CN104679638A - Method and device for monitoring file based on file property matching degree - Google Patents
Method and device for monitoring file based on file property matching degree Download PDFInfo
- Publication number
- CN104679638A CN104679638A CN201310630814.9A CN201310630814A CN104679638A CN 104679638 A CN104679638 A CN 104679638A CN 201310630814 A CN201310630814 A CN 201310630814A CN 104679638 A CN104679638 A CN 104679638A
- Authority
- CN
- China
- Prior art keywords
- file
- matching degree
- monitoring
- property node
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for monitoring a file based on the file property matching degree. The method comprises the steps of setting a main key for the file; distributing a reference property node; setting the reference value of the reference property node; calculating the matching degree of the current value of the reference property node of the file and the reference value according to the monitoring time settings; alarming if the matching degree does not meet the preset requirement.
Description
Technical field
The present invention relates to network security, and particularly relate to the method and apparatus based on file attribute matching degree monitoring file.
Background technology
The plug-in polling technique of the anti-tamper usual employing of webpage of the prior art, this scheme to need from outside continuously and scans Web server file independently, thus will increase the load of Web server.
In order to improve webpage tamper-resistance techniques, need a kind of method and apparatus monitoring file, its can more efficient, easy-to-use, neatly file is monitored, and time cost and the space resources of monitoring can be reduced.
Summary of the invention
According to one object of the present invention, a kind of method based on file attribute matching degree monitoring file is disclosed, the method comprises: for file arranges major key, distributes benchmark attribute node and arrange the reference value of reference property node, arrange according to monitoring period, calculate the currency of this file reference property node and the matching degree of its reference value, when matching degree does not meet predetermined requirement, report to the police.
According to another object of the present invention, a kind of device based on file attribute matching degree monitoring file is disclosed, this device comprises: pretreatment unit, for arranging major key for file, distributing benchmark attribute node and arrange the reference value of reference property node, monitoring unit, for arranging according to monitoring period, calculate the currency of this file reference property node and the matching degree of its reference value, judging unit, for when matching degree does not meet predetermined requirement, reports to the police.
Another advantage of the present invention is, implements the load that the present invention can reduce monitoring server, improves the efficiency of poll.Another advantage of the present invention is, the present invention disposes simply, and can be monitored file content in real time by controlled scanning frequency (monitoring period frequency) and alarm mechanism, thus prevents from distorting.Also difficult point and the bottleneck of other two kinds of tamper-resistance techniques can well be avoided.Another advantage of the present invention is, by monitoring based on file attribute matching degree the dirigibility that file adds monitoring, carrying out selecting file attribute selectively in addition, adding the degree of freedom of monitoring.
Accompanying drawing explanation
After having read the specific embodiment of the present invention with reference to accompanying drawing, those skilled in the art will become apparent various aspects of the present invention.One skilled in the art will appreciate that these accompanying drawings only for coordinating embodiment that technical scheme of the present invention is described, and and be not intended to be construed as limiting protection scope of the present invention.
Fig. 1 is the step schematic diagram of the method based on file attribute matching degree monitoring file according to the embodiment of the present invention.
Fig. 2 is the illustrative view of functional configuration of the device based on file attribute matching degree monitoring file according to the embodiment of the present invention.
Embodiment
With reference to the accompanying drawings, the specific embodiment of the present invention is described in further detail.In the following description, in order to the object explained, state many details to provide the thorough understanding of the one or more aspects to embodiment.But, can it is evident that for those skilled in the art, the less degree of these details can come one or more aspects of practicing various embodiments.Therefore the description below is not regarded as circumscribed, but limits protection domain by claims.
Fig. 1 is the step schematic diagram of the method based on file attribute matching degree monitoring file according to the embodiment of the present invention.As shown in Figure 1, the method comprises the following steps:
Step 100: for file arranges major key, distributes benchmark attribute node and arrange the reference value of reference property node.Alternatively, this major key is the fullpath of file.Alternatively, the type of described reference property node is one or more in file permission, filemodetime, file owning user, file owning user group.Be understandable that, the type of other reference property node can also be selected.
In one example, for monitoring file directory, formed the internal memory list structure of the fullpath of one or more file as unique core major key, its reference property node is distributed for each internal memory chained list, preferably, be each peer distribution matching degree, for the result of calculation obtained in storing step 200, form one thus and store set, this set is as the foundation of monitoring file.
Step 200: arrange according to monitoring period, calculate the currency of this file reference property node and the matching degree of its reference value.Here, matching degree can be calculated according to certain supervision interval.In one example, if the currency of reference property node is identical with its reference value, then matching degree is 1, otherwise matching degree is 0.When matching degree is 0, then report to the police in step 300.Preferably, corresponding matching algorithm is taked to calculate matching degree according to the type of reference property node.Such as, in set, carrying out classification collect according to each core major key to its attribute node, is such as numeric type, character type, content type, time type, and according to every class custom-built query matching algorithm, and matching result is filled to the matching degree field of each node.
Step 300: when matching degree does not meet predetermined requirement, report to the police.In one example, alarm content and alert levels delimited according to matching degree.
Optional step 400(is also comprised not shown) according to the method for the embodiment of the present invention.In step 400, process according to warning, such as, can the file be tampered be isolated, recover.
Fig. 2 is the illustrative view of functional configuration of the device based on file attribute matching degree monitoring file according to the embodiment of the present invention.As shown in Figure 2, this device comprises pretreatment unit, monitoring unit, judging unit.Wherein, pretreatment unit is used for for file arranges major key, distribution benchmark attribute node and arrange the reference value of reference property node.Monitoring unit is used for arranging according to monitoring period, calculates the currency of this file reference property node and the matching degree of its reference value.Judging unit is used for reporting to the police when matching degree does not meet predetermined requirement.Preferably, this major key is the fullpath of file.Preferably, the type of described reference property node is the one or more of following item: file permission, filemodetime, file owning user, file owning user group.Preferably, described monitoring unit takes corresponding matching algorithm to calculate matching degree according to the type of reference property node.Optional processing unit (not shown in Fig. 2) is also comprised according to the device of the embodiment of the present invention.This unit processes according to warning, such as, can isolate the file be tampered, and recovers.
By the description of above embodiment, those skilled in the art can understand, and when without departing from the spirit and scope of the present invention, can also do various change and replacement to the specific embodiment of the present invention.These change and replace and all drop in claims of the present invention limited range.
Claims (8)
1., based on a method for file attribute matching degree monitoring file, it is characterized in that, the method comprises:
For file arranges major key, distributes benchmark attribute node and arrange the reference value of reference property node,
Arrange according to monitoring period, calculate the currency of this file reference property node and the matching degree of its reference value,
When matching degree does not meet predetermined requirement, report to the police.
2. the method for claim 1, is characterized in that,
This major key is the fullpath of file.
3. method as claimed in claim 2, is characterized in that,
The type of described reference property node is the one or more of following item:
File permission, filemodetime, file owning user, file owning user group.
4. method as claimed in claim 3, is characterized in that,
Corresponding matching algorithm is taked to calculate matching degree according to the type of reference property node.
5., based on a device for file attribute matching degree monitoring file, it is characterized in that, this device comprises:
Pretreatment unit, for arranging major key for file, distributing benchmark attribute node and arrange the reference value of reference property node,
Monitoring unit, for arranging according to monitoring period, calculates the currency of this file reference property node and the matching degree of its reference value,
Judging unit, for when matching degree does not meet predetermined requirement, reports to the police.
6. device as claimed in claim 5, is characterized in that,
This major key is the fullpath of file.
7. device as claimed in claim 6, is characterized in that,
The type of described reference property node is the one or more of following item:
File permission, filemodetime, file owning user, file owning user group.
8. device as claimed in claim 7, is characterized in that,
Described monitoring unit takes corresponding matching algorithm to calculate matching degree according to the type of reference property node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310630814.9A CN104679638A (en) | 2013-12-02 | 2013-12-02 | Method and device for monitoring file based on file property matching degree |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310630814.9A CN104679638A (en) | 2013-12-02 | 2013-12-02 | Method and device for monitoring file based on file property matching degree |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104679638A true CN104679638A (en) | 2015-06-03 |
Family
ID=53314723
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310630814.9A Pending CN104679638A (en) | 2013-12-02 | 2013-12-02 | Method and device for monitoring file based on file property matching degree |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104679638A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106022100A (en) * | 2016-05-17 | 2016-10-12 | 北京金山安全软件有限公司 | Method and device for intercepting installation of malicious program and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388033A (en) * | 2008-11-05 | 2009-03-18 | 山东中创软件工程股份有限公司 | File protection technology based on Windows system file altering event |
KR20090048998A (en) * | 2007-11-12 | 2009-05-15 | 주식회사 비즈모델라인 | System and method for alarming bad public opinion using keyword and recording medium |
US20100049784A1 (en) * | 2008-08-21 | 2010-02-25 | Ashish Khandelwal | System and method for web-based access relative to a document processing device |
CN102546253A (en) * | 2012-01-05 | 2012-07-04 | 中国联合网络通信集团有限公司 | Webpage tamper-resistant method, system and management server |
-
2013
- 2013-12-02 CN CN201310630814.9A patent/CN104679638A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090048998A (en) * | 2007-11-12 | 2009-05-15 | 주식회사 비즈모델라인 | System and method for alarming bad public opinion using keyword and recording medium |
US20100049784A1 (en) * | 2008-08-21 | 2010-02-25 | Ashish Khandelwal | System and method for web-based access relative to a document processing device |
CN101388033A (en) * | 2008-11-05 | 2009-03-18 | 山东中创软件工程股份有限公司 | File protection technology based on Windows system file altering event |
CN102546253A (en) * | 2012-01-05 | 2012-07-04 | 中国联合网络通信集团有限公司 | Webpage tamper-resistant method, system and management server |
Non-Patent Citations (1)
Title |
---|
张建华等: "受免疫原理启发的Web文件防篡改机制", 《计算机工程与应用》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106022100A (en) * | 2016-05-17 | 2016-10-12 | 北京金山安全软件有限公司 | Method and device for intercepting installation of malicious program and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210168175A1 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
Zhao et al. | A cloud computing security solution based on fully homomorphic encryption | |
Qin et al. | DDoS attack detection using flow entropy and clustering technique | |
US20240048596A1 (en) | Parametric analysis of integrated operational and information technology systems | |
CN103973663A (en) | Method and device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack | |
Han | Using a dynamic K-means algorithm to detect anomaly activities | |
CN104021195B (en) | Warning association analysis method based on knowledge base | |
CN104468631A (en) | Network intrusion identification method based on anomaly flow and black-white list library of IP terminal | |
CN101145841B (en) | A method for optical transmission network processing reporting alarming information | |
CN104880247A (en) | Combined alarming method for on-line monitoring system for rotary machinery | |
EP2951753A1 (en) | Targeted security alerts | |
CN104462121A (en) | Data processing method, device and system | |
CN104901962B (en) | A kind of detection method and device of web page attacks data | |
CN106326013A (en) | Disk quota management system and method for distributed file system | |
CN109408340A (en) | Store monitoring method, the storage medium of equipment | |
CN110868418A (en) | Threat information generation method and device | |
CN107329853A (en) | Backup method, standby system and the electronic equipment of data-base cluster | |
CN104679638A (en) | Method and device for monitoring file based on file property matching degree | |
Ali et al. | Practical hash-based anonymity for mac addresses | |
Rouf et al. | A hierarchical architecture for distributed security control of large scale systems | |
Kazmi et al. | Evaluation of trust management approaches in wireless sensor networks | |
CN105493096A (en) | Distributed pattern discovery | |
CN110954772A (en) | Electric vehicle identification method and device based on electric quantity | |
WO2020037634A1 (en) | Information monitoring system and method for industrial control device network, computer readable storage medium, and computer device | |
CN203827381U (en) | Novel network safety equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150603 |
|
RJ01 | Rejection of invention patent application after publication |