CN115396535A - Patch updating method, device and system based on agent - Google Patents

Patch updating method, device and system based on agent Download PDF

Info

Publication number
CN115396535A
CN115396535A CN202211021924.0A CN202211021924A CN115396535A CN 115396535 A CN115396535 A CN 115396535A CN 202211021924 A CN202211021924 A CN 202211021924A CN 115396535 A CN115396535 A CN 115396535A
Authority
CN
China
Prior art keywords
patch
data packet
server
updating
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211021924.0A
Other languages
Chinese (zh)
Other versions
CN115396535B (en
Inventor
谢正强
李林哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Antiy Network Technology Co Ltd
Original Assignee
Beijing Antiy Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Antiy Network Technology Co Ltd filed Critical Beijing Antiy Network Technology Co Ltd
Priority to CN202211021924.0A priority Critical patent/CN115396535B/en
Publication of CN115396535A publication Critical patent/CN115396535A/en
Application granted granted Critical
Publication of CN115396535B publication Critical patent/CN115396535B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/658Incremental updates; Differential updates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a patch updating method, a device and a system based on an agent, which are applied to a server, wherein the server is used for acting the internet surfing behavior of each terminal device; the method comprises the following steps: receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network, and determining whether the network flow data packet has a target data packet for patch updating of a Windows system in the corresponding terminal equipment; if the target data package exists, analyzing the patch file and the patch information from the target data package; and updating the patch library; responding to a received patch file downloading request sent by an intranet server; and sending the target patch file requested to be downloaded to the intranet server so that the intranet server provides the updated patch file of the Windows system for the terminal deployed in the intranet by using the target patch file. According to the scheme, the updated patch file can be timely and easily acquired, so that the required patch file can be provided for the terminal deployed in the intranet.

Description

Patch updating method, device and system based on agent
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a patch updating method, device and system based on an agent.
Background
The Windows system of the computer needs to update the patch in time to avoid the problems of vulnerability and the like of the system installed on the terminal. At present, enterprises exist in an intranet environment, and due to the fact that terminals in the enterprises cannot access the external internet for safety reasons, the terminals are interrupted when the system is updated, and therefore the terminals are enabled to have a series of potential safety hazards such as leaks.
In a traditional method for updating patches on an intranet terminal, updated patch files are obtained from an extranet in a network crawler mode, then the obtained patch files are uploaded to an intranet server deployed by an enterprise, and the intranet server provides the patch files for updating the patches for the intranet terminal. However, the method has the crawling difficulty and the acquisition timeliness of the patch file is poor.
Disclosure of Invention
The embodiment of the invention provides a patch updating method, device and system based on an agent, which can timely and easily acquire a patch file to be updated so as to provide a required patch file for a terminal deployed in an intranet.
In a first aspect, an embodiment of the present invention provides a patch updating method based on a proxy, which is applied to a server, where the server is used to proxy an internet behavior of each terminal device; the method comprises the following steps:
receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network, and determining whether the received network flow data packet has a target data packet for patch updating of a Windows system in the corresponding terminal equipment; if the target data package exists, analyzing the patch file and the patch information from the target data package;
carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the check is passed; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment;
and responding to a received patch file downloading request sent by an intranet server, and sending a target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request so that the intranet server provides a patch file updated by a Windows system for a terminal deployed in an intranet by using the target patch file.
In a possible implementation manner, the determining whether the received network traffic data packet has a target data packet for patch update of a Windows system in a corresponding terminal device includes: determining whether a target data packet for patch updating of a Windows system in the terminal device exists in the network traffic data packet according to whether at least one of an IP address of a Microsoft server exists in the network traffic data packet, whether an HTTP domain name of the Microsoft server exists in the network traffic data packet, and whether patch information exists in the content of the network traffic data packet; and/or after determining a first target data packet according to at least one of whether the IP address of the Microsoft server exists in the network flow data packet, whether the HTTP domain name of the Microsoft server exists in the network flow data packet and whether patch information exists in the content of the network flow data packet, determining a subsequent target data packet according to the data stream length specified by the protocol to which the network flow data packet belongs;
and/or the presence of a gas in the gas,
the analysis mode of the patch file comprises the following steps: restoring files in TCP data streams corresponding to TCP links based on the TCP links included in the received target data packets to obtain patch files for updating the patches of the Windows system in the terminal equipment;
and/or the presence of a gas in the gas,
before the updating of the patch updating content into the preset patch library, the method further includes: and determining whether the patch file is stored in the patch library, and if not, updating the patch updating content to a preset patch library.
In one possible implementation, the plurality of terminal devices cover a plurality of different versions of the Windows system; the patch library comprises patch files and patch information corresponding to different Windows system versions.
In one possible implementation manner, the method further includes: establishing a patch white list, and updating the patch white list after the patch library is updated; the patch white list comprises corresponding relations between different Windows system versions and patch information respectively;
before the response to the receiving of the patch file downloading request sent by the intranet server, the method further includes: responding to a received inquiry request of an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file needing to be updated exists according to the patch white list and a patch installation condition of a terminal deployed in an intranet, and requests to download the patch file needing to be updated; the patch installation condition comprises the following steps: and the version of the Windows system corresponding to the terminal deployed in the intranet and the patch information of the currently installed patch file.
In a second aspect, an embodiment of the present invention further provides an agent-based patch updating apparatus, which is located in a server, where the server is configured to act as an agent for an internet behavior of each terminal device; the agent-based patch updating apparatus includes:
the communication module is used for receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network;
the processing module is used for determining whether the received network flow data packet has a target data packet for patch updating of a Windows system in the corresponding terminal equipment; if the target data package exists, analyzing the patch file and the patch information from the target data package;
the updating module is used for carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the check is passed; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment;
the communication module is also used for responding to a received patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by using the target patch file.
In a third aspect, an embodiment of the present invention further provides a patch update system based on an agent, including: a patch management server and at least one proxy server; each proxy server is used for acting the internet access behavior of the corresponding terminal equipment;
the proxy server is also used for receiving a network flow data packet returned from the external network after the terminal equipment corresponding to the proxy accesses the external network, and determining whether the received network flow data packet has a target data packet for patch updating of a Windows system in the corresponding terminal equipment; if the target data package exists, analyzing the patch file and the patch information from the target data package; reporting the patch updating content to the patch management server; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment;
the patch management server is used for carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the check is passed; responding to a received patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides a patch file updated by the Windows system for a terminal deployed in the intranet by using the target patch file.
In one possible implementation, the plurality of terminal devices cover a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
In a possible implementation manner, the patch management server is further configured to establish a patch white list, and update the patch white list every time the patch library is updated; the patch white list comprises corresponding relations between different Windows system versions and patch information respectively; responding to a received inquiry request of an intranet server, and sending the patch white list to the intranet server so that the intranet server can determine whether a patch file needing to be updated exists according to the patch white list and the patch installation condition of a terminal deployed in the intranet, and request to download the patch file needing to be updated; the patch installation condition comprises the following steps: and the version of the Windows system corresponding to the terminal deployed in the intranet and the patch information of the currently installed patch file.
In a fourth aspect, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor executes the computer program to implement the method according to any embodiment of the present specification.
In a fifth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed in a computer, the computer program causes the computer to execute the method described in any embodiment of the present specification.
The embodiment of the invention provides a patch updating method, a device and a system based on an agent, which can receive a network flow data packet returned from an external network after the terminal equipment accesses the external network by the agent through the online behavior of each terminal equipment, determine whether the terminal equipment to be acted carries out patch updating of a Windows system or not based on the network flow data packet, and can acquire a patch file and patch information from a target data packet when the network flow data is determined to exist in a target data packet of the patch updating of the Windows system in the terminal equipment so as to update the patch file to a preset database, manage the patch file by the patch database, thereby providing a required patch file for an intranet server, and further providing the patch updating of the Windows system for the terminal deployed in the intranet by the intranet server. According to the scheme, whether patch updating of a Windows system is carried out on the terminal equipment is monitored through the network flow data packet received in the proxy mode, and the difficulty is low; and when the terminal equipment is determined to update the patch of the Windows system, the patch file can be quickly updated to the patch library, so that the patch file in the patch library is up-to-date, and the timeliness of acquiring the patch file required by the intranet terminal is guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a block diagram of a patch update system architecture according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for updating a patch based on an agent according to an embodiment of the present invention;
FIG. 3 is a diagram of a hardware architecture of an electronic device according to an embodiment of the present invention;
FIG. 4 is a block diagram of an agent-based patch update apparatus according to an embodiment of the present invention;
FIG. 5 is a block diagram of another agent-based patch update apparatus according to an embodiment of the present invention;
fig. 6 is a block diagram of a patch update system based on an agent according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As described above, the updated patch file is obtained from the extranet by the web crawler, and if the latest patch file needs to be obtained in time, the web crawler needs to be continuously performed, and the web crawler is not only high in cost but also difficult to crawl, for example, network supervision exists, and the web crawler is prohibited. Therefore, the latest patch file cannot be crawled in time, and the timeliness is poor, so that the required patch file cannot be provided for the terminal deployed in the intranet, and the security of the intranet terminal is influenced.
Based on the problems, the invention idea of the invention is that: the method comprises the steps that patch files are obtained from terminal equipment in a networking state, when the terminal equipment updates patches of a Windows system, network flow data packets transmitted through a network link need to be downloaded to download the patch files, the network flow data packets returned from an external network after the agent terminal equipment accesses the external network can be obtained in a mode of online agent so as to monitor the terminal equipment, when the terminal equipment updates patches of the Windows system, the patch files updated by the patches are obtained, a patch library is updated quickly, therefore, the required files can be provided for terminals managed by an intranet patch server, and the safety of the intranet terminal is guaranteed.
Based on the above concept, the system architecture of the embodiment of the present invention is explained.
Referring to fig. 1, an embodiment of the present invention provides a patch update system, including: a patch management server 10 and at least one proxy server 20. Wherein the patch management server 10 can be connected with each proxy server 20 as needed. The patch management server 10 may be connected to an intranet server 30 as needed, the intranet server 30 is connected to a plurality of terminals 40 through an intranet, and the plurality of terminals 40 are all deployed in an intranet environment. The proxy server 20 is connected in parallel to the network links of a plurality of terminal devices 50, and is used for monitoring the transmission of network traffic data packets between each terminal device 50 and the microsoft server 60.
In the embodiment of the invention, the patch management server and the proxy server can be realized by the same physical server or different physical servers.
Specific implementations of the above concepts are described below.
Referring to fig. 2, an embodiment of the present invention provides a patch updating method based on a proxy, which is applied to a server, where the server is used for acting an internet behavior of each terminal device; the method comprises the following steps:
step 200, receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network, and determining whether the received network flow data packet has a target data packet for patch updating of a Windows system in the corresponding terminal equipment; and if so, analyzing the patch file and the patch information from the target data packet.
The Server in the embodiment of the invention is used for realizing the function of a Proxy Server (Proxy Server), the Proxy Server is an intermediate Proxy mechanism between a personal network and an Internet service provider, and is used for acquiring network information by Proxy terminal equipment, forwarding legal network information and controlling and registering forwarding. In addition, the server needs to perform functions such as security check, cache, content filtering, and the like on the received network traffic data packet in the process of acting the internet surfing behavior for the terminal device. Therefore, in the process of realizing the agent service, whether the terminal equipment carries out patch updating of the Windows system or not can be additionally monitored.
In an embodiment of the present invention, whether a corresponding terminal device performs a patch update of a Windows system may be determined by determining whether a target packet for a patch update of a Windows system in the corresponding terminal device exists in a network traffic packet, and if the target packet exists, determining that the corresponding terminal device performs a patch update of the Windows system.
In an embodiment of the present invention, the manner of determining whether the network traffic data packet includes a target data packet for patch update of a Windows system in the terminal device may be at least one of the following manners:
mode 1, determining whether the network traffic data packet has a target data packet for patch update of a Windows system in the terminal device according to whether the IP address of the microsoft server exists in the network traffic data packet.
And 2, determining whether the network flow data packet has a target data packet for patch updating of the Windows system in the terminal equipment according to whether the HTTP domain name of the Microsoft server exists in the network flow data packet.
And 3, determining whether the network traffic data packet has a target data packet for updating the patch of the Windows system in the terminal equipment according to whether the content of the network traffic data packet has patch information.
Mode 4, after the first target data packet is determined by using at least one of the three modes, the subsequent target data packet is determined according to the data flow length specified by the protocol to which the network traffic data packet belongs.
When the terminal device updates the patch of the Windows system, the terminal device needs to establish connection with the Microsoft server through the proxy server to acquire the patch file from the Microsoft server. Therefore, in the mode 1 and the mode 2, the IP address of the microsoft server and/or the HTTP domain name of the microsoft server may be preset, and when it is determined that the IP address and/or the HTTP domain name in the network traffic data packet is the IP address of the microsoft server and/or the HTTP domain name of the microsoft server, it is determined that the network traffic data packet has a target data packet for patch update of the Windows system in the corresponding terminal device.
In the mode 3, the content of the network traffic data packet may be parsed to determine whether patch information exists in the parsed content, and if the patch information exists, it may be determined that a target data packet for patch update of a Windows system in a corresponding terminal device exists in the network traffic data packet.
It should be noted that, in the above mode 1 or mode 2, when it is determined that the IP address in the network traffic data packet is the IP address of the microsoft server or the HTTP domain name is the HTTP domain name of the microsoft server, it may be further determined by using the mode 3 whether patch information exists in the content of the network traffic data packet, so as to determine whether a target data packet for patch update of the Windows system in the terminal device exists in the network traffic data packet, so that the determination accuracy may be further improved.
In the method 4, since the data transfer protocol has a specification on the length of the data stream to be transferred, after a first destination packet is determined by any one of the three methods, if the length of the first destination packet does not reach the data stream length specified by the protocol to which the network traffic packet belongs, a destination packet also exists in a subsequent network traffic packet.
No matter which way is adopted to determine whether a target data packet exists in the network traffic data packet, if the network traffic data packet is determined not to exist the target data packet for patch updating of the Windows system in the terminal equipment, the network traffic data packet is not processed; and if a target data packet for updating the patch of the Windows system in the terminal equipment exists in the network flow data packet, analyzing the patch file and the patch information from the target data packet.
Further, the parsing manner of the patch file may include: restoring files in TCP data streams corresponding to the TCP links based on the TCP links included in the received multiple target data packets to obtain patch files for updating the patches of the Windows system in the terminal equipment.
In the proxy mode, the proxy server is an Http proxy, so that the received network traffic data packet includes a TCP link, and the file restoration of the TCP data stream corresponding to the TCP link is directly performed without performing packet reassembly, so as to obtain the patch file.
It should be noted that the patch information may also be parsed from the header of the target packet. In this embodiment of the present invention, the patch information may include: the operating system to which the patch belongs, a patch list, hardware information and drivers, an acquisition path of the patch, and official information of a patch file.
Step 202, carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the check is passed; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment.
In an embodiment of the invention, when the security of the patch file is checked, an external threat information center and various antivirus engines can be connected, and the validity and the security of the patch file can be checked by using the threat information center and the various antivirus engines so as to ensure the security of the patch file.
Since the proxy server is used for acting the internet access behaviors of the plurality of terminal devices, when patch updating of the Windows system is determined for any one terminal device, a patch file corresponding to the patch updating can be obtained. And only one patch file of the same Windows system version needs to be maintained in the patch library without repeated storage. Therefore, in an embodiment of the present invention, before updating the patch update content to the preset patch library, the method may further include: and determining whether the patch file is stored in the patch library, and if not, updating the patch updating content to a preset patch library.
In an embodiment of the present invention, whether the patch file is stored in the patch library may be determined by comparing the hash value of the patch file and/or the patch information.
When determining whether the patch file is stored in the patch library by using a hash value mode, specifically, the server calculates a hash value for each patch file stored in the patch library in advance to form a hash value list; and after the new patch file is obtained, calculating the hash value of the new patch file, if the hash value of the new patch file exists in the hash value list, indicating that the patch file is stored in the patch library, otherwise, indicating that the patch file is not stored in the patch library.
When determining whether the patch file is stored in the patch library by using the patch information, specifically, the server may compare the analyzed patch information with the patch information stored in the patch library, and if the patch information exists in the patch library, it indicates that the patch file is already stored in the patch library, otherwise, it indicates that the patch file is not stored in the patch library.
In an embodiment of the present invention, the terminal device has more Windows system versions, the types of patch files are complex, and the Windows system versions correspond to the patch files, so the Windows system versions corresponding to the terminal device need to be acquired to be stored in the patch library together with the patch files and the patch information.
The Windows system version can be Windows XP, windows Vista, windows 7, windows 8/Windows 8.1, windows 10, windows 11, etc.
Furthermore, the patch library needs to provide the required patch files for the terminal managed by the intranet server, and the terminal managed by the intranet server may correspond to multiple Windows system versions, so that multiple terminal devices proxied by the server cover multiple different Windows system versions in order to enrich the Windows system versions corresponding to the patch files in the patch library; the patch library comprises patch files and patch information corresponding to different Windows system versions.
Step 204, in response to receiving a patch file downloading request sent by an intranet server, sending a target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides a patch file updated by a Windows system for a terminal deployed in an intranet by using the target patch file.
The intranet server is deployed in an enterprise and is used for providing patch updating of a Windows system for terminals deployed in the intranet. The server provides service for the intranet server to download the required patch file.
In order to improve user experience and ensure timeliness of updating an intranet terminal patch, an embodiment of the present invention may further include: establishing a patch white list, and updating the patch white list after receiving patch updating contents reported by terminal equipment; the patch white list comprises corresponding relations between different Windows system versions and patch information respectively. The patch white list may include only the latest patch information for the same Windows system version, or may include the latest patch information and the latest historical patch information, so as to be selected by the intranet server.
Before the response to the receiving of the patch file downloading request sent by the intranet server, the method further includes: responding to a received inquiry request of an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file needing to be updated exists according to the patch white list and a patch installation condition of a terminal deployed in an intranet, and requests to download the patch file needing to be updated; the patch installation condition comprises the following steps: and the version of the Windows system corresponding to the terminal deployed in the intranet and the patch information of the currently installed patch file.
Specifically, the intranet server may know the patch installation condition of the intranet terminal in advance, and determine whether a patch file to be updated exists according to the received patch white list. The patch file to be updated may be a patch file corresponding to the latest patch information or a patch file corresponding to the historical patch information.
And when the intranet server determines that the patch file needing to be updated exists, sending a patch file downloading request to the server, wherein the patch file downloading request carries the version of the Windows system and the patch information.
In the embodiment of the invention, the intranet server can periodically send a query request to the server so as to determine whether the patch file needing to be updated exists.
Furthermore, the server can classify the patch files according to the emergency degree, and when the emergency degree meets the set condition, the corresponding patch files can be directly sent to the intranet server, so that the intranet server can provide patch updating of the Windows system for the terminal of the intranet in time, and the safety of the terminal of the intranet is guaranteed.
In addition, after the intranet server acquires the patch file needing updating, the intranet server can control the client to update the patch in a proper time period.
In the embodiment of the invention, whether the terminal equipment carries out patch updating of the Windows system or not is monitored in the process of acting the internet surfing behavior of the terminal equipment, the patch file of the terminal equipment is obtained, and then the patch library is updated, so that the patch library can provide the required patch file for the intranet server in time, and the intranet server can provide the patch updating of the Windows system for the terminal deployed in the intranet, thereby ensuring the safety of the terminal in the intranet.
As shown in fig. 3 and fig. 4, an embodiment of the present invention provides a patch updating apparatus based on an agent. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware aspect, as shown in fig. 3, for a hardware architecture diagram of an electronic device where an agent-based patch updating apparatus according to an embodiment of the present invention is located, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, the electronic device where the apparatus is located in the embodiment may also include other hardware, such as a forwarding chip responsible for processing a message. Taking a software implementation as an example, as shown in fig. 4, as a logically meaningful device, the device is formed by reading a corresponding computer program in a nonvolatile memory into a memory by a CPU of an electronic device where the device is located and running the computer program. The patch updating device based on the proxy provided by the embodiment is located in a server, and the server is used for acting the internet access behavior of each terminal device; the agent-based patch updating apparatus includes:
a communication module 401, configured to receive a network traffic data packet returned from an external network after acting on the terminal device to access the external network;
a processing module 402, configured to determine whether the received network traffic data packet has a target data packet for patch update of a Windows system in a corresponding terminal device; if yes, analyzing the patch file and the patch information from the target data packet;
an updating module 403, configured to perform security check on the patch file, and update the patch update content to a preset patch library after the check is passed; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment;
the communication module 401 is further configured to respond to a received patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides a patch file updated by the Windows system for a terminal deployed in the intranet by using the target patch file.
In an embodiment of the present invention, when determining whether the received network traffic data packet has a target data packet for patch update of a Windows system in a corresponding terminal device, the processing module 402 is specifically configured to: determining whether a target data packet for patch updating of a Windows system in the terminal device exists in the network traffic data packet according to whether at least one of an IP address of a Microsoft server exists in the network traffic data packet, whether an HTTP domain name of the Microsoft server exists in the network traffic data packet, and whether patch information exists in the content of the network traffic data packet; and/or after determining the first target data packet according to at least one of whether the IP address of the Microsoft server exists in the network flow data packet, whether the HTTP domain name of the Microsoft server exists in the network flow data packet and whether the patch information exists in the content of the network flow data packet, determining the subsequent target data packet according to the data stream length specified by the protocol to which the network flow data packet belongs.
In an embodiment of the present invention, when the processing module 402 parses the patch file, it is specifically configured to: restoring files in TCP data streams corresponding to the TCP links based on the TCP links included in the received multiple target data packets to obtain patch files for updating the patch of the Windows system in the terminal equipment.
In an embodiment of the present invention, the updating module 403 is further configured to determine whether the patch file is stored in the patch library, and if not, update the patch update content to a preset patch library.
In one embodiment of the invention, the plurality of terminal devices cover a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
In an embodiment of the present invention, referring to fig. 5, the proxy-based patch updating apparatus further includes: a list establishing module 404, configured to establish a patch white list, and update the patch white list every time the patch library is updated; the patch white list comprises corresponding relations between different Windows system versions and patch information respectively;
the communication module 401 is further configured to respond to a received query request from an intranet server, and send the patch white list to the intranet server, so that the intranet server determines, according to the patch white list and a patch installation condition of a terminal deployed in an intranet, whether a patch file that needs to be updated exists, so as to request downloading of the patch file that needs to be updated; the patch installation condition comprises the following steps: and the version of the Windows system corresponding to the terminal deployed in the intranet and the patch information of the currently installed patch file.
It is to be understood that the schematic structure of the embodiment of the present invention does not form a specific limitation to an agent-based patch updating apparatus. In other embodiments of the invention, an agent-based patch updating apparatus may include more or fewer components than shown, or some components may be combined, or some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Because the content of information interaction, execution process, and the like among the modules in the device is based on the same concept as the method embodiment of the present invention, specific content can be referred to the description in the method embodiment of the present invention, and is not described herein again.
Referring to fig. 6, an embodiment of the present invention further provides an agent-based patch update system, including: a patch management server 601 and at least one proxy server 602; each proxy server is used for acting the internet surfing behavior of the corresponding terminal equipment;
the proxy server 602 is further configured to receive a network traffic data packet related to the proxied terminal device, and determine whether the received network traffic data packet is used for performing patch update of the Windows system on the corresponding terminal device; if yes, analyzing a patch file and patch information based on the received network traffic data packet;
the proxy server 602 is further configured to receive a network traffic data packet returned from the external network after the terminal device corresponding to the proxy accesses the external network, and determine whether the received network traffic data packet includes a target data packet for patch update of a Windows system in the corresponding terminal device; if the target data package exists, analyzing the patch file and the patch information from the target data package; reporting the patch updating content to the patch management server; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment;
the patch management server 601 is configured to perform security check on the patch file, and update the patch update content to a preset patch library after the check is passed; responding to a received patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by using the target patch file.
In an embodiment of the present invention, when determining whether a received network traffic data packet has a target data packet for patch update of a Windows system in a corresponding terminal device, the proxy server is specifically configured to determine whether the network traffic data packet has the target data packet for patch update of the Windows system in the terminal device according to whether at least one of an IP address of a microsoft server exists in the network traffic data packet, whether an HTTP domain name of the microsoft server exists in the network traffic data packet, and whether patch information exists in content of the network traffic data packet; and/or after determining the first target data packet according to at least one of whether the IP address of the Microsoft server exists in the network flow data packet, whether the HTTP domain name of the Microsoft server exists in the network flow data packet and whether the patch information exists in the content of the network flow data packet, determining the subsequent target data packet according to the data stream length specified by the protocol to which the network flow data packet belongs.
In an embodiment of the present invention, the proxy server is specifically configured to: restoring files in TCP data streams corresponding to the TCP links based on the TCP links included in the received multiple target data packets to obtain patch files for updating the patches of the Windows system in the terminal equipment.
In an embodiment of the present invention, the proxy server is further configured to determine whether the patch file needs to be reported to the patch management server, and if so, perform reporting of the patch update content to the patch management server.
In an embodiment of the present invention, when determining whether the patch file needs to be reported to the patch management server, the proxy server is specifically configured to calculate a hash value of the patch file, and send the hash value and/or patch information to the patch management server; when a reporting instruction sent by the patch management server is received, determining that the patch file needs to be uploaded to the patch management server;
and the patch management server is also used for receiving the hash value and/or the patch information sent by the proxy server, determining whether the patch file is stored in the patch library or not based on the hash value and/or the patch information, and if the patch file is not stored, sending a reporting instruction to the terminal equipment.
In one embodiment of the invention, the plurality of terminal devices cover a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
In an embodiment of the present invention, the patch management server is further configured to establish a patch white list, and update the patch white list whenever the patch library is updated; the patch white list comprises corresponding relations between different Windows system versions and patch information respectively; responding to a received query request of an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file needing to be updated exists according to the patch white list and a patch installation condition of a terminal deployed in an intranet, and requests to download the patch file needing to be updated; the patch installation condition comprises the following steps: and the version of the Windows system corresponding to the terminal deployed in the intranet and the patch information of the currently installed patch file.
The embodiment of the invention also provides electronic equipment which comprises a memory and a processor, wherein the memory stores a computer program, and when the processor executes the computer program, the patch updating method based on the agent in any embodiment of the invention is realized.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, causes the processor to execute an agent-based patch update method in any embodiment of the present invention.
Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion module is caused to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the embodiments described above.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a" \8230; "does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: ROM, RAM, magnetic or optical disks, etc. that can store program codes.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A patch updating method based on an agent is characterized in that the patch updating method is applied to a server, and the server is used for acting the internet access behavior of each terminal device; the method comprises the following steps:
receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network, and determining whether the received network flow data packet has a target data packet for patch updating of a Windows system in the corresponding terminal equipment; if the target data package exists, analyzing the patch file and the patch information from the target data package;
carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the check is passed; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment;
and responding to a received patch file downloading request sent by an intranet server, and sending a target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request so that the intranet server provides a patch file updated by a Windows system for a terminal deployed in an intranet by using the target patch file.
2. The method of claim 1,
the determining whether the received network traffic data packet has a target data packet for patch update of a Windows system in the corresponding terminal device includes: determining whether a target data packet for patch updating of a Windows system in the terminal equipment exists in the network traffic data packet or not according to at least one of whether an IP address of a Microsoft server exists in the network traffic data packet or not, whether an HTTP domain name of the Microsoft server exists in the network traffic data packet or not and whether patch information exists in the content of the network traffic data packet or not; and/or after determining a first target data packet according to at least one of whether the IP address of the Microsoft server exists in the network flow data packet, whether the HTTP domain name of the Microsoft server exists in the network flow data packet and whether patch information exists in the content of the network flow data packet, determining a subsequent target data packet according to the data stream length specified by the protocol to which the network flow data packet belongs;
and/or the presence of a gas in the atmosphere,
the analysis mode of the patch file comprises the following steps: restoring files in TCP data streams corresponding to TCP links based on the TCP links included in the received multiple target data packets to obtain patch files for updating patches of a Windows system in the terminal equipment;
and/or the presence of a gas in the gas,
before the updating of the patch updating content into the preset patch library, the method further includes: and determining whether the patch file is stored in the patch library, and if not, updating the patch updating content to a preset patch library.
3. The method of claim 1, wherein the plurality of terminal devices overlay a plurality of different versions of a Windows system; the patch library comprises patch files and patch information corresponding to different Windows system versions.
4. The method of claim 3,
further comprising: establishing a patch white list, and updating the patch white list after the patch library is updated; the patch white list comprises corresponding relations between different Windows system versions and patch information respectively;
before the response to the patch file downloading request sent by the intranet server is received, the method further includes: responding to a received inquiry request of an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file needing to be updated exists according to the patch white list and a patch installation condition of a terminal deployed in an intranet, and requests to download the patch file needing to be updated; the patch installation condition comprises the following steps: and the version of the Windows system corresponding to the terminal deployed in the intranet and the patch information of the currently installed patch file.
5. A patch updating device based on an agent is characterized in that the patch updating device is positioned in a server, and the server is used for acting the internet access behavior of each terminal device; the agent-based patch update apparatus includes:
the communication module is used for receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network;
the processing module is used for determining whether the received network flow data packet has a target data packet for patch updating of a Windows system in the corresponding terminal equipment; if yes, analyzing the patch file and the patch information from the target data packet;
the updating module is used for carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the check is passed; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment;
the communication module is also used for responding to a received patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides a patch file updated by the Windows system for a terminal deployed in the intranet by using the target patch file.
6. An agent-based patch update system, comprising: a patch management server and at least one proxy server; each proxy server is used for acting the internet access behavior of the corresponding terminal equipment;
the proxy server is also used for receiving a network flow data packet returned from the external network after the terminal equipment corresponding to the proxy accesses the external network, and determining whether the received network flow data packet has a target data packet for patch updating of a Windows system in the corresponding terminal equipment; if the target data package exists, analyzing the patch file and the patch information from the target data package; reporting the patch updating content to the patch management server; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment;
the patch management server is used for carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the check is passed; responding to a received patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides a patch file updated by the Windows system for a terminal deployed in the intranet by using the target patch file.
7. A patch update system as claimed in claim 6, wherein said plurality of terminal devices cover a plurality of different versions of the Windows system; the patch library comprises patch files and patch information corresponding to different Windows system versions.
8. An agent-based patch update system according to claim 7,
the patch management server is further configured to establish a patch white list, and update the patch white list every time the patch library is updated; the patch white list comprises corresponding relations between different Windows system versions and patch information respectively; responding to a received inquiry request of an intranet server, and sending the patch white list to the intranet server so that the intranet server determines whether a patch file needing to be updated exists according to the patch white list and a patch installation condition of a terminal deployed in an intranet, so as to request to download the patch file needing to be updated; the patch installation condition comprises the following steps: and the version of the Windows system corresponding to the terminal deployed in the intranet and the patch information of the currently installed patch file.
9. An electronic device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 1-4.
10. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-4.
CN202211021924.0A 2022-08-24 2022-08-24 Patch updating method, device, system, equipment and medium based on proxy Active CN115396535B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211021924.0A CN115396535B (en) 2022-08-24 2022-08-24 Patch updating method, device, system, equipment and medium based on proxy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211021924.0A CN115396535B (en) 2022-08-24 2022-08-24 Patch updating method, device, system, equipment and medium based on proxy

Publications (2)

Publication Number Publication Date
CN115396535A true CN115396535A (en) 2022-11-25
CN115396535B CN115396535B (en) 2024-02-23

Family

ID=84121945

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211021924.0A Active CN115396535B (en) 2022-08-24 2022-08-24 Patch updating method, device, system, equipment and medium based on proxy

Country Status (1)

Country Link
CN (1) CN115396535B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060028261A (en) * 2004-09-24 2006-03-29 한국전자통신연구원 Automatic patch management/distribution system and patch distribution method using the same
CN103560997A (en) * 2013-10-09 2014-02-05 北京奇虎科技有限公司 Application program download management method and device and download server
CN107329735A (en) * 2017-05-19 2017-11-07 北京北信源软件股份有限公司 A kind of intranet patch update method and device
CN109522042A (en) * 2018-12-27 2019-03-26 深信服科技股份有限公司 A kind of patch update method, system and associated component
CN110321710A (en) * 2019-07-05 2019-10-11 深信服科技股份有限公司 A kind of terminal loophole restorative procedure, system and associated component
CN110489154A (en) * 2019-06-25 2019-11-22 广州嘉为科技有限公司 A kind of method for repairing and mending based on windows operating system patch
KR20220046843A (en) * 2020-10-08 2022-04-15 주식회사 엑스게이트 Vulnerability detection method and vulnerability detection system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060028261A (en) * 2004-09-24 2006-03-29 한국전자통신연구원 Automatic patch management/distribution system and patch distribution method using the same
CN103560997A (en) * 2013-10-09 2014-02-05 北京奇虎科技有限公司 Application program download management method and device and download server
CN107329735A (en) * 2017-05-19 2017-11-07 北京北信源软件股份有限公司 A kind of intranet patch update method and device
CN109522042A (en) * 2018-12-27 2019-03-26 深信服科技股份有限公司 A kind of patch update method, system and associated component
CN110489154A (en) * 2019-06-25 2019-11-22 广州嘉为科技有限公司 A kind of method for repairing and mending based on windows operating system patch
CN110321710A (en) * 2019-07-05 2019-10-11 深信服科技股份有限公司 A kind of terminal loophole restorative procedure, system and associated component
KR20220046843A (en) * 2020-10-08 2022-04-15 주식회사 엑스게이트 Vulnerability detection method and vulnerability detection system

Also Published As

Publication number Publication date
CN115396535B (en) 2024-02-23

Similar Documents

Publication Publication Date Title
US8521909B2 (en) Inferring server state in a stateless communication protocol
US8856279B2 (en) Method and system for object prediction
EP2680624B1 (en) Method, system and device for improving security of terminal when surfing internet
US20150295988A1 (en) URL prefetching
EP3248330B1 (en) Method and system for isp network performance monitoring and fault detection
US7830895B2 (en) Packet communication apparatus with function enhancement module
US20100306339A1 (en) P2p content caching system and method
CN104396220A (en) Method and device for secure content retrieval
CN110858130B (en) Log printing method and system and server
US20080162690A1 (en) Application Management System
CN108540505B (en) Content updating method and device
US20120167222A1 (en) Method and apparatus for diagnosing malicous file, and method and apparatus for monitoring malicous file
CN113518077A (en) Malicious web crawler detection method, device, equipment and storage medium
CN113810381B (en) Crawler detection method, web application cloud firewall device and storage medium
JP4855420B2 (en) Unauthorized communication program regulation system and program
JP6973227B2 (en) Abnormal traffic analyzer, abnormal traffic analysis method and abnormal traffic analysis program
CN116088901A (en) Firmware upgrading method and device, electronic equipment and computer storage medium
CN115396535B (en) Patch updating method, device, system, equipment and medium based on proxy
CN113709136B (en) Access request verification method and device
CN113746851B (en) Proxy system and method supporting real-time analysis of GRPC request
CN115396427A (en) Patch updating method, device and system based on bypass monitoring
CN114157485A (en) Resource access method and device and electronic equipment
CN115391630A (en) WFP-based patch updating method and system
CN115329344A (en) Patch updating method and system based on hook function
CN115333954B (en) False address cloud analysis system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant