CN114969719A - Method and system for preventing operation of false interception system through key module judgment - Google Patents
Method and system for preventing operation of false interception system through key module judgment Download PDFInfo
- Publication number
- CN114969719A CN114969719A CN202210590979.7A CN202210590979A CN114969719A CN 114969719 A CN114969719 A CN 114969719A CN 202210590979 A CN202210590979 A CN 202210590979A CN 114969719 A CN114969719 A CN 114969719A
- Authority
- CN
- China
- Prior art keywords
- key module
- list
- file
- white list
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012217 deletion Methods 0.000 claims description 14
- 230000037430 deletion Effects 0.000 claims description 14
- 238000001914 filtration Methods 0.000 claims description 9
- 230000008676 import Effects 0.000 claims description 4
- 238000009434 installation Methods 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 6
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007858 starting material Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/162—Delete operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Human Computer Interaction (AREA)
- Computer Hardware Design (AREA)
- Library & Information Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to the technical field of industrial control safety, and discloses a method and a system for preventing an error interception system from operating by judging a key module, wherein the method comprises the steps of collecting an executable module in advance by utilizing an initial system of a specific version, forming a key module file list, and accurately collecting key module files of the version system; the key module file list is matched with the imported white list, so that white list software can be effectively prevented from intercepting key module files of the system due to the fact that the white list with incomplete design is imported; the white list with incomplete design can be screened, and the key module files can be prevented from being deleted by mistake.
Description
Technical Field
The invention relates to the technical field of industrial control safety, in particular to a method and a system for preventing an error interception system from operating through key module judgment.
Background
In the field of industrial control safety, safety is a very important requirement, and meanwhile, safety is also an additional module/accessory product, and production safety cannot be influenced. For example, industrial white list software generates a white list, and any module not in the white list is not allowed to be loaded, so that the execution of malicious code is prevented. If the white list software is not designed perfectly, the key modules of the system are intercepted, which can cause extremely serious consequences, such as that part of the software cannot be used normally, and even that the system cannot be started or is blocked seriously, thereby causing serious production accidents.
Disclosure of Invention
The invention mainly provides a method and a system for preventing the operation of an error interception system through key module judgment.
In order to solve the technical problems, the invention adopts the following technical scheme:
the method for preventing the operation of the false interception system through the judgment of the key module comprises the following steps:
acquiring an executable module of an initial system, forming a key module file list based on the executable module, and installing the key module file list in white list software;
installing the white list software in a system to be detected, and importing a pre-prepared white list;
traversing the key module file list based on the white list software, judging whether each key module file in the key module file list exists in the system to be detected, and checking whether each key module file in the key module file list exists in the white list;
if a certain key module file exists in the system to be detected and does not exist in the white list, judging that the white list is failed to be imported; and if a certain key module file does not exist in the system to be detected, skipping the check of the key module file which does not exist in the system to be detected in the white list.
Further, the acquiring an executable module of the initial system, forming a key module file list based on the executable module, and installing the key module file list in white list software, includes:
preparing a brand new initial system;
traversing all files of a magnetic disk where a system disk of the initial system is located, and filtering out all executable modules;
saving the file path of the executable module, and forming a key module file list based on the file path;
and installing the key module file list in white list software.
Further, the saving the file path of the executable module and forming a key module file list based on the file path includes:
and if the selected initial system is a Windows series operating system, ignoring the drive letter in the file path when saving the file path of the executable module, and then saving.
Further, the method comprises the following steps:
if the user deletes a certain white list item in the white list, judging whether the white list item exists in the key module file list;
and if the key module file exists in the key module file list, not allowing deletion.
A system for preventing the operation of a false intercept system by critical module determination, comprising:
the key module file list forming module is used for collecting an executable module of an initial system, forming a key module file list based on the executable module and installing the key module file list in white list software;
the white list software installation module is used for installing the white list software in the system to be detected and importing a pre-prepared white list;
a key module file judging module, configured to traverse the key module file list based on the white list software, judge whether each key module file in the key module file list exists in the system to be detected, and check whether each key module file in the key module file list exists in the white list;
a judgment result execution module, configured to determine that the white list import fails if a certain key module file exists in the system to be checked and does not exist in the white list; and if a certain key module file does not exist in the system to be detected, skipping the check of the key module file which does not exist in the system to be detected in the white list.
Further, the key module file list forming module includes:
the system selection submodule is used for preparing a brand new initial system;
the executable module filtering submodule is used for traversing all files of a magnetic disk where a system disk of the initial system is located and filtering all executable modules;
a key module file list forming sub-module, which is used for saving the file path of the executable module and forming a key module file list based on the file path;
and the key module file list installation submodule is used for installing the key module file list in white list software.
Further, the key module file list forming sub-module includes:
and the drive symbol neglecting unit is used for neglecting the drive symbol in the file path when the file path of the executable module is saved and then saving the drive symbol if the selected initial system is a Windows series operating system.
Further, the method comprises the following steps:
a deletion judging module, configured to, if a user deletes a white list entry in the white list, judge whether the white list entry exists in the key module file list;
and the deletion execution module is used for disallowing deletion if the deletion execution module exists in the key module file list.
Has the advantages that: according to the invention, the executable module is collected in advance by using the initial system of a specific version, and a key module file list is formed, so that the key module files of the version system can be accurately collected; the key module file list is matched with the imported white list, so that white list software can be effectively prevented from intercepting key module files of the system due to the fact that the white list with incomplete design is imported; the white list with incomplete design can be screened, and the key module files can be prevented from being deleted by mistake.
Drawings
FIG. 1 is a flow chart of a method for preventing the operation of a false interception system by critical module determination according to the present invention;
FIG. 2 is a flowchart of step S1 according to the present invention;
FIG. 3 is a system diagram of the present invention for preventing the operation of a false intercept system through critical module determination.
Detailed Description
The method and system for preventing the operation of the false interception system by determining the key module according to the present invention will be described in further detail with reference to the following embodiments.
As shown in fig. 1, the method for preventing the operation of the false interception system through the determination of the key module in this embodiment includes: steps S1 to S4:
s1, acquiring an executable module of an initial system, forming a key module file list based on the executable module, and installing the key module file list in white list software;
the initial system is an initial operating system that does not contain any third-party software, that is, an original operating system that is carried by the computer when the computer leaves the factory.
S2, installing the white list software in a system to be checked, and importing a pre-prepared white list;
s3, traversing the key module file list based on the white list software, judging whether each key module file in the key module file list exists in the system to be detected, and checking whether each key module file in the key module file list exists in the white list;
when the judgment is carried out, the file path of the key module file is compared with the file paths in the system to be detected and the white list.
S4, if a certain key module file exists in the system to be detected and does not exist in the white list, judging that the white list is failed to be imported; and if a certain key module file does not exist in the system to be detected, skipping the check of the key module file which does not exist in the system to be detected in the white list.
The key module file is an executable module stored in the key module file list.
Further, as shown in fig. 2, the acquiring an executable module of the initial system in step S1, forming a key module file list based on the executable module, and installing the key module file list in the white list software includes:
s11, preparing a brand-new initial system;
s12, traversing all files of the magnetic disk where the system disk of the initial system is located, and filtering out all executable modules;
s13, saving the file path of the executable module, and forming a key module file list based on the file path;
and S14, installing the key module file list in white list software.
If a brand-new initial system of Win7 SP1x64 Home version is prepared; running the scanning software, traversing all files of the initial system, filtering all executable modules, such as exe/. com/. dll/. sys/. svc, and the like, and storing file paths of the executable modules, such as: c: \ Test \ abc.exe, C: \ Programfiles \ Adobe \ Reader \ reader.exe and the like; thereby forming a list of key file modules.
If the selected initial system is a Windows series operating system, preparing an Ultimate version of the specific version of the Windows series operating system.
The white list software can support a plurality of operating systems, Windows series operating systems can be divided into Windows XP, Vista, Win7, Win8, Win10, Win11 and the like according to versions, common versions and Server versions according to use scenes, X86 and X64 according to architectures, Home, Starter, Professional, Ultimate and the like according to SKU, SP0, SP1, SP2 and the like according to the existence of patches, and if the patches are combined in a full-cross mode, hundreds of operating systems can be provided. Linux has CentOS, Ubuntu, reddat and the like, so that the classification of the operating system is too many, and all the operating system subdivision versions cannot be exhausted. Because the operating system is considered to be usually in an inclusion relationship according to the SKU, for example, the Ultimate version of Windows is the most complete version, and the file list is also the most complete, the key module file list of the Ultimate version is collected for the large version of each operating system; therefore, when the judgment is finally carried out, if a certain key module file does not exist in the system to be detected, the check of the white list is skipped.
Further, as shown in fig. 2, the step S13 of saving the file path of the executable module and forming a key module file list based on the file path includes:
s131, if the selected initial system is a Windows series operating system, ignoring the drive letter in the file path when saving the file path of the executable module, and then saving.
The Windows operating system can be installed in different disks, so that the file path in the key module file list needs to be specially processed when judging. For the Windows operating system, the drive letter can be ignored, so that the comparison of file paths cannot be influenced by different installation drive letters; the Linux operating system and the domestic operating system do not have the problem, and the drive symbol processing is not required to be ignored.
Further, as shown in fig. 1, the method includes:
s5, if the user deletes a white list item in the white list, judging whether the white list item exists in the key module file list;
and S6, if the key module file exists in the key module file list, deleting is not allowed.
Has the advantages that: according to the invention, the executable module is collected in advance by using the initial system of a specific version, and a key module file list is formed, so that the key module files of the version system can be accurately collected; the key module file list is matched with the imported white list, so that white list software can be effectively prevented from intercepting key module files of the system due to the fact that the white list with incomplete design is imported; the white list with incomplete design can be screened, and the key module files can be prevented from being deleted by mistake.
As shown in fig. 3, the system for preventing the operation of the false interception system through the determination of the key module includes:
a key module file list forming module 31, configured to collect an executable module of an initial system, form a key module file list based on the executable module, and install the key module file list in white list software;
a white list software installation module 32, configured to install the white list software in the system to be detected, and import a pre-prepared white list;
a key module file determining module 33, configured to traverse the key module file list based on the white list software, determine whether each key module file in the key module file list exists in the system to be checked, and check whether each key module file in the key module file list exists in the white list;
a judgment result executing module 34, configured to determine that the white list import fails if a certain key module file exists in the system to be checked and does not exist in the white list; and if a certain key module file does not exist in the system to be detected, skipping the check of the key module file which does not exist in the system to be detected in the white list.
Further, the key module file list forming module 31 includes:
a system selection sub-module 311 for preparing a brand new initial system;
the executable module filtering sub-module 312 is configured to traverse all files of the magnetic disk where the system disk of the initial system is located, and filter out all executable modules;
a key module file list forming sub-module 313, configured to store a file path of the executable module, and form a key module file list based on the file path;
and the key module file list installing submodule 314 is used for installing the key module file list in the white list software.
Further, the key module file list forming sub-module 313 includes:
a drive symbol ignoring unit 3131, configured to, if the selected initial system is a Windows-series operating system, ignore the drive symbol in the file path when saving the file path of the executable module, and then save the drive symbol.
Further, the method comprises the following steps:
a deletion judging module 35, configured to, if the user deletes a white list entry in the white list, judge whether the white list entry exists in the key module file list;
and a deletion executing module 36, configured to disallow deletion if the deletion exists in the key module file list.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. The method for preventing the operation of the false interception system through the judgment of the key module is characterized by comprising the following steps:
acquiring an executable module of an initial system, forming a key module file list based on the executable module, and installing the key module file list in white list software;
installing the white list software in a system to be detected, and importing a pre-prepared white list;
traversing the key module file list based on the white list software, judging whether each key module file in the key module file list exists in the system to be detected, and checking whether each key module file in the key module file list exists in the white list;
if a certain key module file exists in the system to be checked and does not exist in the white list, judging that the white list is failed to be imported; and if a certain key module file does not exist in the system to be detected, skipping the check of the key module file which does not exist in the system to be detected in the white list.
2. The method of claim 1, wherein said collecting executable modules of an initial system, forming a key module file list based on said executable modules, and installing said key module file list in a white list software comprises:
preparing a brand new initial system;
traversing all files of a magnetic disk where a system disk of the initial system is located, and filtering out all executable modules;
saving the file path of the executable module, and forming a key module file list based on the file path;
and installing the key module file list in white list software.
3. The method of claim 2, wherein saving the file path of the executable module and forming a key module file list based on the file path comprises:
and if the selected initial system is a Windows series operating system, ignoring the drive letter in the file path when saving the file path of the executable module, and then saving.
4. The method of claim 1, comprising:
if the user deletes a certain white list item in the white list, judging whether the white list item exists in the key module file list;
and if the key module file exists in the key module file list, not allowing deletion.
5. A system for preventing operation of a false interception system through critical module determination, comprising:
the key module file list forming module is used for collecting an executable module of an initial system, forming a key module file list based on the executable module and installing the key module file list in white list software;
the white list software installation module is used for installing the white list software in the system to be detected and importing a pre-prepared white list;
a key module file judging module, configured to traverse the key module file list based on the white list software, judge whether each key module file in the key module file list exists in the system to be detected, and check whether each key module file in the key module file list exists in the white list;
a judgment result execution module, configured to determine that the white list import fails if a certain key module file exists in the system to be checked and does not exist in the white list; and if a certain key module file does not exist in the system to be detected, skipping the check of the key module file which does not exist in the system to be detected in the white list.
6. The system of claim 5, wherein the key module file list forming module comprises:
the system selection submodule is used for preparing a brand-new initial system;
the executable module filtering submodule is used for traversing all files of a magnetic disk where a system disk of the initial system is located and filtering all executable modules;
a key module file list forming sub-module, which is used for saving the file path of the executable module and forming a key module file list based on the file path;
and the key module file list installation submodule is used for installing the key module file list in white list software.
7. The system of claim 6, wherein the key module file list forming sub-module comprises:
and the drive symbol neglecting unit is used for neglecting the drive symbol in the file path when the file path of the executable module is saved and then saving the drive symbol if the selected initial system is a Windows series operating system.
8. The system of claim 5, comprising:
a deletion judging module, configured to, if a user deletes a white list entry in the white list, judge whether the white list entry exists in the key module file list;
and the deletion execution module is used for disallowing deletion if the deletion execution module exists in the key module file list.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210590979.7A CN114969719B (en) | 2022-05-27 | 2022-05-27 | Method and system for preventing operation of error interception system through critical module judgment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210590979.7A CN114969719B (en) | 2022-05-27 | 2022-05-27 | Method and system for preventing operation of error interception system through critical module judgment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114969719A true CN114969719A (en) | 2022-08-30 |
CN114969719B CN114969719B (en) | 2023-12-08 |
Family
ID=82958413
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210590979.7A Active CN114969719B (en) | 2022-05-27 | 2022-05-27 | Method and system for preventing operation of error interception system through critical module judgment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114969719B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101706851A (en) * | 2009-11-03 | 2010-05-12 | 广州广电运通金融电子股份有限公司 | Method and system for controlling process of self-help terminal |
CN107944232A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of design method and system of the Active Defending System Against based on white list technology |
CN108804207A (en) * | 2017-04-28 | 2018-11-13 | 珠海全志科技股份有限公司 | A kind of process management-control method based on android system |
CN113553599A (en) * | 2021-09-22 | 2021-10-26 | 北京神州慧安科技有限公司 | Industrial control host software reinforcement method and system |
-
2022
- 2022-05-27 CN CN202210590979.7A patent/CN114969719B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101706851A (en) * | 2009-11-03 | 2010-05-12 | 广州广电运通金融电子股份有限公司 | Method and system for controlling process of self-help terminal |
CN108804207A (en) * | 2017-04-28 | 2018-11-13 | 珠海全志科技股份有限公司 | A kind of process management-control method based on android system |
CN107944232A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of design method and system of the Active Defending System Against based on white list technology |
CN113553599A (en) * | 2021-09-22 | 2021-10-26 | 北京神州慧安科技有限公司 | Industrial control host software reinforcement method and system |
Also Published As
Publication number | Publication date |
---|---|
CN114969719B (en) | 2023-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8621278B2 (en) | System and method for automated solution of functionality problems in computer systems | |
US6560776B1 (en) | Software installation verification tool | |
US9021584B2 (en) | System and method for assessing danger of software using prioritized rules | |
JP4903879B2 (en) | System analysis and management | |
JP4807970B2 (en) | Spyware and unwanted software management through autostart extension points | |
CN103150506A (en) | Method and device for detecting rogue program | |
CN102736978A (en) | Method and device for detecting installation status of application program | |
US11550923B2 (en) | Systems and/or methods for static-dynamic security testing using a test configurator to identify vulnerabilities and automatically repair defects | |
US7565695B2 (en) | System and method for directly accessing data from a data storage medium | |
US20110161364A1 (en) | System and method for providing a normal file database | |
CN115221524B (en) | Service data protection method, device, equipment and storage medium | |
CN104598806A (en) | Method and device for registering detecting | |
US7346611B2 (en) | System and method for accessing data from a data storage medium | |
CN114186239A (en) | Program white list method and device based on path information | |
CN103077350A (en) | Searching and killing method and system for malicious code | |
KR100996839B1 (en) | Automatic verification system for computer virus vaccine database and method thereof | |
KR20140025587A (en) | Method and device for obtaining using-frequency of application program | |
CN114969719A (en) | Method and system for preventing operation of false interception system through key module judgment | |
CN102857519A (en) | Active defensive system | |
CN115757181B (en) | Code detection method, device, equipment and readable storage medium | |
US20130312100A1 (en) | Electronic device with virus prevention function and virus prevention method thereof | |
US20210081533A1 (en) | Detection system, detection method, and an update verification method performed by using the detection method | |
CN114816447A (en) | White list based dynamic deployment software installation method and device, electronic equipment and medium | |
CN114546420A (en) | Software remote installation protection uninstalling method | |
CN106201601A (en) | A kind of file clean-up method, electronic equipment and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |