CN108304728A - A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE - Google Patents
A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE Download PDFInfo
- Publication number
- CN108304728A CN108304728A CN201711216319.8A CN201711216319A CN108304728A CN 108304728 A CN108304728 A CN 108304728A CN 201711216319 A CN201711216319 A CN 201711216319A CN 108304728 A CN108304728 A CN 108304728A
- Authority
- CN
- China
- Prior art keywords
- white list
- file
- local
- list database
- matched
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method, apparatus of TERMINAL DEFENSE and computer-readable mediums, are related to computer safety field.By obtaining the load action of file, the characteristic value of the file is calculated;Search whether that there are the characteristic values in the white list database of local white list database and matched other-end;When, all there are when the characteristic value, loading the file in the white list database of local white list database and matched other-end.It avoids and the file characteristic value in each terminal is uploaded to an individual white list service device in the prior art, the technical issues of which is easy the safe "bottleneck" captured, distort and occurred by hacker.It solves the technical issues of being easy to be captured by hacker when being in the prior art on the defensive to computer using white list technology, and achieves positive technique effect.
Description
Technical field
The present invention relates to the method, apparatus of computer safety field more particularly to a kind of TERMINAL DEFENSE and computer-readable
Medium.
Background technology
With the development of the times, the relatively-stationary private host of function is closed in multiple countries such as industrial production, financial service
It is played an important role in the information system in key field.Due to its importance, it is increasingly becoming the hot spot of network attack and main right
As.It is at the same time, most of since the attack means such as attacker's generally use APT attacks, wooden horse, zero-day attacks are attacked
The behavior of private host and state are relatively fixed, will not install unknown software substantially, so the mainstream mean of defense of private host
One of be white list technology.
The principle of white list technology, which is only trusted software, can just be allowed to execute, without all in white list
Unknown behavior can all be prevented from executing.Current common white list technology to the files such as the normal component of each terminal, software into
Row scanning, extraction characteristic value establish white list in server end, when terminal operating file, it is white with server to extract its characteristic value
List is compared, and when only it is within white list, can just be allowed to execute;Otherwise, can to the loads of all unknown files,
The behaviors such as installation, operation are stopped, and unknown threat is eliminated.
First, white list module collection terminal All Files information is generated automatically creating with by way of manual maintenance
White list;Secondly, when terminal program executes, whether the pending program of detection module detection is legal, is controlled by server end,
To ensure local file safety.The file characteristic value in each terminal is uploaded to an individually service in the prior art
Device constitutes "bottleneck".If hacker has captured the server for storing the white list, and is usurped to the characteristic value of certain file
Change, then in all terminals, this document will be unable to normally execute, and can only execute to have and distort the corresponding evil of rear characteristic value
Meaning file.
Invention content
The present invention provides a kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE, to solve in the prior art
The technical issues of being easy to be captured by hacker when being on the defensive to computer using white list technology.
One side according to the present invention provides a kind of method of TERMINAL DEFENSE, the method includes:
The load action for obtaining file, calculates the characteristic value of the file;
Search whether that there are described in the white list database of local white list database and matched other-end
Characteristic value;
When all there are the characteristic values in the white list database of local white list database and matched other-end
When, load the file.
Optionally, before the load action for obtaining file, the characteristic value for calculating the file, the method further includes:
Local file is scanned, and calculates the corresponding characteristic value of each file, generates white list, and by the white name
Single and its corresponding digital certificate is written in local white list database;
Receive the white list and corresponding digital certificate that matched other-end is sent;And
The white list of the other-end received transmission and corresponding digital certificate are written to local white list database
In.
Optionally, the method further includes:
Obtain administrator right, the change that response management person carries out local white list, and by after change white list and
Its corresponding digital certificate is written in the white list database of local and matched other-end.
Optionally, the method further includes:
The daily record that record manager is modified local white list.
Optionally, the method further includes:
When being not all of in the white list database of local white list database and matched other-end, there are described
When characteristic value, warning message is generated.
Two aspects according to the present invention, provide a kind of device of TERMINAL DEFENSE, described device includes:
File load module, the load for obtaining file act, and calculate the characteristic value of the file;
White list matching module, in the white list database of local white list database and matched other-end
Search whether that there are the characteristic values;
File operation module, for when in the white list database of local white list database and matched other-end all
There are when the characteristic value, the file is loaded.
Optionally, described device further includes:
Configuration management module for being scanned to local file, and calculates the corresponding characteristic value of each file, generates white
List, and the white list and its corresponding digital certificate are written in local white list database;
Communication module, for receiving the white list and corresponding digital certificate that matched other-end is sent;
Configuration management module is additionally operable to the white list for sending the other-end received and the write-in of corresponding digital certificate
Into local white list database.
Optionally, the configuration management module includes:
Configuration modification unit for obtaining administrator right, the change that response management person carries out local white list, and is incited somebody to action
White list and its corresponding digital certificate after change are written in the white list database of local and matched other-end.
Optionally, described device further includes:
Alarm module, for not being complete in the white list database of local white list database and matched other-end
Portion generates warning message there are when the characteristic value.
Three aspects according to the present invention, provide a kind of computer-readable medium, the computer-readable medium storage has
TERMINAL DEFENSE program leads at least one processor when the TERMINAL DEFENSE program is executed by least one processor
Execute method and step provided by the present invention.
The method, apparatus and computer-readable medium of a kind of TERMINAL DEFENSE according to the present invention, by obtaining adding for file
Load acts, and calculates the characteristic value of the file;In the white list database of local white list database and matched other-end
In search whether that there are the characteristic values;When in the white list database of local white list database and matched other-end
All there are when the characteristic value, the file is loaded.Avoiding in the prior art will be in the file characteristic value in each terminal
An individual white list service device is reached, which is easy the safe single-point captured, distort and occurred by hacker
The technical issues of bottleneck.It solves and is easy to be captured by hacker when being in the prior art on the defensive to computer using white list technology
The technical issues of, and achieve positive technique effect.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technical means of the present invention,
And can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific implementation mode for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are common for this field
Technical staff will become clear.Attached drawing only for the purpose of illustrating preferred embodiments, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is a kind of method flow diagram for TERMINAL DEFENSE that first embodiment of the invention provides;
Fig. 2 is a kind of method flow diagram for TERMINAL DEFENSE that second embodiment of the invention provides;
Fig. 3 is a kind of method flow diagram for TERMINAL DEFENSE that third embodiment of the invention provides;
Fig. 4 is a kind of high-level schematic functional block diagram for TERMINAL DEFENSE that fourth embodiment of the invention provides;
Fig. 5 is a kind of high-level schematic functional block diagram for TERMINAL DEFENSE that fifth embodiment of the invention provides.
Specific implementation mode
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Referring to Fig. 1, a kind of method flow diagram of the TERMINAL DEFENSE provided for first embodiment of the invention.
Step S101 obtains the load action of file, calculates the characteristic value of the file.
When it is implemented, this method is applied to computer equipment, which includes but not limited to mobile phone, hand
Machine, smart mobile phone, tablet computer, PC, personal digital assistant, media player and other electronic equipments.Certainly, the meter
It may be server to calculate machine equipment.Computer equipment is acted by obtaining the load of file, calculates the characteristic value of this document.
Such as, when computer equipment captures the load action of file, the characteristic value of this document is calculated, the characteristic value of this document can be with
It is the corresponding cryptographic Hash of this document.Certainly, this feature value can also be that computer equipment counts file by special algorithm
Obtained value.
Step S102 searches whether to deposit in the white list database of local white list database and matched other-end
There is the characteristic value.
When it is implemented, in local white list database and database with the matched other-end of the computer equipment
Search whether that there are the corresponding characteristic values of this document.Described with the matched other-end of the computer equipment can pass through
Other computer equipments that network is connect with the computer equipment, other computer equipments include but not limited to mobile phone, hand
Machine, smart mobile phone, tablet computer, PC, personal digital assistant, media player and other electronic equipments.Certainly, the meter
It may be server to calculate machine equipment.
Step S103, when in the white list database of local white list database and matched other-end all exist
When stating characteristic value, the file is loaded.
When it is implemented, when in the white list database of local white list database and matched other-end all there are
When the corresponding characteristic value of this document, then file continues to execute downwards., it will be clear that by local white list data
It searches whether, there are the corresponding characteristic value of this document, to judge this with this in the white list database of library and matched other-end
Whether file is safe file.When all existing in the white list database of local white list database and matched other-end
When having the characteristic value, this document is judged for secure file, then file continues to execute downwards, white to solve to use in the prior art
The technical issues of being easy to be captured by hacker when list technology is on the defensive to computer, effectively prevents white list service device and is attacked
The technical issues of safe "bottleneck" for falling into, distorting and occurring.
Referring to Fig. 2, a kind of method flow diagram of the TERMINAL DEFENSE provided for second embodiment of the invention.
Step S301, is scanned local file, and calculates the corresponding characteristic value of each file, generates white list, and
The white list and its corresponding digital certificate are written in local white list database.
When it is implemented, the elements such as executable file, script all in scanning local disk.Each file is calculated to correspond to
Characteristic value.This feature value can be that the value that computer equipment is calculated file by special algorithm e.g. utilizes Kazakhstan
Uncommon algorithm carries out that the corresponding cryptographic Hash of file is calculated, and generates the computer equipment white list of itself.By white list and it is somebody's turn to do
The digital certificate of computer equipment is written in local white list database.
Step S302 receives white list and corresponding digital certificate that matched other-end is sent.
With the matched other-end of the computer equipment can pass through network and the calculating, it will be clear that described
Other computer equipments of machine equipment connection.Other each computer equipments can all scan executable text all in itself disk
The elements such as part, script;And the corresponding characteristic value of each file is calculated, and then generate the white list of itself.Other each computers
The white list of itself and itself corresponding digital certificate are sent to matched computer equipment by equipment.
Therefore, which can receive the white list and corresponding number that matched other-end is sent
Certificate.
The white list of the other-end received transmission and corresponding digital certificate are written to local white name by step S303
In single database.
When it is implemented, the white list of the other-end received transmission and its corresponding digital certificate are written to local
In white list database.
Step S304 obtains the load action of file, calculates the characteristic value of the file.
Step S305 searches whether to deposit in the white list database of local white list database and matched other-end
There is the characteristic value.
Step S306, when in the white list database of local white list database and matched other-end all exist
When stating characteristic value, the file is loaded.
Step S304, step S305 and step S304 have been carried out detailed description in the first embodiment, herein no longer
It repeats.
Referring to Fig. 3, a kind of method flow diagram of the TERMINAL DEFENSE provided for third embodiment of the invention.
Step S401, is scanned local file, and calculates the corresponding characteristic value of each file, generates white list, and
The white list and its corresponding digital certificate are written in local white list database.
Step S402 receives white list and corresponding digital certificate that matched other-end is sent.
The white list of the other-end received transmission and corresponding digital certificate are written to local white name by step S403
In single database.
Step S404 obtains the load action of file, calculates the characteristic value of the file.
Step S405 searches whether to deposit in the white list database of local white list database and matched other-end
There is the characteristic value.
Step S401 to step S405 has been described in detail in second embodiment, and details are not described herein.
Step S406 judges whether deposited in the white list database of local white list database and matched other-end
There is the characteristic value.
When being not all of in the white list database of local white list database and matched other-end, there are described
When characteristic value, step S411 is executed;When all being deposited in the white list database of local white list database and matched other-end
When there is the characteristic value, step S407 is executed.
Step S411 generates warning message.
When it is implemented, being not all of when in the white list database of local white list database and matched other-end
There are when the characteristic value, this document is judged as unsafe file using this, then forbids this document to continue to execute downwards, and generate
Warning message.The warning message can show or generate prompt by the corresponding external equipment of the computer equipment, e.g., pass through display
Screen shows that file is unsafe prompt;Prompt tone is sent out by stereo set.
Step S407 loads the file.
When it is implemented, when in the white list database of local white list database and matched other-end all there are
When the characteristic value, this document is judged for secure file, then file continues to execute downwards.
Step S408 obtains administrator right, the change that response management person carries out local white list.
It is managed when it is implemented, computer equipment by the corresponding account of authentic administrator and password, judges whether to give
Member's permission.After getting administrator right, change of the response management person to local white list, e.g., on the computer device
Increase, the operating file of modification, deletion.
Step S409, by after change white list and its corresponding digital certificate be written to local and matched other-end
White list database in.
When it is implemented, the change that response management person carries out the corresponding white list of computer equipment, and will be modified
The digital certificate of white list and the computer equipment is written to the white of local white list database and matched other-end
In list data library, to update the white list database of the computer equipment and its matched other-end.
Step S410, the daily record that record manager is modified local white list.
When it is implemented, recording the daily record that each administrator is modified local white list, which includes the management
The identity information of member, modification time, modification file type etc. are modified white list data in order to can subsequently find
Change source, and then call to account to administrator.
Certainly, it should be noted that it is not absolutely required in strict accordance with as described above for method in the embodiment of the present invention
Step executes, and can be adjusted according to actual needs.For example, step S408 to step S410 can be held after step S407
Row, can also execute, and can be executed after step S403 after step S441.When it is implemented, can be according to management
Whether member needs to be modified white list, and then executes step S408 to the corresponding method and steps of step S410.
Referring to Fig. 4, being a kind of function module signal of the device 200 for TERMINAL DEFENSE that fourth embodiment of the invention provides
Figure.Applied to computer equipment, the device 200 of TERMINAL DEFENSE include file load module 230, white list matching module 240, with
And file operation module 250.The device is mainly used to the method for realizing TERMINAL DEFENSE provided in an embodiment of the present invention, this method master
The technical issues of being easy to be captured by hacker when being used for solving in the prior art to be on the defensive to computer using white list technology.
Wherein, which includes but not limited to mobile phone, mobile phone, smart mobile phone, tablet computer, personal electricity
Brain, personal digital assistant, media player and other electronic equipments.Certainly, which may be server.
File load module 230, the load for obtaining file act, and calculate the characteristic value of the file.
When it is implemented, computer equipment is acted by obtaining the load of file, the characteristic value of this document is calculated.Such as, when
When computer equipment captures the load action of a file, the characteristic value of this document is calculated, the characteristic value of this document can be this
The corresponding cryptographic Hash of file.
White list matching module 240, for the white list data in local white list database and matched other-end
Search whether that there are the characteristic values in library.
When it is implemented, in local white list database and database with the matched other-end of the computer equipment
Search whether that there are the corresponding characteristic values of this document.Described with the matched other-end of the computer equipment can pass through
Other computer equipments that network is connect with the computer equipment, other computer equipments include but not limited to mobile phone, hand
Machine, smart mobile phone, tablet computer, PC, personal digital assistant, media player and other electronic equipments.Certainly, the meter
It may be server to calculate machine equipment.
File operation module 250, for the white list database when local white list database and matched other-end
In all there are when the characteristic value, load the file.
When it is implemented, when in the white list database of local white list database and matched other-end all there are
When the corresponding characteristic value of this document, then file continues to execute downwards., it will be clear that by local white list data
It searches whether, there are the corresponding characteristic value of this document, to judge this with this in the white list database of library and matched other-end
Whether file is safe file.When all existing in the white list database of local white list database and matched other-end
When having the characteristic value, this document is judged for secure file, then file continues to execute downwards, white to solve to use in the prior art
The technical issues of being easy to be captured by hacker when list technology is on the defensive to computer, effectively prevents white list service device and is attacked
The technical issues of safe "bottleneck" for falling into, distorting and occurring.
Referring to Fig. 5, being a kind of function module signal of the device 200 for TERMINAL DEFENSE that fifth embodiment of the invention provides
Figure.Applied to computer equipment, the device 200 of TERMINAL DEFENSE include file load module 230, white list matching module 240, with
And file operation module 250.It has been described in detail in fourth embodiment, which further includes configuration management module 220, leads to
Interrogate module 210.
Configuration management module 220 for being scanned to local file, and calculates the corresponding characteristic value of each file, raw
It is written in local white list database at white list, and by the white list and its corresponding digital certificate.
When it is implemented, the elements such as executable file, script all in scanning local disk.Each file is calculated to correspond to
Characteristic value.This feature value can be that the value that computer equipment is calculated file by special algorithm e.g. utilizes Kazakhstan
Uncommon algorithm carries out that the corresponding cryptographic Hash of file is calculated, and generates the computer equipment white list of itself.By white list and it is somebody's turn to do
The digital certificate of computer equipment is written in local white list database.
Communication module 210, for receiving the white list and corresponding digital certificate that matched other-end is sent.
With the matched other-end of the computer equipment can pass through network and the calculating, it will be clear that described
Other computer equipments of machine equipment connection.Other each computer equipments can all scan executable text all in itself disk
The elements such as part, script;And the corresponding characteristic value of each file is calculated, and then generate the white list of itself.Other each computers
The white list of itself and itself corresponding digital certificate are sent to matched computer equipment by equipment.
Therefore, which can receive the white of matched other-end transmission by communication module 210
List and the digital certificate of itself.
Configuration management module 220 is additionally operable to the white list for sending the other-end received and corresponding digital certificate
It is written in local white list database.
When it is implemented, the white list of the other-end received transmission and its corresponding digital certificate are written to local
In white list database.
Optionally, the configuration management module 220 includes:
Configuration modification unit 221, for obtaining administrator right, the change that response management person carries out local white list,
And by after change white list and its corresponding digital certificate be written to the white list database of local and matched other-end
In.
It is managed when it is implemented, computer equipment by the corresponding account of authentic administrator and password, judges whether to give
Member's permission.After getting administrator right, change of the response management person to local white list, e.g., on the computer device
Increase, the operating file of modification, deletion.And the change that response management person carries out the corresponding white list of computer equipment, and will
The digital certificate of modified white list and the computer equipment is written to local white list database and matched other
In the white list database of terminal, to update the white list database of the computer equipment and its matched other-end.
Optionally, described device further includes:
Alarm module 260 is used in the white list database of local white list database and matched other-end not
It is all to generate warning message there are when the characteristic value.
When it is implemented, being not all of when in the white list database of local white list database and matched other-end
There are when the characteristic value, this document is judged as unsafe file using this, then forbids this document to continue to execute downwards, and generate
Warning message.The warning message can show or generate prompt by the corresponding external equipment of the computer equipment, e.g., pass through display
Screen shows that file is unsafe prompt;Prompt tone is sent out by stereo set.
The embodiment of the present invention additionally provides a kind of computer-readable medium, and putting forward the computer-readable medium storage has terminal
Program is defendd, when the TERMINAL DEFENSE program is executed by least one processor, at least one processor is caused to execute
Following steps:
Step S101 obtains the load action of file, calculates the characteristic value of the file.
Step S102 searches whether to deposit in the white list database of local white list database and matched other-end
There is the characteristic value.
Step S103, when in the white list database of local white list database and matched other-end all exist
When stating characteristic value, the file is loaded.
Optionally, the step of execution further includes step S301 to step S304;Step S401 to step S411.
Due in first embodiment, second embodiment and 3rd embodiment to the method for TERMINAL DEFENSE program
Implementation process is described in detail, and it is no longer repeated herein for the present embodiment.
Computer readable storage medium described in the present embodiment includes but not limited to be:ROM, RAM, disk or CD etc..
In conclusion the invention discloses a kind of method, apparatus of TERMINAL DEFENSE and computer-readable medium, it is related to calculating
Machine security fields.By obtaining the load action of file, the characteristic value of the file is calculated;Local white list database and
Search whether that there are the characteristic values in the white list database for the other-end matched;When local white list database and matching
Other-end white list database in all there are when the characteristic value, load the file.It avoids in the prior art
File characteristic value in each terminal is uploaded to an individual white list service device, which is easy by hacker
The technical issues of safe "bottleneck" captured, distort and occurred.It solves and uses white list technology to calculating in the prior art
The technical issues of being easy to be captured by hacker when machine is on the defensive, and achieve positive technique effect.
In embodiment provided herein, it should be understood that disclosed device and method, it can also be by other
Mode realize.The apparatus embodiments described above are merely exemplary, for example, the flow chart and block diagram in attached drawing are shown
The device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product, function
And operation.In this regard, each box in flowchart or block diagram can represent one of a module, section or code
Point, a part for the module, section or code includes one or more for implementing the specified logical function executable
Instruction.It should also be noted that at some as in the realization method replaced, the function of being marked in box can also be attached to be different from
The sequence marked in figure occurs.For example, two continuous boxes can essentially be basically executed in parallel, they also may be used sometimes
To execute in the opposite order, this is depended on the functions involved.It is also noted that each of block diagram and or flow chart
The combination of box in box and block diagram and or flow chart, function or the dedicated of action are based on as defined in execution
The system of hardware is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each function module in each embodiment of the present invention can integrate to form an independent portion
Point, can also be modules individualism, can also two or more modules be integrated to form an independent part.
In short, the foregoing is merely illustrative of the preferred embodiments of the present invention, it is not intended to limit the scope of the present invention.
All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in the present invention's
Within protection domain.
Claims (10)
1. a kind of method of TERMINAL DEFENSE, which is characterized in that the method includes:
The load action for obtaining file, calculates the characteristic value of the file;
Search whether that there are the features in the white list database of local white list database and matched other-end
Value;
When, all there are when the characteristic value, adding in the white list database of local white list database and matched other-end
Carry the file.
2. the method as described in claim 1, which is characterized in that in the load action for obtaining file, calculate the spy of the file
Before value indicative, the method further includes:
Local file is scanned, and calculates the corresponding characteristic value of each file, generates white list, and by the white list and
Its corresponding digital certificate is written in local white list database;
Receive the white list and corresponding digital certificate that matched other-end is sent;And
The white list of the other-end received transmission and corresponding digital certificate are written in local white list database.
3. the method as described in claim 1, which is characterized in that the method further includes:
Obtain administrator right, the change that response management person carries out local white list, and by white list after change and its right
The digital certificate answered is written in the white list database of local and matched other-end.
4. the method for TERMINAL DEFENSE as claimed in claim 3, which is characterized in that the method further includes:
The daily record that record manager is modified local white list.
5. the method as described in claim 1, which is characterized in that the method further includes:
When being not all of in the white list database of local white list database and matched other-end, there are the features
When value, warning message is generated.
6. a kind of device of TERMINAL DEFENSE, which is characterized in that described device includes:
File load module, the load for obtaining file act, and calculate the characteristic value of the file;
White list matching module, for being searched in the white list database of local white list database and matched other-end
With the presence or absence of there is the characteristic value;
File operation module, for when all existing in the white list database of local white list database and matched other-end
When having the characteristic value, the file is loaded.
7. device as claimed in claim 6, which is characterized in that described device further includes:
Configuration management module for being scanned to local file, and calculates the corresponding characteristic value of each file, generates white name
It is single, and the white list and its corresponding digital certificate are written in local white list database;
Communication module, for receiving the white list and corresponding digital certificate that matched other-end is sent;
Configuration management module is additionally operable to white list that the other-end received is sent and corresponding digital certificate being written to this
In ground white list database.
8. device as claimed in claim 7, which is characterized in that the configuration management module includes:
Configuration modification unit for obtaining administrator right, the change that response management person carries out local white list, and will be changed
White list and its corresponding digital certificate afterwards is written in the white list database of local and matched other-end.
9. device as claimed in claim 6, which is characterized in that described device further includes:
Alarm module is deposited for being not all of in the white list database of local white list database and matched other-end
When there is the characteristic value, warning message is generated.
10. a kind of computer-readable medium, which is characterized in that the computer-readable medium storage has TERMINAL DEFENSE program, when
When the TERMINAL DEFENSE program is executed by least one processor, at least one processor is caused to execute such as claim 1
To the method and step described in 5 any one.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711216319.8A CN108304728A (en) | 2017-11-28 | 2017-11-28 | A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711216319.8A CN108304728A (en) | 2017-11-28 | 2017-11-28 | A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108304728A true CN108304728A (en) | 2018-07-20 |
Family
ID=62869740
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711216319.8A Pending CN108304728A (en) | 2017-11-28 | 2017-11-28 | A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108304728A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114428952A (en) * | 2022-04-07 | 2022-05-03 | 北京亿赛通科技发展有限责任公司 | Method, system and server for verifying characteristic value of public network electronic file |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102752326A (en) * | 2011-04-19 | 2012-10-24 | 腾讯科技(深圳)有限公司 | Method, client, server and system for processing data in file downloading |
CN103384240A (en) * | 2012-12-21 | 2013-11-06 | 北京安天电子设备有限公司 | P2P active defense method and system |
CN106209759A (en) * | 2015-03-31 | 2016-12-07 | 瞻博网络公司 | Detection resides in the apocrypha on network |
-
2017
- 2017-11-28 CN CN201711216319.8A patent/CN108304728A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102752326A (en) * | 2011-04-19 | 2012-10-24 | 腾讯科技(深圳)有限公司 | Method, client, server and system for processing data in file downloading |
CN103384240A (en) * | 2012-12-21 | 2013-11-06 | 北京安天电子设备有限公司 | P2P active defense method and system |
CN106209759A (en) * | 2015-03-31 | 2016-12-07 | 瞻博网络公司 | Detection resides in the apocrypha on network |
Non-Patent Citations (1)
Title |
---|
李显杰等: "专用主机"白环境"构建方法", 《网络安全技术与应用》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114428952A (en) * | 2022-04-07 | 2022-05-03 | 北京亿赛通科技发展有限责任公司 | Method, system and server for verifying characteristic value of public network electronic file |
CN114428952B (en) * | 2022-04-07 | 2022-07-19 | 北京亿赛通科技发展有限责任公司 | Method, system and server for verifying characteristic value of public network electronic file |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11470108B2 (en) | Detection and prevention of external fraud | |
US11489855B2 (en) | System and method of adding tags for use in detecting computer attacks | |
US10924517B2 (en) | Processing network traffic based on assessed security weaknesses | |
CN110113167B (en) | Information protection method and system of intelligent terminal and readable storage medium | |
US10230750B2 (en) | Secure computing environment | |
CN106230851B (en) | Data security method and system based on block chain | |
US20130333039A1 (en) | Evaluating Whether to Block or Allow Installation of a Software Application | |
US9542683B2 (en) | System and method for protecting electronic money transactions | |
CN110417718B (en) | Method, device, equipment and storage medium for processing risk data in website | |
CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
Kaspersky | Threat landscape for industrial automation systems | |
CN114417326A (en) | Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium | |
US11159566B2 (en) | Countering phishing attacks | |
CN108304728A (en) | A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE | |
CN110971589A (en) | File management method | |
Kang et al. | A study on the needs for enhancement of personal information protection in cloud computing security certification system | |
CN110674532B (en) | Tamper-proof method and device for evidence file | |
US20210209240A1 (en) | Information processing device, information processing method, information processing program, and information processing system | |
EP3012771B1 (en) | System and method for protecting electronic money transactions | |
CN103971065A (en) | Method and device used for preventing data tampering | |
Pătraşcu et al. | Cyber security evaluation of critical infrastructures systems | |
CN113660291B (en) | Method and device for preventing malicious tampering of intelligent large-screen display information | |
EP4224351A1 (en) | Verification method, verification program, and information processing device | |
US20230336573A1 (en) | Security threat remediation for network-accessible devices | |
US20220385683A1 (en) | Threat management using network traffic to determine security states |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180720 |