CN107609411A - A kind of system and method for intelligent monitoring classified document - Google Patents
A kind of system and method for intelligent monitoring classified document Download PDFInfo
- Publication number
- CN107609411A CN107609411A CN201710834982.8A CN201710834982A CN107609411A CN 107609411 A CN107609411 A CN 107609411A CN 201710834982 A CN201710834982 A CN 201710834982A CN 107609411 A CN107609411 A CN 107609411A
- Authority
- CN
- China
- Prior art keywords
- file
- changed
- user
- characteristic value
- classified document
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a kind of system of intelligent monitoring classified document, is related to classified document monitoring technology, the special file specified by Intelligent Measurement engine discovery user, if changed, performed or opened, and reported to user;Characteristic value by calculating specified file is carried out judging whether file is changed, if the current characteristic value of file and essential characteristic value are different, file is changed;For user when receiving the report of detection program, selection intercepts or let off means.Modification action of the dynamic sensing operating system of the present invention to classified document, improves detection efficiency, has been greatly saved personnel's energy;Judge whether file is changed using three kinds of AESs, improve and judge accurate rate and comprehensive;Freeze the modification to special file, wait user's processing, realize that rogue program attack intercepts, the protection for unknown virus has efficient interception result.The invention also discloses a kind of method of intelligent monitoring classified document.
Description
Technical field
The present invention relates to classified document monitoring technology, the system of specifically a kind of intelligent monitoring classified document and side
Method.
Background technology
In traditional security technology area, to the protection method of file, usually every detecting file for a period of time
MD5 values.If the MD5 of file is changed, then it represents that file is modified.The mode whether this detection file is changed,
Some scenes are a bit out-of-date, and effect in other words is restricted, and user can not have found that file is modified in real time.
In the judgment technology whether current file is changed, by checking whether its MD5 value changes, it usually needs
User regularly detects once daily, and checks testing result, operates very cumbersome, expends user's great effort and time.
Also, because the MD5 values of file are excessively single, it is impossible to comprehensively represent the state of file, thus accurately can not comprehensively examine
Survey the modification situation of file.
The content of the invention
Demand and weak point of the present invention for the development of current technology, there is provided a kind of system of intelligent monitoring classified document
And method.
A kind of system and method for intelligent monitoring classified document of the present invention, solves the technology that above-mentioned technical problem uses
Scheme is as follows:The method of the intelligent monitoring classified document, including:
Step 1)The special file that dynamic monitoring user specifies;
The special file state specified of tracking user, pass through Intelligent Measurement engine and find special file, if changed, perform or
Open, and report to user;
Step 2)Judge whether specified file is changed;
Characteristic value by calculating specified file carries out judging whether file is changed, if the current characteristic value of file and substantially special
Value indicative is different, then file is changed;
Step 3)Intelligent intercept;
For user when receiving the report of detection program, selection intercepts or let off means.
Further, the Intelligent Measurement engine is run in window, linux, embedded multiple system platforms, in real time monitoring
Go out the modification and change of system;The virus or network attack of unknown behavior are subjected to intelligent classification, and prevented, passes through actual mirror
Not, application behavior tracking is carried out according to user's universal experience.
Further, step 2)Carry out whether judging file by the shal values, sha256 values, MD5 values that calculate specified file
Changed, if the current characteristic value of file and essential characteristic value are inconsistent, file is changed, and otherwise file is not changed.
Further, step 3)Action is performed by monitor operating system, to analyze the behavior of application program, grasps operation
The action of system intercepts to attack in real time.
Further, in addition to step 4)Freeze file;
After the characteristic value of Intellisense to special file changes, temporarily freeze the modification to special file, and report to user
Accuse, wait user's processing.
A kind of system of intelligent monitoring classified document proposed by the present invention, including:
Monitoring modular, the special file specified for dynamic monitoring user;
The special file specified by Intelligent Measurement engine discovery user, if changed, performed or opened, and reported to use
Family;
Judge module, for judging whether specified file is changed;
Characteristic value by calculating specified file carries out judging whether file is changed, if the current characteristic value of file and substantially special
Value indicative is different, then file is changed;
Blocking module, when user is receiving the report of detection program, for selecting to intercept or let off means.
Further, the Intelligent Measurement engine is run in window, linux, embedded multiple system platforms, in real time monitoring
Go out the modification and change of system;The virus or network attack of unknown behavior are subjected to intelligent classification, and prevented, passes through actual mirror
Not, application behavior tracking is carried out according to user's universal experience.
Further, carry out judging whether file is changed by calculating the shal values, sha256 values, MD5 values of specified file,
If the current characteristic value of file and essential characteristic value are inconsistent, file is changed, and otherwise file is not changed.
Further, action is performed by monitor operating system, to analyze the behavior of application program, grasps operating system
Action intercepts to attack in real time.
Further, in addition to module is freezed;
After the characteristic value of Intellisense to special file changes, temporarily freeze the modification to special file, and report to user
Accuse, wait user's processing.
A kind of system and method for intelligent monitoring classified document of the present invention, the beneficial effect having compared with prior art
Fruit is:The present invention can be acted with modification of the dynamic sensing operating system to certain certain protection file, avoid traditional timing from detecting text
Part it is cumbersome, improve detection efficiency, be greatly saved personnel's energy;Characteristic value is calculated using three kinds of AESs, judges text
Whether part is changed, and more single algorithm, which improves, judges accurate rate and comprehensive;It can temporarily freeze to repair special file
Change, wait user's processing, many unknown virus and unknown attack can be prevented, rogue program attack can be achieved and intercept, for not
Knowing the protection of virus has efficient interception result, realizes the attack for the unknown virus that can not be prevented traditional virus base.
Brief description of the drawings
For the clearer explanation embodiment of the present invention or technology contents of the prior art, below to the embodiment of the present invention
Or required accompanying drawing does simple introduction in the prior art.It will be apparent that accompanying drawing disclosed below is only the one of the present invention
Section Example, to those skilled in the art, on the premise of not paying creative work, can also be attached according to these
Figure obtains other accompanying drawings, but within protection scope of the present invention.
Accompanying drawing 1 is the flow chart of the method for the intelligent monitoring classified document of embodiment 1.
Embodiment
For technical scheme, the technical problem solved and technique effect is more clearly understood, below in conjunction with tool
Body embodiment, technical scheme is checked, completely described, it is clear that described embodiment is only this hair
Bright part of the embodiment, rather than whole embodiments.Based on embodiments of the invention, those skilled in the art are not doing
All embodiments obtained on the premise of going out creative work, all within protection scope of the present invention.
Embodiment 1:
The present embodiment proposes a kind of method of intelligent monitoring classified document, and its implementation process includes:
Step 1)The special file that dynamic monitoring user specifies;
Specifically, the special file state that tracking user specifies, finds special file, if repaiied by Intelligent Measurement engine
Change, perform or open, and report to user.
Further, the Intelligent Measurement engine has the volume of light weight, and the resource that need to only use system seldom can be run, no
The too many resource of occupancy system is needed, the modification of system can be detected in real time.Intelligent Measurement engine can window, linux,
Run in multiple system platforms such as embedded, detect the modification and change of system in real time, there is professional platform independence, real-time.
Step 2)Judge whether specified file is changed;
Specifically, carry out judging whether file is changed by calculating the characteristic value of specified file, if the characteristic value that file is current
Different with essential characteristic value, then file is changed;If the current characteristic value of file as essential characteristic value, file not by
Modification.Essential characteristic value refers to that user is when setting protection file, to a characteristic value of the file collection protected.
Step 3)Intelligent intercept;
Specifically, user such as when receiving the report of detection program, can select to intercept or let off at the means.Traditional detection skill
Art, dynamic monitoring system change of program, under windows and linux can real-time monitor (RTM) behavior, installation, renewal
Or application program is unloaded, the program monitoring of operating system can be realized by the form of coding.Pass through monitor operating system
Action is performed, to analyze the behavior of application program, and then the action for grasping operating system intercepts to attack in real time.
Accompanying drawing 1 is the flow chart of the method for the intelligent monitoring classified document of embodiment 1, as shown in Figure 1, tracks file first
State, the file of Intelligent Measurement engine monitoring user's setting is opened, the characteristic value intellectual analysis of file is then set by calculating
Judge whether file is changed, action performed by monitor operating system, analyzes the type of action of application program, and report to
User, selected to let pass or prevented by user.
The present embodiment also proposed a kind of system of intelligent monitoring classified document, and its technology contents is supervised with the intelligence of embodiment 1
Control classified document method can with cross-referenced, including:
Monitoring modular, the special file specified for dynamic monitoring user;
Specifically, the special file that user specifies includes the classified document of user.Find that file is repaiied by Intelligent Measurement engine
Change, perform or open, and report to user.
Judge module, for judging whether specified file is changed;
Specifically, carry out judging whether file is changed by calculating the characteristic value of specified file, if the characteristic value that file is current
As essential characteristic value, then do not changed;If the current characteristic value of file and essential characteristic value are different, changed.
Blocking module, when user is receiving the report of detection program, for selecting to intercept or the means such as letting off;
Specifically, performing action by monitor operating system, to analyze the behavior of application program, and then operating system is grasped
Action intercepts to attack in real time.
Embodiment 2:
A kind of method for intelligent monitoring classified document that the present embodiment proposes, on the basis of embodiment 1, step 2)Middle increase is logical
The characteristic values such as the shal values, sha256 values, MD5 values of file are crossed the step of whether file is changed, and freeze file judged,
Its specific implementation process includes:
Step 1)The special file that dynamic monitoring user specifies;
Further, if the special file that user specifies is changed, performed, opened, Intelligent Measurement engine, it can be seen that and report to
User.The Intelligent Measurement engine, the virus or network attack of unknown behavior can be subjected to intelligent classification, and prevented, pass through reality
Border differentiates, application behavior tracking is carried out according to user's universal experience.
Step 2)Judge whether specified file is changed;
Specifically, the characteristic value such as shal values, sha256 values, MD5 values by calculating specified file judge file whether by
Modification, if file it is current characteristic value it is consistent with essential characteristic value, file is not changed, and otherwise specified file is changed.
In step 2)Middle to judge whether specified file is changed, compared with Example 1, embodiment 2 specifies text by calculating
Three characteristic values of part, and compared with the essential characteristic value of this document, to judge whether specified file is changed, add file
The specific factor of judgment of modification, improve the accuracy of file modification judgement.
Step 3)Intelligent intercept;
Specifically, when user is receiving the report of detection program, for selecting to intercept or the means such as letting off.
Step 4)Freeze file;
Further, after the characteristic value of Intellisense to special file changes, the modification to special file is temporarily freezed, and to
User report, user's processing is waited, many unknown virus and unknown attack can be prevented.Such as a unknown virus or hacker
Unauthorized access, the financial statement or other associated documents of user are changed, if user protects this file, above-mentioned action can be
The very first time is intercepted.The present invention will not interventional procedure system, will not insertion operation system kernel, will not be brought for operating system
Burden.
The present embodiment also proposed a kind of system of intelligent monitoring classified document, and its technology contents is supervised with the intelligence of embodiment 2
Control classified document method can with cross-referenced, including:
Monitoring modular, the special file specified for dynamic monitoring user;
Further, the special file specified by Intelligent Measurement engine discovery user, if changed, performed or opened, and reported
Accuse to user.The Intelligent Measurement engine such as can be modified at the action with dynamic sensing operating system to the file necessarily protected, no
As conventional art timing or the detection of not timing, relatively blindly, the present embodiment carries out the inspection of specific aim, high efficiency to special file
Survey.
Judge module, for judging whether specified file is changed;
Specifically, the characteristic value such as shal values, sha256, MD5 value by calculating specified file, carries out judging whether file is repaiied
Change, if file it is current characteristic value it is consistent with essential characteristic value, file is not changed, and otherwise specified file is changed.For
Special file employs more than three kinds AESs and carries out characteristic value value, is no longer single algorithm, improves file modification and sentence
Disconnected accuracy.
When judging whether specified file is changed, by characteristic values such as the shal values of calculation document, sha256, MD5 values,
And relatively whether judge file modification with essential characteristic value;But the present invention is not only limited to, by these characteristic values, pass through
Any one or two of these characteristic values, or the more features value by file, to judge scheme that whether file is changed,
The realization of the present invention is not influenceed, all within protection scope of the present invention.
Blocking module, when user is receiving the report of detection program, for selecting to intercept or the means such as letting off.
Freeze module, after the characteristic value of Intellisense to special file changes, temporarily freeze to repair special file
Change, and to user report, wait user's processing, many unknown virus and unknown attack can be prevented.
The system for the intelligent monitoring classified document that the present embodiment proposes, after file is modified to, can be reported in time
Which file of user will be to be modified, and user can select to intercept or let off these modifications action;When Intellisense arrives file
After characteristic value changes, the action being carrying out is freezed, while to this symptom states of customer report, user according to
The judgement of oneself decides whether to allow file this modification to act, for protection special file highly beneficial.It can be seen that this implementation
Example achievable rogue program attack intercepts, and the protection for unknown virus has an efficient interception result, traditional virus base without
The instrument that method prevents, it can also realize that unknown virus is attacked by the present embodiment.
Use above specific case is elaborated to the principle and embodiment of the present invention, and these embodiments are
It is used to help understand the core technology content of the present invention, the protection domain being not intended to limit the invention, technical side of the invention
Case is not restricted in above-mentioned embodiment.Based on the above-mentioned specific embodiment of the present invention, those skilled in the art
Under the premise without departing from the principles of the invention, to any improvement and modification made by the present invention, the special of the present invention should all be fallen into
Sharp protection domain.
Claims (10)
- A kind of 1. system of intelligent monitoring classified document, it is characterised in that including:Step 1)The special file that dynamic monitoring user specifies;The special file state specified of tracking user, by Intelligent Measurement engine find whether special file is changed, perform or Open, and report to user;Step 2)Judge whether specified file is changed;Characteristic value by calculating specified file carries out judging whether file is changed, if the current characteristic value of file and substantially special Value indicative is different, then file is changed;Step 3)Intelligent intercept;For user when receiving the report of detection program, selection intercepts or let off means.
- 2. a kind of system of intelligent monitoring classified document according to claim 1, it is characterised in that the Intelligent Measurement is drawn Hold up and run in window, linux, embedded multiple system platforms, detect the modification and change of system in real time;By non-knowing and doing For virus or network attack carry out intelligent classification, and prevent, by actual discriminating, application program row carried out according to user experience For tracking.
- A kind of 3. system of intelligent monitoring classified document according to claim 2, it is characterised in that the step 2)Pass through Shal values, sha256 values, the MD5 values for calculating specified file carry out judging whether file is changed, if the characteristic value that file is current Inconsistent with essential characteristic value, then file is changed, and otherwise file is not changed.
- 4. according to a kind of any system of intelligent monitoring classified document of claim 3, it is characterised in that the step 3) Action is performed by monitor operating system, to analyze the behavior of application program, grasps the action of operating system in real time to attack Intercepted.
- 5. a kind of system of intelligent monitoring classified document according to claim 4, it is characterised in that also including step 4)Freeze Complementary clause part;After the characteristic value of Intellisense to special file changes, temporarily freeze the modification to special file, and report to user Accuse, wait user's processing.
- A kind of 6. method of intelligent monitoring classified document, it is characterised in that including:Monitoring modular, the special file specified for dynamic monitoring user;The special file state specified of tracking user, by Intelligent Measurement engine find whether special file is changed, perform or Open, and report to user;Judge module, for judging whether specified file is changed;Characteristic value by calculating specified file carries out judging whether file is changed, if the current characteristic value of file and substantially special Value indicative is different, then file is changed;Blocking module, when user is receiving the report of detection program, for selecting to intercept or let off means.
- 7. a kind of method of intelligent monitoring classified document according to claim 6, it is characterised in that the Intelligent Measurement is drawn Hold up and run in window, linux, embedded multiple system platforms, detect the modification and change of system in real time;By non-knowing and doing For virus or network attack carry out intelligent classification, and prevent, by actual discriminating, application program row carried out according to user experience For tracking.
- 8. a kind of method of intelligent monitoring classified document according to claim 7, it is characterised in that specify text by calculating Shal values, sha256 values, the MD5 values of part carry out judging whether file is changed, if characteristic value and essential characteristic that file is current It is worth inconsistent, then file is changed, and otherwise file is not changed.
- 9. a kind of method of intelligent monitoring classified document according to claim 8, it is characterised in that pass through policer operation system System performs action, and to analyze the behavior of application program, the action for grasping operating system intercepts to attack in real time.
- 10. a kind of method of intelligent monitoring classified document according to claim 9, it is characterised in that also include freezing mould Block;After the characteristic value of Intellisense to special file changes, temporarily freeze the modification to special file, and report to user Accuse, wait user's processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710834982.8A CN107609411A (en) | 2017-09-15 | 2017-09-15 | A kind of system and method for intelligent monitoring classified document |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710834982.8A CN107609411A (en) | 2017-09-15 | 2017-09-15 | A kind of system and method for intelligent monitoring classified document |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107609411A true CN107609411A (en) | 2018-01-19 |
Family
ID=61060246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710834982.8A Pending CN107609411A (en) | 2017-09-15 | 2017-09-15 | A kind of system and method for intelligent monitoring classified document |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107609411A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109871359A (en) * | 2019-03-21 | 2019-06-11 | 国网福建省电力有限公司 | File watching system and method |
| CN113672997A (en) * | 2021-10-21 | 2021-11-19 | 统信软件技术有限公司 | File protection method, computing device and storage medium |
| CN114201370A (en) * | 2022-02-21 | 2022-03-18 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
| CN117634501A (en) * | 2024-01-23 | 2024-03-01 | 青岛理工大学 | Computer file confidentiality checking method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818823A (en) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | Computer protecting method based on programm behaviour analysis |
| CN101997832A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Safety monitoring device and method for supporting safety monitoring |
| CN104820801A (en) * | 2011-01-04 | 2015-08-05 | 北京奇虎科技有限公司 | Method and device for protecting specified application program |
-
2017
- 2017-09-15 CN CN201710834982.8A patent/CN107609411A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818823A (en) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | Computer protecting method based on programm behaviour analysis |
| CN101997832A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Safety monitoring device and method for supporting safety monitoring |
| CN104820801A (en) * | 2011-01-04 | 2015-08-05 | 北京奇虎科技有限公司 | Method and device for protecting specified application program |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109871359A (en) * | 2019-03-21 | 2019-06-11 | 国网福建省电力有限公司 | File watching system and method |
| CN113672997A (en) * | 2021-10-21 | 2021-11-19 | 统信软件技术有限公司 | File protection method, computing device and storage medium |
| CN114201370A (en) * | 2022-02-21 | 2022-03-18 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
| CN114201370B (en) * | 2022-02-21 | 2022-06-03 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
| CN117634501A (en) * | 2024-01-23 | 2024-03-01 | 青岛理工大学 | Computer file confidentiality checking method and system |
| CN117634501B (en) * | 2024-01-23 | 2024-06-04 | 青岛理工大学 | Computer file confidentiality checking method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102664875B (en) | Malicious code type detection method based on cloud mode | |
| CN107609411A (en) | A kind of system and method for intelligent monitoring classified document | |
| WO2016082284A1 (en) | Modbus tcp communication behaviour anomaly detection method based on ocsvm dual-profile model | |
| CN111669375B (en) | Online safety situation assessment method and system for power industrial control terminal | |
| CN110909811A (en) | OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system | |
| CN103905451B (en) | System and method for trapping network attack of embedded device of smart power grid | |
| CN109992969B (en) | Malicious file detection method and device and detection platform | |
| KR20160095856A (en) | System and method for detecting intrusion intelligently based on automatic detection of new attack type and update of attack type | |
| CN103905450A (en) | Smart power grid embedded device network detection assessment system and detection assessment method | |
| CN109167794B (en) | Attack detection method for network system security measurement | |
| CN112333128B (en) | Web attack behavior detection system based on self-encoder | |
| CN109257393A (en) | XSS attack defence method and device based on machine learning | |
| CN109391624A (en) | A kind of terminal access data exception detection method and device based on machine learning | |
| CN110881034A (en) | Computer network security system based on virtualization technology | |
| TWI717831B (en) | Attack path detection method, attack path detection system and non-transitory computer-readable medium | |
| Kistijantoro | Vitality based feature selection for intrusion detection | |
| KR20100073126A (en) | Apparatus and method for detecting malicious code using packed file properties | |
| CN105407096A (en) | Message data detection method based on stream management | |
| CN109639624A (en) | Lopsided data filtering method in a kind of Modbus Transmission Control Protocol fuzz testing | |
| CN114553591A (en) | Training method of random forest model, abnormal flow detection method and device | |
| CN114531283A (en) | Method, system, storage medium and terminal for measuring robustness of intrusion detection model | |
| CN108509796B (en) | Method for detecting risk and server | |
| CN110363002A (en) | A kind of intrusion detection method, device, equipment and readable storage medium storing program for executing | |
| CN111784404B (en) | Abnormal asset identification method based on behavior variable prediction | |
| CN109120600A (en) | A kind of LDoS rapid detection method based on flow frequency disribution feature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180119 |