CN103942293A - Self-destroying protection method based on malicious invasion of file system and device thereof - Google Patents
Self-destroying protection method based on malicious invasion of file system and device thereof Download PDFInfo
- Publication number
- CN103942293A CN103942293A CN201410146641.8A CN201410146641A CN103942293A CN 103942293 A CN103942293 A CN 103942293A CN 201410146641 A CN201410146641 A CN 201410146641A CN 103942293 A CN103942293 A CN 103942293A
- Authority
- CN
- China
- Prior art keywords
- file
- content
- dish
- specified file
- hidden
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a self-destroying protection method based on a malicious invasion of a file system. The method comprises the steps that when the content of a specified file in a common disk is not matched with the content in a specific file, the number of times of the malicious invasion of a hidden disk is accumulated; when the number of times of the malicious invasion of the hidden disk reaches an upper limit, the file system of the hidden disk is deleted, and the content in the hidden disk cannot be read. A device executing the method comprises a file type detection module, a content comparison module, an accumulating module, a comparison module for the number of times and a file system deleting module. The file type detection module is used for detecting the type of the specified file stored in the common disk of equipment, the content comparison module is used for distinguishing whether the content of the specified file is matched with that of the specific file or not, the accumulating module is used for accumulating the number of times of the malicious invasion of the hidden disk, the comparison module for the number of times is used for comparing the accumulated number of times of the malicious invasion of the hidden disk and the upper limit value of the accumulated number of times, and the file system deleting module is used for deleting information in an FAT area of the hidden disk. According to the method and the device, the safety of data in the equipment can be improved, and the data are effectively prevented from being illegally copied.
Description
Technical field
The present invention relates to a kind of file self-destruction means of defence, especially a kind of based on file system self-destruction means of defence and the device thereof during by malicious intrusions.
Background technology
At present, all file system with being useful on the resource (as frame for turning on/off, configuration information etc.) of memory device necessity and user's data information of existing anti-counterfeit recognition equipment.Because this data information belongs to the very high file of security classification, if these data informations, by bootlegging, just likely cause unnecessary loss, therefore, be stored in often in certain hidden area in anti-counterfeit recognition equipment.After being connected with computer, only having the correct mode of operation of employing can open this hidden area, thereby data information is carried out to associative operation.
But, for some professionals, may attempt walking around the method by equipment connection computer, directly anti-counterfeit recognition equipment is taken apart, storer wherein (as tf card or nandflash etc.) is taken out, use again special equipment (as card reader etc.) content of its Physical layer to be read on computer and crack again, thereby adopt illegal operation to obtain the very high data information of confidentiality.
Summary of the invention
For the weak point existing in the problems referred to above, the invention provides a kind of data security in can raising equipment, effectively prevent that data are by self-destruction means of defence and the device thereof during by malicious intrusions based on file system of bootlegging.
For achieving the above object, the invention provides a kind of based on file system the self-destruction means of defence during by malicious intrusions, comprise the following steps:
In the time that the content of specified file in public dish is not mated with the content in specific file, malicious intrusions is hidden to the number of times coiling and add up, hide dish and public dish otherwise open;
The number of times of hiding dish when malicious intrusions reaches in limited time, deletes the file system of hiding dish, makes to hide cannot be read in dish.
Above-mentioned based on file system the self-destruction means of defence during by malicious intrusions, wherein, the concrete steps of said method are as follows:
In the time that equipment and computer connect, in the public dish of checkout equipment, whether store the specified file that particular file types is identical;
In the time storing specified file afterwards after testing in public dish, judge whether the content in this specified file mates with the content in specific file, otherwise the public dish of computer opening device, and show the storage content in public dish;
In the time that the content in specified file is not mated with the content in specific file, start that malicious intrusions is hidden to the number of times coiling and add up, otherwise delete specified file, malicious intrusions to be hidden to the number of times of dish and removed, dish and public dish are hidden in unlatching;
When the accumulative frequency of hiding dish when malicious intrusions reaches the accumulative frequency higher limit that file system specify, delete the information of hiding in PanFAT district, make to hide cannot be read in coiling, otherwise the public dish that computer can only opening device.
Above-mentioned based on file system the self-destruction means of defence during by malicious intrusions, wherein, the form of described specified file and described specific file is * .key form.
The present invention also provide a kind of based on file system the self-destruction protective device during by malicious intrusions, comprising:
File type detection module, for detection of the type of the specified file of storing in the public dish of equipment;
Content comparison module, for reading the storage content of specified file, and compares the storage in this content and specific file, to distinguish whether the content of specified file and the content of specific file match;
Accumulator module, in the time that the content of specified file and the content of specific file are not mated, adds up for the number of times of malicious intrusions being hidden to dish;
Number of times comparison module, compares for accumulative frequency and the accumulative frequency that specifies of system of malicious intrusions being hidden to dish, to distinguish whether accumulative frequency reaches the accumulative frequency upper limit;
File system removing module, when whether accumulative frequency reaches on accumulative frequency prescribes a time limit, and for deleting the information of hiding PanFAT district, makes to hide cannot be read in dish.
Above-mentioned device, wherein, also comprises specified file removing module and dump block, and described specified file removing module, in the time that the content of specified file and the content of specific file match, for deleting the specified file of public dish;
Described dump block, carries out zero clearing for the number of times of cumulative malicious intrusions being hidden to dish.
Whether above-mentioned device, wherein, also comprises equipment Inspection module, for detection of establishing a connection between equipment and computer.
Above-mentioned device, wherein, the form of described specified file and described specific file is * .key form.
Compared with prior art, the present invention has the following advantages:
The data security of the present invention in can raising equipment, effectively prevents that data are by bootlegging.Adopt and delete the mode of hiding information in Pan Zhong FAT district, equipment cannot be used, thereby avoid data or the information of hiding storage in dish illegally to be read.
Brief description of the drawings
Fig. 1 is the process flow diagram of method part in the present invention;
Fig. 2 is the structured flowchart of device part in the present invention.
Main description of reference numerals is as follows:
1-equipment Inspection module 2-file type detection module
3-content comparison module 4-specified file removing module
5-dump block 6-accumulator module
7-comparison module 8-file removing module
Embodiment
The invention provides a kind of based on file system the self-destruction means of defence during by malicious intrusions, comprise the following steps:
In the time that the content of specified file in public dish is not mated with the content in specific file, malicious intrusions is hidden to the number of times coiling and add up, hide dish and public dish otherwise open;
The number of times of hiding dish when malicious intrusions reaches in limited time, deletes the file system of hiding dish, makes to hide cannot be read in dish.
As shown in Figure 1, the invention provides a kind of based on file system the self-destruction means of defence during by malicious intrusions, specifically comprise the following steps:
S10, device initialize.
S20, equipment is connected with computer, and whether connects between judgment device and computer.
If cannot connect between judgment device and computer, perform step S30, equipment is carried out normal boot-strap; If connect between judgment device and computer, perform step S40.
S40, in the time that equipment and computer connect, in the public dish of checkout equipment, whether store the specified file that particular file types is identical.
When the All Files storing in the public dish of determining apparatus is all, while the specified file not identical with particular file types, to perform step S50, at the public dish of a computer opening device, and show the storage content in public dish; In the time storing the specified file identical with particular file types in the public dish of determining apparatus, perform step S60.
Concrete, because the formatted file name suffix of specified file and specific file is * .key form.
In the time that file type is detected, only need to the filename suffix of all files of storing in public dish be detected and just can, when finding that filename suffix some or multiple files is while being .key, just judge and in public dish, store one or more specified files.
S60, in the time storing the specified file identical with particular file types in the public dish of determining apparatus, judge whether the content in this specified file mates with the content in specific file.
If the content of the two matches, perform step S70, first delete specified file in public dish, then malicious intrusions is hidden to the number of times of dish and removed, and the hiding dish of opening device and public dish.
In the time that the content in specified file is not mated with the content in specific file, perform step S80.
Because the content of * .key file can be arbitrarily, therefore, in the time that the content of the content of specified file and specific file is compared, only whether front 8 bytes in comparison * .key file are consistent.
Due to 8 byte=64bit, so just there is 2^64=18446744073709551616 kind possible values, it is almost impossible wanting random fit, and the time that uses the method for exhaustion to spend will be astronomical figure, therefore, front 8 bytes of two files are consistent, just judge that two file contents match.
In addition, if improve the consistent degree of two file contents, can also adopt by front 16 bytes of two word contents or more multibyte mate, thereby further improve data consistency.
S80, in the time that the content of the specified file in public dish and the content of specific file are not mated, system can be assert the illegal operation that is this time operating as malicious intrusions and hides dish, and to the record that adds up of the number of times of this illegal operation.After completing the cumulative operation of illegal operation, count current accumulative frequency numerical value at every turn.
S90, the accumulative frequency higher limit that after statistics, the accumulative frequency numerical value that draws and system specify is compared, to distinguish whether accumulative frequency numerical value reaches accumulative frequency higher limit.
If distinguish, result is that accumulative frequency numerical value does not reach accumulative frequency higher limit, performs step S50, at the public dish of a computer opening device, and shows the storage content in public dish; If distinguish, result is that accumulative frequency numerical value has reached accumulative frequency higher limit, performs step S100.
Wherein, accumulative frequency higher limit generation in the time that system is carried out initialization that system specifies.
When S100, the accumulative frequency of hiding dish when malicious intrusions reach the accumulative frequency higher limit that file system specify, system can be deleted the information of hiding in PanFAT district automatically, makes to hide cannot be read in coiling.
Because the information in hiding PanFAT district is deleted, therefore, equipment also cannot be used, thereby avoid data or the information of hiding storage in dish illegally to be read.
As shown in Figure 2, the invention provides a kind of based on file system the self-destruction protective device during by malicious intrusions, comprise equipment Inspection module 1, file type detection module 2, content comparison module 3, specified file removing module 4, dump block 5, accumulator module 6, comparison module 7 and file removing module 8.
Whether equipment Inspection module 1 is for detection of establishing a connection between equipment and computer.If cannot connect between equipment and computer, equipment is carried out the function of normal boot-strap.
File type detection module 2 detects for detection of the type of the All Files of storing in the public dish of equipment, to pick out the specified file identical with the type of specific file.When in the All Files of storing in public dish, the specified file identical with the type of specific file, does not open public dish.
The form of specified file and specific file is * .key form.
In the time that file type is detected, only need to the filename suffix of all files of storing in public dish be detected and just can, when finding that filename suffix some or multiple files is while being .key, just judge and in public dish, store one or more specified files.
In the time only storing a specified file identical with particular file types in public dish, first content comparison module 3 can read the storage content in specified file, and the storage in this content and specific file is compared, to distinguish whether the content of specified file and the content of specific file match.
In the time that the content of specified file and the content of specific file match, delete the specified file in public dish by specified file removing module 4, the number of times of cumulative malicious intrusions being hidden to dish by dump block 5 carries out zero clearing, and the public dish of opening device coils with hiding in computer.
Wherein, be to coil in order to prevent that equipment from automatically opening to hide in the time that connect computer next time the object of deleting the specified file in public dish by specified file removing module.
In the time only storing multiple specified file identical with particular file types in public dish, first content comparison module 3 can read the storage content in each specified file, and the storage in this content and specific file is compared, to distinguish whether the content of specified file and the content of specific file match.
In multiple specified files, as long as while having the content of a specified file and the content of specific file to match, without remaining specified file being read and mating.Delete the specified file in public dish by specified file removing module 4, the number of times of cumulative malicious intrusions being hidden to dish by dump block 5 carries out zero clearing, and the public dish of opening device coils with hiding in computer.
In the time that the content of the specified file in public dish and the content of specific file are not mated, the illegal operation that system identification is this time operating as malicious intrusions hides dish, and by accumulator module 6 to the record that adds up of the number of times of this illegal operation.Accumulator module, after completing the cumulative operation of illegal operation, obtains accumulative frequency numerical value at every turn.
Because system is when the initialization, just accumulative frequency higher limit system being specified is set, the accumulative frequency higher limit that number of times comparison module 7 specifies the accumulative frequency numerical value drawing after accumulator module statistics and system compares, to distinguish whether accumulative frequency numerical value reaches accumulative frequency higher limit.If distinguish, result is that accumulative frequency numerical value does not reach accumulative frequency higher limit, the public dish of equipment opening device in computer.
In the time that accumulative frequency numerical value does not reach accumulative frequency higher limit, file system removing module 8 sweep equipments are hidden the information in PanFAT district, make to hide cannot be read in dish.
Because the information in hiding PanFAT district is deleted, therefore, equipment also cannot be used, thereby avoid data or the information of hiding storage in dish illegally to be read.
Only as described above, be only preferred embodiment of the present invention, such as professional who are familiar with this art.After understanding technological means of the present invention, natural energy, according to actual needs, is changed under instruction of the present invention.Therefore all equal variation and modifications of doing according to the present patent application the scope of the claims, once should still remain within the scope of the patent.
Claims (7)
1. the self-destruction means of defence during by malicious intrusions based on file system, comprises the following steps:
In the time that the content of specified file in public dish is not mated with the content in specific file, malicious intrusions is hidden to the number of times coiling and add up, hide dish and public dish otherwise open;
The number of times of hiding dish when malicious intrusions reaches in limited time, deletes the file system of hiding dish, makes to hide cannot be read in dish.
According to claim 1 based on file system the self-destruction means of defence during by malicious intrusions, it is characterized in that, the concrete steps of said method are as follows:
In the time that equipment and computer connect, in the public dish of checkout equipment, whether store the specified file that particular file types is identical;
In the time storing specified file afterwards after testing in public dish, judge whether the content in this specified file mates with the content in specific file, otherwise the public dish of computer opening device, and show the storage content in public dish;
In the time that the content in specified file is not mated with the content in specific file, start that malicious intrusions is hidden to the number of times coiling and add up, otherwise delete specified file, malicious intrusions to be hidden to the number of times of dish and removed, dish and public dish are hidden in unlatching;
When the accumulative frequency of hiding dish when malicious intrusions reaches the accumulative frequency higher limit that file system specify, delete the information of hiding in PanFAT district, make to hide cannot be read in coiling, otherwise the public dish that computer can only opening device.
According to claim 1 and 2 based on file system the self-destruction means of defence during by malicious intrusions, it is characterized in that, the form of described specified file and described specific file is * .key form.
4. a device that implements the claims self-destruction means of defence in 2, is characterized in that, comprising:
File type detection module, for detection of the type of the specified file of storing in the public dish of equipment;
Content comparison module, for reading the storage content of specified file, and compares the storage in this content and specific file, to distinguish whether the content of specified file and the content of specific file match;
Accumulator module, in the time that the content of specified file and the content of specific file are not mated, adds up for the number of times of malicious intrusions being hidden to dish;
Number of times comparison module, compares for accumulative frequency and the accumulative frequency that specifies of system of malicious intrusions being hidden to dish, to distinguish whether accumulative frequency reaches the accumulative frequency upper limit;
File system removing module, when whether accumulative frequency reaches on accumulative frequency prescribes a time limit, and for deleting the information of hiding PanFAT district, makes to hide cannot be read in dish.
5. device according to claim 4, it is characterized in that, also comprise specified file removing module and dump block, described specified file removing module, in the time that the content of specified file and the content of specific file match, for deleting the specified file of public dish;
Described dump block, carries out zero clearing for the number of times of cumulative malicious intrusions being hidden to dish.
6. whether device according to claim 5, is characterized in that, also comprises equipment Inspection module, for detection of establishing a connection between equipment and computer.
7. according to arbitrary described device in claim 4 to 6, it is characterized in that, the form of described specified file and described specific file is * .key form.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410146641.8A CN103942293A (en) | 2014-04-11 | 2014-04-11 | Self-destroying protection method based on malicious invasion of file system and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410146641.8A CN103942293A (en) | 2014-04-11 | 2014-04-11 | Self-destroying protection method based on malicious invasion of file system and device thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103942293A true CN103942293A (en) | 2014-07-23 |
Family
ID=51189961
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410146641.8A Pending CN103942293A (en) | 2014-04-11 | 2014-04-11 | Self-destroying protection method based on malicious invasion of file system and device thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103942293A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105610769A (en) * | 2014-11-25 | 2016-05-25 | 阿里巴巴集团控股有限公司 | Method, device and system for information leakage prevention |
| CN106209740A (en) * | 2015-05-07 | 2016-12-07 | 北京怡诚科训技术发展有限公司 | The safe transmission method of data and device |
| CN107588766A (en) * | 2017-09-15 | 2018-01-16 | 南京轩世琪源软件科技有限公司 | A kind of indoor orientation method based on radio area network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216872A (en) * | 2008-01-17 | 2008-07-09 | 四川大学 | A database self-destruction method |
| US20080229428A1 (en) * | 2005-03-07 | 2008-09-18 | Noam Camiel | System and Method For a Dynamic Policies Enforced File System For a Data Storage Device |
| CN102622551A (en) * | 2012-04-11 | 2012-08-01 | 无锡华御信息技术有限公司 | File safety protection method |
| CN103488951A (en) * | 2013-09-24 | 2014-01-01 | 长沙裕邦软件开发有限公司 | File protection method and system based on cloud storage |
-
2014
- 2014-04-11 CN CN201410146641.8A patent/CN103942293A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080229428A1 (en) * | 2005-03-07 | 2008-09-18 | Noam Camiel | System and Method For a Dynamic Policies Enforced File System For a Data Storage Device |
| CN101216872A (en) * | 2008-01-17 | 2008-07-09 | 四川大学 | A database self-destruction method |
| CN102622551A (en) * | 2012-04-11 | 2012-08-01 | 无锡华御信息技术有限公司 | File safety protection method |
| CN103488951A (en) * | 2013-09-24 | 2014-01-01 | 长沙裕邦软件开发有限公司 | File protection method and system based on cloud storage |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105610769A (en) * | 2014-11-25 | 2016-05-25 | 阿里巴巴集团控股有限公司 | Method, device and system for information leakage prevention |
| CN105610769B (en) * | 2014-11-25 | 2019-07-05 | 阿里巴巴集团控股有限公司 | Method, equipment and the system of anti-information leakage |
| CN106209740A (en) * | 2015-05-07 | 2016-12-07 | 北京怡诚科训技术发展有限公司 | The safe transmission method of data and device |
| CN106209740B (en) * | 2015-05-07 | 2021-09-03 | 北京怡诚科训技术发展有限公司 | Method and device for safely transmitting data |
| CN107588766A (en) * | 2017-09-15 | 2018-01-16 | 南京轩世琪源软件科技有限公司 | A kind of indoor orientation method based on radio area network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104317668A (en) | Malicious operation identifying method and device for mobile terminal | |
| CN105718795A (en) | Malicious code evidence obtaining method and system on the basis of feature code under Linux | |
| KR102180098B1 (en) | A malware detecting system performing monitoring of malware and controlling a device of user | |
| CN104463313A (en) | Ultrahigh frequency electronic tag with anti-dismantling protection function and anti-dismantling protection method | |
| CN105320867A (en) | Electronic device and print identification method | |
| CN109496292A (en) | A kind of disk management method, disk management device and electronic equipment | |
| CN104217162A (en) | Method and system for detecting malicious software in smart terminal | |
| CN104751086A (en) | Terminal anti-theft method | |
| CN103942293A (en) | Self-destroying protection method based on malicious invasion of file system and device thereof | |
| CN102149074A (en) | Method and device for locking or unlocking terminal and intelligent card | |
| CN103034810B (en) | A kind of detection method, device and electronic equipment | |
| CN105550573B (en) | The method and apparatus for intercepting bundled software | |
| CN106778160A (en) | Data item display methods and device | |
| CN103246846A (en) | Method and device for detecting safety of customized ROM (read only memory) | |
| CN107330068A (en) | A kind of document handling method and electronic equipment | |
| CN109472140B (en) | Method and system for preventing lasso software encryption based on window header verification | |
| CN113656220A (en) | PLC data baseline recovery method and device and computer storage medium | |
| CN110633585B (en) | Hard disk locking and unlocking method, device, equipment and readable storage medium | |
| CN103984902B (en) | A kind of recognition methods of newly-increased data assets and system | |
| CN103699838A (en) | Identification method and equipment of viruses | |
| CN111191234B (en) | Virus information detection method and device | |
| CN104036199B (en) | Disk private data residual leak detection method for android system | |
| CN109670337B (en) | Detection method and device | |
| CN103312792B (en) | The method and system of file are read from external storage equipment | |
| CN107085685B (en) | Operation method of platform data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Yao Wei Inventor after: Wan Hongyu Inventor before: Yao Wei Inventor before: Tang Qiaoti Inventor before: Wan Hongyu |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: YAO WEI TANG QIAOTI WAN HONGYU TO: YAO WEI WAN HONGYU |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140723 |