CN115396535B - Patch updating method, device, system, equipment and medium based on proxy - Google Patents

Patch updating method, device, system, equipment and medium based on proxy Download PDF

Info

Publication number
CN115396535B
CN115396535B CN202211021924.0A CN202211021924A CN115396535B CN 115396535 B CN115396535 B CN 115396535B CN 202211021924 A CN202211021924 A CN 202211021924A CN 115396535 B CN115396535 B CN 115396535B
Authority
CN
China
Prior art keywords
patch
data packet
server
updating
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211021924.0A
Other languages
Chinese (zh)
Other versions
CN115396535A (en
Inventor
谢正强
李林哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Antiy Network Technology Co Ltd
Original Assignee
Beijing Antiy Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Antiy Network Technology Co Ltd filed Critical Beijing Antiy Network Technology Co Ltd
Priority to CN202211021924.0A priority Critical patent/CN115396535B/en
Publication of CN115396535A publication Critical patent/CN115396535A/en
Application granted granted Critical
Publication of CN115396535B publication Critical patent/CN115396535B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/658Incremental updates; Differential updates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a patch updating method, a patch updating device and a patch updating system based on agents, which are applied to a server, wherein the server is used for acting the internet surfing behavior of each terminal device; the method comprises the following steps: receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network, and determining whether the network flow data packet has a target data packet for updating the patch of the Windows system in the corresponding terminal equipment; if so, analyzing the patch file and patch information from the target data packet; updating the patch library; responding to receiving a patch file downloading request sent by an intranet server; and sending the target patch file requested to be downloaded to the intranet server, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by utilizing the target patch file. According to the scheme, the patch file which is updated can be timely and easily obtained, so that the required patch file is provided for the terminal deployed in the intranet.

Description

Patch updating method, device, system, equipment and medium based on proxy
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a patch updating method, device, system, equipment and medium based on agents.
Background
The Windows system of the computer needs to update the patch in time so as to avoid the problems of loopholes and the like of the system installed on the terminal. At present, some enterprises in an intranet environment exist, and terminals in the enterprises cannot access the external Internet due to safety reasons, so that interruption occurs when the terminals update a system, and a series of potential safety hazards such as loopholes occur on the terminals instead.
The traditional method for updating the patch of the intranet terminal is to acquire updated patch files from the external network in a web crawler mode, further upload the crawled patch files to an intranet server deployed by an enterprise, and provide patch files for updating the patch files for the intranet terminal by the intranet server. However, the method has the advantages of difficult crawling and poor timeliness of obtaining the patch file.
Disclosure of Invention
The embodiment of the invention provides a patch updating method, a device, a system, equipment and a medium based on a proxy, which can timely and easily acquire updated patch files so as to provide required patch files for terminals deployed in an intranet.
In a first aspect, an embodiment of the present invention provides a patch update method based on proxy, which is applied to a server, where the server is used to proxy a surfing behavior of each terminal device; the method comprises the following steps:
Receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network, and determining whether the received network flow data packet has a target data packet for updating the patch of the Windows system in the corresponding terminal equipment; if so, analyzing the patch file and patch information from the target data packet;
performing security inspection on the patch file, and updating patch updating contents to a preset patch library after the inspection is passed; the patch updating content at least comprises the patch file, the patch information and a Windows system version of the corresponding terminal equipment;
and responding to a patch file downloading request sent by an intranet server, and sending a target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server can provide a patch file updated by a Windows system for a terminal deployed in the intranet by utilizing the target patch file.
In one possible implementation manner, the determining whether the received network traffic data packet includes a target data packet for patch update of the Windows system in the corresponding terminal device includes: determining whether a target data packet for updating the patch of the Windows system in the terminal device exists in the network traffic data packet according to whether at least one of the IP address of the Microsoft server exists in the network traffic data packet, whether the HTTP domain name of the Microsoft server exists in the network traffic data packet and whether patch information exists in the content of the network traffic data packet; and/or after determining the first target data packet according to at least one of whether the IP address of the Microsoft server exists in the network traffic data packet, whether the HTTP domain name of the Microsoft server exists in the network traffic data packet and whether patch information exists in the content of the network traffic data packet, determining the subsequent target data packet according to the data flow length specified by the protocol to which the network traffic data packet belongs;
And/or the number of the groups of groups,
the parsing method of the patch file comprises the following steps: restoring files in a TCP data stream corresponding to the TCP links based on the TCP links contained in the received target data packets to obtain patch files for updating patches of a Windows system in the terminal equipment;
and/or the number of the groups of groups,
before the updating of the patch updating content into the preset patch library, the method further comprises the following steps: and determining whether the patch file is stored in the patch library, and if not, updating the patch updating content into a preset patch library.
In one possible implementation, the plurality of terminal devices cover a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
In one possible implementation, the method further includes: establishing a patch white list, and updating the patch white list every time the patch library is updated; the patch white list comprises the corresponding relation between different Windows system versions and patch information respectively;
before the response to receiving the patch file downloading request sent by the intranet server, the method further comprises the following steps: responding to a query request received by an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file to be updated exists according to the patch white list and the patch installation condition of a terminal deployed in the intranet, so as to request to download the patch file to be updated; the patch installation case includes: the Windows system version corresponding to the terminal deployed in the intranet and the patch information of the current installed patch file.
In a second aspect, the embodiment of the present invention further provides a patch updating device based on proxy, which is located in a server, where the server is used to proxy the internet surfing behavior of each terminal device; the agent-based patch updating apparatus includes:
the communication module is used for receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network;
the processing module is used for determining whether the received network flow data packet has a target data packet for updating the patch of the Windows system in the corresponding terminal equipment; if so, analyzing the patch file and patch information from the target data packet;
the updating module is used for carrying out security inspection on the patch file, and updating patch updating contents into a preset patch library after the inspection is passed; the patch updating content at least comprises the patch file, the patch information and a Windows system version of the corresponding terminal equipment;
the communication module is also used for responding to the received patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by utilizing the target patch file.
In a third aspect, an embodiment of the present invention further provides a patch update system based on a proxy, including: a patch management server and at least one proxy server; each proxy server is used for proxy of the internet surfing behavior of the corresponding terminal equipment;
the proxy server is further configured to receive a network traffic data packet returned from the external network after the proxy corresponding to the terminal device accesses the external network, and determine whether the received network traffic data packet has a target data packet for patch update of the Windows system in the corresponding terminal device; if so, analyzing the patch file and patch information from the target data packet; reporting the patch updating content to the patch management server; the patch updating content at least comprises the patch file, the patch information and a Windows system version of the corresponding terminal equipment;
the patch management server is used for carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the patch file passes the security check; responding to a received patch file downloading request sent by an intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by utilizing the target patch file.
In one possible implementation, the plurality of terminal devices cover a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
In a possible implementation manner, the patch management server is further configured to establish a patch whitelist, and update the patch whitelist every time the patch library is updated; the patch white list comprises the corresponding relation between different Windows system versions and patch information respectively; responding to a query request received by an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file to be updated exists according to the patch white list and the patch installation condition of a terminal deployed in the intranet, so as to request to download the patch file to be updated; the patch installation case includes: the Windows system version corresponding to the terminal deployed in the intranet and the patch information of the current installed patch file.
In a fourth aspect, an embodiment of the present invention further provides an electronic device, including a memory and a processor, where the memory stores a computer program, and when the processor executes the computer program, the method described in any embodiment of the present specification is implemented.
In a fifth aspect, embodiments of the present invention further provide a computer readable storage medium having stored thereon a computer program, which when executed in a computer, causes the computer to perform a method according to any of the embodiments of the present specification.
The embodiment of the invention provides a patch updating method, a device, a system, equipment and a medium based on a proxy, wherein a network flow data packet returned from an external network after the terminal equipment accesses the external network can be received through the internet surfing behavior of each terminal equipment, whether the terminal equipment subjected to the proxy performs patch updating of a Windows system is determined based on the network flow data packet, when the condition that the network flow data exists a target data packet of the patch updating of the Windows system in the terminal equipment is determined, a patch file and patch information can be obtained from the target data packet so as to update the target data packet into a preset patch library, the patch file is managed by the patch library, so that a required patch file is provided for an intranet server, and the intranet server further provides the patch updating of the Windows system for the terminal deployed in the intranet. In the scheme, whether the patch update of the Windows system is carried out on the terminal equipment is monitored through the network flow data packet received in the proxy mode, so that the difficulty is low; and when the patch updating of the Windows system is determined by the terminal equipment, the patch file can be quickly updated into the patch library, so that the patch file in the patch library is up to date, and the timeliness of acquiring the patch file required by the intranet terminal is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a block diagram of a patch update system according to one embodiment of the present invention;
FIG. 2 is a flowchart of a patch update method based on a proxy according to an embodiment of the present invention;
FIG. 3 is a hardware architecture diagram of an electronic device according to an embodiment of the present invention;
FIG. 4 is a block diagram of a patch update apparatus based on a proxy according to an embodiment of the present invention;
FIG. 5 is a block diagram of another proxy-based patch update apparatus according to one embodiment of the present invention;
fig. 6 is a block diagram of a patch update system based on a proxy according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by those skilled in the art without making any inventive effort based on the embodiments of the present invention are within the scope of protection of the present invention.
As described above, the updated patch file is obtained from the external network through the web crawler, if the latest patch file needs to be obtained in time, the web crawler needs to be continuously performed, and the web crawler is not only high in cost but also difficult to crawl, for example, network supervision exists, so that the web crawler can be forbidden. Therefore, the latest patch file can not be timely crawled, and the timeliness is poor, so that the required patch file can not be provided for the terminal deployed in the intranet, and the safety of the intranet terminal is affected.
Based on the above problems, the invention concept of the present invention is: the method comprises the steps that patch files are obtained from terminal equipment in a networking state, when the terminal equipment carries out patch updating of a Windows system, the patch files are required to be downloaded by network traffic data packets transmitted through a network link, network traffic data packets returned from an external network after the agent terminal equipment accesses the external network can be obtained in an on-line agent mode to monitor the terminal equipment, when the terminal equipment carries out patch updating of the Windows system, patch files updated by the patch files are obtained, a patch library is updated rapidly, therefore, the required patch files can be provided for terminals managed by an intranet server, and the safety of intranet terminals is guaranteed.
Based on the above conception, the system architecture of the embodiment of the present invention will be described.
Referring to fig. 1, an embodiment of the present invention provides a patch update system, including: a patch management server 10 and at least one proxy server 20. Wherein the patch management server 10 may be connected to each proxy server 20 as needed. The patch management server 10 may be connected to the intranet server 30 when necessary, and the intranet server 30 is connected to a plurality of terminals 40 through the intranet, and the plurality of terminals 40 are deployed in an intranet environment. The proxy server 20 is connected in parallel to the network links of the plurality of terminal devices 50 for monitoring the transmission of network traffic packets between each terminal device 50 and the microsoft server 60.
In the embodiment of the invention, the patch management server and the proxy server can be realized by the same physical server or different physical servers.
Specific implementations of the above concepts are described below.
Referring to fig. 2, an embodiment of the present invention provides a patch update method based on proxy, which is applied to a server, where the server is used to proxy the internet surfing behavior of each terminal device; the method comprises the following steps:
Step 200, receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network, and determining whether the received network flow data packet has a target data packet for updating the patch of the Windows system in the corresponding terminal equipment; if so, analyzing the patch file and the patch information from the target data packet.
The Server in the embodiment of the invention is used for realizing the function of a Proxy Server (Proxy Server), wherein the Proxy Server is a Proxy terminal device for acquiring network information and is an intermediate Proxy mechanism between a personal network and an Internet service provider and responsible for forwarding legal network information and controlling and registering the forwarding. In addition, the server needs to perform security check, cache, content filtering and other functions on the received network traffic data packet in the process of proxy internet surfing for the terminal equipment. Therefore, in the process of realizing the proxy service, whether the terminal equipment carries out patch updating of the Windows system can be additionally monitored.
In one embodiment of the present invention, whether the corresponding terminal device performs patch update of the Windows system may be determined by determining whether a target packet for patch update of the Windows system in the corresponding terminal device exists in the network traffic packet, and if so, determining that the corresponding terminal device performs patch update of the Windows system.
In one embodiment of the present invention, the manner of determining whether the network traffic packet has the target packet for patch update of the Windows system in the terminal device may be at least one of the following manners:
mode 1, determining whether a network traffic data packet has a target data packet for updating a patch of a Windows system in the terminal device according to whether the network traffic data packet has an IP address of a microsoft server.
And 2, determining whether the network flow data packet has a target data packet for updating the patch of the Windows system in the terminal equipment according to whether the HTTP domain name of the Microsoft server exists in the network flow data packet.
And 3, determining whether the network flow data packet has a target data packet for updating the patch of the Windows system in the terminal equipment according to whether the patch information exists in the content of the network flow data packet.
Mode 4, after determining the first target packet by using at least one of the above three modes, determining the subsequent target packet according to the data flow length specified by the protocol to which the network traffic packet belongs.
When the terminal equipment updates the patch of the Windows system, the connection between the proxy server and the Microsoft server is required to be established so as to acquire the patch file from the Microsoft server. Therefore, in modes 1 and 2, the IP address of the microsoft server and/or the HTTP domain name of the microsoft server may be preset, and when it is determined that the IP address and/or the HTTP domain name in the network traffic packet is the IP address of the microsoft server and/or the HTTP domain name of the microsoft server, it is determined that the network traffic packet has a target packet for patch update of the Windows system in the corresponding terminal device.
In mode 3, the content of the network traffic packet may be parsed to determine whether patch information exists in the parsed content, and if patch information exists, it is determined that a target packet for patch update of the Windows system in the corresponding terminal device exists in the network traffic packet.
It should be noted that, in the above embodiment 1 or embodiment 2, when it is determined that the IP address in the network traffic packet is the IP address of the microsoft server or the HTTP domain name of the microsoft server, the embodiment 3 may be further utilized to determine whether patch information exists in the content of the network traffic packet, so as to determine whether a target packet for patch update of the Windows system in the terminal device exists in the network traffic packet, thereby further improving the accuracy of determination.
In the embodiment 4, since the data transmission protocol defines the length of the data stream to be transmitted, after the first target packet is determined by any one of the above three methods, if the length of the first target packet does not reach the data stream length defined by the protocol to which the network traffic packet belongs, the target packet also exists in the subsequent network traffic packet, and therefore, the determination of the subsequent target data can be determined according to the data stream length defined by the protocol to which the network traffic packet belongs, and the determination speed of the target packet can be improved.
Whether the target data packet exists in the network traffic data packet or not is determined by adopting the mode, if the target data packet for updating the patch of the Windows system in the terminal equipment does not exist in the network traffic data packet, the network traffic data packet is not processed; if the network flow data packet contains a target data packet for updating the patch of the Windows system in the terminal equipment, the patch file and the patch information are analyzed from the target data packet.
Further, the parsing method of the patch file may include: and restoring the file in the TCP data stream corresponding to the TCP links based on the TCP links contained in the received target data packets to obtain patch files for updating the patches of the Windows system in the terminal equipment.
In the proxy mode, the proxy server is an Http proxy, so that the received network traffic data packet includes a TCP link, and therefore, the data packet is not required to be reorganized, and the TCP data stream corresponding to the TCP link is directly subjected to file restoration, so that the patch file is obtained.
It should be noted that, the patch information may also be parsed from the header of the target data packet. In the embodiment of the present invention, the patch information may include: the method comprises the steps of an operating system to which the patch belongs, a patch list, hardware information and drivers, a patch acquisition path and official information of a patch file.
Step 202, performing security inspection on the patch file, and updating patch updating contents to a preset patch library after the inspection is passed; the patch updating content at least comprises the patch file, the patch information and the Windows system version of the corresponding terminal equipment.
In one embodiment of the invention, when the security inspection is performed on the patch file, the threat information center and various antivirus engines can be butted to the outside, and the threat information center and the various antivirus engines are utilized to perform the legal and security inspection on the patch file so as to ensure the security of the patch file.
Because the proxy server is used for proxy to the internet surfing behavior of a plurality of terminal devices, when the patch update of the Windows system is determined for any one terminal device, the patch file corresponding to the patch update can be obtained. The patch library only needs to maintain one patch file with the same Windows system version, and repeated storage is not needed. Thus, in one embodiment of the present invention, before updating the patch update content to the preset patch library, the method may further include: and determining whether the patch file is stored in the patch library, and if not, updating the patch updating content into a preset patch library.
In one embodiment of the present invention, whether the patch file is stored in the patch library may be determined by comparing the hash value of the patch file and/or the patch information.
When determining whether the patch file is stored in the patch library in a hash value mode, specifically, the server calculates a hash value for each patch file stored in the patch library in advance to form a hash value list; after a new patch file is obtained, calculating a hash value of the new patch file, if the hash value of the new patch file exists in the hash value list, indicating that the patch file is stored in a patch library, otherwise, indicating that the patch file is not stored in the patch library.
When determining whether the patch file is stored in the patch library by using the patch information mode, specifically, the server can compare the parsed patch information with the patch information stored in the patch library, if the patch information exists in the patch library, the patch information indicates that the patch file is already stored in the patch library, otherwise, the server indicates that the patch file is not stored in the patch library.
In one embodiment of the present invention, the Windows system versions of the terminal device are more, the types of patch files are complex, and the Windows system versions correspond to the patch files, so that the Windows system versions of the corresponding terminal device need to be acquired to be stored in the patch library together with the patch files and patch information.
The Windows system version may be Windows XP, windows Vista, windows 7, windows 8/Windows 8.1, windows 10, windows 11, etc.
Further, the patch library needs to provide the required patch files for the terminal managed by the intranet server, and the terminal managed by the intranet server may correspond to multiple Windows system versions, so in order to enrich the Windows system versions corresponding to the patch files in the patch library, multiple terminal devices proxied by the server cover multiple different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
And 204, in response to receiving a patch file downloading request sent by an intranet server, sending a target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides a patch file updated by a Windows system for a terminal deployed in an intranet by using the target patch file.
The intranet server is deployed inside an enterprise and is used for providing patch updating of the Windows system for terminals deployed in the intranet. The server provides service for the intranet server to download the required patch files.
In order to improve user experience and ensure timeliness of updating the intranet terminal patch, in one embodiment of the present invention, the method may further include: establishing a patch white list, and updating the patch white list after receiving patch updating contents reported by terminal equipment every time; the patch white list comprises the corresponding relation between different Windows system versions and patch information. The patch white list may include only the latest patch information for the same version of the Windows system, or may include the latest patch information and the historical patch information, so as to allow the intranet server to select.
Before the response to receiving the patch file downloading request sent by the intranet server, the method further comprises the following steps: responding to a query request received by an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file to be updated exists according to the patch white list and the patch installation condition of a terminal deployed in the intranet, so as to request to download the patch file to be updated; the patch installation case includes: the Windows system version corresponding to the terminal deployed in the intranet and the patch information of the current installed patch file.
Specifically, the intranet server may learn the patch installation condition of the intranet terminal in advance, and determine whether a patch file that needs to be updated exists according to the received patch white list. The patch file to be updated may be a patch file corresponding to the latest patch information or a patch file corresponding to the historical patch information.
When the intranet server determines that the patch file to be updated exists, a patch file downloading request is sent to the server, and the patch file downloading request carries the Windows system version and patch information.
In the embodiment of the invention, the intranet server can periodically send a query request to the server to determine whether the patch file needing to be updated exists.
Further, the server can classify the patch files according to the emergency degree, and when the emergency degree meets the set condition, the corresponding patch files can be directly sent to the intranet server, so that the intranet server can timely provide patch update of the Windows system for the terminal of the intranet, and the safety of the terminal of the intranet is guaranteed.
In addition, after the intranet server acquires the patch file to be updated, the intranet server can control the client to update the patch in a proper time period.
In the embodiment of the invention, whether the terminal equipment performs patch updating of the Windows system is monitored in the process of proxy terminal equipment surfing the Internet, the patch file of the terminal equipment is obtained, and further the patch library is updated, so that the patch library can provide the required patch file for an intranet server in time, and further the intranet server can provide patch updating of the Windows system for the terminal deployed in the intranet, thereby guaranteeing the security of the terminal of the intranet.
As shown in fig. 3 and 4, an embodiment of the present invention provides a patch updating apparatus based on a proxy. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. In terms of hardware, as shown in fig. 3, a hardware architecture diagram of an electronic device where a patch updating apparatus based on a proxy is located according to an embodiment of the present invention is shown, where the electronic device where the embodiment is located may include other hardware, such as a forwarding chip responsible for processing a message, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3. For example, as shown in fig. 4, the device in a logic sense is formed by reading a corresponding computer program in a nonvolatile memory into a memory by a CPU of an electronic device where the device is located. The patch updating device based on the proxy is located in a server, and the server is used for proxy of the internet surfing behavior of each terminal device; the agent-based patch updating apparatus includes:
A communication module 401, configured to receive a network traffic packet returned from the external network after the terminal device accesses the external network;
a processing module 402, configured to determine whether the received network traffic data packet has a target data packet for patch update of the Windows system in the corresponding terminal device; if so, analyzing the patch file and patch information from the target data packet;
the updating module 403 is configured to perform security check on the patch file, and update patch update contents to a preset patch library after the check is passed; the patch updating content at least comprises the patch file, the patch information and a Windows system version of the corresponding terminal equipment;
the communication module 401 is further configured to respond to receiving a patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by utilizing the target patch file.
In one embodiment of the present invention, the processing module 402 is specifically configured to, when determining whether the received network traffic data packet includes a target data packet for patch update of the Windows system in the corresponding terminal device: determining whether a target data packet for updating the patch of the Windows system in the terminal device exists in the network traffic data packet according to whether at least one of the IP address of the Microsoft server exists in the network traffic data packet, whether the HTTP domain name of the Microsoft server exists in the network traffic data packet and whether patch information exists in the content of the network traffic data packet; and/or after determining the first target data packet according to at least one of whether the IP address of the Microsoft server exists in the network traffic data packet, whether the HTTP domain name of the Microsoft server exists in the network traffic data packet and whether patch information exists in the content of the network traffic data packet, determining the subsequent target data packet according to the data flow length specified by the protocol to which the network traffic data packet belongs.
In one embodiment of the present invention, the processing module 402 is specifically configured to, when parsing the patch file: and restoring the file in the TCP data stream corresponding to the TCP links based on the TCP links contained in the received target data packets to obtain patch files for updating the patches of the Windows system in the terminal equipment.
In one embodiment of the present invention, the updating module 403 is further configured to determine whether the patch file is stored in the patch library, and if not, update the patch update content to a preset patch library.
In one embodiment of the present invention, the plurality of terminal devices cover a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
In one embodiment of the present invention, referring to fig. 5, the patch updating apparatus based on the proxy further includes: a list building module 404, configured to build a patch white list, and update the patch white list every time the patch library is updated; the patch white list comprises the corresponding relation between different Windows system versions and patch information respectively;
the communication module 401 is further configured to respond to receiving a query request from an intranet server, and send the patch white list to the intranet server, so that the intranet server determines whether a patch file to be updated exists according to the patch white list and a patch installation condition of a terminal deployed in an intranet, so as to request downloading of the patch file to be updated; the patch installation case includes: the Windows system version corresponding to the terminal deployed in the intranet and the patch information of the current installed patch file.
It should be understood that the architecture illustrated in the embodiments of the present invention is not limited to a particular type of agent-based patch updating device. In other embodiments of the invention, a proxy-based patch updating apparatus may include more or fewer components than shown, or may combine certain components, or may split certain components, or may have a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
Referring to fig. 6, an embodiment of the present invention further provides a patch update system based on a proxy, including: a patch management server 601 and at least one proxy server 602; each proxy server is used for proxy of the internet surfing behavior of the corresponding terminal equipment;
the proxy server 602 is further configured to receive a network traffic data packet related to the proxied terminal device, and determine whether the received network traffic data packet is used for patch update of the Windows system by the corresponding terminal device; if yes, analyzing the patch file and patch information based on the received network flow data packet;
The proxy server 602 is further configured to receive a network traffic data packet returned from the external network after accessing the external network by the proxy corresponding terminal device, and determine whether the received network traffic data packet has a target data packet for patch update of the Windows system in the corresponding terminal device; if so, analyzing the patch file and patch information from the target data packet; reporting the patch updating content to the patch management server; the patch updating content at least comprises the patch file, the patch information and a Windows system version of the corresponding terminal equipment;
the patch management server 601 is configured to perform security check on the patch file, and update patch update contents to a preset patch library after the security check is passed; responding to a received patch file downloading request sent by an intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by utilizing the target patch file.
In one embodiment of the present invention, when determining whether the received network traffic data packet has a target data packet for patch update of the Windows system in the corresponding terminal device, the proxy server is specifically configured to determine whether the network traffic data packet has a target data packet for patch update of the Windows system in the terminal device according to whether the network traffic data packet has at least one of an IP address of a microsoft server, an HTTP domain name of the microsoft server, and patch information in content of the network traffic data packet; and/or after determining the first target data packet according to at least one of whether the IP address of the Microsoft server exists in the network traffic data packet, whether the HTTP domain name of the Microsoft server exists in the network traffic data packet and whether patch information exists in the content of the network traffic data packet, determining the subsequent target data packet according to the data flow length specified by the protocol to which the network traffic data packet belongs.
In one embodiment of the present invention, the proxy server is specifically configured to, when parsing a patch file: and restoring the file in the TCP data stream corresponding to the TCP links based on the TCP links contained in the received target data packets to obtain patch files for updating the patches of the Windows system in the terminal equipment.
In one embodiment of the present invention, the proxy server is further configured to determine whether the patch file needs to be reported to the patch management server, and if so, execute the reporting of the patch update content to the patch management server.
In one embodiment of the present invention, when determining whether the patch file needs to be reported to the patch management server, the proxy server is specifically configured to calculate a hash value of the patch file, and send the hash value and/or patch information to the patch management server; when a report instruction sent by the patch management server is received, determining that the patch file needs to be uploaded to the patch management server;
the patch management server is further configured to receive the hash value and/or the patch information sent by the proxy server, determine whether the patch file is stored in the patch library based on the hash value and/or the patch information, and if not, send a report instruction to the terminal device.
In one embodiment of the present invention, the plurality of terminal devices cover a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
In one embodiment of the present invention, the patch management server is further configured to establish a patch whitelist, and update the patch whitelist every time the patch library is updated; the patch white list comprises the corresponding relation between different Windows system versions and patch information respectively; responding to a query request received by an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file to be updated exists according to the patch white list and the patch installation condition of a terminal deployed in the intranet, so as to request to download the patch file to be updated; the patch installation case includes: the Windows system version corresponding to the terminal deployed in the intranet and the patch information of the current installed patch file.
The embodiment of the invention also provides electronic equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the patch updating method based on the agent in any embodiment of the invention when executing the computer program.
Embodiments of the present invention also provide a computer readable storage medium having a computer program stored thereon, which when executed by a processor causes the processor to perform a proxy-based patch updating method according to any of the embodiments of the present invention.
Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium may realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code form part of the present invention.
Examples of the storage medium for providing the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD+RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer by a communication network.
Further, it should be apparent that the functions of any of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform part or all of the actual operations based on the instructions of the program code.
Further, it is understood that the program code read out by the storage medium is written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion module connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion module is caused to perform part and all of actual operations based on instructions of the program code, thereby realizing the functions of any of the above embodiments.
It is noted that relational terms such as first and second, and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of additional identical elements in a process, method, article or apparatus that comprises the element.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: various media in which program code may be stored, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. The patch updating method based on the agent is characterized by being applied to a server, wherein the server is used for acting the internet surfing behavior of each terminal device deployed in the external network; the method comprises the following steps:
Receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network, and determining whether the received network flow data packet has a target data packet for updating the patch of the Windows system in the corresponding terminal equipment; if so, analyzing the patch file and patch information from the target data packet;
performing security inspection on the patch file, and updating patch updating contents to a preset patch library after the inspection is passed; the patch updating content at least comprises the patch file, the patch information and a Windows system version of the corresponding terminal equipment;
and responding to a patch file downloading request sent by an intranet server, and sending a target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server can provide a patch file updated by a Windows system for a terminal deployed in the intranet by utilizing the target patch file.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the determining whether the received network traffic data packet has a target data packet for updating the patch of the Windows system in the corresponding terminal device includes: determining whether a target data packet for updating the patch of the Windows system in the terminal device exists in the network traffic data packet according to whether at least one of the IP address of the Microsoft server exists in the network traffic data packet, whether the HTTP domain name of the Microsoft server exists in the network traffic data packet and whether patch information exists in the content of the network traffic data packet; and/or after determining the first target data packet according to at least one of whether the IP address of the Microsoft server exists in the network traffic data packet, whether the HTTP domain name of the Microsoft server exists in the network traffic data packet and whether patch information exists in the content of the network traffic data packet, determining the subsequent target data packet according to the data flow length specified by the protocol to which the network traffic data packet belongs;
And/or the number of the groups of groups,
the parsing method of the patch file comprises the following steps: restoring files in a TCP data stream corresponding to the TCP links based on the TCP links contained in the received target data packets to obtain patch files for updating patches of a Windows system in the terminal equipment;
and/or the number of the groups of groups,
before the updating of the patch updating content into the preset patch library, the method further comprises the following steps: and determining whether the patch file is stored in the patch library, and if not, updating the patch updating content into a preset patch library.
3. The method of claim 1, wherein a plurality of terminal devices overlay a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
4. The method of claim 3, wherein the step of,
further comprises: establishing a patch white list, and updating the patch white list every time the patch library is updated; the patch white list comprises the corresponding relation between different Windows system versions and patch information respectively;
before the response to receiving the patch file downloading request sent by the intranet server, the method further comprises the following steps: responding to a query request received by an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file to be updated exists according to the patch white list and the patch installation condition of a terminal deployed in the intranet, so as to request to download the patch file to be updated; the patch installation case includes: the Windows system version corresponding to the terminal deployed in the intranet and the patch information of the current installed patch file.
5. A patch updating device based on an agent, which is characterized by being located in a server, wherein the server is used for agent deployment of internet surfing behavior of each terminal device of an external network; the agent-based patch updating apparatus includes:
the communication module is used for receiving a network flow data packet returned from the external network after the terminal equipment accesses the external network;
the processing module is used for determining whether the received network flow data packet has a target data packet for updating the patch of the Windows system in the corresponding terminal equipment; if so, analyzing the patch file and patch information from the target data packet;
the updating module is used for carrying out security inspection on the patch file, and updating patch updating contents into a preset patch library after the inspection is passed; the patch updating content at least comprises the patch file, the patch information and a Windows system version of the corresponding terminal equipment;
the communication module is also used for responding to the received patch file downloading request sent by the intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by utilizing the target patch file.
6. A proxy-based patch update system, comprising: a patch management server and at least one proxy server; each proxy server is used for proxy deployment of the internet surfing behavior of the corresponding terminal equipment of the external network;
the proxy server is further configured to receive a network traffic data packet returned from the external network after the proxy corresponding to the terminal device accesses the external network, and determine whether the received network traffic data packet has a target data packet for patch update of the Windows system in the corresponding terminal device; if so, analyzing the patch file and patch information from the target data packet; reporting the patch updating content to the patch management server; the patch updating content at least comprises the patch file, the patch information and a Windows system version of the corresponding terminal equipment;
the patch management server is used for carrying out security check on the patch file, and updating patch updating contents into a preset patch library after the patch file passes the security check; responding to a received patch file downloading request sent by an intranet server; and sending the target patch file requested to be downloaded to the intranet server according to the patch library and the downloading request, so that the intranet server provides the patch file updated by the Windows system for the terminal deployed in the intranet by utilizing the target patch file.
7. The proxy-based patch update system of claim 6, wherein a plurality of terminal devices overlay a plurality of different Windows system versions; the patch library comprises patch files and patch information corresponding to different Windows system versions.
8. The agent-based patch update system of claim 7, wherein,
the patch management server is further configured to establish a patch white list, and update the patch white list every time the patch library is updated; the patch white list comprises the corresponding relation between different Windows system versions and patch information respectively; responding to a query request received by an intranet server, and sending the patch white list to the intranet server, so that the intranet server determines whether a patch file to be updated exists according to the patch white list and the patch installation condition of a terminal deployed in the intranet, so as to request to download the patch file to be updated; the patch installation case includes: the Windows system version corresponding to the terminal deployed in the intranet and the patch information of the current installed patch file.
9. An electronic device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the method of any of claims 1-4 when the computer program is executed.
10. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-4.
CN202211021924.0A 2022-08-24 2022-08-24 Patch updating method, device, system, equipment and medium based on proxy Active CN115396535B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211021924.0A CN115396535B (en) 2022-08-24 2022-08-24 Patch updating method, device, system, equipment and medium based on proxy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211021924.0A CN115396535B (en) 2022-08-24 2022-08-24 Patch updating method, device, system, equipment and medium based on proxy

Publications (2)

Publication Number Publication Date
CN115396535A CN115396535A (en) 2022-11-25
CN115396535B true CN115396535B (en) 2024-02-23

Family

ID=84121945

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211021924.0A Active CN115396535B (en) 2022-08-24 2022-08-24 Patch updating method, device, system, equipment and medium based on proxy

Country Status (1)

Country Link
CN (1) CN115396535B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060028261A (en) * 2004-09-24 2006-03-29 한국전자통신연구원 Automatic patch management/distribution system and patch distribution method using the same
CN103560997A (en) * 2013-10-09 2014-02-05 北京奇虎科技有限公司 Application program download management method and device and download server
CN107329735A (en) * 2017-05-19 2017-11-07 北京北信源软件股份有限公司 A kind of intranet patch update method and device
CN109522042A (en) * 2018-12-27 2019-03-26 深信服科技股份有限公司 A kind of patch update method, system and associated component
CN110321710A (en) * 2019-07-05 2019-10-11 深信服科技股份有限公司 A kind of terminal loophole restorative procedure, system and associated component
CN110489154A (en) * 2019-06-25 2019-11-22 广州嘉为科技有限公司 A kind of method for repairing and mending based on windows operating system patch
KR20220046843A (en) * 2020-10-08 2022-04-15 주식회사 엑스게이트 Vulnerability detection method and vulnerability detection system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060028261A (en) * 2004-09-24 2006-03-29 한국전자통신연구원 Automatic patch management/distribution system and patch distribution method using the same
CN103560997A (en) * 2013-10-09 2014-02-05 北京奇虎科技有限公司 Application program download management method and device and download server
CN107329735A (en) * 2017-05-19 2017-11-07 北京北信源软件股份有限公司 A kind of intranet patch update method and device
CN109522042A (en) * 2018-12-27 2019-03-26 深信服科技股份有限公司 A kind of patch update method, system and associated component
CN110489154A (en) * 2019-06-25 2019-11-22 广州嘉为科技有限公司 A kind of method for repairing and mending based on windows operating system patch
CN110321710A (en) * 2019-07-05 2019-10-11 深信服科技股份有限公司 A kind of terminal loophole restorative procedure, system and associated component
KR20220046843A (en) * 2020-10-08 2022-04-15 주식회사 엑스게이트 Vulnerability detection method and vulnerability detection system

Also Published As

Publication number Publication date
CN115396535A (en) 2022-11-25

Similar Documents

Publication Publication Date Title
US11457080B1 (en) Service mesh management
US11481498B2 (en) Continuous vulnerability management for modern applications
US10931730B2 (en) Method and system for ISP network performance monitoring and fault detection
US20180069916A1 (en) Network-aware structured content downloads
CN112534432A (en) Real-time mitigation of unfamiliar threat scenarios
US10158733B2 (en) Automated DPI process
US20220353293A1 (en) Identification of triggering events correlated with dns requests for increased security
US20150358343A1 (en) Detection and classification of malicious clients based on message alphabet analysis
CN110290114B (en) Vulnerability automatic protection method and system based on early warning information
CN113518077A (en) Malicious web crawler detection method, device, equipment and storage medium
KR101190564B1 (en) Improper communication program restriction system and computer readable medium
US20140052851A1 (en) Systems and methods for discovering sources of online content
US20090299698A1 (en) Co-Resident Software Performance Tracking
CN115396535B (en) Patch updating method, device, system, equipment and medium based on proxy
US10614482B2 (en) Attribution of a new application installation on a mobile device by analyzing network traffic of the device
JP2010113380A (en) Test base apparatus, test base program, test base method
CN108259416B (en) Method for detecting malicious webpage and related equipment
EP4104414B1 (en) End user security manager
KR101369459B1 (en) Method, server, terminal, and recording medium for managing game records
CN115776395A (en) HTTP request smuggling vulnerability detection method and system based on response time
CN114157485A (en) Resource access method and device and electronic equipment
CN115391630A (en) WFP-based patch updating method and system
CN115329344A (en) Patch updating method and system based on hook function
CN115333954B (en) False address cloud analysis system
CN115022082B (en) Network security detection method, network security detection system, terminal and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant