CN116432173A - Method, device and medium for preventing malicious encryption of object storage - Google Patents
Method, device and medium for preventing malicious encryption of object storage Download PDFInfo
- Publication number
- CN116432173A CN116432173A CN202310416604.3A CN202310416604A CN116432173A CN 116432173 A CN116432173 A CN 116432173A CN 202310416604 A CN202310416604 A CN 202310416604A CN 116432173 A CN116432173 A CN 116432173A
- Authority
- CN
- China
- Prior art keywords
- request
- encryption
- storage
- malicious
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 241000700605 Viruses Species 0.000 claims abstract description 64
- 238000012545 processing Methods 0.000 claims abstract description 25
- 238000004590 computer program Methods 0.000 claims description 16
- 238000012544 monitoring process Methods 0.000 claims description 15
- 230000002265 prevention Effects 0.000 abstract description 7
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device and a medium for preventing malicious encryption of object storage, and relates to the technical field of distributed storage. The method is applied to the storage barrel, and requests sent by the client are monitored and analyzed; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
Description
Technical Field
The present invention relates to the field of distributed storage technologies, and in particular, to a method, an apparatus, and a medium for preventing malicious encryption of object storage.
Background
In the big data age, object storage service (Object Storage Service, OSS) is an emerging mass, secure, low cost, highly reliable storage service suitable for storing any type of file. The virus lux means is a behavior of encrypting data, then luxing the owner of the data, and returning the data after obtaining the reward. As digitization progresses, lux attacks have become a major threat to current network security.
The conventional means for preventing the lux virus in the object storage is a Write Once Read Many (WORM) method, and the data can only be read after being written, and writing operations such as writing, overwriting, and the like cannot be performed. The method aims at static data, namely data which does not need to be changed, and can avoid the data from being tampered or encrypted by viruses to a great extent; however, the present invention is not suitable for the protection against the luxury virus for dynamic data, that is, data that requires additional writing, particularly for dynamic data such as video data that requires a large number of additional writing operations.
In view of the above, how to effectively prevent malicious encryption of an object storage by the lux virus is a problem to be solved by those skilled in the art.
Disclosure of Invention
The purpose of the application is to provide a method, a device and a medium for preventing malicious encryption of object storage, so as to effectively prevent the malicious encryption of the object storage by the Lesovirus.
In order to solve the technical problems, the application provides a method for preventing malicious encryption of object storage, which is applied to a storage bucket; the method comprises the following steps:
monitoring and analyzing a request sent by a client; wherein the request is an operation request for an object;
judging whether the request is an encryption request or not;
if yes, alarming is carried out;
if not, executing the request and encrypting the object.
Preferably, the alerting includes:
resolving information in the request; wherein the information comprises a request operation, a request IP, an encryption key and an operation object;
judging whether the information exists in the virus library;
if yes, alarming is carried out;
if not, storing the information into the virus library, and alarming.
Preferably, after said encrypting the object, further comprises:
the metadata attribute of the object is changed to prohibit external encryption.
Preferably, when the request is the encryption request, further comprising:
judging whether the request times of the encryption requests in a first preset period are larger than a threshold value or not;
if yes, malicious attack warning information is output.
Preferably, when the request is the encryption request, further comprising:
a log is generated that records the encrypted request.
Preferably, after said storing said information in said virus library, further comprising:
and updating the virus library according to a second preset period.
Preferably, after said encrypting the object, further comprises:
a processing log of the request to the client is generated.
In order to solve the technical problems, the application also provides a device for preventing malicious encryption of object storage, which is applied to a storage bucket; the device comprises:
the monitoring and analyzing module is used for monitoring and analyzing the request sent by the client; wherein the request is an operation request for an object;
the judging module is used for judging whether the request is an encryption request or not; if yes, triggering an alarm module, and if not, triggering an execution module;
the alarm module is used for giving an alarm;
the execution module is used for executing the request and encrypting the object.
Preferably, the alarm module includes:
the information analysis module is used for analyzing the information in the request; wherein the information comprises a request operation, a request IP, an encryption key and an operation object;
the information judging module is used for judging whether the information exists in the virus library; if yes, alarming is carried out; if not, storing the information into the virus library, and alarming.
Preferably, the method further comprises:
and the attribute changing module is used for changing the metadata attribute of the object to prohibit external encryption.
Preferably, the method further comprises:
the request number judging module is used for judging whether the request number of the encryption request is larger than a threshold value in a first preset period when the request is the encryption request; if yes, triggering a malicious attack alarm module;
the malicious attack warning module is used for outputting malicious attack warning information.
Preferably, the method further comprises:
and the request log generation module is used for generating a log for recording the encryption request when the request is the encryption request.
Preferably, the method further comprises:
and the virus library updating module is used for updating the virus library according to a second preset period after the information is stored in the virus library.
Preferably, the method further comprises:
and the processing log generation module is used for generating a processing log of the request of the client after the object is encrypted.
In order to solve the above technical problem, the present application further provides another device for preventing malicious encryption of object storage, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the method for preventing the object from storing malicious encryption when executing the computer program.
To solve the above technical problem, the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for preventing malicious encryption of object storage described above.
The method for preventing malicious encryption of object storage, provided by the application, is applied to a storage bucket; monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
In addition, the embodiment of the application also provides a device and a medium for preventing malicious encryption of object storage, and the effects are the same as the above.
Drawings
For a clearer description of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for preventing malicious encryption of object storage according to an embodiment of the present application;
fig. 2 is a schematic diagram of an apparatus for preventing malicious encryption of object storage according to an embodiment of the present application;
fig. 3 is a schematic diagram of another device for preventing malicious encryption of object storage according to an embodiment of the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments herein without making any inventive effort are intended to fall within the scope of the present application.
The core of the application is to provide a method, a device and a medium for preventing malicious encryption of object storage. To effectively prevent malicious encryption of the object store by the lux virus.
In order to provide a better understanding of the present application, those skilled in the art will now make further details of the present application with reference to the drawings and detailed description.
The virus lux means is a behavior of encrypting data, then luxing the owner of the data, and returning the data after obtaining the reward. The lux virus invasion encrypts the business data of the customer, which causes business interruption, data leakage, data loss and the like, thereby bringing serious business risks. There are lux attacks where the internet is available. As digitization progresses, lux attacks have become a major threat to current network security.
The conventional means for preventing the Leucovirus in the object storage is to use WORM method, and the like, and the data can only be read after being written, and the data cannot be modified, overwritten, and the like. The method aims at static data, namely data which does not need to be changed, and can avoid the data from being tampered or encrypted by viruses to a great extent; however, the present invention is not suitable for the protection against the luxury virus for dynamic data, that is, data that requires additional writing, particularly for dynamic data such as video data that requires a large number of additional writing operations. Because dynamic data needs to be continuously written additionally, if WORM limitation is used, the additional writing cannot be performed (because the WORM principle is that only reading can be performed after writing and modification cannot be performed). Therefore, the embodiment of the application provides a method for preventing the malicious encryption of the object storage by the Leesvirus. It should be noted that the method provided in the embodiments of the present application is applied to a bucket of a distributed storage cluster.
Fig. 1 is a flowchart of a method for preventing malicious encryption of object storage according to an embodiment of the present application. The method is applied to the storage barrel; as shown in fig. 1, the method includes:
s10: and monitoring and analyzing the request sent by the client.
Wherein the request is an operation request for the object;
it will be appreciated that Object-based Storage (OBS) is a new network Storage architecture, and that devices based on Object Storage technology are Object Storage Devices (OSDs). The global network storage industry association (SNIA) object storage device working group promulgates ANSI X3T10 standards. In general, object storage combines the advantages of Network Attached Storage (NAS) and Storage Area Network (SAN), while having the advantages of high-speed direct access of SAN and distributed data sharing of NAS, providing a storage architecture with high performance, high reliability, cross-platform, and secure data sharing. The object storage system provides data storage and secure access. The OSD manages the saved data using objects (objects). It stores data to tracks and sectors of a disk, combines several tracks and sectors to form an Object, and provides access to the data to the outside through this Object. Each Object is similar to a conventional file, using a similar access interface to the file, including Open, read, write, etc. But not identical, each Object may include several files, or may be part of a file, and be operating system independent. In addition to the specific user data, the OSD also records attribute information, mainly physical view information, of each Object. The information is put on the OSD, so that the burden of a metadata server is greatly reduced, and the parallel access performance and expandability of the whole storage system are enhanced.
An object storage gateway (RGW) is an access implementation of object storage. The object storage gateway, also known as Ceph object gateway, radosGW, RGW, is a service enabling clients to access Ceph clusters using standard object storage application programming interfaces (Application Programming Interface, API). The object storage gateway storage characteristics include: the data is stored as objects (objects) by the Object storage gateway, each Object containing metadata for the data itself in addition to the data. The Object is retrieved by the Object ID, cannot be accessed directly by the mount mode of the normal file system by the file path plus file name operation, can be accessed only by the API, or can be accessed by a third party client (in fact, also encapsulation of the API). The storage of objects is not a vertical directory tree structure, but is stored in a flat namespace (bucket), which needs to be authorized for access, one account may be authorized for multiple buckets, and permissions may be different. The object storage gateway is convenient for transverse expansion and quick data retrieval, does not support client mounting, requires the client to specify a file name when accessing, and is not suitable for scenes in which files are modified and deleted too frequently.
It should be noted that objects (objects) are the basic units of data storage in an Object storage system, each Object is a complex of data and a set of data attributes, and the data attributes may be set according to the requirements of an application, including data distribution, quality of service, and the like. In conventional storage systems, using files or blocks as the basic unit of storage, a block device records the location on the device of each block of stored data. Objects maintain their own properties, thereby simplifying the management tasks of the storage system and increasing flexibility. The objects may vary in size and may contain the entire data structure, such as files, data entries, etc. In the storage device, all objects have an object identification, and the objects are accessed through an object identification OSD command. There are typically multiple types of objects, a root object on a storage device identifying the storage device and various attributes of that device, a group object being a collection of objects on a storage device that share a resource management policy.
And a Bucket (Bucket) is a container of storage objects in an OBS. Object storage provides a flattened storage mode based on buckets and objects, all objects in the buckets are in the same logic level, and a multi-level tree directory structure in a file system is removed. Each barrel has the own storage category, access right, belonging area and other attributes, and a user can create barrels with different storage categories and access rights in different areas and configure more advanced attributes to meet the storage requirements of different scenes.
Therefore, due to the storage characteristic of the object storage, the method for preventing malicious encryption of the object storage provided by the embodiment of the application is mainly based on the storage barrel and is provided with the lux virus prevention function switch. Specifically, first, requests sent by clients are monitored and parsed by the bucket. It will be appreciated that the request sent by the client is an operation request for the object, including but not limited to a write request, an append write request, and other requests, and may also include malicious encryption requests. It should be noted that the append write is that the Object storage service appends a write data portion after the original Object, and constitutes new data.
S11: it is determined whether the request is an encrypted request. If yes, go to step S12, if no, go to step S13.
S12: and alarming.
S13: the request is executed and the object is encrypted.
Further, the bucket determines whether the received request of the client is an encrypted request. If the storage barrel determines that the request is an encryption request, alarming is carried out to prompt a user client to have a malicious encryption request on the object; if the bucket determines that the request is not an encryption request, the request is executed and the object is encrypted. It is to be appreciated that the request may be embodied as a write object request or an append write object request, which when executed may perform a write operation or append write operation. After the execution of the request is completed, the object is encrypted, so that the object encryption is realized internally, the writing or the additional writing of the data is ensured to be the encrypted storage, and the situation that the external request randomly acquires the object data is avoided.
It should be noted that, in this embodiment, the specific alarm mode is not limited, and the alarm display can be performed through the display screen, the alarm can be performed through the audio prompt mode, and the user can be reminded through the indicator lamp, according to specific implementation conditions.
In addition, the embodiment of the application does not limit the specific encryption mode of the object, can encrypt through software, can encrypt through hardware, can encrypt through a national encryption algorithm, and depends on specific implementation conditions.
In this embodiment, a method for preventing malicious encryption of object storage is applied to a storage bucket; monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
Based on the above embodiments, in order to accurately identify the malicious encrypted request of the lux virus, as a preferred embodiment, the alerting includes:
analyzing information in the request; the information comprises a request operation, a request IP, an encryption key and an operation object;
judging whether information exists in a virus library;
if yes, alarming is carried out;
if not, the information is stored in a virus library, and alarming is carried out.
Specifically, when the bucket confirms that the request of the client is an encryption request, the information in the request, that is, the information in the encryption request, is parsed. It will be appreciated that the information in the encryption request contains information about the content it encrypts, including in particular the request operation, the protocol (Internet Protocol, IP) that the network is to be interconnected with, the encryption key and the object of the operation. Further judging whether the information of the encryption request exists in a pre-constructed virus library.
The virus library is designed as a distributed database, and the stored content is information such as IP, encryption key, operation type, operation object and the like of malicious request. The virus library is designed mainly to intercept the access of the maliciously encrypted Lecable virus immediately and give an alarm. The main purpose of this design is: and the method avoids that a large number of malicious lux virus encryption requests influence normal service access and maliciously occupy software and hardware resources. Because a large amount of resources are occupied to process under the condition that a large amount of malicious lux virus encryption requests are sent, normal request access of the distributed cluster processing is affected. The design of the virus library can effectively avoid the malicious request, and if the same request information is found in the virus library, the request is directly returned, so that a large amount of software and hardware resources are prevented from being occupied.
Therefore, if the information of the encryption request exists in the virus library, the encryption request is considered to be recorded, and the alarm is directly carried out. If the information of the encryption request does not exist in the virus library, the information related to the encryption request is not recorded in the virus library, so that the information of the encryption request needs to be stored in the virus library and an alarm is carried out.
In this embodiment, the information in the request is parsed; the information comprises a request operation, a request IP, an encryption key and an operation object; judging whether information exists in a virus library; if yes, alarming is carried out; if not, the information is stored in a virus library, and alarming is carried out. The Leucasian virus database module is added, and information of malicious encryption requests such as Leucasian viruses can be recorded through the design of a virus database, so that the malicious encryption requests can be better identified, and the problem of software and hardware resource consumption caused by processing a large amount of malicious Leucasian virus encryption data requests is effectively avoided. The method can better support the conventional object operation scene of object writing and additional writing, protect the object data of the user and avoid virus luxury.
On the basis of the above embodiment, in order to prohibit a malicious encryption request sent from outside, as a preferred embodiment, after encrypting the object, it further includes:
the metadata attribute of the modification object is to prohibit external encryption.
In a specific implementation, after the object encryption is performed, the metadata attribute of the object is changed to prohibit external encryption.
Metadata is data (data about data) describing data, mainly information describing data attributes (properties), for supporting functions such as indicating storage locations, history data, resource searching, file recording, etc. There are two types of metadata for object storage: system metadata and user-defined metadata. For each Object in the bucket, the Object store will hold the system metadata for that Object. The object store processes these system metadata as needed. For example, object store will save object creation date and object size and use this information as part of object management.
Therefore, in the embodiment, the object encryption storage is realized in the storage barrel, and the metadata attribute of the object is set to prohibit external encryption requests, so that the data writing or additional writing is ensured to be the encrypted storage, and the random acquisition of the data encryption by the external requests is avoided; and through metadata attribute setting, the malicious encryption request sent from the outside is forbidden, and the threat of the Levovirus to the object storage is further prevented.
On the basis of the foregoing embodiment, in order to improve the security of the bucket and improve the stability of the distributed storage cluster, as a preferred embodiment, when the request is an encrypted request, the method further includes:
judging whether the request times of the encryption requests in a first preset period is larger than a threshold value or not;
if yes, malicious attack warning information is output.
In a specific implementation, when the bucket confirms that the request is an encryption request, it is further determined whether the number of requests of the encryption request in the first preset period is greater than a threshold. If so, the number of requests for encrypting the requests in the time period is considered to be abnormal, and the storage barrel possibly encounters frequent attacks of the lux virus, so that malicious attack warning information needs to be output to prompt a user to timely process the attacks, and the storage barrel and the distributed storage clusters are prevented from being failed.
It should be noted that, in this embodiment, the first preset period is not limited, and depends on the specific implementation. Preferably, the first preset period may be set to one day. The threshold value is not limited in this embodiment, and depends on the specific implementation.
In this embodiment, when the request is an encryption request, it is determined whether the number of requests of the encryption request in the first preset period is greater than a threshold; if yes, malicious attack warning information is output. Through judgment and alarm of malicious attack, the security of the storage barrel is improved, and the stability of the distributed storage cluster is improved.
On the basis of the above embodiment, as a preferred embodiment, when the request is an encrypted request, the method further includes:
a log is generated that records the encrypted request.
In a specific implementation, in order to better record the encryption request of the client, so that the user can trace back and audit the encryption request of the client, as a preferred embodiment, when the request sent by the client is confirmed to be the encryption request, a log for recording the encryption request can be further generated for the user to view the content of the encryption request.
Similarly, in order to make the user learn about the specific processing procedure of each request of the client, on the basis of the above embodiment, as a preferred embodiment, after encrypting the object, the method further includes:
a processing log of requests to clients is generated.
Specifically, after executing the request and encrypting the object, the request is processed, and a processing log of the request to the client is generated, so that a user can learn the specific processing procedure of the request according to the processing log, and backtracking and auditing are facilitated.
In addition, in order to ensure the real-time performance of the virus library, in addition to the above embodiment, as a preferred embodiment, after storing the information into the virus library, the method further includes:
and updating the virus library according to the second preset period.
In this embodiment, the virus library is updated in the second preset period, so that the real-time performance of the content of the virus library is ensured, and the virus library is better used for comparing the encryption requests. In this embodiment, the second preset period is not limited, and depends on the specific implementation.
In the above embodiments, the method for preventing the object from storing malicious encryption is described in detail, and the application further provides a corresponding embodiment of the device for preventing the object from storing malicious encryption. It should be noted that the present application describes an embodiment of the device portion from two angles, one based on the angle of the functional module and the other based on the angle of the hardware structure.
Fig. 2 is a schematic diagram of an apparatus for preventing malicious encryption of object storage according to an embodiment of the present application. The device is applied to the storage barrel; as shown in fig. 2, the apparatus for preventing an object from storing malicious encryption includes:
the monitoring and analyzing module 10 is used for monitoring and analyzing the request sent by the client; wherein the request is an operation request for the object.
A judging module 11, configured to judge whether the request is an encryption request; if yes, the alarm module 12 is triggered, and if not, the execution module 13 is triggered.
An alarm module 12 for alarming;
the execution module 13 is configured to execute the request and encrypt the object.
As a preferred embodiment, the alarm module includes:
the information analysis module is used for analyzing the information in the request; the information comprises a request operation, a request IP, an encryption key and an operation object;
the information judging module is used for judging whether information exists in the virus library; if yes, alarming is carried out; if not, the information is stored in a virus library, and alarming is carried out.
As a preferred embodiment, further comprising:
and the attribute changing module is used for changing the metadata attribute of the object to prohibit external encryption.
As a preferred embodiment, further comprising:
the request number judging module is used for judging whether the request number of the encryption request is larger than a threshold value in a first preset period when the request is the encryption request; if yes, triggering a malicious attack alarm module;
and the malicious attack alarm module is used for outputting malicious attack alarm information.
As a preferred embodiment, further comprising:
and the request log generation module is used for generating a log for recording the encryption request when the request is the encryption request.
As a preferred embodiment, further comprising:
and the virus library updating module is used for updating the virus library according to a second preset period after the information is stored in the virus library.
As a preferred embodiment, further comprising:
and the processing log generation module is used for generating a processing log of the request of the client after encrypting the object.
In this embodiment, the device for preventing malicious encryption of object storage is applied to a storage bucket, and includes a monitoring analysis module, a judgment module, an alarm module and an execution module. The device for preventing the malicious encryption of the object storage can realize all the steps of the method for preventing the malicious encryption of the object storage. Monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
Fig. 3 is a schematic diagram of another device for preventing malicious encryption of object storage according to an embodiment of the present application. As shown in fig. 3, the apparatus for preventing an object from storing malicious encryption includes:
a memory 20 for storing a computer program.
A processor 21 for implementing the steps of the method of preventing malicious encryption of object storage as mentioned in the above embodiments when executing a computer program.
The device for preventing malicious encryption of object storage provided in this embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like.
Processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 21 may be implemented in hardware in at least one of a digital signal processor (Digital Signal Processor, DSP), a Field programmable gate array (Field-Programmable Gate Array, FPGA), a programmable logic array (Programmable Logic Array, PLA). The processor 21 may also comprise a main processor, which is a processor for processing data in an awake state, also called central processor (Central Processing Unit, CPU), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a graphics processor (Graphics Processing Unit, GPU) for use in connection with rendering and rendering of content to be displayed by the display screen. In some embodiments, the processor 21 may also include an artificial intelligence (Artificial Intelligence, AI) processor for processing computing operations related to machine learning.
Memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing a computer program 201, where the computer program, after being loaded and executed by the processor 21, is capable of implementing the relevant steps of the method for preventing malicious encryption of object storage disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may further include an operating system 202, data 203, and the like, where the storage manner may be transient storage or permanent storage. The operating system 202 may include Windows, unix, linux, among others. Data 203 may include, but is not limited to, data involved in a method of preventing an object from storing malicious encryption.
In some embodiments, the device for preventing the object from storing malicious encryption may further comprise a display screen 22, an input/output interface 23, a communication interface 24, a power supply 25 and a communication bus 26.
It will be appreciated by those skilled in the art that the structure shown in fig. 3 does not constitute a limitation on the means for preventing malicious encryption of object storage, and may include more or fewer components than shown.
In this embodiment, an apparatus for preventing malicious encryption of an object store includes a memory and a processor. The memory is used for storing a computer program. The processor is arranged to implement the steps of the method of preventing malicious encryption of an object store as mentioned in the above embodiments when executing a computer program. Monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
Finally, the present application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps as described in the method embodiments above.
It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. With such understanding, the technical solution of the present application, or a part contributing to the prior art or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, performing all or part of the steps of the method described in the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In this embodiment, a computer program is stored on a computer readable storage medium, and when the computer program is executed by a processor, the steps described in the above method embodiments are implemented. Monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
The method, the device and the medium for preventing malicious encryption of object storage provided by the application are described in detail above. In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it would be obvious to those skilled in the art that various improvements and modifications can be made to the present application without departing from the principles of the present application, and such improvements and modifications fall within the scope of the claims of the present application.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method for preventing malicious encryption of object storage, which is characterized by being applied to a storage bucket; the method comprises the following steps:
monitoring and analyzing a request sent by a client; wherein the request is an operation request for an object;
judging whether the request is an encryption request or not;
if yes, alarming is carried out;
if not, executing the request and encrypting the object.
2. The method of claim 1, wherein the alerting comprises:
resolving information in the request; wherein the information comprises a request operation, a request IP, an encryption key and an operation object;
judging whether the information exists in the virus library;
if yes, alarming is carried out;
if not, storing the information into the virus library, and alarming.
3. The method of claim 1, further comprising, after said encrypting the object:
the metadata attribute of the object is changed to prohibit external encryption.
4. The method of preventing malicious encryption of object storage of claim 1, further comprising, when the request is the encrypted request:
judging whether the request times of the encryption requests in a first preset period are larger than a threshold value or not;
if yes, malicious attack warning information is output.
5. The method of preventing malicious encryption of object storage of claim 1, further comprising, when the request is the encrypted request:
a log is generated that records the encrypted request.
6. The method of preventing malicious encryption of object storage of claim 2, further comprising, after said storing said information into said virus library:
and updating the virus library according to a second preset period.
7. A method of preventing storage of malicious encryption of an object according to any one of claims 1 to 6, further comprising, after said encrypting said object:
a processing log of the request to the client is generated.
8. An apparatus for preventing malicious encryption of object storage, which is characterized by being applied to a storage bucket; the device comprises:
the monitoring and analyzing module is used for monitoring and analyzing the request sent by the client; wherein the request is an operation request for an object;
the judging module is used for judging whether the request is an encryption request or not; if yes, triggering an alarm module, and if not, triggering an execution module;
the alarm module is used for giving an alarm;
the execution module is used for executing the request and encrypting the object.
9. An apparatus for preventing malicious encryption of an object store, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method of preventing malicious encryption of object storage according to any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of the method of preventing an object from storing malicious encryption as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310416604.3A CN116432173A (en) | 2023-04-13 | 2023-04-13 | Method, device and medium for preventing malicious encryption of object storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310416604.3A CN116432173A (en) | 2023-04-13 | 2023-04-13 | Method, device and medium for preventing malicious encryption of object storage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116432173A true CN116432173A (en) | 2023-07-14 |
Family
ID=87092405
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310416604.3A Pending CN116432173A (en) | 2023-04-13 | 2023-04-13 | Method, device and medium for preventing malicious encryption of object storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116432173A (en) |
-
2023
- 2023-04-13 CN CN202310416604.3A patent/CN116432173A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10503897B1 (en) | Detecting and stopping ransomware | |
| US11675915B2 (en) | Protecting data based on a sensitivity level for the data | |
| EP3378007B1 (en) | Systems and methods for anonymizing log entries | |
| EP3420488B1 (en) | Retention and accessibility of data characterizing events on an endpoint computer | |
| US10079835B1 (en) | Systems and methods for data loss prevention of unidentifiable and unsupported object types | |
| US11301578B2 (en) | Protecting data based on a sensitivity level for the data | |
| CN105005528B (en) | A kind of log information extracting method and device | |
| IL267241B2 (en) | System and methods for detection of cryptoware | |
| JP2016505981A (en) | Real-time representation of security-related system status | |
| US7962492B2 (en) | Data management apparatus, data management method, data processing method, and program | |
| JPH10312335A (en) | Data processing method and processor therefor | |
| US11461282B2 (en) | Systems and methods for write-once-read-many storage | |
| US20070088923A1 (en) | System and method for fast, secure removal of objects from disk storage | |
| CN109639726A (en) | Intrusion detection method, device, system, equipment and storage medium | |
| US9659182B1 (en) | Systems and methods for protecting data files | |
| US11144656B1 (en) | Systems and methods for protection of storage systems using decoy data | |
| CN108229162B (en) | Method for realizing integrity check of cloud platform virtual machine | |
| US11113391B2 (en) | Method and computer system for preventing malicious software from attacking files of the computer system and corresponding non-transitory computer readable storage medium | |
| CN112000971A (en) | File permission recording method, system and related device | |
| US10635645B1 (en) | Systems and methods for maintaining aggregate tables in databases | |
| CN116432173A (en) | Method, device and medium for preventing malicious encryption of object storage | |
| US9400894B1 (en) | Management of log files subject to edit restrictions that can undergo modifications | |
| CN114564456B (en) | Distributed storage file recovery method and device | |
| CN116089427A (en) | Management method and system for multi-medium fusion storage of electronic files | |
| CN115730012A (en) | Database desensitization method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |