CN108304728A - A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE - Google Patents

A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE Download PDF

Info

Publication number
CN108304728A
CN108304728A CN201711216319.8A CN201711216319A CN108304728A CN 108304728 A CN108304728 A CN 108304728A CN 201711216319 A CN201711216319 A CN 201711216319A CN 108304728 A CN108304728 A CN 108304728A
Authority
CN
China
Prior art keywords
white list
file
local
list database
matched
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711216319.8A
Other languages
Chinese (zh)
Inventor
翟易坤
王晶
饶迎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronics Technology Group Corp CETC
Electronic Science Research Institute of CTEC
Original Assignee
China Electronics Technology Group Corp CETC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electronics Technology Group Corp CETC filed Critical China Electronics Technology Group Corp CETC
Priority to CN201711216319.8A priority Critical patent/CN108304728A/en
Publication of CN108304728A publication Critical patent/CN108304728A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of method, apparatus of TERMINAL DEFENSE and computer-readable mediums, are related to computer safety field.By obtaining the load action of file, the characteristic value of the file is calculated;Search whether that there are the characteristic values in the white list database of local white list database and matched other-end;When, all there are when the characteristic value, loading the file in the white list database of local white list database and matched other-end.It avoids and the file characteristic value in each terminal is uploaded to an individual white list service device in the prior art, the technical issues of which is easy the safe "bottleneck" captured, distort and occurred by hacker.It solves the technical issues of being easy to be captured by hacker when being in the prior art on the defensive to computer using white list technology, and achieves positive technique effect.

Description

A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE
Technical field
The present invention relates to the method, apparatus of computer safety field more particularly to a kind of TERMINAL DEFENSE and computer-readable Medium.
Background technology
With the development of the times, the relatively-stationary private host of function is closed in multiple countries such as industrial production, financial service It is played an important role in the information system in key field.Due to its importance, it is increasingly becoming the hot spot of network attack and main right As.It is at the same time, most of since the attack means such as attacker's generally use APT attacks, wooden horse, zero-day attacks are attacked The behavior of private host and state are relatively fixed, will not install unknown software substantially, so the mainstream mean of defense of private host One of be white list technology.
The principle of white list technology, which is only trusted software, can just be allowed to execute, without all in white list Unknown behavior can all be prevented from executing.Current common white list technology to the files such as the normal component of each terminal, software into Row scanning, extraction characteristic value establish white list in server end, when terminal operating file, it is white with server to extract its characteristic value List is compared, and when only it is within white list, can just be allowed to execute;Otherwise, can to the loads of all unknown files, The behaviors such as installation, operation are stopped, and unknown threat is eliminated.
First, white list module collection terminal All Files information is generated automatically creating with by way of manual maintenance White list;Secondly, when terminal program executes, whether the pending program of detection module detection is legal, is controlled by server end, To ensure local file safety.The file characteristic value in each terminal is uploaded to an individually service in the prior art Device constitutes "bottleneck".If hacker has captured the server for storing the white list, and is usurped to the characteristic value of certain file Change, then in all terminals, this document will be unable to normally execute, and can only execute to have and distort the corresponding evil of rear characteristic value Meaning file.
Invention content
The present invention provides a kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE, to solve in the prior art The technical issues of being easy to be captured by hacker when being on the defensive to computer using white list technology.
One side according to the present invention provides a kind of method of TERMINAL DEFENSE, the method includes:
The load action for obtaining file, calculates the characteristic value of the file;
Search whether that there are described in the white list database of local white list database and matched other-end Characteristic value;
When all there are the characteristic values in the white list database of local white list database and matched other-end When, load the file.
Optionally, before the load action for obtaining file, the characteristic value for calculating the file, the method further includes:
Local file is scanned, and calculates the corresponding characteristic value of each file, generates white list, and by the white name Single and its corresponding digital certificate is written in local white list database;
Receive the white list and corresponding digital certificate that matched other-end is sent;And
The white list of the other-end received transmission and corresponding digital certificate are written to local white list database In.
Optionally, the method further includes:
Obtain administrator right, the change that response management person carries out local white list, and by after change white list and Its corresponding digital certificate is written in the white list database of local and matched other-end.
Optionally, the method further includes:
The daily record that record manager is modified local white list.
Optionally, the method further includes:
When being not all of in the white list database of local white list database and matched other-end, there are described When characteristic value, warning message is generated.
Two aspects according to the present invention, provide a kind of device of TERMINAL DEFENSE, described device includes:
File load module, the load for obtaining file act, and calculate the characteristic value of the file;
White list matching module, in the white list database of local white list database and matched other-end Search whether that there are the characteristic values;
File operation module, for when in the white list database of local white list database and matched other-end all There are when the characteristic value, the file is loaded.
Optionally, described device further includes:
Configuration management module for being scanned to local file, and calculates the corresponding characteristic value of each file, generates white List, and the white list and its corresponding digital certificate are written in local white list database;
Communication module, for receiving the white list and corresponding digital certificate that matched other-end is sent;
Configuration management module is additionally operable to the white list for sending the other-end received and the write-in of corresponding digital certificate Into local white list database.
Optionally, the configuration management module includes:
Configuration modification unit for obtaining administrator right, the change that response management person carries out local white list, and is incited somebody to action White list and its corresponding digital certificate after change are written in the white list database of local and matched other-end.
Optionally, described device further includes:
Alarm module, for not being complete in the white list database of local white list database and matched other-end Portion generates warning message there are when the characteristic value.
Three aspects according to the present invention, provide a kind of computer-readable medium, the computer-readable medium storage has TERMINAL DEFENSE program leads at least one processor when the TERMINAL DEFENSE program is executed by least one processor Execute method and step provided by the present invention.
The method, apparatus and computer-readable medium of a kind of TERMINAL DEFENSE according to the present invention, by obtaining adding for file Load acts, and calculates the characteristic value of the file;In the white list database of local white list database and matched other-end In search whether that there are the characteristic values;When in the white list database of local white list database and matched other-end All there are when the characteristic value, the file is loaded.Avoiding in the prior art will be in the file characteristic value in each terminal An individual white list service device is reached, which is easy the safe single-point captured, distort and occurred by hacker The technical issues of bottleneck.It solves and is easy to be captured by hacker when being in the prior art on the defensive to computer using white list technology The technical issues of, and achieve positive technique effect.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technical means of the present invention, And can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, below the special specific implementation mode for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are common for this field Technical staff will become clear.Attached drawing only for the purpose of illustrating preferred embodiments, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is a kind of method flow diagram for TERMINAL DEFENSE that first embodiment of the invention provides;
Fig. 2 is a kind of method flow diagram for TERMINAL DEFENSE that second embodiment of the invention provides;
Fig. 3 is a kind of method flow diagram for TERMINAL DEFENSE that third embodiment of the invention provides;
Fig. 4 is a kind of high-level schematic functional block diagram for TERMINAL DEFENSE that fourth embodiment of the invention provides;
Fig. 5 is a kind of high-level schematic functional block diagram for TERMINAL DEFENSE that fifth embodiment of the invention provides.
Specific implementation mode
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Completely it is communicated to those skilled in the art.
Referring to Fig. 1, a kind of method flow diagram of the TERMINAL DEFENSE provided for first embodiment of the invention.
Step S101 obtains the load action of file, calculates the characteristic value of the file.
When it is implemented, this method is applied to computer equipment, which includes but not limited to mobile phone, hand Machine, smart mobile phone, tablet computer, PC, personal digital assistant, media player and other electronic equipments.Certainly, the meter It may be server to calculate machine equipment.Computer equipment is acted by obtaining the load of file, calculates the characteristic value of this document. Such as, when computer equipment captures the load action of file, the characteristic value of this document is calculated, the characteristic value of this document can be with It is the corresponding cryptographic Hash of this document.Certainly, this feature value can also be that computer equipment counts file by special algorithm Obtained value.
Step S102 searches whether to deposit in the white list database of local white list database and matched other-end There is the characteristic value.
When it is implemented, in local white list database and database with the matched other-end of the computer equipment Search whether that there are the corresponding characteristic values of this document.Described with the matched other-end of the computer equipment can pass through Other computer equipments that network is connect with the computer equipment, other computer equipments include but not limited to mobile phone, hand Machine, smart mobile phone, tablet computer, PC, personal digital assistant, media player and other electronic equipments.Certainly, the meter It may be server to calculate machine equipment.
Step S103, when in the white list database of local white list database and matched other-end all exist When stating characteristic value, the file is loaded.
When it is implemented, when in the white list database of local white list database and matched other-end all there are When the corresponding characteristic value of this document, then file continues to execute downwards., it will be clear that by local white list data It searches whether, there are the corresponding characteristic value of this document, to judge this with this in the white list database of library and matched other-end Whether file is safe file.When all existing in the white list database of local white list database and matched other-end When having the characteristic value, this document is judged for secure file, then file continues to execute downwards, white to solve to use in the prior art The technical issues of being easy to be captured by hacker when list technology is on the defensive to computer, effectively prevents white list service device and is attacked The technical issues of safe "bottleneck" for falling into, distorting and occurring.
Referring to Fig. 2, a kind of method flow diagram of the TERMINAL DEFENSE provided for second embodiment of the invention.
Step S301, is scanned local file, and calculates the corresponding characteristic value of each file, generates white list, and The white list and its corresponding digital certificate are written in local white list database.
When it is implemented, the elements such as executable file, script all in scanning local disk.Each file is calculated to correspond to Characteristic value.This feature value can be that the value that computer equipment is calculated file by special algorithm e.g. utilizes Kazakhstan Uncommon algorithm carries out that the corresponding cryptographic Hash of file is calculated, and generates the computer equipment white list of itself.By white list and it is somebody's turn to do The digital certificate of computer equipment is written in local white list database.
Step S302 receives white list and corresponding digital certificate that matched other-end is sent.
With the matched other-end of the computer equipment can pass through network and the calculating, it will be clear that described Other computer equipments of machine equipment connection.Other each computer equipments can all scan executable text all in itself disk The elements such as part, script;And the corresponding characteristic value of each file is calculated, and then generate the white list of itself.Other each computers The white list of itself and itself corresponding digital certificate are sent to matched computer equipment by equipment.
Therefore, which can receive the white list and corresponding number that matched other-end is sent Certificate.
The white list of the other-end received transmission and corresponding digital certificate are written to local white name by step S303 In single database.
When it is implemented, the white list of the other-end received transmission and its corresponding digital certificate are written to local In white list database.
Step S304 obtains the load action of file, calculates the characteristic value of the file.
Step S305 searches whether to deposit in the white list database of local white list database and matched other-end There is the characteristic value.
Step S306, when in the white list database of local white list database and matched other-end all exist When stating characteristic value, the file is loaded.
Step S304, step S305 and step S304 have been carried out detailed description in the first embodiment, herein no longer It repeats.
Referring to Fig. 3, a kind of method flow diagram of the TERMINAL DEFENSE provided for third embodiment of the invention.
Step S401, is scanned local file, and calculates the corresponding characteristic value of each file, generates white list, and The white list and its corresponding digital certificate are written in local white list database.
Step S402 receives white list and corresponding digital certificate that matched other-end is sent.
The white list of the other-end received transmission and corresponding digital certificate are written to local white name by step S403 In single database.
Step S404 obtains the load action of file, calculates the characteristic value of the file.
Step S405 searches whether to deposit in the white list database of local white list database and matched other-end There is the characteristic value.
Step S401 to step S405 has been described in detail in second embodiment, and details are not described herein.
Step S406 judges whether deposited in the white list database of local white list database and matched other-end There is the characteristic value.
When being not all of in the white list database of local white list database and matched other-end, there are described When characteristic value, step S411 is executed;When all being deposited in the white list database of local white list database and matched other-end When there is the characteristic value, step S407 is executed.
Step S411 generates warning message.
When it is implemented, being not all of when in the white list database of local white list database and matched other-end There are when the characteristic value, this document is judged as unsafe file using this, then forbids this document to continue to execute downwards, and generate Warning message.The warning message can show or generate prompt by the corresponding external equipment of the computer equipment, e.g., pass through display Screen shows that file is unsafe prompt;Prompt tone is sent out by stereo set.
Step S407 loads the file.
When it is implemented, when in the white list database of local white list database and matched other-end all there are When the characteristic value, this document is judged for secure file, then file continues to execute downwards.
Step S408 obtains administrator right, the change that response management person carries out local white list.
It is managed when it is implemented, computer equipment by the corresponding account of authentic administrator and password, judges whether to give Member's permission.After getting administrator right, change of the response management person to local white list, e.g., on the computer device Increase, the operating file of modification, deletion.
Step S409, by after change white list and its corresponding digital certificate be written to local and matched other-end White list database in.
When it is implemented, the change that response management person carries out the corresponding white list of computer equipment, and will be modified The digital certificate of white list and the computer equipment is written to the white of local white list database and matched other-end In list data library, to update the white list database of the computer equipment and its matched other-end.
Step S410, the daily record that record manager is modified local white list.
When it is implemented, recording the daily record that each administrator is modified local white list, which includes the management The identity information of member, modification time, modification file type etc. are modified white list data in order to can subsequently find Change source, and then call to account to administrator.
Certainly, it should be noted that it is not absolutely required in strict accordance with as described above for method in the embodiment of the present invention Step executes, and can be adjusted according to actual needs.For example, step S408 to step S410 can be held after step S407 Row, can also execute, and can be executed after step S403 after step S441.When it is implemented, can be according to management Whether member needs to be modified white list, and then executes step S408 to the corresponding method and steps of step S410.
Referring to Fig. 4, being a kind of function module signal of the device 200 for TERMINAL DEFENSE that fourth embodiment of the invention provides Figure.Applied to computer equipment, the device 200 of TERMINAL DEFENSE include file load module 230, white list matching module 240, with And file operation module 250.The device is mainly used to the method for realizing TERMINAL DEFENSE provided in an embodiment of the present invention, this method master The technical issues of being easy to be captured by hacker when being used for solving in the prior art to be on the defensive to computer using white list technology.
Wherein, which includes but not limited to mobile phone, mobile phone, smart mobile phone, tablet computer, personal electricity Brain, personal digital assistant, media player and other electronic equipments.Certainly, which may be server.
File load module 230, the load for obtaining file act, and calculate the characteristic value of the file.
When it is implemented, computer equipment is acted by obtaining the load of file, the characteristic value of this document is calculated.Such as, when When computer equipment captures the load action of a file, the characteristic value of this document is calculated, the characteristic value of this document can be this The corresponding cryptographic Hash of file.
White list matching module 240, for the white list data in local white list database and matched other-end Search whether that there are the characteristic values in library.
When it is implemented, in local white list database and database with the matched other-end of the computer equipment Search whether that there are the corresponding characteristic values of this document.Described with the matched other-end of the computer equipment can pass through Other computer equipments that network is connect with the computer equipment, other computer equipments include but not limited to mobile phone, hand Machine, smart mobile phone, tablet computer, PC, personal digital assistant, media player and other electronic equipments.Certainly, the meter It may be server to calculate machine equipment.
File operation module 250, for the white list database when local white list database and matched other-end In all there are when the characteristic value, load the file.
When it is implemented, when in the white list database of local white list database and matched other-end all there are When the corresponding characteristic value of this document, then file continues to execute downwards., it will be clear that by local white list data It searches whether, there are the corresponding characteristic value of this document, to judge this with this in the white list database of library and matched other-end Whether file is safe file.When all existing in the white list database of local white list database and matched other-end When having the characteristic value, this document is judged for secure file, then file continues to execute downwards, white to solve to use in the prior art The technical issues of being easy to be captured by hacker when list technology is on the defensive to computer, effectively prevents white list service device and is attacked The technical issues of safe "bottleneck" for falling into, distorting and occurring.
Referring to Fig. 5, being a kind of function module signal of the device 200 for TERMINAL DEFENSE that fifth embodiment of the invention provides Figure.Applied to computer equipment, the device 200 of TERMINAL DEFENSE include file load module 230, white list matching module 240, with And file operation module 250.It has been described in detail in fourth embodiment, which further includes configuration management module 220, leads to Interrogate module 210.
Configuration management module 220 for being scanned to local file, and calculates the corresponding characteristic value of each file, raw It is written in local white list database at white list, and by the white list and its corresponding digital certificate.
When it is implemented, the elements such as executable file, script all in scanning local disk.Each file is calculated to correspond to Characteristic value.This feature value can be that the value that computer equipment is calculated file by special algorithm e.g. utilizes Kazakhstan Uncommon algorithm carries out that the corresponding cryptographic Hash of file is calculated, and generates the computer equipment white list of itself.By white list and it is somebody's turn to do The digital certificate of computer equipment is written in local white list database.
Communication module 210, for receiving the white list and corresponding digital certificate that matched other-end is sent.
With the matched other-end of the computer equipment can pass through network and the calculating, it will be clear that described Other computer equipments of machine equipment connection.Other each computer equipments can all scan executable text all in itself disk The elements such as part, script;And the corresponding characteristic value of each file is calculated, and then generate the white list of itself.Other each computers The white list of itself and itself corresponding digital certificate are sent to matched computer equipment by equipment.
Therefore, which can receive the white of matched other-end transmission by communication module 210 List and the digital certificate of itself.
Configuration management module 220 is additionally operable to the white list for sending the other-end received and corresponding digital certificate It is written in local white list database.
When it is implemented, the white list of the other-end received transmission and its corresponding digital certificate are written to local In white list database.
Optionally, the configuration management module 220 includes:
Configuration modification unit 221, for obtaining administrator right, the change that response management person carries out local white list, And by after change white list and its corresponding digital certificate be written to the white list database of local and matched other-end In.
It is managed when it is implemented, computer equipment by the corresponding account of authentic administrator and password, judges whether to give Member's permission.After getting administrator right, change of the response management person to local white list, e.g., on the computer device Increase, the operating file of modification, deletion.And the change that response management person carries out the corresponding white list of computer equipment, and will The digital certificate of modified white list and the computer equipment is written to local white list database and matched other In the white list database of terminal, to update the white list database of the computer equipment and its matched other-end.
Optionally, described device further includes:
Alarm module 260 is used in the white list database of local white list database and matched other-end not It is all to generate warning message there are when the characteristic value.
When it is implemented, being not all of when in the white list database of local white list database and matched other-end There are when the characteristic value, this document is judged as unsafe file using this, then forbids this document to continue to execute downwards, and generate Warning message.The warning message can show or generate prompt by the corresponding external equipment of the computer equipment, e.g., pass through display Screen shows that file is unsafe prompt;Prompt tone is sent out by stereo set.
The embodiment of the present invention additionally provides a kind of computer-readable medium, and putting forward the computer-readable medium storage has terminal Program is defendd, when the TERMINAL DEFENSE program is executed by least one processor, at least one processor is caused to execute Following steps:
Step S101 obtains the load action of file, calculates the characteristic value of the file.
Step S102 searches whether to deposit in the white list database of local white list database and matched other-end There is the characteristic value.
Step S103, when in the white list database of local white list database and matched other-end all exist When stating characteristic value, the file is loaded.
Optionally, the step of execution further includes step S301 to step S304;Step S401 to step S411.
Due in first embodiment, second embodiment and 3rd embodiment to the method for TERMINAL DEFENSE program Implementation process is described in detail, and it is no longer repeated herein for the present embodiment.
Computer readable storage medium described in the present embodiment includes but not limited to be:ROM, RAM, disk or CD etc..
In conclusion the invention discloses a kind of method, apparatus of TERMINAL DEFENSE and computer-readable medium, it is related to calculating Machine security fields.By obtaining the load action of file, the characteristic value of the file is calculated;Local white list database and Search whether that there are the characteristic values in the white list database for the other-end matched;When local white list database and matching Other-end white list database in all there are when the characteristic value, load the file.It avoids in the prior art File characteristic value in each terminal is uploaded to an individual white list service device, which is easy by hacker The technical issues of safe "bottleneck" captured, distort and occurred.It solves and uses white list technology to calculating in the prior art The technical issues of being easy to be captured by hacker when machine is on the defensive, and achieve positive technique effect.
In embodiment provided herein, it should be understood that disclosed device and method, it can also be by other Mode realize.The apparatus embodiments described above are merely exemplary, for example, the flow chart and block diagram in attached drawing are shown The device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product, function And operation.In this regard, each box in flowchart or block diagram can represent one of a module, section or code Point, a part for the module, section or code includes one or more for implementing the specified logical function executable Instruction.It should also be noted that at some as in the realization method replaced, the function of being marked in box can also be attached to be different from The sequence marked in figure occurs.For example, two continuous boxes can essentially be basically executed in parallel, they also may be used sometimes To execute in the opposite order, this is depended on the functions involved.It is also noted that each of block diagram and or flow chart The combination of box in box and block diagram and or flow chart, function or the dedicated of action are based on as defined in execution The system of hardware is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each function module in each embodiment of the present invention can integrate to form an independent portion Point, can also be modules individualism, can also two or more modules be integrated to form an independent part.
In short, the foregoing is merely illustrative of the preferred embodiments of the present invention, it is not intended to limit the scope of the present invention. All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in the present invention's Within protection domain.

Claims (10)

1. a kind of method of TERMINAL DEFENSE, which is characterized in that the method includes:
The load action for obtaining file, calculates the characteristic value of the file;
Search whether that there are the features in the white list database of local white list database and matched other-end Value;
When, all there are when the characteristic value, adding in the white list database of local white list database and matched other-end Carry the file.
2. the method as described in claim 1, which is characterized in that in the load action for obtaining file, calculate the spy of the file Before value indicative, the method further includes:
Local file is scanned, and calculates the corresponding characteristic value of each file, generates white list, and by the white list and Its corresponding digital certificate is written in local white list database;
Receive the white list and corresponding digital certificate that matched other-end is sent;And
The white list of the other-end received transmission and corresponding digital certificate are written in local white list database.
3. the method as described in claim 1, which is characterized in that the method further includes:
Obtain administrator right, the change that response management person carries out local white list, and by white list after change and its right The digital certificate answered is written in the white list database of local and matched other-end.
4. the method for TERMINAL DEFENSE as claimed in claim 3, which is characterized in that the method further includes:
The daily record that record manager is modified local white list.
5. the method as described in claim 1, which is characterized in that the method further includes:
When being not all of in the white list database of local white list database and matched other-end, there are the features When value, warning message is generated.
6. a kind of device of TERMINAL DEFENSE, which is characterized in that described device includes:
File load module, the load for obtaining file act, and calculate the characteristic value of the file;
White list matching module, for being searched in the white list database of local white list database and matched other-end With the presence or absence of there is the characteristic value;
File operation module, for when all existing in the white list database of local white list database and matched other-end When having the characteristic value, the file is loaded.
7. device as claimed in claim 6, which is characterized in that described device further includes:
Configuration management module for being scanned to local file, and calculates the corresponding characteristic value of each file, generates white name It is single, and the white list and its corresponding digital certificate are written in local white list database;
Communication module, for receiving the white list and corresponding digital certificate that matched other-end is sent;
Configuration management module is additionally operable to white list that the other-end received is sent and corresponding digital certificate being written to this In ground white list database.
8. device as claimed in claim 7, which is characterized in that the configuration management module includes:
Configuration modification unit for obtaining administrator right, the change that response management person carries out local white list, and will be changed White list and its corresponding digital certificate afterwards is written in the white list database of local and matched other-end.
9. device as claimed in claim 6, which is characterized in that described device further includes:
Alarm module is deposited for being not all of in the white list database of local white list database and matched other-end When there is the characteristic value, warning message is generated.
10. a kind of computer-readable medium, which is characterized in that the computer-readable medium storage has TERMINAL DEFENSE program, when When the TERMINAL DEFENSE program is executed by least one processor, at least one processor is caused to execute such as claim 1 To the method and step described in 5 any one.
CN201711216319.8A 2017-11-28 2017-11-28 A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE Pending CN108304728A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711216319.8A CN108304728A (en) 2017-11-28 2017-11-28 A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711216319.8A CN108304728A (en) 2017-11-28 2017-11-28 A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE

Publications (1)

Publication Number Publication Date
CN108304728A true CN108304728A (en) 2018-07-20

Family

ID=62869740

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711216319.8A Pending CN108304728A (en) 2017-11-28 2017-11-28 A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE

Country Status (1)

Country Link
CN (1) CN108304728A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114428952A (en) * 2022-04-07 2022-05-03 北京亿赛通科技发展有限责任公司 Method, system and server for verifying characteristic value of public network electronic file

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752326A (en) * 2011-04-19 2012-10-24 腾讯科技(深圳)有限公司 Method, client, server and system for processing data in file downloading
CN103384240A (en) * 2012-12-21 2013-11-06 北京安天电子设备有限公司 P2P active defense method and system
CN106209759A (en) * 2015-03-31 2016-12-07 瞻博网络公司 Detection resides in the apocrypha on network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752326A (en) * 2011-04-19 2012-10-24 腾讯科技(深圳)有限公司 Method, client, server and system for processing data in file downloading
CN103384240A (en) * 2012-12-21 2013-11-06 北京安天电子设备有限公司 P2P active defense method and system
CN106209759A (en) * 2015-03-31 2016-12-07 瞻博网络公司 Detection resides in the apocrypha on network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李显杰等: "专用主机"白环境"构建方法", 《网络安全技术与应用》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114428952A (en) * 2022-04-07 2022-05-03 北京亿赛通科技发展有限责任公司 Method, system and server for verifying characteristic value of public network electronic file
CN114428952B (en) * 2022-04-07 2022-07-19 北京亿赛通科技发展有限责任公司 Method, system and server for verifying characteristic value of public network electronic file

Similar Documents

Publication Publication Date Title
US11470108B2 (en) Detection and prevention of external fraud
US11489855B2 (en) System and method of adding tags for use in detecting computer attacks
US10924517B2 (en) Processing network traffic based on assessed security weaknesses
CN110113167B (en) Information protection method and system of intelligent terminal and readable storage medium
US10230750B2 (en) Secure computing environment
CN106230851B (en) Data security method and system based on block chain
US20130333039A1 (en) Evaluating Whether to Block or Allow Installation of a Software Application
US9542683B2 (en) System and method for protecting electronic money transactions
CN110417718B (en) Method, device, equipment and storage medium for processing risk data in website
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
Kaspersky Threat landscape for industrial automation systems
CN114417326A (en) Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium
US11159566B2 (en) Countering phishing attacks
CN108304728A (en) A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE
CN110971589A (en) File management method
Kang et al. A study on the needs for enhancement of personal information protection in cloud computing security certification system
CN110674532B (en) Tamper-proof method and device for evidence file
US20210209240A1 (en) Information processing device, information processing method, information processing program, and information processing system
EP3012771B1 (en) System and method for protecting electronic money transactions
CN103971065A (en) Method and device used for preventing data tampering
Pătraşcu et al. Cyber security evaluation of critical infrastructures systems
CN113660291B (en) Method and device for preventing malicious tampering of intelligent large-screen display information
EP4224351A1 (en) Verification method, verification program, and information processing device
US20230336573A1 (en) Security threat remediation for network-accessible devices
US20220385683A1 (en) Threat management using network traffic to determine security states

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180720