CN101827096B - Cloud computing-based multi-user collaborative safety protection system and method - Google Patents

Cloud computing-based multi-user collaborative safety protection system and method Download PDF

Info

Publication number
CN101827096B
CN101827096B CN2010101430901A CN201010143090A CN101827096B CN 101827096 B CN101827096 B CN 101827096B CN 2010101430901 A CN2010101430901 A CN 2010101430901A CN 201010143090 A CN201010143090 A CN 201010143090A CN 101827096 B CN101827096 B CN 101827096B
Authority
CN
China
Prior art keywords
file
condition code
contrast
module
condition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2010101430901A
Other languages
Chinese (zh)
Other versions
CN101827096A (en
Inventor
潘燕辉
周勇兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN2010101430901A priority Critical patent/CN101827096B/en
Publication of CN101827096A publication Critical patent/CN101827096A/en
Priority to PCT/CN2011/000248 priority patent/WO2011124084A1/en
Application granted granted Critical
Publication of CN101827096B publication Critical patent/CN101827096B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a multi-user collaborative safety protection system, which comprises at least one server and a plurality of clients. Each client is connected with the at least one server through a network; the client acquires the file information of a user, computes the feature codes of the file, and uploads the file information and the feature codes to the server; the server computes the identity percent of the feature codes at the server, judges whether the file is a problematic file on the basis of the preset logic according to the identity percent, and transmits alarm information to a corresponding client; and after receiving the alarm information, the client transmits an alarm prompt to the user. The invention also discloses a multi-user collaborative safety protection method. The multi-user collaborative safety protection system is equivalent to a mechanism for preventing virus built between millions of users; and the prevention is safer when the users are more. As long as the system file is normal, any virus or dangerous files cannot generate harm; and the multi-user collaborative safety protection system is also effective on new viruses or dangerous files, unknown viruses or unknown dangerous files.

Description

A kind of multi-user collaborative safety protection system and method based on cloud computing
Technical field
The present invention relates to information security field, in particular a kind of security protection system and method for the multi-user collaborative based on cloud computing.
Background technology
Now, along with the continuous release of the raising of the level of informatization and various applicability technology, the user carries out also facility all the more of the various activities relevant with digital information, and undeniablely is user and informationization, digitized related also tight all the more.Yet accompany therewith, the digital information crime but frequently takes place such as the incident of attacking (especially passing through the Internet) PC, server or other computerized device.Obvious is, the industrialization day by day of present underground digital economy, scale, and also its corresponding criminal offence also gets over hiddenization, and the attack means of Malware has obtained great development.Such as the form that developed into the attack of multimode, multicompartmentization by former single file, more in addition most Malware all have stronger camouflage ability.
In addition, along with rapid development of Internet, whole the Internet has become an extension naturally of personal desktop system.Nature, Malware also make full use of so technological convenience and come to be its malicious act service, attack such as the wooden horse downloader of some series types etc. have so just occurred.In general, the killing instrument of computer malware (comprising virus, worm, wooden horse, rogue software etc.) or software all are to single file or certain section internal memory, utilize the preprepared condition code to mate or compare.This existing checking and killing method can easily be avoided for pretending cleverly Malware, more can't remove it.Current all computer security technology all are based upon on virus or the wooden horse condition code basis, can only judge whether a program is normal to the known virus or the condition code of wooden horse, thereby protect.And some so-called prevision technology also are to define according to some destructive behaviors that program is made in fact, and not only rate of false alarm is high, and are almost equal to zero for the protective capacities of some new wooden horses.This obviously can not satisfy the demand of user for information security.
Therefore, there is defective in prior art, needs to improve.
Summary of the invention
Technical problem to be solved by this invention is to the deficiency of prior art, a kind of multi-user collaborative safety protection system and method based on cloud computing to be provided.
Technical scheme of the present invention is following:
A kind of security protection system of multi-user collaborative wherein, comprising: at least one server end and plurality of client end;
Each said client is connected with at least one said server end network;
Said client is used to obtain user's fileinfo, calculates the condition code of said file, and said fileinfo and said condition code are uploaded to said server end;
Said server end is used to calculate the mutually unison percentage of said condition code at said server end, according to the size of said mutually unison percentage, according to pre-seting logic, judges when this document is question file, sends warning message to corresponding client;
Said client also is used to receive said warning message, sends alarm.
Described security protection system, wherein, said client comprises user's request module, program trace module, condition code computing module, contrast condition acquisition module, goes up transmission module, client receiver module and alarm module;
Said user's request module is used to receive user's security protection request, sends the program trace order to said program trace module;
Said program trace module is used for initiatively obtaining first fileinfo of said client, also is used for when receiving said program trace order passive second fileinfo that obtains said client;
Said condition code computing module is used for calculating first condition code according to said first fileinfo, calculates second condition code according to said second fileinfo;
Said contrast condition acquisition module is used for obtaining the first contrast conditional information according to said first fileinfo, obtains the second contrast conditional information according to said second fileinfo;
The said transmission module of going up is used for the said first contrast conditional information, said first condition code and the said second contrast conditional information, second condition code are uploaded to said server end;
Said client receiver module is used for the said warning message of reception server end;
Said alarm module is used for sending alarm according to said warning message to the user.
Described security protection system; Wherein, Said contrast condition acquisition module comprises main condition acquiring unit and time condition acquiring unit; Said main condition acquiring unit is used for obtaining the essential condition of said fileinfo; Said essential condition comprises exabyte company and file size filesize under the filename filename, fileversion number fileversion, file of file, and said condition acquiring unit is used for obtaining the secondary conditions of said fileinfo, and said secondary conditions comprises one of last modification time of digital signature, file, file description of file or its combination.
Described security protection system, wherein, said server end comprises in order the server end receiver module that connects, classification and storage module, mutually unison percentage calculation module and feedback module as a result;
Said server end receiver module is used to receive from the said first contrast conditional information of said client, said first condition code and the said second contrast conditional information, second condition code;
Said classification and storage module comprises first memory block and second memory block; Said first memory block is used for according to the said first contrast conditional information with the said first condition code classification and storage, and said second memory block is used for contrasting conditional information with the said second condition code classification and storage according to said second;
Said mutually unison percentage calculation module comprises initiatively computing unit and passive computing unit;
Said active computing unit is used for reading from said first memory block first condition code of said first contrast conditional information and correspondence thereof; Calculate the mutually unison percentage of said first condition code in first memory block, said feedback module as a result sends warning message according to said mutually unison percentage to corresponding client;
Said passive computing unit is used for reading from said second memory block second condition code of said second contrast conditional information and correspondence thereof; Calculate the mutually unison percentage of said second condition code in first memory block, said feedback module as a result sends warning message according to said mutually unison percentage to corresponding client.
Described security protection system; Wherein, Said contrast condition acquisition module comprises main condition acquiring unit and time condition acquiring unit; Said main condition acquiring unit is used for obtaining the essential condition of said fileinfo; Said essential condition comprises exabyte company and file size filesize under the filename filename, fileversion number fileversion, file of file, and said condition acquiring unit is used for obtaining the secondary conditions of said fileinfo, and said secondary conditions comprises one of last modification time of digital signature, file, file description of file or its combination; Said first memory block and said second memory block include the index value computing unit that is connected in order and by the index value memory cell; Said index value computing unit is used to receive said essential condition; Calculate the index value of user file according to said essential condition; Saidly be used to receive said index value, said condition code and said secondary conditions, said condition code and said secondary conditions are carried out classification and storage according to said index value by the index value memory cell.
Described security protection system; Wherein, Also comprise correcting module as a result; Said correcting module as a result is connected said as a result between the feedback module and between the said classification and storage module, is used for reading said secondary conditions from said classification and storage module, according to pre-seting the warning message that the said feedback module as a result of logic correction sends.
A kind of safety protecting method of multi-user collaborative is applied to the arbitrary said security protection system of claim 1 to 6, wherein, may further comprise the steps:
A1: obtain user's fileinfo, calculate the condition code of said file, said fileinfo and said condition code are uploaded to said server end;
A2: calculate the mutually unison percentage of said condition code at said server end;
A3: according to the size of said mutually unison percentage, according to pre-seting logic, judging whether this document is question file, is execution in step A4 then;
A4: send warning message to corresponding client;
A5: said client receives said warning message, sends alarm;
Described method, wherein, the said steps A 1 concrete following steps of carrying out:
A11: receive user's security protection request, send the program trace order;
A12: initiatively obtain first fileinfo of said client, when receiving said program trace order, passive second fileinfo that obtains said client;
A13: calculate first condition code according to said first fileinfo, calculate second condition code according to said second fileinfo;
A14: obtain the first contrast conditional information according to said first fileinfo, obtain the second contrast conditional information according to said second fileinfo;
A15: the said first contrast conditional information, said first condition code and the said second contrast conditional information, second condition code are uploaded to said server end.
Described method, wherein, the said steps A 2 concrete following steps of carrying out:
A21: receive the said first contrast conditional information, said first condition code and the said second contrast conditional information, second condition code;
A22: with the said first condition code classification and storage, contrast conditional information with the said second condition code classification and storage according to said second according to the said first contrast conditional information;
A23: read said first contrast conditional information and the first corresponding condition code thereof, calculate the mutually unison percentage of said first condition code in first memory block;
A24: read said second contrast conditional information and the second corresponding condition code thereof, calculate the mutually unison percentage of said second condition code in first memory block.
Described method wherein, pre-sets logic described in the said steps A 3 and is: mutually unison percentage judges more than 80% that this document is the trusted file;
Mutually unison percentage judges that greater than 50% less than 80% this document be general trust file;
Mutually unison percentage judges that greater than 40% smaller or equal to 50% this document is common secure file;
Mutually unison percentage judges that greater than 30% smaller or equal to 40% this document is the lower security file;
Mutually unison percentage is greater than 10% smaller or equal to 30%, and judgement this document is unsafe file;
Mutually unison percentage judges that smaller or equal to 10% this document is dangerous file.
The present invention follows the trail of all programs of moving through the cloud guard technology based on cloud computing; Carry out document classification through main conditions such as filename and file sizes; With the characteristic value hash (any change of file all will cause this characteristic value to change) of algorithm computation program commonly used, the main condition and the inferior condition of this characteristic value and file itself uploaded onto the server, compare with the file of all users' identical main condition; When this file and most users' file characteristic value is inconsistent; Judge that this file is a question file, the suggestion user closes this file, avoids coming to harm.
The method has been abandoned the method for traditional virus signature, but judges according to the global feature sign indicating number of operating file in the system, according to the contrast of same file between a large number of users, confirms whether this file is normal simultaneously.Be equivalent to common mechanism of building a strick precaution virus between the millions of customer, use the more strick precautions of user safe more.As long as system file is normal, any virus or dangerous file all can't produce harm, and for new virus or dangerous file, the dangerous file of unknown virus and the unknown is effective equally.
Description of drawings
Fig. 1 is the overall structure sketch map of system of the present invention;
Fig. 2 is a kind of system configuration sketch map of the present invention;
Fig. 3 is the structural representation of the contrast condition acquisition module among Fig. 2;
Fig. 4 is the structural representation of the classification and storage module among Fig. 2;
Fig. 5 is the structural representation of the mutually unison percentage calculation module among Fig. 2.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment, the present invention is elaborated.
Embodiment 1
Shown in Figure 1 is the security protection system overall structure sketch map of multi-user collaborative, and this system comprises at least one server end and several clients, for example; Comprise all clients in the network, each said client is connected with at least one said server end network, can set up the server end more than as required; Client is used to obtain user's fileinfo, for example, obtains the process file information that runs on client; For example above-mentioned fileinfo can include but not limited to exabyte company and file size filesize etc. under the filename filename, fileversion number fileversion, file, calculates the condition code of this document according to the fileinfo of above-mentioned file, with fileinfo and the condition code end that uploads onto the server; Server end calculated characteristics sign indicating number is at the mutually unison percentage of server end, according to the size of mutually unison percentage, according to pre-seting logic; Judge whether this document is question file; Send warning message to corresponding client, client is sent alarm to the user after receiving this warning message; The user in time makes according to alarm and judging and response, realizes the function of computer information safe protection.
Being defined as of employed mutually unison percentage among the present invention: at server end; The condition code of the identical file of client compares in all networkings that the condition code of a certain file of client and server end is collected; For example, the client sum that will have identical file is designated as N, and comparing result is if two condition codes are identical; Then count results A is added 1; Identical file condition code contrast until with all clients finishes, and A is divided by the client sum N calculated percentage that has identical file as a result in usage count, and the percentage that obtains is defined as mutually unison percentage.
An example, the above-mentioned logic that pre-sets is preferably: mutually unison percentage judges that more than 80% this document is the trusted file, wherein, more than comprises given figure, down with; Mutually unison percentage judges that greater than 50% and less than 80% this document be general trust file; Mutually unison percentage judges that greater than 40% and smaller or equal to 50% this document is common secure file; Mutually unison percentage judges that greater than 30% and smaller or equal to 40% this document is the lower security file; Mutually unison percentage is greater than 10% and smaller or equal to 30%, and judgement this document is unsafe file; Mutually unison percentage judges that smaller or equal to 10% this document is dangerous file.Can be provided with according to the user, report to the police, perhaps, report to the police, perhaps, report to the police for lower security file, unsafe file and dangerous file for unsafe file and dangerous file for dangerous file.
Another example, the above-mentioned logic that pre-sets is preferably: mutually unison percentage judges that more than 70% this document is the trusted file; Mutually unison percentage is greater than 45% and less than 70%, and judgement this document is generic-document; Mutually unison percentage is greater than 20% smaller or equal to 45%, and judgement this document is unsafe file; Mutually unison percentage judges that smaller or equal to 20% this document is dangerous file.Can be provided with according to the user, report to the police, perhaps, report to the police for unsafe file and dangerous file for dangerous file.
Because a large amount of contrast computings will realize at server end among the present invention, therefore, alleviated the operand of client greatly mainly based on theory realization the present invention of cloud computing, reduced Hardware configuration requirement to client.
Shown in Figure 2 is a kind of specific embodiment structural representation of said system; All client terminal structures are identical; Be the example explanation with a client only, client comprises user's request module 10, program trace module 11, condition code computing module 12, contrast condition acquisition module 13, goes up transmission module 14, client receiver module 15 and alarm module 16 in the present embodiment;
User's request module 10 is used to receive user's security protection request, sends the program trace order to program trace module 11; Program trace module 11 is used for initiatively obtaining first fileinfo of client on the one hand; Also be used on the other hand sending program trace when order receiving from client; Passive second fileinfo that obtains client, first fileinfo is that client is initiatively obtained, and asks and the passive fileinfo that obtains based on the user in order to be different from client; Therefore it is defined as first fileinfo; And the passive fileinfo that obtains is defined as second fileinfo, and for example, active and the passive process file information that runs on client of obtaining; Condition code computing module 12 is used for calculating first condition code according to first fileinfo; Calculate second condition code according to second fileinfo; The process file information of for example initiatively obtaining according to client is calculated its condition code, according to passive its condition code of process file information calculations obtained of client; Contrast condition acquisition module 13 is used for obtaining the first contrast conditional information according to first fileinfo; Obtain the second contrast conditional information according to second fileinfo; Last transmission module 14 is used for first contrast conditional information, first condition code and the second contrast conditional information, second condition code end that uploads onto the server; For example, the contrast conditional information of last transmission module 14 process file that client is initiatively obtained and condition code thereof are together with the end storage that uploads onto the server of the contrast conditional information of the passive process file that obtains of client and condition code thereof;
Client receiver module 15 is used to receive the warning message from server end, and alarm module 16 is used for sending alarm according to warning message to the user.
At server end, comprise in order the server end receiver module 21 that connects, classification and storage module 22, mutually unison percentage calculation module 23 and feedback module 24 as a result;
Server end receiver module 21 is used to receive the first contrast conditional information, first condition code and the second contrast conditional information, second condition code from client;
An example is; As shown in Figure 4; Classification and storage module 22 comprises first memory block and second memory block, first memory block be used for according to first the contrast conditional information with the first condition code classification and storage, second memory block be used for according to second the contrast conditional information with the second condition code classification and storage;
Another example, as shown in Figure 5, mutually unison percentage calculation module 23 comprises initiatively computing unit 231 and passive computing unit 232;
Initiatively computing unit 231 is used for reading from first memory block first condition code of the first contrast conditional information and correspondence thereof; Calculate the mutually unison percentage of first condition code in first memory block, feedback module sends warning message according to this mutually unison percentage to corresponding client as a result;
Passive computing unit 232 is used for reading from second memory block second condition code of the second contrast conditional information and correspondence thereof; Calculate the mutually unison percentage of second condition code in first memory block, feedback module sends warning message according to this mutually unison percentage to corresponding client as a result.
Embodiment 2
On the basis of embodiment 1; Contrast condition acquisition module 13 comprises main condition acquiring unit 131 and time condition acquiring unit 132; Main condition acquiring unit 131 is used for obtaining the essential condition of fileinfo; Fileinfo described herein can be the contrast of first described in the embodiment 1 conditional information; Also can be the contrast of second described in the embodiment 1 conditional information, also promptly main condition acquiring unit 131 obtains the essential condition in the first contrast conditional information, also is used for obtaining the essential condition of the second contrast conditional information; Essential condition can comprise the affiliated exabyte company of filename filename, fileversion number fileversion, file and the file size filesize of file; Inferior condition acquiring unit 132 is used for obtaining the secondary conditions of fileinfo, and secondary conditions can comprise wherein or multinomial of the last modification time of digital signature, file and the file description of file, also can comprise the last modification time of digital signature, file and the file description of file simultaneously; For example contrast exabyte company and file size filesize under condition acquisition module 13 extracts this document from the fileinfo that client is initiatively obtained filename filename, fileversion number fileversion, the file; And the digital signature of secondary conditions message file, the last modification time of file and file description, the essential condition and the secondary conditions information of extraction this document from the passive fileinfo that obtains of client.
Embodiment 3
On the basis of above-mentioned each embodiment; In security protection system, first memory block and second memory block include the index value computing unit 221 that is connected in order and by index value memory cell 222, index value computing unit 221 is used to receive essential condition; According to essential condition; For example exabyte company and file size filesize under the filename filename, fileversion number fileversion, file calculate the index value of user file, and here index value can calculate according to hash algorithm commonly used and generate; Hash algorithm belongs to known technology, repeats no more at this; Be used for reception hint value, condition code and secondary conditions by the index value memory cell, condition code and secondary conditions are carried out classification and storage according to index value.
For instance; It is following that client 1 tracks an essential condition of the process file that is called A.exe; Filename filename is that A.exe, fileversion number fileversion are that exabyte company is that X and file size filesize are 40KB under V1.0, the file; Next; Server end utilizes hash algorithm to calculate an index value Q according to above-mentioned four essential conditions, and server end has been collected a large amount of a large amount of progress informations of other clients simultaneously, for example the client in 5,000,000 networkings of all the other except that above-mentioned client 1; Index value and condition code comprising there being other 5,000,000 clients about process A.exe, B.exe, C.exe, D.exe are stored in client; Search the condition code information that index value is Q in client afterwards, such as there being 3,000,000, whether 3,000,000 condition codes of condition code and this of process A.exe that next contrast client 1 are identical; Simultaneously identical comparing result is counted, last usage count result promptly obtains the mutually unison percentage of client process file A.exe at server end divided by 3,000,000.
Embodiment 4
On the basis of above-mentioned each embodiment; Also comprise correcting module (not shown) as a result; Correcting module is connected as a result between the feedback module 24 and classification and storage module 22 as a result; Be used for reading secondary conditions from the classification and storage module, the for example digital signature of file, the last modification time of file and file description etc. are according to pre-seting the warning message that logic correction result feedback module 24 sends to client.
An example is; That adopts in the The above results correcting module pre-sets logic and can be: if the digital signature of this document is a trusted; Then feedback result is promoted a level of security, be higher than 30%, just be made as common level of security originally such as mutually unison percentage; But, then be upgraded to " general trust " through digital signature.
If the last modification time of this document that writes down in the last modification time of this document and the above-mentioned secondary conditions is different, level of security is reduced one-level.Can arrive till the minimum rank.
If the file description of this document that writes down in the file description of this document and the above-mentioned secondary conditions is different, level of security is reduced one-level.Can arrive till the minimum rank.
Embodiment 5
On the basis of above-mentioned each embodiment, present embodiment provides a kind of safety protecting method that is applied to the multi-user collaborative of above-mentioned arbitrary system, may further comprise the steps:
A1: obtain user's fileinfo, the condition code of calculation document is with fileinfo and the condition code end that uploads onto the server;
A2: the calculated characteristics sign indicating number is at the mutually unison percentage of server end;
A3: according to the size of mutually unison percentage, according to pre-seting logic, judging whether this document is question file, is execution in step A4 then;
A4: send warning message to corresponding client;
A5: client receives said this warning message, sends alarm; For example, when client receives said this warning message, send alarm immediately; And for example, client according to pre-seting type of alarm, is sent alarm after receiving said this warning message.
Embodiment 6
On the basis of embodiment 5, the steps A 1 concrete following steps of carrying out:
A11: if the user has sent the security protection request, then receive user's security protection request, send the program trace order;
A12: initiatively obtain first fileinfo of client, receiving program trace when order, passive second fileinfo that obtains client is if first fileinfo of client is then only initiatively obtained in the security protection request that does not have the user to send;
A13: calculate first condition code according to first fileinfo; Calculate second condition code according to second fileinfo; About the computational methods of condition code, those skilled in the art can calculate according to arbitrary computational methods of the prior art, and the present invention does not limit this.
A14: obtain the first contrast conditional information according to first fileinfo; Obtain the second contrast conditional information according to second fileinfo; For example obtain wherein essential condition and secondary conditions, obtain wherein essential condition and secondary conditions according to the passive fileinfo that obtains according to the fileinfo that initiatively obtains;
A15: with first contrast conditional information, first condition code and the second contrast conditional information, second condition code end that uploads onto the server.
Embodiment 7
On the basis of embodiment 5, steps A 2 can preferably specifically be carried out following steps:
A21: receive the first contrast conditional information, first condition code and the second contrast conditional information, second condition code;
A22: contrast conditional information with the first condition code classification and storage according to first; Contrast conditional information with the second condition code classification and storage according to second; All be that the condition code of the file of X is stored as classification 1 for example, and all be that the condition code of the file of Y is stored as classification 2 essential condition with essential condition;
A23: read the first contrast conditional information and the first corresponding condition code thereof, calculate the mutually unison percentage of first condition code in first memory block;
A24: read the second contrast conditional information and the second corresponding condition code thereof, calculate the mutually unison percentage of second condition code in first memory block, the definition of mutually unison percentage and computational methods are identical with method among the embodiment 1.
Embodiment 8
On the basis of embodiment 5, pre-set logic in the steps A 3 and be preferably: mutually unison percentage judges that more than 80% this document is the trusted file; Mutually unison percentage judges that greater than 50% less than 80% this document be general trust file; Mutually unison percentage judges that greater than 40% smaller or equal to 50% this document is common secure file; Mutually unison percentage judges that greater than 30% smaller or equal to 40% this document is the lower security file; Mutually unison percentage is greater than 10% smaller or equal to 30%, and judgement this document is unsafe file; Mutually unison percentage judges that smaller or equal to 10% this document is dangerous file; Can be provided with according to the user, report to the police, perhaps, report to the police for unsafe file and dangerous file for dangerous file;
Another example, the above-mentioned logic that pre-sets is preferably: mutually unison percentage judges that more than 70% this document is the trusted file; Mutually unison percentage is greater than 45% and less than 70%, and judgement this document is generic-document; Mutually unison percentage is greater than 20% smaller or equal to 45%, and judgement this document is unsafe file; Mutually unison percentage judges that smaller or equal to 20% this document is dangerous file.Can be provided with according to the user, report to the police, perhaps, report to the police for unsafe file and dangerous file for dangerous file.
Embodiment 9
On the basis of the foregoing description; Also comprise correction step as a result, in the correction step as a result, at first from the classification and storage module, read secondary conditions; The for example digital signature of file, the last modification time of file and file description etc. are according to pre-seting the warning message that the logic correction is sent to client.
An example is; That adopts in the The above results correction step pre-sets logic and can be: if the digital signature of this document is a trusted; Then feedback result is promoted a level of security, be higher than 30%, just be made as common level of security originally such as mutually unison percentage; But, then be upgraded to " general trust " through digital signature.
If the last modification time of this document that writes down in the last modification time of this document and the above-mentioned secondary conditions is different, level of security is reduced one-level.Can arrive till the minimum rank.
If the file description of this document that writes down in the file description of this document and the above-mentioned secondary conditions is different, level of security is reduced one-level.Can arrive till the minimum rank.
Should be understood that,, can improve or conversion that all these improvement and conversion all should belong to the protection range of accompanying claims of the present invention according to above-mentioned explanation to those of ordinary skills.

Claims (10)

1. the security protection system of a multi-user collaborative is characterized in that, comprising: at least one server end and plurality of client end;
Each said client is connected with at least one said server end network;
Said client is used to obtain user's fileinfo, calculates the condition code of said file, and said fileinfo and said condition code are uploaded to said server end;
Said server end is used to calculate the mutually unison percentage of said condition code at said server end, according to the size of said mutually unison percentage, according to pre-seting logic, judges when this document is question file, sends warning message to corresponding client; At server end, the condition code of the identical file of client compares in all networkings that the condition code of a certain file of client and server end is collected, and the percentage that obtains is defined as mutually unison percentage;
Said client also is used to receive said warning message, sends alarm.
2. security protection system according to claim 1 is characterized in that, said client comprises user's request module, program trace module, condition code computing module, contrast condition acquisition module, goes up transmission module, client receiver module and alarm module;
Said user's request module is used to receive user's security protection request, sends the program trace order to said program trace module;
Said program trace module is used for initiatively obtaining first fileinfo of said client, also is used for when receiving said program trace order passive second fileinfo that obtains said client;
Said condition code computing module is used for calculating first condition code according to said first fileinfo, calculates second condition code according to said second fileinfo;
Said contrast condition acquisition module is used for obtaining the first contrast conditional information according to said first fileinfo, obtains the second contrast conditional information according to said second fileinfo;
The said transmission module of going up is used for the said first contrast conditional information, said first condition code and the said second contrast conditional information, second condition code are uploaded to said server end;
Said client receiver module is used for the said warning message of reception server end;
Said alarm module is used for sending alarm according to said warning message to the user.
3. security protection system according to claim 2; It is characterized in that; Said contrast condition acquisition module comprises main condition acquiring unit and time condition acquiring unit; Said main condition acquiring unit is used for obtaining the essential condition of said fileinfo; Said essential condition comprises exabyte company and file size filesize under the filename filename, fileversion number fileversion, file of file, and said condition acquiring unit is used for obtaining the secondary conditions of said fileinfo, and said secondary conditions comprises one of last modification time of digital signature, file, file description of file or its combination.
4. security protection system according to claim 2 is characterized in that, said server end comprises in order the server end receiver module that connects, classification and storage module, mutually unison percentage calculation module and feedback module as a result;
Said server end receiver module is used to receive from the said first contrast conditional information of said client, said first condition code and the said second contrast conditional information, second condition code;
Said classification and storage module comprises first memory block and second memory block; Said first memory block is used for according to the said first contrast conditional information with the said first condition code classification and storage, and said second memory block is used for contrasting conditional information with the said second condition code classification and storage according to said second;
Said mutually unison percentage calculation module comprises initiatively computing unit and passive computing unit;
Said active computing unit is used for reading from said first memory block first condition code of said first contrast conditional information and correspondence thereof; Calculate the mutually unison percentage of said first condition code in first memory block, said feedback module as a result sends warning message according to said mutually unison percentage to corresponding client;
Said passive computing unit is used for reading from said second memory block second condition code of said second contrast conditional information and correspondence thereof; Calculate the mutually unison percentage of said second condition code in first memory block, said feedback module as a result sends warning message according to said mutually unison percentage to corresponding client.
5. security protection system according to claim 4; It is characterized in that; Said contrast condition acquisition module comprises main condition acquiring unit and time condition acquiring unit; Said main condition acquiring unit is used for obtaining the essential condition of said fileinfo; Said essential condition comprises exabyte company and file size filesize under the filename filename, fileversion number fileversion, file of file, and said condition acquiring unit is used for obtaining the secondary conditions of said fileinfo, and said secondary conditions comprises one of last modification time of digital signature, file, file description of file or its combination; Said first memory block and said second memory block include the index value computing unit that is connected in order and by the index value memory cell; Said index value computing unit is used to receive said essential condition; Calculate the index value of user file according to said essential condition; Saidly be used to receive said index value, said condition code and said secondary conditions, said condition code and said secondary conditions are carried out classification and storage according to said index value by the index value memory cell.
6. security protection system according to claim 5; It is characterized in that; Also comprise correcting module as a result; Said correcting module as a result is connected between said feedback module as a result and the said classification and storage module, is used for reading said secondary conditions from said classification and storage module, according to pre-seting the warning message that the said feedback module as a result of logic correction sends.
7. the safety protecting method of a multi-user collaborative is applied to the arbitrary said security protection system of claim 1 to 6, it is characterized in that, may further comprise the steps:
A1: obtain user's fileinfo, calculate the condition code of said file, said fileinfo and said condition code are uploaded to said server end;
A2: calculate the mutually unison percentage of said condition code at said server end;
A3: according to the size of said mutually unison percentage, according to pre-seting logic, judging whether this document is question file, is execution in step A4 then;
A4: send warning message to corresponding client;
A5: said client receives said warning message, sends alarm.
8. method according to claim 7 is characterized in that, the said steps A 1 concrete following steps of carrying out:
A11: receive user's security protection request, send the program trace order;
A12: initiatively obtain first fileinfo of said client, when receiving said program trace order, passive second fileinfo that obtains said client;
A13: calculate first condition code according to said first fileinfo, calculate second condition code according to said second fileinfo;
A14: obtain the first contrast conditional information according to said first fileinfo, obtain the second contrast conditional information according to said second fileinfo;
A15: the said first contrast conditional information, said first condition code and the said second contrast conditional information, second condition code are uploaded to said server end.
9. method according to claim 7 is characterized in that, the said steps A 2 concrete following steps of carrying out:
A21: receive the said first contrast conditional information, said first condition code and the said second contrast conditional information, second condition code;
A22: with the said first condition code classification and storage, contrast conditional information with the said second condition code classification and storage according to said second according to the said first contrast conditional information;
A23: read said first contrast conditional information and the first corresponding condition code thereof, calculate the mutually unison percentage of said first condition code in first memory block;
A24: read said second contrast conditional information and the second corresponding condition code thereof, calculate the mutually unison percentage of said second condition code in first memory block.
10. method according to claim 7 is characterized in that, pre-set logic described in the said steps A 3 to be: mutually unison percentage judges that more than 80% this document is the trusted file;
Mutually unison percentage judges that greater than 50% less than 80% this document be general trust file;
Mutually unison percentage judges that greater than 40% smaller or equal to 50% this document is common secure file;
Mutually unison percentage judges that greater than 30% smaller or equal to 40% this document is the lower security file;
Mutually unison percentage is greater than 10% smaller or equal to 30%, and judgement this document is unsafe file;
Mutually unison percentage judges that smaller or equal to 10% this document is dangerous file.
CN2010101430901A 2010-04-09 2010-04-09 Cloud computing-based multi-user collaborative safety protection system and method Expired - Fee Related CN101827096B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2010101430901A CN101827096B (en) 2010-04-09 2010-04-09 Cloud computing-based multi-user collaborative safety protection system and method
PCT/CN2011/000248 WO2011124084A1 (en) 2010-04-09 2011-02-17 System and method for multi-user cooperative security protection based on cloud calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010101430901A CN101827096B (en) 2010-04-09 2010-04-09 Cloud computing-based multi-user collaborative safety protection system and method

Publications (2)

Publication Number Publication Date
CN101827096A CN101827096A (en) 2010-09-08
CN101827096B true CN101827096B (en) 2012-09-05

Family

ID=42690799

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010101430901A Expired - Fee Related CN101827096B (en) 2010-04-09 2010-04-09 Cloud computing-based multi-user collaborative safety protection system and method

Country Status (2)

Country Link
CN (1) CN101827096B (en)
WO (1) WO2011124084A1 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101827096B (en) * 2010-04-09 2012-09-05 潘燕辉 Cloud computing-based multi-user collaborative safety protection system and method
CN101808102B (en) * 2010-04-23 2012-12-12 潘燕辉 Operating record tracing system and method based on cloud computing
CN102457495A (en) * 2010-10-21 2012-05-16 中华电信股份有限公司 Method and system for defending network virus
CN102592103B (en) * 2011-01-17 2015-04-08 中国电信股份有限公司 Secure file processing method, equipment and system
CN102073820A (en) * 2011-01-25 2011-05-25 潘燕辉 User sharing-based cloud scanning method
CN102081714A (en) * 2011-01-25 2011-06-01 潘燕辉 Cloud antivirus method based on server feedback
CN102915421B (en) 2011-08-04 2013-10-23 腾讯科技(深圳)有限公司 Method and system for scanning files
CN103139252B (en) * 2011-11-30 2015-12-02 北京网康科技有限公司 The implementation method that a kind of network proxy cache is accelerated and device thereof
CN102799804A (en) * 2012-04-30 2012-11-28 珠海市君天电子科技有限公司 Comprehensive identification method and system for security of unknown file
CN102750476B (en) * 2012-06-07 2015-04-08 腾讯科技(深圳)有限公司 Method and system for identifying file security
CN102799824B (en) * 2012-07-13 2015-10-21 珠海市君天电子科技有限公司 Defense method and system for virus file with digital signature information
CN102902905B (en) * 2012-09-19 2015-08-19 北京奇虎科技有限公司 A kind of document handling method and system
CN102945348B (en) * 2012-10-19 2016-08-03 北京奇虎科技有限公司 Fileinfo collection method and device
CN103780589A (en) 2012-10-24 2014-05-07 腾讯科技(深圳)有限公司 Virus prompting method, client-terminal device and server
CN103023881B (en) * 2012-11-26 2016-05-25 北京奇虎科技有限公司 Information Security determination methods and system
CN104461830B (en) * 2014-12-19 2017-09-22 北京奇虎科技有限公司 The method and apparatus of monitoring process
CN106934276B (en) * 2015-12-30 2020-02-28 北京金山安全软件有限公司 Method and device for detecting security of mobile terminal system and mobile terminal
CN109766699B (en) * 2018-05-04 2022-02-15 奇安信安全技术(珠海)有限公司 Operation behavior intercepting method and device, storage medium and electronic device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039177A (en) * 2007-04-27 2007-09-19 珠海金山软件股份有限公司 Apparatus and method for on-line searching virus
CN101308533A (en) * 2008-06-30 2008-11-19 华为技术有限公司 Method, apparatus and system for virus checking and killing
CN101569129A (en) * 2005-07-29 2009-10-28 Bit9公司 Network security systems and methods
US7689835B2 (en) * 2003-12-12 2010-03-30 International Business Machines Corporation Computer program product and computer system for controlling performance of operations within a data processing system or networks

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3992136B2 (en) * 2001-12-17 2007-10-17 学校法人金沢工業大学 Virus detection method and apparatus
CN1900941A (en) * 2006-04-28 2007-01-24 傅玉生 Computer safety protective method based on software identity identifying technology
CN1964357A (en) * 2006-12-04 2007-05-16 北京金山软件有限公司 A method to process file and information processing device
CN101515923A (en) * 2008-02-19 2009-08-26 黄金富 Anti-virus device arranged between computer and network device and anti-virus method
CN101827096B (en) * 2010-04-09 2012-09-05 潘燕辉 Cloud computing-based multi-user collaborative safety protection system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7689835B2 (en) * 2003-12-12 2010-03-30 International Business Machines Corporation Computer program product and computer system for controlling performance of operations within a data processing system or networks
CN101569129A (en) * 2005-07-29 2009-10-28 Bit9公司 Network security systems and methods
CN101039177A (en) * 2007-04-27 2007-09-19 珠海金山软件股份有限公司 Apparatus and method for on-line searching virus
CN101308533A (en) * 2008-06-30 2008-11-19 华为技术有限公司 Method, apparatus and system for virus checking and killing

Also Published As

Publication number Publication date
WO2011124084A1 (en) 2011-10-13
CN101827096A (en) 2010-09-08

Similar Documents

Publication Publication Date Title
CN101827096B (en) Cloud computing-based multi-user collaborative safety protection system and method
CN106230851B (en) Data security method and system based on block chain
CN109327439B (en) Risk identification method and device for service request data, storage medium and equipment
CN112685682B (en) Method, device, equipment and medium for identifying forbidden object of attack event
US20180191765A1 (en) Method and apparatus for calculating risk of cyber attack
CN109829297A (en) Monitoring device, method and its computer storage medium
CN112003838B (en) Network threat detection method, device, electronic device and storage medium
CN101908116B (en) Computer safeguard system and method
Li et al. Analyzing host security using D‐S evidence theory and multisource information fusion
EP2788912A1 (en) Predictive heap overflow protection
CN110602135B (en) Network attack processing method and device and electronic equipment
US9871826B1 (en) Sensor based rules for responding to malicious activity
CN110096872B (en) Detection method of webpage intrusion script attack tool and server
CN113711559B (en) System and method for detecting anomalies
KR101731312B1 (en) Method, device and computer readable recording medium for searching permission change of application installed in user's terminal
JP2020113090A (en) Vulnerability influence evaluation system
CN112131571B (en) Threat tracing method and related equipment
CN113704569A (en) Information processing method and device and electronic equipment
CN111181979B (en) Access control method, device, computer equipment and computer readable storage medium
CN107844702B (en) Website trojan backdoor detection method and device based on cloud protection environment
CN108989298B (en) Equipment safety monitoring method and device and computer readable storage medium
CN107124330B (en) Data downloading control method and system
CN111949363A (en) Service access management method, computer equipment, storage medium and system
CN110334514B (en) Method and device for verifying measurement report based on trusted computing platform
CN109981600B (en) Security assessment system for website reinforcement

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120905

Termination date: 20150409

EXPY Termination of patent right or utility model