CN105631319A - Computer terminal control system and method based on network protection - Google Patents
Computer terminal control system and method based on network protection Download PDFInfo
- Publication number
- CN105631319A CN105631319A CN201410601178.1A CN201410601178A CN105631319A CN 105631319 A CN105631319 A CN 105631319A CN 201410601178 A CN201410601178 A CN 201410601178A CN 105631319 A CN105631319 A CN 105631319A
- Authority
- CN
- China
- Prior art keywords
- network event
- pid
- event
- network
- monitoring module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention discloses a computer terminal control system and method based on network protection. The method comprises specific steps of receiving a WINDOWS message; receiving a network event message sent from an SPI; determining whether a network event has a threat, if not, allowing the network event to pass, if yes, determining whether a network event PID is in a black list or a white list, if the network event PID is in the black list, inhibiting the network event PID, if the network event PID is in the white list, allowing the network event PID to pass, if the network event PID is not in the black list or the white list, determining whether the network event PID is in a pass linked list or an inhibit linked list, if the network event PID is in the inhibit linked list, inhibiting the network event PID, if the network event PID is in the pass linked list, allowing the network event PID to pass, if the network event PID is not in the pass linked list or the inhibit linked list, popping up a dialog box to show whether to inhibit the message, and allowing a user to select whether to inhibit the message; and storing a user selection result in the pass linked list, the inhibit linked list, the black list or the white list, and returning the selection result. Through adoption of the method, network events, read and write events and windows trigger events of all processes can be detected proactively, and the security of the computer terminal network can be improved.
Description
Technical field
The present invention relates to the terminal of a kind of protection Network Based and control system and method.
Background technology
Internet there is and develop rapidly the production to modern and life all brings unprecedented leap, it promote the extensive exchange of information, substantially increase work efficiency, enrich the cultural life of people. But, along with advancing by leaps and bounds of computer networking technology, the problem of network security is put in face of all types of user with having become increasingly conspicuous, and the security protection of network becomes the emphasis paid close attention to the most. Along with network security problem is day by day serious, network security product is taken seriously gradually. By being monitored realizing security protection to the network information. Such as correspondence with foreign country is set by the method forbidding particular port and prevents wooden horse; Or forbid the access from special website, thus prevent all communications from invader. The demand of network safety prevention is being continuously increased by current personal user, and Windows operating system is the most widely used PC operating system, and therefore how under Windows operating system, developing network safeguard function is particularly important. More existing security protection products all realize judging by analytical data bag, can not detect that trojan horse program is reading those files.
Summary of the invention
The present invention is to solve the deficiencies in the prior art, it is provided that the terminal of a kind of protection Network Based controls system and method, it is possible to all process network events of active detecting, read-write event and window trigger event, improve the safety of terminal network.
For solving above-mentioned technical problem, the terminal of a kind of protection Network Based provided by the invention controls system and method, adopts the following technical scheme that
The terminal of a kind of protection Network Based controls system, it is characterized in that, including including file read-write filtration drive module, network event monitoring module, toggle window event-monitoring module, black and white lists management module, process chained list real-time monitoring module and dangerous process monitoring module, process chained list real-time monitoring module respectively with file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module connect, dangerous process monitoring module manages module with black and white lists and is connected, file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module are connected with dangerous process monitoring module respectively,
File read-write filtration drive module is used for the read operation to file of the monitor in real time computer all processes, the filter operation system process operation to file simultaneously, and the type of system white list file, and record time of the PID of corresponding process, the path of operated file, operation, pass to Data firewall host process by WINDOWS message mechanism;
Network event monitoring module is for controlling network event, all processes in analysis process chained list by SPI detection, and the PID of the event of network operation occurred record;
Toggle window event-monitoring module is for safeguarding that dynamic link table is to detect, to update, to store the process of toggle window event in real time, and by WINDOWS message, the process PID and operating time that trigger keyboard mouse action event are recorded, is stored in a window PID chained list;
Black and white lists management module is for arranging white list by commonly used network program, it is to avoid monitoring, and danger process is arranged blacklist, and computer shield falls the all-network event of described dangerous process;
Process chained list real-time monitoring module is for the network event information of all of process, window operation information and file read-write information in real-time management, monitor task manager list;
File read-write filtration drive module adopts the WINDOWS file system filter driver based on Filemon to drive.
The terminal control method of a kind of protection Network Based, it is characterised in that comprise the steps:
S1: receive WINDOWS message;
S2: receive the SPI network event messages sent;
S3: judge whether described network event exists potential threat, if it is not, then let pass, if it is, go to step S4;
S4: judge that the PID of described network event is whether in black and white lists, if in blacklist, then stops, if in white list, then lets pass, if not in black and white lists, then go to step S5;
S5: judge that the PID of described network event is whether in stoping clearance chained list, if in stoping chained list, then stoped, if in clearance chained list, then let pass, if not in stoping clearance chained list, then going to step S6;
S6: pop-up dialogue box, displays whether prevention information, allows user choose whether to stop;
S7: user selects result be saved in prevention clearance chained list or black and white lists, and returns selection result.
Specifically, described step S3 also comprises the steps: whether detection current network event InfoPID exists potential threat power function; Cycling among windows operation PID chained list, it is judged that whether current network event InfoPID operated in the given time; If it is, judge that current network event InfoPID is legitimate network event, then let pass; If it is not, then cycling among windows operation PID chained list, it is judged that whether current network event InfoPID has read operation; If it is not, then judge that current network event InfoPID is legitimate network event, then let pass; If it is, judge that current network event InfoPID is abnormal PID, return current network event PID.
The terminal of a kind of protection Network Based provided by the invention controls system and method, event is triggered by all process network events of active detecting, read-write event and window, if finding all kinds of process event that non-native actively excites, screening can be analyzed, and according to certain inspection policies, differentiate its legitimacy, as illegal, then provide information at once, by the user decide whether clearance and allowing this process to run and transfer data information, otherwise just let pass, thus effectively preventing illegal network program stealing ownship information.
Accompanying drawing explanation
Fig. 1 is the structural representation of the terminal control system of the protection a kind of Network Based described in the embodiment of the present invention.
Fig. 2 is the step schematic diagram of the terminal control method of the protection a kind of Network Based described in the embodiment of the present invention.
Fig. 3 is the flow chart of the terminal control system of the protection a kind of Network Based described in the embodiment of the present invention.
Detailed description of the invention
The terminal of the protection Network Based embodiment of the present invention being supplied to below in conjunction with accompanying drawing controls system and method and is described in detail.
Such as Fig. 1, 2, shown in 3, the terminal of the protection a kind of Network Based that the embodiment of the present invention provides controls system, it is characterized in that, including including file read-write filtration drive module, network event monitoring module, toggle window event-monitoring module, black and white lists management module, process chained list real-time monitoring module and dangerous process monitoring module, process chained list real-time monitoring module respectively with file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module connect, dangerous process monitoring module manages module with black and white lists and is connected, file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module are connected with dangerous process monitoring module respectively,
File read-write filtration drive module is used for the read operation to file of the monitor in real time computer all processes, the filter operation system process operation to file simultaneously, and the type of system white list file, and record time of the PID of corresponding process, the path of operated file, operation, pass to Data firewall host process by WINDOWS message mechanism;
Network event monitoring module is for controlling network event, all processes in analysis process chained list by SPI detection, and the PID of the event of network operation occurred record;
Toggle window event-monitoring module is for safeguarding that dynamic link table is to detect, to update, to store the process of toggle window event in real time, and by WINDOWS message, the process PID and operating time that trigger keyboard mouse action event are recorded, is stored in a window PID chained list;
Black and white lists management module is for arranging white list by commonly used network program, it is to avoid monitoring, and danger process is arranged blacklist, and computer shield falls the all-network event of described dangerous process;
Process chained list real-time monitoring module is for the network event information of all of process, window operation information and file read-write information in real-time management, monitor task manager list;
File read-write filtration drive module adopts the WINDOWS file system filter driver based on Filemon to drive.
The terminal control method of a kind of protection Network Based, it is characterised in that comprise the steps:
S1: receive WINDOWS message;
S2: receive the SPI network event messages sent;
S3: judge whether described network event exists potential threat, if it is not, then let pass, if it is, go to step S4;
S4: judge that the PID of described network event is whether in black and white lists, if in blacklist, then stops, if in white list, then lets pass, if not in black and white lists, then go to step S5;
S5: judge that the PID of described network event is whether in stoping clearance chained list, if in stoping chained list, then stoped, if in clearance chained list, then let pass, if not in stoping clearance chained list, then going to step S6;
S6: pop-up dialogue box, displays whether prevention information, allows user choose whether to stop;
S7: user selects result be saved in prevention clearance chained list or black and white lists, and returns selection result.
Specifically, described step S3 also comprises the steps: whether detection current network event InfoPID exists potential threat power function; Cycling among windows operation PID chained list, it is judged that whether current network event InfoPID operated in the given time; If it is, judge that current network event InfoPID is legitimate network event, then let pass; If it is not, then cycling among windows operation PID chained list, it is judged that whether current network event InfoPID has read operation; If it is not, then judge that current network event InfoPID is legitimate network event, then let pass; If it is, judge that current network event InfoPID is abnormal PID, return current network event PID.
Comprehensively analyze by the rogue programs such as substantial amounts of wooden horse, virus are stolen network data behavior, it has been found that its main principle has following characteristic:
1, read, revise, delete user computer fileinfo, including: text, database file, picture, video file etc. store the file data of important encrypted message.
2, there is network to give out a contract for a project behavior, be based primarily upon the agreements such as TCP, UDP by resolving.
3, it is typically based on consistency operation, does not namely have window to eject; Or be stored in independent exe program, or it is injected in other processes with the form of DLL. According to the studies above, it is possible to by formulating each process in corresponding strategy Detection task manager in real time, analyze its behavior characteristics, it is judged that its danger classes, carry out decision-making being supplied to user, and assist user to stop the generation of risky operation.
Data safe global design thought: by detecting all process network events, read-write event, and window triggers event, according to certain strategy detection, analyze whether current process exists potential danger, inform user if dangerous, and be supplied to the corresponding solution of user.
Wherein, file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module are independent modules, and they are connected by process chained list real-time monitoring module, collaborative work. Manage based on module by process chained list real-time monitoring module and black and white lists, dangerous process monitoring module completion system function. Use information is passed to black and white lists management module by user, and information is passed to dangerous process monitoring module by black and white lists management module; Information is passed to file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module by process chained list real-time monitoring module, information is passed to dangerous process monitoring module by file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module, and dangerous process monitoring module collects and returns to user after analysis information.
File read-write filtration drive module is used for the read operation to file of the monitor in real time computer all processes, the filter operation system process operation to file simultaneously, and the type of system white list file, and record time of the PID of corresponding process, the path of operated file, operation, pass to Data firewall host process by WINDOWS message mechanism;
Network event monitoring module is for controlling network event, all processes in analysis process chained list by SPI detection, and the PID of the event of network operation occurred record;
Toggle window event-monitoring module is for safeguarding that dynamic link table is to detect, to update, to store the process of toggle window event in real time, and by WINDOWS message, the process PID and operating time that trigger keyboard mouse action event are recorded, is stored in a window PID chained list;
Black and white lists management module is for arranging white list by commonly used network program, it is to avoid monitoring, and danger process is arranged blacklist, and computer shield falls the all-network event of described dangerous process;
Process chained list real-time monitoring module is for the network event information of all of process, window operation information and file read-write information in real-time management, monitor task manager list;
The dangerous process monitoring module data message for collecting according to monitor in real time, real-time dynamic monitoring, discovery risky operation, and to the information alert of user's response, described process network operates to allow user determine whether.
File read-write filtration drive module adopts the WINDOWS file system filter driver based on Filemon to drive.
The specific works flow process of modules is detailed below.
1, file read-write filtration drive module
WINDOWS file system filter driver drives exploitation, can be used for hard disk reduction, anti-virus, the numerous areas such as file security protects, file encryption. This system adopts the WINDOWS file system filter driver based on Filemon to drive. The general architecture of Filemon is, in this driver, creates two kind equipment objects. One kind equipment object, for the exe interprogram communication corresponding with Filemon, to receive user's input information, such as mounts or monitors which subregion, if mount, if monitor, monitoring which kind of operation etc. This device object only creates one, in the entrance function of driver. This type of device object is commonly referred to as control device object, and has name, to facilitate application layer to communicate with operation. Equations of The Second Kind device object for be articulated to institute must the subregion of monitoring, such as c:, d: or e:, f:, in order to intercept and draw application layer to the reading performed by this subregion, write etc. and to operate. This type of device object for safety, name by general refusing, and can create one or more according to monitoring how many subregions.
File read-write filtering module adopts the WINDOWS file system filter driver based on Filemon to drive, the read operation to file of monitor in real time the machine all processes, the filter operation system process operation to file simultaneously, and the type of system white list file; And record the PID of corresponding process, the path of operated file, the information such as time of operation. Finally can pass to Data firewall host process by WINDOWS message mechanism.
2, network event monitoring module
Can detect control network event by SPI, for there is the logout its No. PID of network operation in all processes in analysis process list.
3, toggle window event-monitoring module
Safeguard that dynamic listing is used for the process of real-time detection, renewal, storage toggle window event. Main monitoring process is hung a global hook, for the operation of mouse all about in monitor in real time process list, the process of keyboard; Hook is actually a program segment processing message, is called by system, it is linked into system. Whenever specific message sends, before not arriving purpose window, hook program just first catches this message, and namely Hook Function first obtains control. At this moment Hook Function namely can processed (change) this message, it is also possible to does not deal with and continues to transmit this message, it is also possible to forces the transmission of end.
By WINDOWS message, record triggering mouse, the process PID of keyboard operation event, operating time etc., be stored in a window PID list. Master monitor passes through the information such as monitoring thread, real-time update process PID chained list, window display list, configuration file content; Window events linked list maintenance logic: often receive a window operation PID, its PID window operation list will be updated, first a time process PID chained list of traversal, it is judged that currentElement is whether in chained list, then replace former value in lists as deposited, otherwise add operation at list end.
4, black and white lists management module
User computer has many commodity network programs, in order to facilitate user to manage, does not affect the use of client's proper network program simultaneously. This system is provided with black and white lists management function, the network program that some is commonly used can be arranged white list, it is to avoid many unnecessary monitoring. On the other hand, can directly being arranged blacklist for some dangerous processes, system automatic shield falls this process all-network event, farthest protects the safety of user computer. This function is mainly through the configuration file of monitor in real time, amendment backstage, when there being first time dangerous process to be detected, mastery routine can eject prompting frame, and allows the user to choose whether this program that forever stops or let pass, and present procedure can be added in the middle of black and white lists. Which is hommization very, it is simple to domestic consumer uses. Meanwhile, project implementation personnel either directly through amendment configuration file, can also add black and white lists; Function is very flexible. Whenever mastery routine can detect this document in real time, the amendment to file, and mastery routine all can detect, and automatically performs corresponding strategy, it is not necessary to restarts mastery routine.
5, process list real-time monitoring module
The core operation of this system is to want the network event information of all of process, window operation information, file read-write information in real-time management, monitor task manager list, obtains the extremely important of these information just change in real time, exactly. This system manages three PID chained lists respectively mainly through three independent threads, it is achieved the monitor in real time to process. Process AfxCheckPidThread is used for all process essential informations that real time record updates, and records the progress information shown in list box in main interface. Thread RefreshDeleteRead is used for the data deleting in expired read operation chained list, it is ensured that the pid information in read-write chained list is all within the operation cycle allowed. Thread AfxRefreshThread real-time update keyboard, mouse action PID chained list, network event chained list. Thread AfxRefreshReadListThread is used for updating reading PID chained list.
6, dangerous process monitoring module
By the data message that monitor in real time is collected, this system has a set of intelligent strategy algorithm, real-time dynamic monitoring, finds risky operation, and to the information alert of user's response, for instance: the title of potential danger process, No. PID, process path, attribute information etc. Whether make a decision for user allows this process network to operate.
This monitoring module first passes through analyzes the process currently having network to give out a contract for a project, it is judged that in the time range allowed, whether (such as 1 minute) its window was operated; Without associative operation, then let pass immediately, otherwise continuing to determine whether to read the associative operation of native file, if operated, then letting pass immediately, otherwise namely can determine whether that this process is dangerous process, notify that this operation of user has potential danger immediately.
The terminal of a kind of protection Network Based provided by the invention controls system and method, event is triggered by all process network events of active detecting, read-write event and window, if finding all kinds of process event that non-native actively excites, screening can be analyzed, and according to certain inspection policies, differentiate its legitimacy, as illegal, then provide information at once, by the user decide whether clearance and allowing this process to run and transfer data information, otherwise just let pass, thus effectively preventing illegal network program stealing ownship information.
The above; being only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; change can be readily occurred in or replace, all should be encompassed within protection scope of the present invention. Therefore, protection scope of the present invention should described be as the criterion with scope of the claims.
Claims (3)
1. the terminal of a protection Network Based controls system, it is characterized in that, including including file read-write filtration drive module, network event monitoring module, toggle window event-monitoring module, black and white lists management module, process chained list real-time monitoring module and dangerous process monitoring module, process chained list real-time monitoring module respectively with file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module connect, dangerous process monitoring module manages module with black and white lists and is connected, file read-write filtration drive module, network event monitoring module and toggle window event-monitoring module are connected with dangerous process monitoring module respectively,
File read-write filtration drive module is used for the read operation to file of the monitor in real time computer all processes, the filter operation system process operation to file simultaneously, and the type of system white list file, and record time of the PID of corresponding process, the path of operated file, operation, pass to Data firewall host process by WINDOWS message mechanism;
Network event monitoring module is for controlling network event, all processes in analysis process chained list by SPI detection, and the PID of the event of network operation occurred record;
Toggle window event-monitoring module is for safeguarding that dynamic link table is to detect, to update, to store the process of toggle window event in real time, and by WINDOWS message, the process PID and operating time that trigger keyboard mouse action event are recorded, is stored in a window PID chained list;
Black and white lists management module is for arranging white list by commonly used network program, it is to avoid monitoring, and danger process is arranged blacklist, and computer shield falls the all-network event of described dangerous process;
Process chained list real-time monitoring module is for the network event information of all of process, window operation information and file read-write information in real-time management, monitor task manager list;
File read-write filtration drive module adopts the WINDOWS file system filter driver based on Filemon to drive.
2. the terminal control method of a protection Network Based, it is characterised in that comprise the steps:
S1: receive WINDOWS message;
S2: receive the SPI network event messages sent;
S3: judge whether described network event exists potential threat, if it is not, then let pass, if it is, go to step S4;
S4: judge that the PID of described network event is whether in black and white lists, if in blacklist, then stops, if in white list, then lets pass, if not in black and white lists, then go to step S5;
S5: judge that the PID of described network event is whether in stoping clearance chained list, if in stoping chained list, then stoped, if in clearance chained list, then let pass, if not in stoping clearance chained list, then going to step S6;
S6: pop-up dialogue box, displays whether prevention information, allows user choose whether to stop;
S7: user selects result be saved in prevention clearance chained list or black and white lists, and returns selection result.
3. the terminal control method of protection Network Based according to claim 2, it is characterised in that described step S3 also comprises the steps: whether detection current network event InfoPID exists potential threat power function; Cycling among windows operation PID chained list, it is judged that whether current network event InfoPID operated in the given time; If it is, judge that current network event InfoPID is legitimate network event, then let pass; If it is not, then cycling among windows operation PID chained list, it is judged that whether current network event InfoPID has read operation; If it is not, then judge that current network event InfoPID is legitimate network event, then let pass; If it is, judge that current network event InfoPID is abnormal PID, return current network event PID.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410601178.1A CN105631319A (en) | 2014-11-01 | 2014-11-01 | Computer terminal control system and method based on network protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410601178.1A CN105631319A (en) | 2014-11-01 | 2014-11-01 | Computer terminal control system and method based on network protection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105631319A true CN105631319A (en) | 2016-06-01 |
Family
ID=56046244
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410601178.1A Pending CN105631319A (en) | 2014-11-01 | 2014-11-01 | Computer terminal control system and method based on network protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105631319A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106250764A (en) * | 2016-08-04 | 2016-12-21 | 四川网格新通科技有限公司 | A kind of terminal control system |
| CN109150892A (en) * | 2018-09-07 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of method and system of intelligent protection portal management system user account |
| CN111709016A (en) * | 2020-08-20 | 2020-09-25 | 创智和宇信息技术股份有限公司 | Method and system for protecting basic medical insurance settlement data |
| CN113965349A (en) * | 2021-09-14 | 2022-01-21 | 上海纽盾科技股份有限公司 | Network security protection system and method with security detection function |
| CN114244631A (en) * | 2022-02-23 | 2022-03-25 | 北京安帝科技有限公司 | Computer network security protection method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102063588A (en) * | 2010-12-15 | 2011-05-18 | 北京北信源软件股份有限公司 | Control method and system for safety protection of computer terminal network |
-
2014
- 2014-11-01 CN CN201410601178.1A patent/CN105631319A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102063588A (en) * | 2010-12-15 | 2011-05-18 | 北京北信源软件股份有限公司 | Control method and system for safety protection of computer terminal network |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106250764A (en) * | 2016-08-04 | 2016-12-21 | 四川网格新通科技有限公司 | A kind of terminal control system |
| CN109150892A (en) * | 2018-09-07 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of method and system of intelligent protection portal management system user account |
| CN111709016A (en) * | 2020-08-20 | 2020-09-25 | 创智和宇信息技术股份有限公司 | Method and system for protecting basic medical insurance settlement data |
| CN113965349A (en) * | 2021-09-14 | 2022-01-21 | 上海纽盾科技股份有限公司 | Network security protection system and method with security detection function |
| CN114244631A (en) * | 2022-02-23 | 2022-03-25 | 北京安帝科技有限公司 | Computer network security protection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10530789B2 (en) | Alerting and tagging using a malware analysis platform for threat intelligence made actionable | |
| US10200389B2 (en) | Malware analysis platform for threat intelligence made actionable | |
| US7114183B1 (en) | Network adaptive baseline monitoring system and method | |
| US7530105B2 (en) | Tactical and strategic attack detection and prediction | |
| US6742128B1 (en) | Threat assessment orchestrator system and method | |
| CN105631319A (en) | Computer terminal control system and method based on network protection | |
| US9736182B1 (en) | Context-aware compromise assessment | |
| SA515360536B1 (en) | Method, device, and computer program for monitoring an industrial control system | |
| CN102063588A (en) | Control method and system for safety protection of computer terminal network | |
| JP2021060987A (en) | Method of data-efficient threat detection in computer network | |
| US20210037027A1 (en) | Malicious incident visualization | |
| CN103218561B (en) | Tamper-proof method and device for protecting browser | |
| US9961047B2 (en) | Network security management | |
| CN115758355A (en) | Lesojous software defense method and system based on fine-grained access control | |
| CN115904605A (en) | Software defense method and related equipment | |
| CN109743339A (en) | The network security monitoring method and device of electric power plant stand, computer equipment | |
| KR102311997B1 (en) | Apparatus and method for endpoint detection and response terminal based on artificial intelligence behavior analysis | |
| CN106250764A (en) | A kind of terminal control system | |
| CN116389148B (en) | Network security situation prediction system based on artificial intelligence | |
| EP3831031B1 (en) | Listen mode for application operation whitelisting mechanisms | |
| CN115086081B (en) | Escape prevention method and system for honeypots | |
| US20140222496A1 (en) | Determining cost and risk associated with assets of an information technology environment | |
| CN114584391B (en) | Method, device, equipment and storage medium for generating abnormal flow processing strategy | |
| US20220164892A1 (en) | Systems and methods for detecting and mitigating cyber security threats | |
| Patil et al. | E-Audit: Distinguishing and investigating suspicious events for APTs attack detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160601 |
|
| WD01 | Invention patent application deemed withdrawn after publication |