CN104063669A - Method for monitoring file integrity in real time - Google Patents
Method for monitoring file integrity in real time Download PDFInfo
- Publication number
- CN104063669A CN104063669A CN201410291192.6A CN201410291192A CN104063669A CN 104063669 A CN104063669 A CN 104063669A CN 201410291192 A CN201410291192 A CN 201410291192A CN 104063669 A CN104063669 A CN 104063669A
- Authority
- CN
- China
- Prior art keywords
- file
- integrality
- real
- checker
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for monitoring file integrity in real time. The method is specifically implemented through the following steps: setting a file operation monitor, a file integrity calibrator and a file original information library; finding actions leading to property and content changes of a file and a catalog carried out by a user and a process by using the file operation monitor according to a file operation monitoring rule; triggering the file integrity calibrator through the file operation monitor; judging the file integrity through the file integrity calibrator by comparing properties and Hash values before and after operation of the file by the user and the process. Compared with the prior art, the method for monitoring file integrity in real time has the advantages that the security of a server file can be found in time, only manual monitoring of the monitor is needed in an entire process, labor force is saved and the maintenance cost is reduced, along with high practicability and easiness in popularization.
Description
Technical field
The present invention relates to computer information safety technique field, specifically a kind of method of practical, Real-Time Monitoring file integrality.
Background technology
Database server is actually the basis of each electronic transaction, finance and Enterprise Resources Planning (ERP) system, and it also often comprises the sensitive information from business parnter and client.Many factors all may be destroyed the integrality of data and cause unauthorized access, these factors comprise that complexity, cipher safety are poor, mismatch put, the mandatory conventional of unperceived system backdoor and adaptive databases safety method used etc.
Owing to being stored in the vital documents such as configuration file on server, script, webpage, can suffer that hacker, internal staff's malice distorts, cause wooden horse, poisoning intrusion in operating system, file is by internal staff's malicious modification, in order to provide safe and reliable service to user, we must guarantee the integrality of file, and file integrity detection is also the last line of defense of operating system security.
In the prior art, we need manually, regularly file integrality are detected.Under actual environment, the system in production status, can suffer assault at any time, such as uploading wooden horse, delete vital document, revise the operations such as webpage, configuration file, at this moment need us can find automatically in time the alteration of file, take next step remedial measures.The integrality that detects the so in real time file condition that necessitates.But existing manual timing testing process is comparatively loaded down with trivial details, and waste of manpower resource, the integrality that cannot accomplish to detect in real time file cannot effectively guarantee the security of server data.
The security risk facing in order to solve above-mentioned server, now provides a kind of method of Real-Time Monitoring file integrality.
Summary of the invention
Technical assignment of the present invention is to solve the deficiencies in the prior art, provides a kind of and according to file operation supervision rule, in real time file is carried out to the method that completeness check is realized Real-Time Monitoring file integrality by file operation monitor.
Technical scheme of the present invention realizes in the following manner, and the method for this kind of Real-Time Monitoring file integrality comprises file operation monitor, file integrality checker, and its specific implementation process is as described below:
One, application program is carried out corresponding operating by file operation system call file and to file;
When two, application program finishes file operation and when file operation finishes to return, file operation monitor is found the operation that application program is carried out file, real time monitoring is to the operation of application program to file, the supervision here refers to that real-time discovery user, process cause the action of attribute, content change to file and catalogue, the action that described attribute, content change refers to revised file type, revised file authority, deletes whole file, revised file title, to interpolation in file, deletion, revised context;
Three,, by file operation monitor triggers file integrality checker, file integrality checker is judged file integrality by comparison document by attribute, cryptographic hash before and after user, process operation.
Described file operation monitors that rule comprises: coordinate file operation monitor to find monitoring range, Monitoring Files and the directory listing of file operation, file operation monitor is monitored according to opereating specification, the supervision list that obtains.
Further, described file integrality checker is found to trigger and start after file is operated at file operation monitor.
The file initial information of described file integrality checker comparison is stored in file raw information storehouse, and this initial information comprises: file type, file permission, file owner, file cryptographic hash.
The course of work of described file integrality checker is: initial file type, file permission, file owner, the file cryptographic hash information of inquiry file from file raw information storehouse, next generates current file type, file permission, file owner, file cryptographic hash information, initial information and current information are compared to judgement file integrality.
The beneficial effect that the present invention compared with prior art produced is:
The method of a kind of Real-Time Monitoring file integrality of the present invention is by file operation monitor, in application program, find the operation to file during to file operation release, at this moment circular document completeness check device carries out file integrality verification, reached the object of real-time detection file integrality, discovery server file safety whether in time, whole process only needs manually to inspect monitor, save human resources, reduce maintenance cost, practical, be easy to promote.
Accompanying drawing explanation
Accompanying drawing 1 is the schematic diagram of realizing of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the method for a kind of Real-Time Monitoring file integrality of the present invention is described in detail below.
The invention provides a kind of method of real-time detection file integrality, by file operation monitor, in application program, find the operation to file during to file operation release, at this moment circular document completeness check device carries out file integrality verification, has reached the object of real-time detection file integrality.Further, as shown in Figure 1, the method comprises file operation monitor, file integrality checker, file raw information storehouse, wherein:
File operation monitor, for finding the operation of application program to file, when application program to file or catalogue modify file type, revised file authority, delete whole file, revised file title, during to interpolation in file, deletion, revised context operation, first by system call, file is operated accordingly, when application program finishes file operation, and file operation is while finishing to return, file operation monitor can be found the operation that application program is carried out file, and real time monitoring is to the operation of application program to file.
File integrality checker, initial file type, authority, owner, the cryptographic hash information of inquiry file from file raw information storehouse, next generates current file type, authority, owner, cryptographic hash information, initial information and current information is compared to judgement file integrality.
File raw information storehouse, for preserving the initial file type of file, authority, owner, cryptographic hash.
Based on the said equipment, its specific implementation process is as described below:
One, application program is carried out corresponding operating by file operation system call file and to file;
When two, application program finishes file operation and when file operation finishes to return, file operation monitor is found the operation that application program is carried out file, real time monitoring is to the operation of application program to file, the supervision here refers to that real-time discovery user, process cause the action of attribute, content change to file and catalogue, the action that described attribute, content change refers to revised file type, revised file authority, deletes whole file, revised file title, to interpolation in file, deletion, revised context;
Three,, by file operation monitor triggers file integrality checker, file integrality checker is judged file integrality by comparison document by attribute, cryptographic hash before and after user, process operation.
Described file operation monitors that rule comprises: coordinate file operation monitor to find monitoring range, Monitoring Files and the directory listing of file operation, file operation monitor is monitored according to opereating specification, the supervision list that obtains.
Described file integrality checker is found to trigger and start after file is operated at file operation monitor.
The file initial information of described file integrality checker comparison is stored in file raw information storehouse, and this initial information comprises: file type, file permission, file owner, file cryptographic hash.
The course of work of described file integrality checker is: initial file type, file permission, file owner, the file cryptographic hash information of inquiry file from file raw information storehouse, next generates current file type, file permission, file owner, file cryptographic hash information, initial information and current information are compared to judgement file integrality.
In said method, by file operation monitor, find the operation to file in application program during to file operation release, at this moment circular document completeness check device carries out file integrality verification, has reached the object of real-time detection file integrality.
Above embodiment is only for illustrating the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (5)
1. a method for Real-Time Monitoring file integrality, is characterized in that comprising file operation monitor, file integrality checker, and its specific implementation process is as described below:
One, application program is carried out corresponding operating by file operation system call file and to file;
When two, application program finishes file operation and when file operation finishes to return, file operation monitor is found the operation that application program is carried out file, real time monitoring is to the operation of application program to file, the supervision here refers to that real-time discovery user, process cause the action of attribute, content change to file and catalogue, the action that described attribute, content change refers to revised file type, revised file authority, deletes whole file, revised file title, to interpolation in file, deletion, revised context;
Three,, by file operation monitor triggers file integrality checker, file integrality checker is judged file integrality by comparison document by attribute, cryptographic hash before and after user, process operation.
2. the method for a kind of Real-Time Monitoring file integrality according to claim 1, it is characterized in that: described file operation monitors that rule comprises: coordinate file operation monitor to find monitoring range, Monitoring Files and the directory listing of file operation, file operation monitor is monitored according to opereating specification, the supervision list that obtains.
3. the method for a kind of Real-Time Monitoring file integrality according to claim 1, is characterized in that: described file integrality checker is found to trigger and start after file is operated at file operation monitor.
4. the method for a kind of Real-Time Monitoring file integrality according to claim 3, it is characterized in that: the file initial information of described file integrality checker comparison is stored in file raw information storehouse, and this initial information comprises: file type, file permission, file owner, file cryptographic hash.
5. the method for a kind of Real-Time Monitoring file integrality according to claim 4, it is characterized in that: the course of work of described file integrality checker is: initial file type, file permission, file owner, the file cryptographic hash information of inquiry file from file raw information storehouse, next generates current file type, file permission, file owner, file cryptographic hash information, initial information and current information are compared to judgement file integrality.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410291192.6A CN104063669A (en) | 2014-06-26 | 2014-06-26 | Method for monitoring file integrity in real time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410291192.6A CN104063669A (en) | 2014-06-26 | 2014-06-26 | Method for monitoring file integrity in real time |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104063669A true CN104063669A (en) | 2014-09-24 |
Family
ID=51551376
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410291192.6A Pending CN104063669A (en) | 2014-06-26 | 2014-06-26 | Method for monitoring file integrity in real time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104063669A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105828017A (en) * | 2015-10-20 | 2016-08-03 | 广东亿迅科技有限公司 | Cloud storage access system and method for video conferences |
| CN106330966A (en) * | 2016-10-24 | 2017-01-11 | 福建中金在线信息科技有限公司 | Detection method and device for firewall configuration files |
| CN106682504A (en) * | 2015-11-06 | 2017-05-17 | 珠海市君天电子科技有限公司 | Method and device for preventing file from being maliciously edited and electronic equipment |
| CN107609423A (en) * | 2017-10-19 | 2018-01-19 | 南京大学 | File system integrity remote certification method based on state |
| CN107729755A (en) * | 2017-09-28 | 2018-02-23 | 努比亚技术有限公司 | A kind of terminal safety management method, terminal and computer-readable recording medium |
| CN110457953A (en) * | 2019-07-26 | 2019-11-15 | 中国银行股份有限公司 | A kind of detection method and device of file integrality |
| CN110909394A (en) * | 2019-11-24 | 2020-03-24 | 苏州浪潮智能科技有限公司 | Configuration file monitoring method of server |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101593259A (en) * | 2009-06-29 | 2009-12-02 | 北京航空航天大学 | software integrity verification method and system |
| CN102930185A (en) * | 2012-11-28 | 2013-02-13 | 中国人民解放军国防科学技术大学 | Method and device for verifying integrity of security critical data of program in process of running |
| CN103365766A (en) * | 2012-03-31 | 2013-10-23 | 京信通信系统(中国)有限公司 | Method and system for protecting file integrity |
| CN103593617A (en) * | 2013-10-27 | 2014-02-19 | 西安电子科技大学 | Software integrity verifying system and method based on VMM (virtual machine monitor) |
-
2014
- 2014-06-26 CN CN201410291192.6A patent/CN104063669A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101593259A (en) * | 2009-06-29 | 2009-12-02 | 北京航空航天大学 | software integrity verification method and system |
| CN103365766A (en) * | 2012-03-31 | 2013-10-23 | 京信通信系统(中国)有限公司 | Method and system for protecting file integrity |
| CN102930185A (en) * | 2012-11-28 | 2013-02-13 | 中国人民解放军国防科学技术大学 | Method and device for verifying integrity of security critical data of program in process of running |
| CN103593617A (en) * | 2013-10-27 | 2014-02-19 | 西安电子科技大学 | Software integrity verifying system and method based on VMM (virtual machine monitor) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105828017A (en) * | 2015-10-20 | 2016-08-03 | 广东亿迅科技有限公司 | Cloud storage access system and method for video conferences |
| CN105828017B (en) * | 2015-10-20 | 2019-09-03 | 广东亿迅科技有限公司 | A kind of cloud storage access system and method towards video conference |
| CN106682504A (en) * | 2015-11-06 | 2017-05-17 | 珠海市君天电子科技有限公司 | Method and device for preventing file from being maliciously edited and electronic equipment |
| CN106682504B (en) * | 2015-11-06 | 2019-08-06 | 珠海豹趣科技有限公司 | A kind of method, apparatus for preventing file from maliciously being edited and electronic equipment |
| CN106330966A (en) * | 2016-10-24 | 2017-01-11 | 福建中金在线信息科技有限公司 | Detection method and device for firewall configuration files |
| CN107729755A (en) * | 2017-09-28 | 2018-02-23 | 努比亚技术有限公司 | A kind of terminal safety management method, terminal and computer-readable recording medium |
| CN107609423A (en) * | 2017-10-19 | 2018-01-19 | 南京大学 | File system integrity remote certification method based on state |
| CN110457953A (en) * | 2019-07-26 | 2019-11-15 | 中国银行股份有限公司 | A kind of detection method and device of file integrality |
| CN110457953B (en) * | 2019-07-26 | 2021-08-10 | 中国银行股份有限公司 | Method and device for detecting integrity of file |
| CN110909394A (en) * | 2019-11-24 | 2020-03-24 | 苏州浪潮智能科技有限公司 | Configuration file monitoring method of server |
| CN110909394B (en) * | 2019-11-24 | 2022-04-22 | 苏州浪潮智能科技有限公司 | Server configuration file monitoring method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11995186B2 (en) | Ransomware attack onset detection | |
| EP3502943B1 (en) | Method and system for generating cognitive security intelligence for detecting and preventing malwares | |
| US11768936B2 (en) | Anomaly-based ransomware detection for encrypted files | |
| CN104063669A (en) | Method for monitoring file integrity in real time | |
| US11113156B2 (en) | Automated ransomware identification and recovery | |
| US11645383B2 (en) | Early runtime detection and prevention of ransomware | |
| US8612398B2 (en) | Clean store for operating system and software recovery | |
| US8091127B2 (en) | Heuristic malware detection | |
| US8776236B2 (en) | System and method for providing storage device-based advanced persistent threat (APT) protection | |
| US9928373B2 (en) | Technique for data loss prevention for a cloud sync application | |
| US10417416B1 (en) | Methods and systems for detecting computer security threats | |
| CN110417718B (en) | Method, device, equipment and storage medium for processing risk data in website | |
| CN103473501B (en) | A kind of Malware method for tracing based on cloud security | |
| US10581876B2 (en) | Apparatus and methods thereof for inspecting events in a computerized environment respective of a unified index for granular access control | |
| EP3531324B1 (en) | Identification process for suspicious activity patterns based on ancestry relationship | |
| US10262139B2 (en) | System and method for detection and prevention of data breach and ransomware attacks | |
| CN103218561B (en) | Tamper-proof method and device for protecting browser | |
| CN103888480A (en) | Cloud monitoring based network information security identification method and cloud device | |
| CN116226865A (en) | Security detection method, device, server, medium and product of cloud native application | |
| KR20140071573A (en) | System capable of Providing Specialized Function for Host Terminal based Unix and Linux | |
| CN108040036A (en) | A kind of industry cloud Webshell safety protecting methods | |
| US20170171224A1 (en) | Method and System for Determining Initial Execution of an Attack | |
| CN105930740A (en) | Source tracing method during modification of software file, monitoring method and restoration method and system | |
| US9491193B2 (en) | System and method for antivirus protection | |
| CN104394176A (en) | Webshell prevention method based on mandatory access control mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140924 Application publication date: 20140924 |
|
| WD01 | Invention patent application deemed withdrawn after publication |