CN101969425A - Method for simulating to open and execute file - Google Patents
Method for simulating to open and execute file Download PDFInfo
- Publication number
- CN101969425A CN101969425A CN2009100900466A CN200910090046A CN101969425A CN 101969425 A CN101969425 A CN 101969425A CN 2009100900466 A CN2009100900466 A CN 2009100900466A CN 200910090046 A CN200910090046 A CN 200910090046A CN 101969425 A CN101969425 A CN 101969425A
- Authority
- CN
- China
- Prior art keywords
- file
- execution
- network system
- opened
- intrusion detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention belongs to the technology of safe protection of data exchange between a standalone and a network system and particularly relates to a method for simulating to open and execute a file in a high-safety virus-protection zone for data transmission. The method comprises the following steps of: building the high-safety virus-protection zone between an external network system and a service network system, and setting a virus intrusion detection workstation in the high-safety virus-protection zone; transmitting the file which is transmitted between the external network system and the service network system to the virus intrusion detection workstation; executing an application program for opening various files according to a filename extension; displaying an opening result and a displaying interface of the file; analyzing and judging whether the file is normally executed and faults exist or not; generating a state result of simulating to open and analyze the file according to the analysis situation; and executing a corresponding file transmission process according to strategies corresponding to the state result. The method ensures file transmission safety and greatly improves the protection capacity of network security.
Description
Technical field
The invention belongs to the safety protection technique of exchanges data between unit or the network system, be specifically related to a kind of file simulation of in the high safe antivirus protection of transfer of data district, carrying out and open the method for execution.
Background technology
Along with the fast development of computer and Internet technology, the electric transmission mode of miscellaneous service data has occupied leading position in entire society.Present stage enterprises and institutions the high available operation of main business system to guarantee that professional continuity is the basic demand to a system, the operation of system high efficiency, high stable, high safety is the primary condition that guarantees each operation system operate as normal.
The operation system based on IT of enterprise can be relatively independent network system, data system, but never is the system that cuts off with the external world of a sealing.Operation system will externally provide service, business relations be arranged with other external system, and so this contact will inevitably face the attack of network, the threat of network securitys such as invasion of virus.The core value of operation system is high more, and the security risk of network is also just big more so.In the operation system of enterprise and the high safe antivirus protection of the network boundary construction district of external system is must selecting of networking.Execution technique is opened in file simulation, and to be that the protection of high safe antivirus protection district detects creative in the strategy, anti-virus, attack protection etc. is very effectively detected preventive means.
Summary of the invention
The objective of the invention is to the safety problem at present miscellaneous service network system, provide a kind of file simulation to open the method for execution, open execution by simulation in the safe antivirus protection of height district, analysis and judgement realizes the concrete means of anti-virus.
Technical scheme of the present invention is as follows: the method for execution is opened in a kind of file simulation, comprises the steps:
(1) externally set up high safe antivirus protection district between network system and the service network system, and malicious intrusion detection work station is looked in setting in the safe antivirus protection of height district;
(2) file transfer of externally transmitting between network system and the service network system is to looking into malicious intrusion detection work station;
(3) carry out the application program of all types of File Opens according to the file suffixes name;
(4) display file is opened the result and is showed the interface;
(5) whether the analysis and judgement file is normally carried out and inerrancy is arranged;
(6) according to above-mentioned analysis situation, spanned file " simulation is opened, analyzed " state outcome;
(7) carry out corresponding file transfer flow process according to the state outcome corresponding strategy.
Further, the method of execution is opened in aforesaid file simulation, wherein, the safe antivirus protection of described height district comprises intrusion prevention system that PAA and firewall product by main flow combine, looks into malicious intrusion detection work station, isomery is looked into malicious intrusion detection work station; Above-mentioned composition connects by the proprietary protocol link.
Further, the method for execution is opened in aforesaid file simulation, wherein, and the described application program of opening that is provided with various normality type files in the malicious intrusion detection work station of looking into; The normality file type comprises txt, MP3, AVI, JPEG, MPEG.
Further, the method for execution is opened in aforesaid file simulation, and in step (5), when file can't be opened, the information end to end of Study document encapsulation was according to the file encapsulation characteristics comparative analysis abnormality of normality file type.
Further, the method for execution is opened in aforesaid file simulation, in step (7), stops transmission for the file that can't normally open execution, carries out human intervention and handles; Continue transmission for the file that can normally open execution and generate report.
Beneficial effect of the present invention is as follows: the present invention carries out in the process of file, transfer of data between two application systems, in order to prevent the invasion of network attack, internet worm, in the high safe antivirus protection of transfer of data district, carry out all types of target file, in the process of carrying out, judge file status and attribute information, thereby guaranteed security of File Transfer, the protective capacities of network security is greatly improved, on the specific implementation of anti-virus between system, has proposed a kind of solution of innovation.
Description of drawings
Fig. 1 is a method flow diagram of the present invention;
Fig. 2 is the implementation model figure of the inventive method;
Fig. 3 is for being the embodiment flow chart of example with the avi file;
Fig. 4 is the schematic diagram of execute file code analysis specific implementation among the embodiment.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is described in detail.
The present invention mainly finishes the simulation of looking into transfer files in the malicious intrusion detection work station in the high safe antivirus protection district and opens execution, opens the concrete means of execution, analysis and judgement realization anti-virus by simulation.Fig. 1 is a method flow diagram of the present invention, its specific implementation model as shown in Figure 2, the basic composition in high safe antivirus protection district and the configuration as follows:
--intrusion prevention system: the PAA of main flow and firewall product combination, or the comprehensive intrusion prevention system that integrates, PAA is based on protocol stack work, be operated in the layer 7 of OSI, fire compartment wall is based on the work of IP stack, be the 3rd layer of OSI, manage all TCP/IP communications, anti-network attack etc.
--look into malicious intrusion detection work station: simulation generation of realizing all types of files opens, poison is looked in execution analysis and scanning, this base of system configuration anti-virus software such as kappa etc., the system core is that malicious intrusion detection application program is looked in configuration, can open by execute file file analysis.
--isomery is looked into malicious intrusion detection work station: the difference of the malicious intrusion detection work station of following through is that the anti-virus software of configuration is different, and purpose is the differentiation of looking into bogusware according to isomery, and is mutually anti-by multilayer, improves the level of security of antivirus protection.
--the proprietary protocol link: the widely used transmission links of non-internet such as configuration USB, ASI, and on software design, adopt privately owned file transfer protocol (FTP).
The method that execution is opened in the file simulation comprises the steps:
(1) externally set up high safe antivirus protection district between network system and the service network system, and malicious intrusion detection work station is looked in setting in the safe antivirus protection of height district; Look into the application program of opening that is provided with various normality type files in the malicious intrusion detection work station; The normality file type comprises txt, MP3, AVI, JPEG, MPEG;
(2) file transfer of externally transmitting between network system and the service network system is to looking into malicious intrusion detection work station;
(3) carry out the application program of all types of File Opens according to the file suffixes name;
(4) display file is opened the result and is showed the interface;
(5) whether the analysis and judgement file is normally carried out and inerrancy is arranged; When file can't be opened, the information end to end of Study document encapsulation was according to the file encapsulation characteristics comparative analysis abnormality of normality file type;
(6) according to above-mentioned analysis situation, spanned file " simulation is opened, analyzed " state outcome;
(7) carry out corresponding file transfer flow process according to the state outcome corresponding strategy; Stop transmission for the file that can't normally open execution, carry out human intervention and handle; Continue transmission for the file that can normally open execution and generate report.
The human intervention that can't normally open file is handled and is mainly comprised:
A. transfer files look into Virus State, the simulation open whether successful state can be presented at transmission client in real time with illustrated form;
B. can't open as the discovery file, application program stops transmission automatically, and system status information can feed back in the state flow for displaying figure of client;
C. the file that the user can't transmission success is issued the system manager and is handled.
Open with the simulation of avi file below and be implemented as example, introduce specific implementation of the present invention.
The flow process that avi file is opened in simulation in looking into malicious intrusion detection work station comprises the steps: as shown in Figure 3
1. in system, embed Video Decoder, support H.264, SD decoder and various high definition decoders such as DV, MPEG2 I, MPEG2 IBP;
2. embed the File Open player;
3. the suffix name to input file detects judgement;
4. execute file code analysis, specific implementation carry out the concrete analysis of file encapsulation as shown in Figure 4, comprise the packet header bag tail information of Study document, check the media file coded message, and the Macro or mass analysis examining report judges whether file is normal;
5. generate " File Open execution " status attribute record; If file is unusual, execute file transfer process strategy is handled abnormal document; If File Open is carried out normal, continue transmission and generate report.
Method of the present invention is not limited to the embodiment described in the embodiment, and those skilled in the art's technical scheme according to the present invention draws other execution mode, belongs to innovation scope of the present invention equally.
Claims (6)
1. the method for execution is opened in a file simulation, comprises the steps:
(1) externally set up high safe antivirus protection district between network system and the service network system, and malicious intrusion detection work station is looked in setting in the safe antivirus protection of height district;
(2) file transfer of externally transmitting between network system and the service network system is to looking into malicious intrusion detection work station;
(3) carry out the application program of all types of File Opens according to the file suffixes name;
(4) display file is opened the result and is showed the interface;
(5) whether the analysis and judgement file is normally carried out and inerrancy is arranged;
(6) according to above-mentioned analysis situation, spanned file " simulation is opened, analyzed " state outcome;
(7) carry out corresponding file transfer flow process according to the state outcome corresponding strategy.
2. the method for execution is opened in file as claimed in claim 1 simulation, it is characterized in that: the safe antivirus protection of described height district comprises intrusion prevention system that PAA and the firewall product by main flow combine, looks into malicious intrusion detection work station, isomery is looked into malicious intrusion detection work station; Above-mentioned composition connects by the proprietary protocol link.
3. the method for execution is opened in file simulation as claimed in claim 1, it is characterized in that: the described application program of opening that is provided with various normality type files in the malicious intrusion detection work station of looking into.
4. the method for execution is opened in file simulation as claimed in claim 3, and it is characterized in that: described normality file type comprises txt, MP3, AVI, JPEG, MPEG.
5. open the method for execution as claim 1 or 2 or 3 or 4 described file simulations, it is characterized in that: in step (5), when file can't be opened, the information end to end of Study document encapsulation was according to the file encapsulation characteristics comparative analysis abnormality of normality file type.
6. open the method for execution as claim 1 or 2 or 3 or 4 described file simulations, it is characterized in that: in step (7), stop transmission, carry out human intervention and handle for the file that can't normally open execution; Continue transmission for the file that can normally open execution and generate report.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100900466A CN101969425A (en) | 2009-07-28 | 2009-07-28 | Method for simulating to open and execute file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100900466A CN101969425A (en) | 2009-07-28 | 2009-07-28 | Method for simulating to open and execute file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101969425A true CN101969425A (en) | 2011-02-09 |
Family
ID=43548529
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100900466A Pending CN101969425A (en) | 2009-07-28 | 2009-07-28 | Method for simulating to open and execute file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101969425A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102622551A (en) * | 2012-04-11 | 2012-08-01 | 无锡华御信息技术有限公司 | File safety protection method |
| WO2013173940A1 (en) * | 2012-05-22 | 2013-11-28 | Beijing Baina Info - Tech,Co., Ltd | A method and system for providing application data |
| CN108875400A (en) * | 2017-12-27 | 2018-11-23 | 北京安天网络安全技术有限公司 | A kind of antivirus protection method, apparatus, electronic equipment and storage medium |
| CN115733835A (en) * | 2023-01-10 | 2023-03-03 | 南京科讯次元信息科技有限公司 | One-way super-large file transmission data processing system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159000A (en) * | 2007-10-17 | 2008-04-09 | 深圳市迅雷网络技术有限公司 | Web page safety information detecting system and method |
-
2009
- 2009-07-28 CN CN2009100900466A patent/CN101969425A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159000A (en) * | 2007-10-17 | 2008-04-09 | 深圳市迅雷网络技术有限公司 | Web page safety information detecting system and method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102622551A (en) * | 2012-04-11 | 2012-08-01 | 无锡华御信息技术有限公司 | File safety protection method |
| WO2013173940A1 (en) * | 2012-05-22 | 2013-11-28 | Beijing Baina Info - Tech,Co., Ltd | A method and system for providing application data |
| CN108875400A (en) * | 2017-12-27 | 2018-11-23 | 北京安天网络安全技术有限公司 | A kind of antivirus protection method, apparatus, electronic equipment and storage medium |
| CN115733835A (en) * | 2023-01-10 | 2023-03-03 | 南京科讯次元信息科技有限公司 | One-way super-large file transmission data processing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | SGS: Safe-guard scheme for protecting control plane against DDoS attacks in software-defined networking | |
| CN108063753A (en) | A kind of information safety monitoring method and system | |
| US20070282951A1 (en) | Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT) | |
| CN109391613A (en) | A kind of intelligent substation method for auditing safely based on SCD parsing | |
| Singh et al. | Security evaluation of two intrusion detection systems in smart grid scada environment | |
| CN101636968A (en) | Method for preventing denial of service attacks using transmission control protocol state transition | |
| US20150163198A1 (en) | Methods and apparatus for providing controlled unidirectional flow of data | |
| CN101969425A (en) | Method for simulating to open and execute file | |
| CN101018119A (en) | Hardware-based server network security centralized management system without relevance to the operation system | |
| CN114553537A (en) | Abnormal flow monitoring method and system for industrial Internet | |
| CN111669371B (en) | Network attack restoration system and method suitable for power network | |
| CN107332863A (en) | The safety detection method and system of a kind of main frame based on centralized management | |
| CN101252487B (en) | Method for processing safety warning and safety policy equipment | |
| CN2337611Y (en) | Safety network computer capable of simultaneously connecting internal network and external network | |
| Sun et al. | Research on distributed feeder automation communication based on XMPP and GOOSE | |
| CN103309722A (en) | Cloud computation system and application access method thereof | |
| CN101582880B (en) | Method and system for filtering messages based on audited object | |
| CN202652270U (en) | Database audit system | |
| CN112511562A (en) | Cross-network data transmission system based on one-way isolation all-in-one machine and cloud desktop technology | |
| Hartmann et al. | Reactive security for smart grids using models@ run. time-based simulation and reasoning | |
| CN113852544B (en) | Security gateway based on LoraWan and blockchain | |
| CN1609814A (en) | Monitoring operation system for data catastrophic failure-tolerant backup control system | |
| CN1175350C (en) | Host computer performance monitoring and automatic reacting system | |
| Wang et al. | Research on Secure Cloud Networking Plan Based on Industry-Specific Cloud Platform | |
| CN105491118B (en) | A kind of avionics Ethernet data loading system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110209 |