CN108183920A - A kind of industrial control system malicious code defending system and its defence method - Google Patents
A kind of industrial control system malicious code defending system and its defence method Download PDFInfo
- Publication number
- CN108183920A CN108183920A CN201810063288.5A CN201810063288A CN108183920A CN 108183920 A CN108183920 A CN 108183920A CN 201810063288 A CN201810063288 A CN 201810063288A CN 108183920 A CN108183920 A CN 108183920A
- Authority
- CN
- China
- Prior art keywords
- module
- file
- move media
- white list
- malicious code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of industrial control system malicious code defending systems, including virus investigation engine modules, Anti- Virus Engine are called to complete malicious code identification;White list module is checked according to file white list library;Library upgraded module, local upgrade and online upgrading for virus base and white list library;Resource-area module, for the file download of the storage region of large capacity, upload, deletion;Carry area module, for USB flash disk carry, unloading;Isolated area module is for doubtful malicious code file download, upload, deletion;Authentication module, for user, user group management;Log audit module, for virus investigation daily record, operation log, white list daily record, the retrieval of file journalization, backup;Move media module, to the user by authentication and the readable of user group distribution move media, read-write, disabling permission.The present invention can improve the deficiencies in the prior art, improve the ability that malicious code is defendd in industrial control network.
Description
Technical field
The present invention relates to industrial control system Prevention-Security technical field, especially a kind of industrial control system malicious code
System of defense and its defence method.
Background technology
Industrial control system environment belongs to a kind of specific information-based application scenarios.A large amount of factory's missing malicious codes at present
Mean of defense.Part factory deploys the antivirus software of construction period configuration, since antivirus software company, industry control enterprise can not comment
Estimate influence of the new strategy to industrial host, therefore the antivirus software of industry control enterprise field deployment cannot carry out virus characteristic update.
The validity and promptness of antivirus software processing virus can not all ensure.Program white list software is a kind of to establish program white list
List, the software that non-white list Program is forbidden to perform.Program white list is prefixed the performance of program that operation performs.In real time
The execution entrance of hook procedure during defence judges the current program that performs whether in white list library, to perform preset behavior.But
It is that system kernel, which intercepts, to be needed in driving stage development function code.Code quality, system version, function compatibility etc., which can be brought, is
The problems such as system blue screen or industrial control system disabler.Industrial host can not receive such realization method bring it is not expectable
Property.Antivirus software realizes System hook under meeting many places, hooking system service call.And white list software can also be supervised in routine call, USB flash disk
The hooks such as control.Antivirus software, the white list software install, operated on industrial host is required for occupying industrial host limited
Cpu, memory source.And industrial host belongs to the particular device of allied industry control system, itself does not have excessive resource.
Existing items technology, is all that malicious code defending is carried out on industrial host.Resource is few in the configuration of industrial host, stability will
It asks under high requirement, the contradiction of promptness, validity and stability that virus excludes in real time can not be solved.
Invention content
The technical problem to be solved in the present invention is to provide a kind of industrial control system malicious code defending system and its defence
Method can solve the deficiencies in the prior art, improve the ability that malicious code is defendd in industrial control network.
In order to solve the above technical problems, the technical solution used in the present invention is as follows.
A kind of industrial control system malicious code defending system, including,
Virus investigation engine modules call Anti- Virus Engine to complete the identification of the malicious codes such as virus, wooden horse;
White list module is checked in real time according to file white list library;
Library upgraded module, local upgrade and online upgrading for virus base and white list library;
Resource-area module, for the file download of the storage region of large capacity, upload, deletion;
Carry area module, for USB flash disk carry, unloading;
Isolated area module is for doubtful malicious code file download, upload, deletion;
Authentication module, for user, user group management;
Log audit module, for the retrieving of the information such as virus investigation daily record, operation log, white list daily record, file journalization, standby
Part;
Move media module, to the user by authentication and the readable of user group distribution move media, read-write, disabling
Etc. permissions.
A kind of defence method of above-mentioned industrial control system malicious code defending system, includes the following steps:
A, the use of move media is authorized;
B, it is on the defensive to the process that move media is used to swap file;
C, the process that file is swapped to industrial Intranet is on the defensive.
Preferably, in step A, including,
A1, authentication module establish user and the user group using industrial control system malicious code defending system;
A2, judge whether user is needed using move media in industrial environment, if you do not need to then terminating, if necessary
Go to step A3;
A3, move media is inserted into industrial control system malicious code defending system;
A4, move media module, which calculate, obtains move media mark, and mark has uniqueness;
A5, move media module judge that current move media is identified whether in mapping table, if going to step if
Rapid A2, if not going to step A6 if;
A6, move media module obtain user or the group that current move media needs assign, and establish designated user or group
With the correspondence of current move media, step A2 is gone to;
A7, log audit module record above-mentioned each portion's operation, provide the inquiry audit of operation.
Preferably, in step B, including,
Move media is inserted into industrial control system malicious code defending system by B1, user;
B2, move media module obtain the mark of move media, and judge whether user licenses move media, if
With no authorized then exits, and step B3 is gone to if authorizing;
Move media is mounted to carry area module, the move media that system identification is currently inserted by B3, move media module;
B4, white list module calculate the hashed value of file in move media, and judge whether in system white list library, such as
Fruit is then going to step B8, if not going to step B5 if;
B5, virus investigation engine modules call Anti- Virus Engine to complete file virus investigation, and step is gone to if current file is contaminated
B6 goes to step B7 if current file safety;
File in move media is loaded into isolated area by B6, isolated area module, then performs step B10;
The hashed value of file in move media is added in system white list library by B7, white list module;
File in move media is loaded into resource-area by B8, resource-area module;
File after virus investigation is downloaded to industrial host by B9, user from industrial host from resource-area;
B10, the defence of move media swap file terminate;
B11, log audit module record above-mentioned each portion's operation, provide the inquiry audit of operation.
Preferably, in step B6, contamination file is run in isolated area, the behavior for recording file in operational process is special
Sign, establishes behavioural characteristic matrix, and establish the mapping relations between different behavioural characteristic matrixes;In step B4, step is being gone to
Before rapid B8, behavioural characteristic matrix and mapping relations that file to be loaded is established with isolated area are compared, if to be loaded
The behavioural characteristic matrix and the similarity of mapping relations that the behavioural characteristic and mapping relations of file are established with isolated area are higher than threshold value,
It then treats load document and carries out quadratic search.
Preferably, in step C, including,
C1, authentication module verify that user operates from the login system of industrial host;
C2, resource-area module, which are performed from host, uploads files to system operatio;
C3, white list module calculation document hashed value, and judge whether in system white list library, if going to step if
Rapid C7, if not going to step C4 if;
C4, virus investigation engine modules call Anti- Virus Engine to complete file virus investigation, go to step C5 if file is contaminated, such as
Fruit current file then goes to step C6 safely;
C5, isolated area module load files into isolated area, then perform step C10;
The hashed value of file is added in system white list library by C6, white list module;
C7, resource-area module load files into resource-area;
C8, authentication module verify that user operates from the login system of industrial host;
C9, resource-area module, which are performed from system, downloads the file into host service function;
C10, industrial Intranet swap file defence terminate;
C11, log audit module record above-mentioned each portion's operation, provide the inquiry audit of operation.
It is using advantageous effect caused by above-mentioned technical proposal:The present invention is efficiently solved mounted on industrial host
Malicious code defending software bring it is unstable, resource occupation is high, virus investigation risk is high the problem of, while effectively increase industrial control
The hit rate of Malicious Code Detection in system processed.Have the characteristics that following:
1st, the system deployment of defence malicious code does not consume the limited money of industrial host in the environment of breaking away industrial host
Source.
2nd, defence malicious code system deployment in the environment of breaking away industrial host, it may be convenient to carry out virus base and
The upgrading in white list library does not need to carry out industrial compatible mainframe test.
3rd, the system deployment of defence malicious code is in the environment of breaking away industrial host, die-filling piece not on industrial host,
The stability of industrial host is not interfered with.
4th, the anti-malicious code system of deployment is concentrated to reduce implementation cost, improved work efficiency.
Description of the drawings
Fig. 1 is the systematic schematic diagram of a specific embodiment of the invention.
Fig. 2 is the flow chart that move media uses licensing process in a specific embodiment of the invention.
Fig. 3 is the flow chart of move media swap file defence process in a specific embodiment of the invention.
Fig. 4 is the flow chart of industrial Intranet swap file defence process in a specific embodiment of the invention.
Specific embodiment
With reference to Fig. 1-4, a specific embodiment of the invention includes,
Virus investigation engine modules 1 call Anti- Virus Engine to complete the identification of the malicious codes such as virus, wooden horse;
White list module 2 is checked in real time according to file white list library;
Library upgraded module 3, local upgrade and online upgrading for virus base and white list library;
Resource-area module 4, for the file download of the storage region of large capacity, upload, deletion;
Carry area module 5, for USB flash disk carry, unloading;
Isolated area module 6 is for doubtful malicious code file download, upload, deletion;
Authentication module 7, for user, user group management;
Log audit module 8, retrieval for information such as virus investigation daily record, operation log, white list daily record, file journalizations,
Backup;
Move media module 9, to the user by authentication and the readable of user group distribution move media, read-write, taboo
With etc. permissions.
A kind of defence method of above-mentioned industrial control system malicious code defending system, includes the following steps:
A, the use of move media is authorized;
B, it is on the defensive to the process that move media is used to swap file;
C, the process that file is swapped to industrial Intranet is on the defensive.
In step A, including,
A1, authentication module 7 establish user and the user group using industrial control system malicious code defending system;
A2, judge whether user is needed using move media in industrial environment, if you do not need to then terminating, if necessary
Go to step A3;
A3, move media is inserted into industrial control system malicious code defending system;
A4, move media module 9, which calculate, obtains move media mark, and mark has uniqueness;
A5, move media module 9 judge that current move media is identified whether in mapping table, if going to step if
Rapid A2, if not going to step A6 if;
A6, move media module 9 obtain user or the group that current move media needs assign, and establish designated user or group
With the correspondence of current move media, step A2 is gone to;
A7, log audit module 8 record above-mentioned each portion's operation, provide the inquiry audit of operation.
In step B, including,
Move media is inserted into industrial control system malicious code defending system by B1, user;
B2, move media module 9 obtain the mark of move media, and judge whether user licenses move media, such as
Fruit with no authorized then exits, and step B3 is gone to if authorizing;
Move media is mounted to carry area module 5, mobile Jie that system identification is currently inserted by B3, move media module 9
Matter;
B4, white list module 2 calculate the hashed value of file in move media, and judge whether in system white list library,
If going to step B8 if, if step B5 is not gone to if;
B5, virus investigation engine modules 1 call Anti- Virus Engine to complete file virus investigation, and step is gone to if current file is contaminated
B6 goes to step B7 if current file safety;
File in move media is loaded into isolated area by B6, isolated area module 6, then performs step B10;
The hashed value of file in move media is added in system white list library by B7, white list module 2;
File in move media is loaded into resource-area by B8, resource-area module 4;
File after virus investigation is downloaded to industrial host by B9, user from industrial host from resource-area;
B10, the defence of move media swap file terminate;
B11, log audit module 8 record above-mentioned each portion's operation, provide the inquiry audit of operation.
In step B6, operation contamination file, records the behavioural characteristic of file in operational process, establishes behavior in isolated area
Eigenmatrix, and establish the mapping relations between different behavioural characteristic matrixes;It, will before step B8 is gone in step B4
The behavioural characteristic matrix and mapping relations that file to be loaded is established with isolated area are compared, if the behavior of file to be loaded is special
The behavioural characteristic matrix and the similarity of mapping relations that mapping relations of seeking peace are established with isolated area are higher than threshold value, then to text to be loaded
Part carries out quadratic search.
In step C, including,
C1, authentication module 7 verify that user operates from the login system of industrial host;
C2, resource-area module 4 perform from host and upload files to system operatio;
C3,2 calculation document hashed value of white list module, and judge whether in system white list library, if being gone to if
Step C7, if not going to step C4 if;
C4, virus investigation engine modules 1 call Anti- Virus Engine to complete file virus investigation, and step C5 is gone to if file is contaminated,
Step C6 is gone to if current file safety;
C5, isolated area module 6 load files into isolated area, then perform step C10;
The hashed value of file is added in system white list library by C6, white list module 2;
C7, resource-area module 4 load files into resource-area;
C8, authentication module 7 verify that user operates from the login system of industrial host;
C9, resource-area module 4 perform from system and download the file into host service function;
C10, industrial Intranet swap file defence terminate;
C11, log audit module 8 record above-mentioned each portion's operation, provide the inquiry audit of operation.
It is special using the behavior established in isolated area first before whether calculation document is in white list library in step C3
Mapping relations between sign matrix compare file, will compare similarity and be less than the result of threshold value and white list library progress core
It is right, if there is deviation, then white list library is updated.
The basic principles, main features and the advantages of the invention have been shown and described above.The technology of the industry
Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this
The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes
Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its
Equivalent thereof.
Claims (6)
1. a kind of industrial control system malicious code defending system, it is characterised in that:Including,
Virus investigation engine modules (1) call Anti- Virus Engine to complete the identification of the malicious codes such as virus, wooden horse;
White list module (2) is checked in real time according to file white list library;
Library upgraded module (3), local upgrade and online upgrading for virus base and white list library;
Resource-area module (4), for the file download of the storage region of large capacity, upload, deletion;
Carry area module (5), for USB flash disk carry, unloading;
Isolated area module (6) is for doubtful malicious code file download, upload, deletion;
Authentication module (7), for user, user group management;
Log audit module (8), for the retrieving of the information such as virus investigation daily record, operation log, white list daily record, file journalization, standby
Part;
Move media module (9), to the user by authentication and the readable of user group distribution move media, read-write, disabling
Etc. permissions.
A kind of 2. defence method of industrial control system malicious code defending system described in claim 1, it is characterised in that packet
Include following steps:
A, the use of move media is authorized;
B, it is on the defensive to the process that move media is used to swap file;
C, the process that file is swapped to industrial Intranet is on the defensive.
3. the defence method of industrial control system malicious code defending system according to claim 2, it is characterised in that:Step
In rapid A, including,
A1, authentication module (7) establish user and the user group using industrial control system malicious code defending system;
A2, judge whether user needs, if you do not need to then terminating, to go to if necessary using move media in industrial environment
Step A3;
A3, move media is inserted into industrial control system malicious code defending system;
A4, move media module (9), which calculate, obtains move media mark, and mark has uniqueness;
A5, move media module (9) judge that current move media is identified whether in mapping table, if going to step if
A2, if not going to step A6 if;
A6, move media module (9) obtain user or the group that current move media needs assign, and establish designated user or group with
The correspondence of current move media, goes to step A2;
A7, log audit module (8) record above-mentioned each portion's operation, provide the inquiry audit of operation.
4. the defence method of industrial control system malicious code defending system according to claim 2, it is characterised in that:Step
In rapid B, including,
Move media is inserted into industrial control system malicious code defending system by B1, user;
B2, move media module (9) obtain the mark of move media, and judge whether user licenses move media, if
With no authorized then exits, and step B3 is gone to if authorizing;
Move media is mounted to carry area module (5), mobile Jie that system identification is currently inserted by B3, move media module (9)
Matter;
B4, white list module (2) calculate the hashed value of file in move media, and judge whether in system white list library, such as
Fruit is then going to step B8, if not going to step B5 if;
B5, virus investigation engine modules (1) call Anti- Virus Engine to complete file virus investigation, and step is gone to if current file is contaminated
B6 goes to step B7 if current file safety;
File in move media is loaded into isolated area by B6, isolated area module (6), then performs step B10;
The hashed value of file in move media is added in system white list library by B7, white list module (2);
File in move media is loaded into resource-area by B8, resource-area module (4);
File after virus investigation is downloaded to industrial host by B9, user from industrial host from resource-area;
B10, the defence of move media swap file terminate;
B11, log audit module (8) record above-mentioned each portion's operation, provide the inquiry audit of operation.
5. the defence method of industrial control system malicious code defending system according to claim 4, it is characterised in that:Step
In rapid B6, operation contamination file, records the behavioural characteristic of file in operational process, establishes behavioural characteristic matrix in isolated area,
And establish the mapping relations between different behavioural characteristic matrixes;In step B4, before step B8 is gone to, by text to be loaded
The behavioural characteristic matrix and mapping relations that part is established with isolated area are compared, if the behavioural characteristic of file to be loaded and mapping are closed
It is secondary then to treat load document progress higher than threshold value for the behavioural characteristic matrix and the similarity of mapping relations that system establishes with isolated area
It checks.
6. the defence method of industrial control system malicious code defending system according to claim 2, it is characterised in that:Step
In rapid C, including,
C1, authentication module (7) verify that user operates from the login system of industrial host;
C2, resource-area module (4), which are performed from host, uploads files to system operatio;
C3, white list module (2) calculation document hashed value, and judge whether in system white list library, if going to step if
Rapid C7, if not going to step C4 if;
C4, virus investigation engine modules (1) call Anti- Virus Engine to complete file virus investigation, go to step C5 if file is contaminated, such as
Fruit current file then goes to step C6 safely;
C5, isolated area module (6) load files into isolated area, then perform step C10;
The hashed value of file is added in system white list library by C6, white list module (2);
C7, resource-area module (4) load files into resource-area;
C8, authentication module (7) verify that user operates from the login system of industrial host;
C9, resource-area module (4), which are performed from system, downloads the file into host service function;
C10, industrial Intranet swap file defence terminate;
C11, log audit module (8) record above-mentioned each portion's operation, provide the inquiry audit of operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810063288.5A CN108183920B (en) | 2018-01-23 | 2018-01-23 | Defense method of industrial control system malicious code defense system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810063288.5A CN108183920B (en) | 2018-01-23 | 2018-01-23 | Defense method of industrial control system malicious code defense system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108183920A true CN108183920A (en) | 2018-06-19 |
CN108183920B CN108183920B (en) | 2020-08-11 |
Family
ID=62551160
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810063288.5A Active CN108183920B (en) | 2018-01-23 | 2018-01-23 | Defense method of industrial control system malicious code defense system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108183920B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109358508A (en) * | 2018-11-05 | 2019-02-19 | 杭州安恒信息技术股份有限公司 | One kind being based on self study industrial control host safety protecting method and system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8175276B2 (en) * | 2008-02-04 | 2012-05-08 | Freescale Semiconductor, Inc. | Encryption apparatus with diverse key retention schemes |
CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
CN104917776A (en) * | 2015-06-23 | 2015-09-16 | 北京威努特技术有限公司 | Industrial control network safety protection equipment and industrial control network safety protection method |
CN104991526A (en) * | 2015-05-04 | 2015-10-21 | 中国科学院软件研究所 | Industrial control system safe support framework and data safe transmission and storage method thereof |
WO2017013622A1 (en) * | 2015-07-22 | 2017-01-26 | Arilou Information Security Technologies Ltd. | Vehicle communications bus data security |
CN107302530A (en) * | 2017-06-16 | 2017-10-27 | 北京天地和兴科技有限公司 | A kind of industrial control system attack detecting device and its detection method based on white list |
CN107493265A (en) * | 2017-07-24 | 2017-12-19 | 南京南瑞集团公司 | A kind of network security monitoring method towards industrial control system |
-
2018
- 2018-01-23 CN CN201810063288.5A patent/CN108183920B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8175276B2 (en) * | 2008-02-04 | 2012-05-08 | Freescale Semiconductor, Inc. | Encryption apparatus with diverse key retention schemes |
CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
CN104991526A (en) * | 2015-05-04 | 2015-10-21 | 中国科学院软件研究所 | Industrial control system safe support framework and data safe transmission and storage method thereof |
CN104917776A (en) * | 2015-06-23 | 2015-09-16 | 北京威努特技术有限公司 | Industrial control network safety protection equipment and industrial control network safety protection method |
WO2017013622A1 (en) * | 2015-07-22 | 2017-01-26 | Arilou Information Security Technologies Ltd. | Vehicle communications bus data security |
CN107302530A (en) * | 2017-06-16 | 2017-10-27 | 北京天地和兴科技有限公司 | A kind of industrial control system attack detecting device and its detection method based on white list |
CN107493265A (en) * | 2017-07-24 | 2017-12-19 | 南京南瑞集团公司 | A kind of network security monitoring method towards industrial control system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109358508A (en) * | 2018-11-05 | 2019-02-19 | 杭州安恒信息技术股份有限公司 | One kind being based on self study industrial control host safety protecting method and system |
Also Published As
Publication number | Publication date |
---|---|
CN108183920B (en) | 2020-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109871691B (en) | Authority-based process management method, system, device and readable storage medium | |
US9888032B2 (en) | Method and system for mitigating the effects of ransomware | |
CN1308832C (en) | Protection method of computer program and data against nonamicable code | |
CN101295262B (en) | System and method for securely updating firmware in devices by using a hypervisor | |
US8505069B1 (en) | System and method for updating authorized software | |
US9432406B2 (en) | System and method for resolving conflicts between application control rules | |
US11438349B2 (en) | Systems and methods for protecting devices from malware | |
US20100275252A1 (en) | Software management apparatus and method, and user terminal controlled by the apparatus and management method for the same | |
EP2784715B1 (en) | System and method for adaptive modification of antivirus databases | |
EP2515250A1 (en) | System and method for detection of complex malware | |
CN108683652A (en) | A kind of method and device of the processing attack of Behavior-based control permission | |
US20130318610A1 (en) | System and Method for Detection and Treatment of Malware on Data Storage Devices | |
EP2663944B1 (en) | Malware detection | |
CN104573515A (en) | Virus processing method, device and system | |
US10839074B2 (en) | System and method of adapting patterns of dangerous behavior of programs to the computer systems of users | |
CN106650435A (en) | Method and apparatus of protecting system | |
RU2491623C1 (en) | System and method of verifying trusted files | |
US11003772B2 (en) | System and method for adapting patterns of malicious program behavior from groups of computer systems | |
CN108183920A (en) | A kind of industrial control system malicious code defending system and its defence method | |
CN108647516B (en) | Method and device for defending against illegal privilege escalation | |
CN110221991B (en) | Control method and system for computer peripheral equipment | |
CN116226865A (en) | Security detection method, device, server, medium and product of cloud native application | |
US9088604B1 (en) | Systems and methods for treating locally created files as trustworthy | |
DE102019106914A1 (en) | Application behavior control | |
CN105809074B (en) | USB data transmission control method, device, control assembly and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |