secure, key, credit, etc. are commonly used to name credentials.
The matching rule between the credential keyword and the credential content may be a regular match, e.g., (pass: | _ key: +), getting the content from pass: or key: until the next space. (pass: | _ key:) is the first matching content, represents the certificate keyword, and after the matching is successful, the second matching content (a \ s +) is obtained, namely the blank, and then pass or key can be obtained.
The history detection record can also comprise a file path of the file, and the file can be inquired according to the file path when the history detection record of the file is inquired.
The credential detection method provided in this embodiment searches for a keyword and matches the credential content for a file, and skips over a file that has been detected according to the credential detection rule in the same file and has not been modified so far, so that credentials in files in the system can be quickly detected, credential files in the system can be scanned, and credential information in various different credential files can be extracted.
In some embodiments, a credential detection method is provided, which, based on the above embodiments, further includes, before querying whether there is a history detection record of a target file in a system, the following steps:
s301, judging whether the suffix name of the target file is matched with a preset suffix name rule or not. If not, the detection of the target file is ended, and if so, the step S201 is executed.
The configuration files which are possible to store the credentials are screened out according to the suffix names of the files, and detection is carried out aiming at specific file types, so that the detection speed of the credentials files in the system can be further accelerated.
The document detection method provided by the embodiment screens out documents which are possible to store the document according to the suffix name of the document, thereby further accelerating the detection speed of the document in the system.
In some embodiments, a credential detection method is provided, which, based on the above embodiments, before querying whether there is a history detection record of a target file in a system, further includes:
s401, judging whether the size of the target file is within a preset file size range, and if not, finishing the detection of the target file. If yes, go to step S201.
The configuration files which are possible to store the credentials are screened out according to the file sizes of the files, and the detection is carried out on the files with specific sizes, so that the detection speed of the credentials in the system can be further accelerated.
The document detection method provided by the embodiment screens out documents which may store the document according to the document size of the document, thereby further accelerating the detection speed of the document in the system.
In some embodiments, a credential detection method is provided, which, based on the above embodiments, before querying whether there is a history detection record of a target file in a system, further includes:
s501, judging whether the size of the target file is within a preset file size range or not and whether the size of the target file is within the preset file size range or not, and if not, finishing the detection of the target file. If yes, go to step S201.
The configuration files which are possible to store the credentials are screened out according to the file sizes and the suffix names of the files, so that the detection speed of the credentials files in the system can be further accelerated. The judgment of whether the size of the target file is within the preset file size range and the judgment of whether the size of the target file is within the preset file size range can be carried out simultaneously or successively, and the front sequence and the back sequence are not limited.
The document detection method provided by the embodiment screens out documents which are possible to store documents according to the suffix name and the document size of the documents, thereby further accelerating the detection speed of the document documents in the system.
In some embodiments, a credential detection method is provided, and fig. 3 is a flowchart of the credential detection method adopted in this embodiment, as shown in fig. 3, the credential detection method includes the following steps:
step S601, determining whether the suffix name of the target file matches a preset suffix name rule. If not, the detection is ended, and if yes, step S602 is executed.
S602, judging whether the size of the target file is in a preset file size range. If not, the detection is ended, and if yes, step S603 is executed.
S603, inquiring whether the system has a history detection record of the target file. If not, step S613 is executed, and if yes, step S604 is executed.
S613, creating a history detection record of the target file.
S604, judging whether the current modification time of the target file is consistent with the modification time of the target file recorded in the historical detection record of the target file, and whether the document inner certificate detection rule of the document inner certificate detection task in the current file is consistent with the document inner certificate detection rule recorded in the historical detection record of the target file. If so, the detection is terminated, and if not, steps S605 and S606 are performed.
S605, the history detection record of the target file is updated.
S606, executing document inner certificate detection task.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here. For example, step S605, updating the history detection record of the target document, and step S606, performing the document-inside credential detection task may be interchanged.
In the credential detection method provided by this embodiment, a configuration file that may store a credential is screened out according to a suffix name of the file and a file size, and then credential information is extracted according to a credential keyword and a matching rule between the credential keyword and the credential content, and for a file whose modification time is not changed, an intra-file credential detection task of the credential detection rule in the same file can be skipped, so that the detection speed of the credential file in the system can be increased, and finally, the credential information is uniformly reported to the central system for the user to confirm, so that the user can make system protection.
In this embodiment, a credential detection method is provided, which is applied to a system including a plurality of files, and the method includes:
s701, setting a detection period;
s702, according to the detection period, detecting the file in the system by using the credential detection method in any of the above embodiments.
And after the detection of all the files in the system is finished, reporting the credential detection result to the user.
Specifically, the credential detection result may include: and detecting a file path of a file of the credential content, the detected credential keyword and the credential content corresponding to the credential keyword.
In the credential detection method provided by this embodiment, the detection period is set, the document in the system is periodically detected, the detected credential file and the credential information are reported to the user, and whether the credential file exists in the system is detected, so that the user can perform system protection conveniently.
The present embodiment is described and illustrated below by means of preferred embodiments.
In the preferred embodiment, there is provided a credential detection method applied to a system including a plurality of files, the method including:
s801, setting a detection period;
s802, according to the detection period, using the credential detection method provided in any of the above embodiments (as shown in fig. 3), detecting the file in the system.
And S803, after the detection of all the files in the system is finished, reporting and displaying the credential detection result to the user.
In this embodiment, a credential detection system is further provided, and the system is used to implement the foregoing embodiments and preferred embodiments, which have already been described and are not described again. The terms "module," "unit," "subunit," and the like as used below may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 4 is a block diagram of the credential detection system of this embodiment, and as shown in fig. 4, the system includes: including a detection configuration module 10, a credential detection module 20, and a detection history module 30;
wherein, the credential detection module 20 is configured to perform document-in-document credential detection on a document in the system, the document-in-document credential detection includes: inquiring whether a historical detection record of a target file exists in the system; under the condition that the historical detection record of the target file does not exist in the system, executing a preset document-in-file credential detection task and creating the historical detection record of the target file; the historical detection record comprises the modification time of the target file and a document detection rule in the file; under the condition that a historical detection record of a target file exists in the system, judging whether the current modification time of the target file is consistent with the modification time of the target file recorded in the historical detection record of the target file, and whether an intra-file evidence detection rule of a current intra-file evidence detection task is consistent with an intra-file evidence detection rule recorded in the historical detection record of the target file, if so, finishing the detection of the target file, otherwise, executing the intra-file evidence detection task, and updating the historical detection record of the target file;
the detection configuration module 10 is used for configuring the credential keywords and the matching rules, and the credential detection module 20 detects the credentials in the document according to the configured credential keywords and the matching rules; optionally, the detection configuration module 10 may also be configured to configure a detection period, and the credential detection module 20 performs credential detection on the files in the system according to the configured detection period.
The detection history module 30 is used for storing the history detection records of the files in the system. Specifically, the storage is persistent storage (e.g., database storage and file storage) to be provided to the credential detection module 20 for subsequent querying.
Optionally, the credential detection system may further include a document credential display module, configured to receive a result detected by the detection configuration module 10, and display the detected credential information to the user.
Alternatively, the credential detection system may be divided into two units: the system comprises a protection center and a protection terminal, wherein the protection center comprises the detection configuration module 10 and the document credential display module, the protection terminal comprises the credential detection module 20, the detection history module 30 and a detection result reporting module, the credential detection module 20 combines detection results including a document path of a document with detected credential content, detected credential keywords and credential content corresponding to the credential keywords and sends the combination results to the detection result reporting module, and the detection result reporting module is used for sending the detection results to the protection center.
It should be noted that the above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
The document detection system provided by this embodiment can quickly detect documents in the document in the system and scan out document files in the system by performing keyword search and document content matching on the documents and skipping the previously detected documents with unchanged modification time, so that a user can make system protection conveniently.
There is also provided in this embodiment an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
It should be noted that, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementations, and details are not described again in this embodiment.
In addition, in combination with the credential detection method provided in the foregoing embodiment, a storage medium may also be provided in this embodiment. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements any one of the credential detection methods in the above embodiments.
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be derived by a person skilled in the art from the examples provided herein without any inventive step, shall fall within the scope of protection of the present application.
It is obvious that the drawings are only examples or embodiments of the present application, and it is obvious to those skilled in the art that the present application can be applied to other similar cases according to the drawings without creative efforts. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
The term "embodiment" is used herein to mean that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly or implicitly understood by one of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.
The above-mentioned embodiments only express several implementation modes of the present application, and the description thereof is specific and detailed, but not construed as limiting the scope of the patent protection. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application should be subject to the appended claims.

Claims (9)

1. A credential detection method for detecting a credential within a file in a system, the method comprising:
inquiring whether a historical detection record of a target file exists in the system;
executing a preset document inner document detection task under the condition that the history detection record of the target document does not exist in the system, and creating the history detection record of the target document; the historical detection record comprises the modification time of the target file and a file internal evidence detection rule;
under the condition that the history detection record of the target file exists in the system, judging whether the current modification time of the target file is consistent with the modification time of the target file recorded in the history detection record of the target file, judging whether the document-in-file credential detection rule of the current document-in-file credential detection task is consistent with the document-in-file credential detection rule recorded in the history detection record of the target file, if so, finishing the detection of the target file, if not, executing the document-in-file credential detection task, and updating the history detection record of the target file;
the document credential detection task comprises: searching whether preset credential keywords exist in the target file, if so, extracting credential contents in the target file according to a preset matching rule;
the document in-file certificate detection rule comprises a preset certificate keyword and a preset matching rule.
2. The credential detection method of claim 1, wherein prior to querying whether the historical detection record for the target file exists in the system, the method further comprises: and judging whether the suffix name of the target file is matched with a preset suffix name rule or not, and if not, finishing the detection of the target file.
3. The credential detection method according to claim 1 or 2, wherein prior to querying whether the historical detection record of the target file exists in the system, the method further comprises: and judging whether the size of the target file is within a preset file size range, and if not, finishing the detection of the target file.
4. A credential detection method for use in a system comprising a plurality of files, the method comprising:
detecting a document in said system using the credential detection method of any one of claims 1 to 3;
and after the detection of all the files in the system is finished, reporting the credential detection result to the user.
5. The credential detection method of claim 4, wherein the credential detection result comprises:
detecting a file path of a file of the credential content, the detected credential keyword and the credential content corresponding to the credential keyword.
6. The credential detection method of claim 4, wherein detecting the file in the system comprises:
and detecting the files in the system according to a preset detection period.
7. A kind of evidence detection system, characterized by, including detecting the configuration module, evidence detection module and detecting the historical module;
the credential detection module is configured to perform in-document credential detection on a file in a system, the in-document credential detection comprising: inquiring whether a historical detection record of a target file exists in the system; executing a preset document inner document detection task under the condition that the history detection record of the target document does not exist in the system, and creating the history detection record of the target document; the historical detection record comprises the modification time of the target file and a file internal evidence detection rule; the document credential detection task comprises: searching whether preset credential keywords exist in the target file, if so, extracting credential contents in the target file according to a preset matching rule; the document in-file certificate detection rules comprise preset certificate keywords and preset matching rules; under the condition that the history detection record of the target file exists in the system, judging whether the current modification time of the target file is consistent with the modification time of the target file recorded in the history detection record of the target file, judging whether the document-in-file credential detection rule of the current document-in-file credential detection task is consistent with the document-in-file credential detection rule recorded in the history detection record of the target file, if so, finishing the detection of the target file, if not, executing the document-in-file credential detection task, and updating the history detection record of the target file;
the detection configuration module is used for configuring the credential keywords and the matching rules;
the detection history module is used for storing the history detection records of the files in the system.
8. An electronic device comprising a memory and a processor, wherein the memory has a computer program stored therein, and the processor is configured to run the computer program to perform the credential detection method of any one of claims 1-6.
9. A computer-readable storage medium, having stored thereon a computer program, the computer program, when being executed by a processor, implementing the steps of the credential detection method according to any one of claims 1 to 6.
CN202110486208.9A 2021-04-30 2021-04-30 Credential detection method, system, electronic device and storage medium Active CN113268765B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110486208.9A CN113268765B (en) 2021-04-30 2021-04-30 Credential detection method, system, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110486208.9A CN113268765B (en) 2021-04-30 2021-04-30 Credential detection method, system, electronic device and storage medium

Publications (2)

Publication Number Publication Date
CN113268765A CN113268765A (en) 2021-08-17
CN113268765B true CN113268765B (en) 2022-06-17

Family

ID=77229906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110486208.9A Active CN113268765B (en) 2021-04-30 2021-04-30 Credential detection method, system, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN113268765B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117668834A (en) * 2022-08-24 2024-03-08 成都华为技术有限公司 Virus detection method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105550597A (en) * 2015-12-24 2016-05-04 北京奇虎科技有限公司 Information scanning based terminal management method and apparatus
CN107679080A (en) * 2017-08-29 2018-02-09 努比亚技术有限公司 A kind of multimedia data recording method, terminal and computer-readable recording medium
CN108292315A (en) * 2015-11-23 2018-07-17 起元技术有限责任公司 Data in storage and retrieval data cube
CN111107079A (en) * 2019-12-16 2020-05-05 北京神州绿盟信息安全科技股份有限公司 Method and device for detecting uploaded files

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8621610B2 (en) * 2007-08-06 2013-12-31 The Regents Of The University Of Michigan Network service for the detection, analysis and quarantine of malicious and unwanted files
CN104536961A (en) * 2014-11-04 2015-04-22 深圳创维数字技术有限公司 Scanning method and scanning system for local media files
US10579589B2 (en) * 2014-11-06 2020-03-03 Sap Se Data filtering

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108292315A (en) * 2015-11-23 2018-07-17 起元技术有限责任公司 Data in storage and retrieval data cube
CN105550597A (en) * 2015-12-24 2016-05-04 北京奇虎科技有限公司 Information scanning based terminal management method and apparatus
CN107679080A (en) * 2017-08-29 2018-02-09 努比亚技术有限公司 A kind of multimedia data recording method, terminal and computer-readable recording medium
CN111107079A (en) * 2019-12-16 2020-05-05 北京神州绿盟信息安全科技股份有限公司 Method and device for detecting uploaded files

Also Published As

Publication number Publication date
CN113268765A (en) 2021-08-17

Similar Documents

Publication Publication Date Title
US11888843B2 (en) Filtering passwords based on a plurality of criteria
US20210344632A1 (en) Detection of spam messages
WO2018149292A1 (en) Object clustering method and apparatus
US11681757B2 (en) Similar email spam detection
US20100154055A1 (en) Prefix Domain Matching for Anti-Phishing Pattern Matching
US9197613B2 (en) Document processing method and system
EP3164795A1 (en) Prompting login account
CN109766707B (en) Data processing method, device, equipment and medium based on block chain
CN102985928A (en) Identifying polymorphic malware
CN104396220A (en) Method and device for secure content retrieval
CN108197499B (en) Verifiable ciphertext data range query method
CN103885990B (en) Searching method and system
CN109327395A (en) A kind of message processing method and device
CN108353083A (en) The system and method for algorithm (DGA) Malware is generated for detecting domains
CN110581835B (en) Vulnerability detection method and device and terminal equipment
US20130247208A1 (en) System, method, and computer program product for preventing data leakage utilizing a map of data
CN113268765B (en) Credential detection method, system, electronic device and storage medium
CN105550346A (en) Information management method and device
CN108768934A (en) Rogue program issues detection method, device and medium
US20100070508A1 (en) Information correlation system, user information correlating method, and program
McGahagan et al. A comprehensive evaluation of HTTP header features for detecting malicious websites
CN103984747A (en) Method and device for screen information processing
CN104052720A (en) Information authentication method and system thereof
KR20200000578A (en) Patent management system
CN115001724B (en) Network threat intelligence management method, device, computing equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant