CA2797880A1 - Method and apparatus for implementing real-time protection - Google Patents
Method and apparatus for implementing real-time protection Download PDFInfo
- Publication number
- CA2797880A1 CA2797880A1 CA2797880A CA2797880A CA2797880A1 CA 2797880 A1 CA2797880 A1 CA 2797880A1 CA 2797880 A CA2797880 A CA 2797880A CA 2797880 A CA2797880 A CA 2797880A CA 2797880 A1 CA2797880 A1 CA 2797880A1
- Authority
- CA
- Canada
- Prior art keywords
- application layer
- real
- layer filtering
- filtering rule
- time protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Business, Economics & Management (AREA)
- Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Disclosed are a method and an apparatus for implementing real-time protection which belongs to information security field. The method includes: obtaining an application layer filtering rule from a server and updating the application layer filtering rule in real time; determining whether a real-time protection event matches the application layer filtering rule; if the real-time protection event matches the application layer filtering rule, performing an allowing or forbidding operation on the real-time protection event according to the application layer filtering rule. The apparatus includes:
an obtaining module, a judging module and an execution module. The method and apparatus provided by the present invention can improve user's experience.
an obtaining module, a judging module and an execution module. The method and apparatus provided by the present invention can improve user's experience.
Claims (12)
1. A method for implementing real-time protection, comprising:
obtaining an application layer filtering rule from a server and updating the application layer filtering rule in real time;
determining whether a real-time protection event matches the application layer filtering rule; and if the real-time protection event matches the application layer filtering rule, performing an allowing or forbidding operation on the real-time protection event according to the application layer filtering rule.
obtaining an application layer filtering rule from a server and updating the application layer filtering rule in real time;
determining whether a real-time protection event matches the application layer filtering rule; and if the real-time protection event matches the application layer filtering rule, performing an allowing or forbidding operation on the real-time protection event according to the application layer filtering rule.
2. The method of claim 1, further comprising:
if the real-time protection event does not match the application layer filtering rule, transmitting the real-time protection event to a user for decision.
if the real-time protection event does not match the application layer filtering rule, transmitting the real-time protection event to a user for decision.
3. The method of claim 2, before transmitting the real-time protection event to the user for decision, the method further comprises:
determining a risk level of the real-time protection event; and transmitting the risk level of the real-time protection event to the user to enable the user to make the decision about the real-time protection event according to the risk level.
determining a risk level of the real-time protection event; and transmitting the risk level of the real-time protection event to the user to enable the user to make the decision about the real-time protection event according to the risk level.
4. The method of any one of claims 1 to 3, wherein the application layer filtering rule comprises: an application layer filtering rule for a universal strategy monitoring point and an application layer filtering rule for a self-protection monitoring point;
before determining whether the real-time protection event matches the application layer filtering rule, the method further comprises:
determining the type of a monitoring point to which the real-time protection event belongs;
wherein the determining whether the real-time protection event matches the application layer filtering rule comprises:
when the monitoring point to which the real-time protection event belongs is the universal strategy monitoring point, determining whether the real-time protection event matches the application layer filtering rule for the universal strategy monitoring point;
when the monitoring point to which the real-time protection event belongs is the self-protection monitoring point, determining whether the real-time protection event matches the application layer filtering rule for the self-protection monitoring point.
before determining whether the real-time protection event matches the application layer filtering rule, the method further comprises:
determining the type of a monitoring point to which the real-time protection event belongs;
wherein the determining whether the real-time protection event matches the application layer filtering rule comprises:
when the monitoring point to which the real-time protection event belongs is the universal strategy monitoring point, determining whether the real-time protection event matches the application layer filtering rule for the universal strategy monitoring point;
when the monitoring point to which the real-time protection event belongs is the self-protection monitoring point, determining whether the real-time protection event matches the application layer filtering rule for the self-protection monitoring point.
5. The method of claim 4, wherein the application layer filtering rule for the self-protection monitoring point comprises at least one of: a first file signature application layer filtering rule and a process black-white list application layer filtering rule;
the application layer filtering rule for the universal strategy monitoring point comprises at least one of. a user self-defined application layer filtering rule, a second file signature application layer filtering rule and a Message Digest Algorithm 5 (MD5) application layer filtering rule.
the application layer filtering rule for the universal strategy monitoring point comprises at least one of. a user self-defined application layer filtering rule, a second file signature application layer filtering rule and a Message Digest Algorithm 5 (MD5) application layer filtering rule.
6. The method of claim 5, if there are at least two application layer filtering rules;
after obtaining the application layer filtering rules from the server and updating the application layer filtering rules in real time, the method further comprises:
obtaining an execution order of the application layer filtering rules from the server and updating the execution order in real time;
wherein the determining whether the real-time protection event matches the application layer filtering rule comprises: determining, according to the execution order, whether the real-time protection event matches a next application layer filtering rule if the real-time protection event does not match a previous application layer filtering rule.
after obtaining the application layer filtering rules from the server and updating the application layer filtering rules in real time, the method further comprises:
obtaining an execution order of the application layer filtering rules from the server and updating the execution order in real time;
wherein the determining whether the real-time protection event matches the application layer filtering rule comprises: determining, according to the execution order, whether the real-time protection event matches a next application layer filtering rule if the real-time protection event does not match a previous application layer filtering rule.
7. An apparatus for implementing real-time protection, comprising:
an obtaining module, adapted to obtain an application layer filtering rule from a server and update the application layer filtering rule in real-time;
a judging module, adapted to determine whether a real-time protection event matches the application layer filtering rule obtained by the obtaining module;
and an executing module, adapted to perform an allowing or forbidding operation on the real-time protection event according to the application layer filtering rule obtained by the obtaining module if the judging module determines that the real-time protection event matches the application layer filtering rule.
an obtaining module, adapted to obtain an application layer filtering rule from a server and update the application layer filtering rule in real-time;
a judging module, adapted to determine whether a real-time protection event matches the application layer filtering rule obtained by the obtaining module;
and an executing module, adapted to perform an allowing or forbidding operation on the real-time protection event according to the application layer filtering rule obtained by the obtaining module if the judging module determines that the real-time protection event matches the application layer filtering rule.
8. The apparatus of claim 7, further comprising:
a transmitting module, adapted to transmit the real-time protection event to a user for decision if the judging module determines that the real-time protection event does not match the application layer filtering rule.
a transmitting module, adapted to transmit the real-time protection event to a user for decision if the judging module determines that the real-time protection event does not match the application layer filtering rule.
9. The apparatus of claim 8, further comprising:
a determining module, adapted to determine a risk level of the real-time protection event before the real-time protection event is transmitted to the user for decision;
the transmitting module is further adapted to transmit the risk level to the user to enable the user to make the decision according to the risk level of the real-time protection event.
a determining module, adapted to determine a risk level of the real-time protection event before the real-time protection event is transmitted to the user for decision;
the transmitting module is further adapted to transmit the risk level to the user to enable the user to make the decision according to the risk level of the real-time protection event.
10. The apparatus of any one of claims 7 to 9, wherein the application layer filtering rule comprises: an application layer filtering rule for a universal strategy monitoring point and an application layer filtering rule for a self-protection monitoring point;
the judging module comprises:
a determining unit, adapted to determine the type of a monitoring point to which the real-time protection event belongs;
a first judging unit, adapted to determine whether the real-time protection event matches the application layer filtering rule for the universal strategy monitoring point when the determining unit determines that the monitoring point to which the real-time protection event belongs is the universal strategy monitoring point; and a second judging unit, adapted to determine whether the real-time protection event matches the application layer filtering rule for the self-protection monitoring point when the determining unit determines that the monitoring point to which the real-time protection event belongs is the self-protection monitoring point.
the judging module comprises:
a determining unit, adapted to determine the type of a monitoring point to which the real-time protection event belongs;
a first judging unit, adapted to determine whether the real-time protection event matches the application layer filtering rule for the universal strategy monitoring point when the determining unit determines that the monitoring point to which the real-time protection event belongs is the universal strategy monitoring point; and a second judging unit, adapted to determine whether the real-time protection event matches the application layer filtering rule for the self-protection monitoring point when the determining unit determines that the monitoring point to which the real-time protection event belongs is the self-protection monitoring point.
11. The apparatus of claim 10, wherein the application layer filtering rule for the self-protection monitoring point comprises at least one of. a first file signature application layer filtering rule and a process black-white list application layer filtering rule;
the application layer filtering rule for the universal strategy monitoring point comprises at least one of a user self-defined application layer filtering rule, a second file signature application layer filtering rule and a Message Digest Algorithm 5 (MD5) application layer filtering rule.
the application layer filtering rule for the universal strategy monitoring point comprises at least one of a user self-defined application layer filtering rule, a second file signature application layer filtering rule and a Message Digest Algorithm 5 (MD5) application layer filtering rule.
12. The apparatus of claim 11, wherein the obtaining module is further adapted to obtain, if there are at least two application layer filtering rules, an execution order of application layer filtering rules from the server and update the execution order in real-time;
the judging module is adapted to determine, according to the execution order obtained by the obtaining module, whether the real-time protection event matches a next application layer filtering rule if the real-time protection event does not match a previous application layer filtering rule.
the judging module is adapted to determine, according to the execution order obtained by the obtaining module, whether the real-time protection event matches a next application layer filtering rule if the real-time protection event does not match a previous application layer filtering rule.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010186404.6 | 2010-05-25 | ||
| CN201010186404.6A CN102263773B (en) | 2010-05-25 | 2010-05-25 | Real-time protection method and apparatus thereof |
| PCT/CN2011/074575 WO2011147306A1 (en) | 2010-05-25 | 2011-05-24 | Real-time protection method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2797880A1 true CA2797880A1 (en) | 2011-12-01 |
| CA2797880C CA2797880C (en) | 2015-12-08 |
Family
ID=45003317
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2797880A Active CA2797880C (en) | 2010-05-25 | 2011-05-24 | Method and apparatus for implementing real-time protection |
Country Status (4)
| Country | Link |
|---|---|
| CN (1) | CN102263773B (en) |
| BR (1) | BR112012028244B1 (en) |
| CA (1) | CA2797880C (en) |
| WO (1) | WO2011147306A1 (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102646173A (en) * | 2012-02-29 | 2012-08-22 | 成都新云软件有限公司 | Safety protection control method and system based on white and black lists |
| CN102880817A (en) * | 2012-08-20 | 2013-01-16 | 福建升腾资讯有限公司 | Running protection method for computer software product |
| CN103634272B (en) * | 2012-08-21 | 2018-09-04 | 腾讯科技(深圳)有限公司 | File scanning method, client device and server |
| CN108292342B (en) * | 2016-01-25 | 2022-09-06 | 惠普发展公司,有限责任合伙企业 | Notification of intrusions into firmware |
| CN107104944A (en) * | 2017-03-10 | 2017-08-29 | 林榆坚 | A kind of detection method and device of network intrusions |
| CN107360148A (en) * | 2017-07-05 | 2017-11-17 | 深圳市卓讯信息技术有限公司 | Core design method and its system based on real time monitoring network safety |
| CN109241734A (en) * | 2018-08-10 | 2019-01-18 | 航天信息股份有限公司 | A kind of securing software operational efficiency optimization method and system |
| CN111931066B (en) * | 2020-09-11 | 2021-09-07 | 四川新网银行股份有限公司 | Real-time recommendation system design method |
| CN112069505B (en) * | 2020-09-15 | 2021-11-23 | 北京微步在线科技有限公司 | Audit information processing method and electronic equipment |
| CN113282458A (en) * | 2021-05-25 | 2021-08-20 | 挂号网(杭州)科技有限公司 | Anti-flash-back method and device for application program, electronic equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100374972C (en) * | 2005-08-03 | 2008-03-12 | 珠海金山软件股份有限公司 | System and method for detecting and defending computer worm |
| CN101414996B (en) * | 2007-10-15 | 2012-12-05 | 北京瑞星信息技术有限公司 | Firewall and method thereof |
| CN101340275B (en) * | 2008-08-27 | 2010-10-20 | 华为终端有限公司 | Data card, data processing and transmitting method |
| CN101567888B (en) * | 2008-12-29 | 2011-12-21 | 郭世泽 | Safety protection method of network feedback host computer |
-
2010
- 2010-05-25 CN CN201010186404.6A patent/CN102263773B/en active Active
-
2011
- 2011-05-24 CA CA2797880A patent/CA2797880C/en active Active
- 2011-05-24 BR BR112012028244-1A patent/BR112012028244B1/en active IP Right Grant
- 2011-05-24 WO PCT/CN2011/074575 patent/WO2011147306A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| CN102263773A (en) | 2011-11-30 |
| CA2797880C (en) | 2015-12-08 |
| WO2011147306A1 (en) | 2011-12-01 |
| CN102263773B (en) | 2014-06-11 |
| BR112012028244A2 (en) | 2016-08-02 |
| BR112012028244B1 (en) | 2022-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2797880A1 (en) | Method and apparatus for implementing real-time protection | |
| WO2011112469A3 (en) | Behavior-based security system | |
| RU2015136264A (en) | METHOD FOR DATABASE MAINTAINING AND RELATED SERVER | |
| US20150089646A1 (en) | Apparatus and method for protecting communication pattern of network traffic | |
| CN102438026A (en) | Industrial control network security protection method and system | |
| WO2006130874A3 (en) | Comprehensive identity protection system | |
| JP2009525680A5 (en) | ||
| US11514365B2 (en) | Immutable watermarking for authenticating and verifying AI-generated output | |
| WO2011122845A3 (en) | Mobile communication terminal having a behavior-based malicious code detection function and detection method thereof | |
| KR101442691B1 (en) | Apparatus and method for quantifying vulnerability of system | |
| WO2008016452A3 (en) | Methods and apparatus providing computer and network security utilizing probabilistic signature generation | |
| IL252455B (en) | System and method for on-premise cyber training | |
| WO2011046356A3 (en) | Method for providing an anti-malware service | |
| RU2008142138A (en) | PROTECTION AGAINST USE OF VULNERABILITY OF THE SOFTWARE | |
| WO2011050089A3 (en) | Preventing and responding to disabling of malware protection software | |
| CN106790156A (en) | A kind of smart machine binding method and device | |
| WO2016009356A1 (en) | System, method and apparatus for detecting vulnerabilities in electronic devices | |
| CN102663278A (en) | Cloud computing mode Internet of Things platform data processing safety protection method | |
| CN107295146B (en) | Call processing method and device | |
| TWI520002B (en) | Protection Method and System of Cloud Virtual Network Security | |
| CN106357637A (en) | Active defense system in allusion to smart energy terminal data | |
| GB201306126D0 (en) | Method, secure device, system and computer program product for security managing access to a file system | |
| US10454959B2 (en) | Importance-level calculation device, output device, and recording medium in which computer program is stored | |
| CN107579993A (en) | The security processing and device of a kind of network data flow | |
| CN107592295A (en) | A kind of encryption method of big data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| EEER | Examination request |
Effective date: 20121029 |