CN114416672A - Method, system and equipment for filtering application program file pre-reading behavior under Linux system - Google Patents
Method, system and equipment for filtering application program file pre-reading behavior under Linux system Download PDFInfo
- Publication number
- CN114416672A CN114416672A CN202111538785.4A CN202111538785A CN114416672A CN 114416672 A CN114416672 A CN 114416672A CN 202111538785 A CN202111538785 A CN 202111538785A CN 114416672 A CN114416672 A CN 114416672A
- Authority
- CN
- China
- Prior art keywords
- file
- reading
- behavior
- read
- action
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 198
- 238000001914 filtration Methods 0.000 title claims abstract description 25
- 230000006399 behavior Effects 0.000 claims description 84
- 238000001514 detection method Methods 0.000 claims description 8
- 230000033001 locomotion Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 6
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/172—Caching, prefetching or hoarding of files
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
Abstract
The method, the system and the equipment for filtering the pre-reading behavior of the application program file in the Linux system can capture the actions of two stages of file opening and file reading in the file operation process; when a file opening action is detected, identifying a process of a first non-pre-reading behavior in a corresponding process, marking the process as a process of normal access, and regarding other processes as suspected pre-reading processes; when the file reading action of the suspected pre-reading process is detected, identifying the process which is the second non-pre-reading process, and marking the process as a normal access process; and after the file reading action is finished, determining whether a file pre-reading behavior exists by judging the file reading times of the suspected pre-reading process. The method can confirm that the current process carries out pre-reading behavior when detecting the flow of 'file opening-data reading-file closing', if the main process of the flow is an interface process, the opening mode is read only, the content offset of the file is 0 during reading, and the handle of the file is closed only by 1 reading action.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a system and equipment for filtering application program file pre-reading behavior under a Linux system.
Background
The file pre-reading behavior refers in particular to a file pre-reading behavior caused by an application program under the Linux system for displaying a file icon or other file information, and a file content caching pre-reading behavior of a non-Linux system for improving the IO performance of a file.
Currently, in a Linux system file audit scene, a need exists for auditing file access behaviors, that is, an end user needs to obtain an access record of an application program to a file concerned by the user.
On the other hand, in order to obtain better user experience, in the case that a file list needs to be displayed, the graphical interface program and part of third-party application programs in the Linux system need to complete actions of reading files, distinguishing file types, displaying file icons and the like, and file access conforming to the situation is called as file pre-reading action. The file pre-reading behavior needs to be filtered in a file auditing scene, and the processing without concern is carried out for the following reasons:
firstly, although the file pre-reading behavior generates file content access operation, the behavior itself only completes file type identification by reading key parts (key marks, file formats and the like) of the file, and no substantial content access behavior exists;
secondly, the file pre-reading behavior aims at distinguishing file types, namely an application program needs to judge the file types by triggering the behavior, then real content access is carried out, and finally a user pays attention to the content and does not start;
finally, the file pre-reading action needs to read all files in the file directory to be displayed, the access amount is large, and the processing opportunity of the real file access action is easy to miss.
Therefore, how to effectively filter the file pre-reading behavior is an urgent problem to be solved.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a method, a system and equipment for filtering the pre-reading behavior of an application program file in a Linux system.
In order to achieve the purpose, the invention is realized by the following technical scheme:
a method for filtering application program file pre-reading behavior under a Linux system comprises the following steps:
capturing actions of two stages of file opening and file reading in a file operation process;
detecting a file opening action, identifying a process of a first non-pre-reading behavior in a corresponding process, marking the process as a process of normal access, and regarding other processes as suspected pre-reading processes;
detecting a file reading action of a suspected pre-reading process, identifying a process which is a second non-pre-reading process, and marking as a process of normal access;
and after the file reading action is finished, determining whether a file pre-reading behavior exists by judging the file reading times of the suspected pre-reading process.
Further, the process of the first non-read-ahead behavior comprises: the non-interface process and the file opening mode are non-read-only processes.
Further, the process of the second non-read-ahead behavior comprises: and reading the non-first-segment data of the file, namely reading the file with the read offset not being 0.
Further, the detecting a file reading action of the suspected pre-reading process, identifying a process in which the file reading action is a second non-pre-reading process, and marking the process as a process of normal access further includes:
and recording the reading times of the file by the remaining suspected pre-reading processes according to the process information and the file handle.
Further, after the file reading action is finished, determining whether a file pre-reading behavior exists by judging the file reading times of the suspected pre-reading process, including:
after the file reading action is finished, judging whether the file reading times of a suspected pre-reading process is 1 or not; if yes, determining that a file pre-reading behavior exists, and not paying attention by the system until the file is closed; if not, determining that only the file access behavior exists, and paying attention to the corresponding process by the system until the file is closed.
Further, the method for filtering the application program file pre-reading behavior under the Linux system comprises the following steps:
step 1: executing a file opening action, and setting the file reading times to be 0;
step 2: judging whether the main process is an interface process; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed;
and step 3: judging whether the file opening mode is read-only; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed;
and 4, step 4: executing a file reading action, and adding 1 to the file reading times;
and 5: judging whether the file reading offset is 0 or not; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed;
step 6: judging whether the file is read completely; if yes, turning to the next step; if not, turning to the step 4;
step 7; judging whether the file reading times is 1 or not; if yes, determining that a file pre-reading behavior exists, and not paying attention by the system until the file is closed; if not, determining that only the file access behavior exists, and paying attention to the corresponding process by the system until the file is closed.
Correspondingly, the invention also discloses a system for filtering the application program file pre-reading behavior under the Linux system, which comprises the following steps:
the motion capture unit is used for capturing motions of two stages of file opening and file reading in the file operation process; the first detection unit is used for detecting the file opening action, identifying a process of a first non-pre-reading behavior in a corresponding process, marking the process as a process of normal access, and regarding other processes as suspected pre-reading processes;
the second detection unit is used for detecting the file reading action of the suspected pre-reading process, identifying the process which is a second non-pre-reading process and marking the process as a process of normal access;
and the identification unit is used for determining whether a file pre-reading behavior exists or not by judging the file reading times of the suspected pre-reading process after the file reading action is finished.
Correspondingly, the invention also discloses a device for filtering the pre-reading behavior of the application program file under the Linux system, which comprises:
a memory for storing a computer program;
a processor for implementing the method steps for filtering the application program file pre-reading behavior under the Linux system as described in any one of the above when executing the computer program.
Compared with the prior art, the invention has the beneficial effects that: the invention provides a method, a system and equipment for filtering the pre-reading behavior of an application program file in a Linux system, which can capture the actions of two stages of file opening and file reading in a file operation process; when a file opening action is detected, identifying a process of a first non-pre-reading behavior in a corresponding process, marking the process as a process of normal access, and regarding other processes as suspected pre-reading processes; when the file reading action of the suspected pre-reading process is detected, identifying the process which is the second non-pre-reading process, and marking the process as a normal access process; and after the file reading action is finished, determining whether a file pre-reading behavior exists by judging the file reading times of the suspected pre-reading process. The method can confirm that the current process carries out pre-reading behavior when detecting the flow of 'file opening-data reading-file closing', if the main process of the flow is an interface process, the opening mode is read only, the content offset of the file is 0 during reading, and the handle of the file is closed only by 1 reading action.
Therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a process flow diagram of an embodiment of the present invention.
FIG. 2 is another method flow diagram of an embodiment of the present invention.
FIG. 3 is a system block diagram of an embodiment of the present invention.
In the figure, 1 is a motion capture unit; 2 is a first detection unit; 3 is a second detection unit; and 4, an identification unit.
Detailed Description
The following description of the embodiments of the present invention will be made with reference to the accompanying drawings.
The method identifies and filters the file pre-reading behavior according to the characteristics of the file pre-reading behavior, and particularly, the characteristics of the file pre-reading behavior mainly comprise the following points that firstly, the file pre-reading behavior conforms to the service flow of file access, namely, the operation flow of 'file read-only open-file read-file close' is complete; secondly, the file pre-reading action generally comprises a system level interface process and a user level interface process; thirdly, the file pre-reading action is to read the first segment of data (i.e. the offset of the read data is 0) of the file, and the length is 4096, but not fixed; finally, the file pre-reading action has the characteristic of explicitly reading only the first segment of data (namely, after the first segment of data reading action is completed, the file handle is closed).
Based on this, as shown in fig. 1, the invention discloses a method for filtering the pre-reading behavior of an application program file in a Linux system, which comprises the following steps:
s1: the method comprises the steps of capturing actions of two stages of file opening and file reading in a file operation process.
S2: and detecting the file opening action, identifying the process of the first non-pre-reading behavior in the corresponding process, marking the process as the process of normal access, and regarding other processes as suspected pre-reading processes.
Wherein the process of the first non-pre-read behavior comprises: the non-interface process and the file opening mode are non-read-only processes.
Through the steps, the file is detected to be opened, and the process (non-interface program) without the known pre-reading behavior is not used as pre-reading processing and is marked as normal access; the file opened in the non-read-only mode is not used as pre-read processing and is marked as normal access; and marking suspected pre-reading in other situations, and recording the process information and the file handle.
S3: and detecting the file reading action of the suspected pre-reading process, identifying the process which is the second non-pre-reading process, marking the process as the normal access process, and recording the reading times of the file by the remaining suspected pre-reading processes according to the process information and the file handle.
Wherein the process of the second non-pre-read behavior comprises: and reading the non-first-segment data of the file, namely reading the file with the read offset not being 0.
Through the steps, file reading is detected, processes (non-interface programs) which are known to have no pre-reading behavior are not used as pre-reading processing, and are marked as normal access; reading the non-first section of data of the file, not performing pre-reading processing, and marking the read data as normal access; and marking suspected pre-reading in other situations, and recording the file reading times according to the process information and the file handle.
S4: and after the file reading action is finished, determining whether a file pre-reading behavior exists by judging the file reading times of the suspected pre-reading process.
Specifically, after the file reading action is finished, whether the file reading frequency of a suspected pre-reading process is 1 is judged; if yes, determining that a file pre-reading behavior exists, and not paying attention by the system until the file is closed; if not, determining that only the file access behavior exists, and paying attention to the corresponding process by the system until the file is closed.
As an example, as shown in fig. 2, the method for filtering the application file pre-reading behavior in the Linux system specifically includes the following steps:
step 1: and executing a file opening action, and setting the file reading times to be 0.
Step 2: judging whether the main process is an interface process; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed.
And step 3: judging whether the file opening mode is read-only; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed.
And 4, step 4: and executing the file reading action, and adding 1 to the file reading times.
And 5: judging whether the file reading offset is 0 or not; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed.
Step 6: judging whether the file is read completely; if yes, turning to the next step; if not, go to step 4.
Step 7; judging whether the file reading times is 1 or not; if yes, determining that a file pre-reading behavior exists, and not paying attention by the system until the file is closed; if not, determining that only the file access behavior exists, and paying attention to the corresponding process by the system until the file is closed.
Correspondingly, as shown in fig. 3, the present invention further discloses a system for filtering the application program file pre-reading behavior in the Linux system, including:
the motion capture unit 1 is used for capturing motions of two stages of file opening and file reading in a file operation process.
The first detection unit 2 is configured to detect a file opening action, identify a process of a first non-read-ahead behavior in a corresponding process, mark the process as a process of normal access, and regard other processes as suspected read-ahead processes.
And the second detection unit 3 is used for detecting the file reading action of the suspected pre-reading process, identifying the process which is the second non-pre-reading process and marking the process as the process of normal access.
And the identification unit 4 is used for determining whether a file pre-reading behavior exists by judging the file reading times of the suspected pre-reading process after the file reading action is finished.
Correspondingly, the invention also discloses a device for filtering the pre-reading behavior of the application program file under the Linux system, which comprises:
a memory for storing a computer program;
a processor for implementing the method steps for filtering the application program file pre-reading behavior under the Linux system as described in any one of the above when executing the computer program.
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented as software plus a required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in the form of a software product, where the computer software product is stored in a storage medium, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and the like, and the storage medium can store program codes, and includes instructions for enabling a computer terminal (which may be a personal computer, a server, or a second terminal, a network terminal, and the like) to perform all or part of the steps of the method in the embodiments of the present invention. The same and similar parts in the various embodiments in this specification may be referred to each other. Especially, for the terminal embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant points can be referred to the description in the method embodiment.
In the embodiments provided by the present invention, it should be understood that the disclosed system, system and method can be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, systems or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each module may exist alone physically, or two or more modules are integrated into one unit.
Similarly, each processing unit in the embodiments of the present invention may be integrated into one functional module, or each processing unit may exist physically, or two or more processing units are integrated into one functional module.
The invention is further described with reference to the accompanying drawings and specific embodiments. It should be understood that these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention may be made by those skilled in the art after reading the teaching of the present invention, and these equivalents also fall within the scope of the present application.
Claims (8)
1. A method for filtering application program file pre-reading behavior under a Linux system is characterized by comprising the following steps:
capturing actions of two stages of file opening and file reading in a file operation process;
detecting a file opening action, identifying a process of a first non-pre-reading behavior in a corresponding process, marking the process as a process of normal access, and regarding other processes as suspected pre-reading processes;
detecting a file reading action of a suspected pre-reading process, identifying a process which is a second non-pre-reading process, and marking as a process of normal access;
and after the file reading action is finished, determining whether a file pre-reading behavior exists by judging the file reading times of the suspected pre-reading process.
2. The method for filtering the pre-read behavior of the application program file under the Linux system of claim 1, wherein the process of the first non-pre-read behavior comprises: the non-interface process and the file opening mode are non-read-only processes.
3. The method for filtering the pre-read behavior of the application program file under the Linux system of claim 2, wherein the process of the second non-pre-read behavior comprises: and reading the non-first-segment data of the file, namely reading the file with the read offset not being 0.
4. The method for filtering pre-read behavior of application files under the Linux system of claim 3, wherein the detecting the file read action of the suspected pre-read process identifies a process therein as a second non-pre-read process, and the process is marked as a normally accessed process, further comprising:
and recording the reading times of the file by the remaining suspected pre-reading processes according to the process information and the file handle.
5. The method for filtering the pre-reading behavior of the application program file in the Linux system according to claim 4, wherein after the file reading action is finished, determining whether the pre-reading behavior of the file exists by judging the number of times of file reading in a suspected pre-reading process comprises:
after the file reading action is finished, judging whether the file reading times of a suspected pre-reading process is 1 or not; if yes, determining that a file pre-reading behavior exists, and not paying attention by the system until the file is closed; if not, determining that only the file access behavior exists, and paying attention to the corresponding process by the system until the file is closed.
6. The method for filtering the pre-reading behavior of the application program file under the Linux system according to claim 1, comprising the steps of:
step 1: executing a file opening action, and setting the file reading times to be 0;
step 2: judging whether the main process is an interface process; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed;
and step 3: judging whether the file opening mode is read-only; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed;
and 4, step 4: executing a file reading action, and adding 1 to the file reading times;
and 5: judging whether the file reading offset is 0 or not; if yes, turning to the next step; if not, the process has a file access behavior, and the system pays attention until the file is closed;
step 6: judging whether the file is read completely; if yes, turning to the next step; if not, turning to the step 4;
step 7; judging whether the file reading times is 1 or not; if yes, determining that a file pre-reading behavior exists, and not paying attention by the system until the file is closed; if not, determining that only the file access behavior exists, and paying attention to the corresponding process by the system until the file is closed.
7. A system for filtering application program file pre-reading behavior under a Linux system is characterized by comprising:
the motion capture unit is used for capturing motions of two stages of file opening and file reading in the file operation process;
the first detection unit is used for detecting the file opening action, identifying a process of a first non-pre-reading behavior in a corresponding process, marking the process as a process of normal access, and regarding other processes as suspected pre-reading processes;
the second detection unit is used for detecting the file reading action of the suspected pre-reading process, identifying the process which is a second non-pre-reading process and marking the process as a process of normal access;
and the identification unit is used for determining whether a file pre-reading behavior exists or not by judging the file reading times of the suspected pre-reading process after the file reading action is finished.
8. An apparatus for filtering application program file pre-reading behavior under a Linux system, comprising:
a memory for storing a computer program;
a processor for implementing the method steps for filtering application file pre-read behavior under the Linux system as defined in any one of claims 1 to 6 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111538785.4A CN114416672A (en) | 2021-12-15 | 2021-12-15 | Method, system and equipment for filtering application program file pre-reading behavior under Linux system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111538785.4A CN114416672A (en) | 2021-12-15 | 2021-12-15 | Method, system and equipment for filtering application program file pre-reading behavior under Linux system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114416672A true CN114416672A (en) | 2022-04-29 |
Family
ID=81267449
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111538785.4A Pending CN114416672A (en) | 2021-12-15 | 2021-12-15 | Method, system and equipment for filtering application program file pre-reading behavior under Linux system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114416672A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101158965A (en) * | 2007-10-25 | 2008-04-09 | 中国科学院计算技术研究所 | File reading system and method of distributed file systems |
| CN107340978A (en) * | 2017-07-18 | 2017-11-10 | 郑州云海信息技术有限公司 | One kind storage pre-head method, device and storage system |
| CN107590278A (en) * | 2017-09-28 | 2018-01-16 | 郑州云海信息技术有限公司 | A kind of pre-reading method of files and relevant apparatus based on CEPH |
| CN108021707A (en) * | 2017-12-28 | 2018-05-11 | 北京天融信网络安全技术有限公司 | Recognition methods, equipment and the computer-readable recording medium of file copy operation |
| US20200082081A1 (en) * | 2018-09-12 | 2020-03-12 | Symantec Corporation | Systems and methods for threat and information protection through file classification |
| CN112364374A (en) * | 2020-11-04 | 2021-02-12 | 沈阳通用软件有限公司 | File copying, moving, compressing and decompressing operation identification method on Linux platform |
-
2021
- 2021-12-15 CN CN202111538785.4A patent/CN114416672A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101158965A (en) * | 2007-10-25 | 2008-04-09 | 中国科学院计算技术研究所 | File reading system and method of distributed file systems |
| CN107340978A (en) * | 2017-07-18 | 2017-11-10 | 郑州云海信息技术有限公司 | One kind storage pre-head method, device and storage system |
| CN107590278A (en) * | 2017-09-28 | 2018-01-16 | 郑州云海信息技术有限公司 | A kind of pre-reading method of files and relevant apparatus based on CEPH |
| CN108021707A (en) * | 2017-12-28 | 2018-05-11 | 北京天融信网络安全技术有限公司 | Recognition methods, equipment and the computer-readable recording medium of file copy operation |
| US20200082081A1 (en) * | 2018-09-12 | 2020-03-12 | Symantec Corporation | Systems and methods for threat and information protection through file classification |
| CN112364374A (en) * | 2020-11-04 | 2021-02-12 | 沈阳通用软件有限公司 | File copying, moving, compressing and decompressing operation identification method on Linux platform |
Non-Patent Citations (1)
| Title |
|---|
| 吴峰光;: "Linux内核的文件预读", 软件世界, no. 21, 8 November 2007 (2007-11-08), pages 86 - 89 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111338901A (en) | Redis monitoring method, Redis monitoring device and terminal | |
| CN114416431B (en) | Agent-free continuous data protection method, system and storage medium based on KVM | |
| CN111045881A (en) | Slow disk detection method and system | |
| CN111241545A (en) | Software processing method, system, device and medium | |
| WO2010015145A1 (en) | Method and system for filtering and monitoring program behaviors | |
| CN114155906A (en) | Data block repairing method, device, equipment and storage medium | |
| CN108520063B (en) | Event log processing method and device and terminal equipment | |
| CN114090465A (en) | Memory recovery method and device | |
| CN108647284B (en) | Method and device for recording user behavior, medium and computing equipment | |
| CN114416672A (en) | Method, system and equipment for filtering application program file pre-reading behavior under Linux system | |
| CN105260130B (en) | A kind of reading/writing method of Seagate hard-disk system file | |
| CN110134615B (en) | Method and device for acquiring log data by application program | |
| KR101889222B1 (en) | Portable storage device perfoming a malignant code detection and method for the same | |
| CN107193721B (en) | Method and device for generating log | |
| CN111737158B (en) | Abnormal assertion processing method and device, electronic equipment and storage medium | |
| CN115391224A (en) | Flow playback method and device, computer equipment and readable storage medium | |
| CN111414280A (en) | Data backup system and method for NTFS (New technology File System) | |
| CN112860469A (en) | Method, device, equipment and storage medium for collecting information of katon log | |
| CN112084005A (en) | Container behavior auditing method, device, terminal and storage medium | |
| CN104850551A (en) | Data processing method, data processing apparatus and mobile terminal | |
| CN105718357A (en) | Memory monitoring method | |
| CN112800005B (en) | Deep inspection method, system, terminal and storage medium for file system | |
| CN112631602B (en) | Browser development mode detection method, device, equipment and storage medium | |
| KR102276345B1 (en) | Compression method for behavior event on computer | |
| CN114327984A (en) | Memory detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |