CN108829708A - File security judgment method and device - Google Patents
File security judgment method and device Download PDFInfo
- Publication number
- CN108829708A CN108829708A CN201810411639.7A CN201810411639A CN108829708A CN 108829708 A CN108829708 A CN 108829708A CN 201810411639 A CN201810411639 A CN 201810411639A CN 108829708 A CN108829708 A CN 108829708A
- Authority
- CN
- China
- Prior art keywords
- file
- hook
- data
- information
- judging
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of file security judgment method and devices.Wherein, this method includes:Determine that scheduled application is carrying out file process;In the file process interface setting hook hook of application layer;The corresponding data of file handled are obtained by hook;Judge whether file is safe according to data.The present invention solves in the related technology, when determining file security, user setting security control environment is needed, the technical issues of causing user inconvenient for use, reduce the experience sense of user.
Description
Technical field
The present invention relates to file security technical fields, in particular to a kind of file security judgment method and device.
Background technique
In the related technology, when determining whether file is safe, generally by Hole Detection technology or data access skill
Art is realized, for example, putting into sandbox environment and running by unknown file when carrying out Hole Detection, monitors operational process, perception is not
Know whether file triggers loophole, if so, the unknown file can be considered as in the presence of malice, then to the vulnerability information of triggering into
Row record, can determine that there may be safety problems for this document, it can by perceiving whether file triggers loophole, to determine text
Whether part is safe.In addition, in the related technology, be also possible to after determining the file for needing to access application, to file security into
Row determines, can carry out safe sex determination by setting network security baseline here, such as the server-side at Web portal is arranged
Network security baseline is judged with the safety to file, wherein network security baseline can be user according to oneself net
Network security control benchmark is configured.When benefit carries out file security sex determination in manner just described, file needs to be placed into sand
It in case, or is compared with security control baseline, needs to understand network security correlation, and need oneself network security to be arranged
Standard or detection mode, this mode cannot achieve file security inspection for ordinary user, and ordinary user can not also make
With network security setting is complex, causes user inconvenient for use, reduces the experience sense of user.
For it is above-mentioned in the related technology, when determining file security, need user itself be arranged security control environment, lead
The technical issues of family of applying is inconvenient for use, reduces the experience sense of user, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides a kind of file security judgment method and device, at least solve in the related technology,
When determining file security, user setting security control environment is needed, causes user inconvenient for use, reduces the experience sense of user
Technical problem.
According to an aspect of an embodiment of the present invention, a kind of file security judgment method is provided, including:Determine predetermined answer
With carrying out file process;In the file process interface setting hook hook of application layer;Located by hook acquisition
The corresponding data of the file of reason;Judge whether the file is safe according to the data.
Further, in the case where judging the file unsafe condition according to the data, the method also includes:It reports
The information of the file, wherein the information includes at least one of:The source of the file, the content of the file, institute
State the size of file, the title of the file.
Further, in the case where judging the file unsafe condition according to the data, the method also includes:It reports
Operation information of the scheduled application to the file.
Further, according to method described in any of the above embodiments, judging that the file is unsafe according to the data
In the case of, the method also includes:Issue prompt information, wherein the prompt information is for prompting described in the scheduled application
File is dangerous.
According to another aspect of an embodiment of the present invention, a kind of file security judgment means are additionally provided, including:It determines single
Member, for determining that scheduled application is carrying out file process;Setting unit is arranged for the file process interface in application layer and hangs
Hook hook;Acquiring unit, for obtaining the corresponding data of file handled by the hook;Judging unit is used for root
Judge whether the file is safe according to the data.
Further, described device further includes:First reporting unit, for judging the file not according to the data
In the case where safety, the information of the file is reported, wherein the information includes at least one of:The source of the file,
The content of the file, the size of the file, the title of the file.
Further, described device further includes:Second reporting unit, for judging the file not according to the data
In the case where safety, report the scheduled application to the operation information of the file.
Further, according to device described in any of the above embodiments, further include:Prompt unit, for issuing prompt information,
In, the prompt information is for prompting file described in the scheduled application dangerous.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, the storage medium includes storage
Program, wherein described program operation when control the storage medium where equipment execute text described in above-mentioned any one
Part analysis method.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, the processor is used to run program,
Wherein, file security judgment method described in above-mentioned any one is executed when described program is run.
In embodiments of the present invention, it can first determine that scheduled application is carrying out file process, in the file of application layer
Processing Interface setting hook hook, to obtain the corresponding data of file handled by the hook, and sentences according to the data
Whether disconnected file is safe.In embodiment, the file of processing can be got by the way that the hook hook of application layer is arranged in, with
Judge the safety of file, be that one hook hook is independently set in application layer here, actively handled, and then solves phase
In the technology of pass, when determining file security, user setting security control environment is needed, causes user inconvenient for use, reduces use
The technical issues of experience sense at family.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of file security judgment method according to an embodiment of the present invention;
Fig. 2 is the schematic diagram of file security judgment means according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
To understand the present invention convenient for user, solution is made to part term or noun involved in the embodiment of the present invention below
It releases:
Hook, hook, be applied to network file processing in, can be in HTTP, by hook make file process by
Static state become dynamic, file process have passively become actively, Information Security in file is independently judged by hook, and at informing
It manages end and file subsequent processing is carried out according to judging result.Due to the difference of the request type of http, the number amount and type of hook
It is different.
Hook in the embodiment of the present invention can be applied in living document and/or static file identification, also can be applied to
The modification of file is captured, especially for the modification of vital document, in the related art, it is possible to define the vital document cannot
It changes, but there is the case where unexpected change, can capture whether vital document modifies by hook, and important
In the case that file is modified, stop the movement of modification vital document, and records the information whether vital document is modified, when
Hook in right the application can also record user to the operation information of associated documents.
According to embodiments of the present invention, a kind of embodiment of the method for file security judgement is provided, it should be noted that attached
The step of process of figure illustrates can execute in a computer system such as a set of computer executable instructions, though also,
So logical order is shown in flow charts, but in some cases, it can be to be different from shown by sequence execution herein
Or the step of description.
Following embodiment can be applied to various file securities and judge in embodiment, and the concrete type of file is not done
It limits, such as word asks valence, ppt file, picture file, in current network, there is very serious transmission security risk, especially
It is the file for transmitting in network, it is easy to since a dangerous file infects alternative document, make after continuous transmission
There is security risk at multiple files, the embodiment of the present invention can be arranged hook hook in application layer, pass through in response to this
Hook obtains file just to be processed, and judges the file of transmission with the presence or absence of danger, if judging, safety occurs in file,
It can stop transmitting file, and stop handling this document, guarantee the security feature of transmission file.
Below with reference to preferred embodiment step, the present invention will be described, and Fig. 1 is file according to an embodiment of the present invention
The flow chart of analysis method, as shown in Figure 1, this method comprises the following steps:
Step S102 determines that scheduled application is carrying out file process.
Wherein, above-mentioned to determine that scheduled application carrying out file process, it can be the setting monitoring mould in scheduled application
Block, to monitor whether scheduled application is carrying out file process, this document processing be can include but is not limited to:File transmission, text
The modes such as part arranges, file is sent.In the embodiment of the present invention without limitation for the type of file, it may include hereof not
With the data of size, the embodiment of the present invention is judged by the safety to data, determines whether the file of processing is safe.
For the scheduled application in above-mentioned steps, the application installed in different terminals can be, the type of terminal does not limit
It is fixed, for example, mobile phone, iPad, PC etc..Multiple applications may be installed in the terminal, for frequently handling answering for file in terminal
With or often carry out the application of file update, corresponding monitoring modular can be set, to determine predetermined answer by monitoring modular
With whether carrying out file process.
Step S104, in the file process interface setting hook hook of application layer.
Through the above steps, hook hook can be set in application layer, wherein the application layer can be in terminal (such as PC)
Application layer, it can hook is arranged in the file process interface of the application layer in setting terminal, and this document Processing Interface can be
Handle the various interface positions of file, hard-disk interface, the SATA (Serial ATA) of the terminal as used in copied files process
Serial ports, the parallel port IDE (Integrated Drive Electronics), USB interface, mobile terminal Type-C interface;Or
The control interface of file is transmitted between file computer;Or the interface of mobile terminal transmission file, the content for transmitting file can be with
Including but not limited to:File, duplication file, copied files are sheared, as long as the application layer in terminal carries out file process, it can be with
Hook is arranged to each file coffret.
Wherein, above-mentioned application layer can be the application layer of file transmission, and hook hook can be contacted with hooking function
Together, to extract the file by application layer by hooking function.The application layer can be the top layer in file system, file
It may include file transport layer, file physical layer, file network layer, file articulamentum, file application layer in system, it can right
The physical media, such as optical fiber, cable etc. that file transmits, text should can be indicated in file transfer network agreement, file physical layer
Part articulamentum can decompose file, and file is transmitted by data frame, can be by file by file articulamentum
It is packed, and file is sent;File network layer can be after file is sent into network by file articulamentum, carry out file mistake
The middle layer for crossing transmission, send file into destination;File transport layer, which can be, transfers the file to mesh by terminal processes
The level of terminal is marked, and application layer can be understood as the level interpreted to file.It can be in file in the embodiment of the present invention
Application layer one or more file process interfaces are set, and hook hook is set in each file process interface, passes through hook
It is whether safe to monitor file.
Step S106 obtains the corresponding data of file handled by hook.
The above-mentioned file handled can include but is not limited to:The static file of opening, the static state text being carrying out
Part (i.e. living document), mounted static file, the text mutually transmitted between stored file, machine and machine in computer
The file transmitted between part, storage medium and machine, the machine in the embodiment of the present invention can be desktop computer, notebook, shifting
Dynamic terminal (such as mobile phone) when mutually transmitting file between machine, can be got by the hook of setting and handled
Data in file.Certainly, the hook in the application is also possible between storage medium (such as USB flash disk, CD) and terminal
When transmitting file, the file handled is got by hook.
Wherein, the data of the above-mentioned file got can include but is not limited to:File attribute, file type, file
Title, file particular content, file title, the preserving type of file can be binary file, txt file, word document, quiet
State executable file etc., in certain the application without limitation for the specific object and type of file.Text in certain the application
Part, which can be, has fallen on local file, and falling on local file can be by operations such as copy, amplitude, network downloadings,
The file being stored in local device.
Optionally, it for some special files, especially vital document, does not make an amendment generally, but in existing situation,
There may be the users being ignorant of surprisingly to modify vital document, and can monitor vital document by hook in the embodiment of the present invention is
It is no to be modified, and when vital document is modified, prompting user's this document is vital document, does not make an amendment, and can thus be led to
The various movements that hook captures processing file are crossed, and whether file is recorded by modification, user can recorde by hook
In the document processing operation of application layer, recording-related information, user can pass through the state of the information inspection file of these records.
Using above-mentioned steps it is available arrive file, and can solution read the data in file, in the embodiment of the present invention
In can use hooking function to obtain file, when obtaining the file Jing Guo application layer by hooking function, utilize network system
The service ID of system identifies file, then carries out the operation for obtaining file, and the file after extraction is placed on service ID mark
In register, it can store service identifiers ID corresponding to hook hook by register.In the file handled
Afterwards, file type corresponding to file can be first interpreted, and is got by file plug-in reader corresponding with this document type
The corresponding all data of the file handled.
Step S108 judges whether file is safe according to data.
In above-mentioned steps, can judge whether file is safe according to data, using various data safety detection modes to text
The safety of part is checked, for example, determining whether the data in the file handled are gone here and there by antivirus detection, sandbox
Change, if the file handled carries out falsification to the file of local terminal, and interferes the processing of alternative document, operation,
At this moment it can be determined that file data is dangerous.Certainly, in the application for specifically how by data judge file whether safety
Mode can also can be judged by other means without limitation.
It, can be with reference to terminal downloads this document different in historical process when judging whether file is safe according to data
Afterwards, the file of feedback whether An Quan information, in conjunction with the data that this gets, determine this document whether safety.For example, going through
There are after multiple terminal downloads this documents, feed back file out to there is virus or feedback file in the presence of safe hidden during history
The file of trouble can send safety instruction information before terminal processes data, and the file to inform user's secondary downloading is uneasy
Entirely, there are security risks, and propose the suggestion of cleaning file.
Whether the file being presently processing that application layer can be determined through the above steps is safe, unsafe
In the case of, file clean-up is carried out, in time to prevent file from the File Infection of the large area such as virus occur.
Through the above steps, it can first determine that scheduled application is carrying out file process, in the file process of application layer
Interface setting hook hook, to obtain the corresponding data of file handled by the hook, and judges text according to the data
Whether part is safe.In embodiment, the file of processing can be got by the way that the hook hook of application layer is arranged in, with judgement
The safety of file out is that a hook hook is independently arranged in application layer here, is actively handled, and then solves related skill
In art, when determining file security, user setting security control environment is needed, causes user inconvenient for use, reduces user's
The technical issues of experience sense.
For above-described embodiment, in the case where judging file unsafe condition according to data, method further includes:Reporting file
Information, wherein information includes at least one of:The source of file, the content of file, the size of file, the title of file.
Wherein, the source of above-mentioned file can be file download network address, and the content of file can include but is not limited to:
File type, file title, file physical contents, and the size of file can be the corresponding size of this document, such as 3M, file
Title can refer to the title of file, may also mean that the name title of file.
Optionally, in the case where judging file unsafe condition according to data, method further includes:Report scheduled application to file
Operation information.Wherein, reporting to apply can include but is not limited to the operation information of file:File updates operation, uses text
Part operation, file download operation, file copy operation, paper cut operation, file designation operation etc..Every kind of operation is divided
Analysis, to determine the position of this document, when file is dangerous, can stop the operation of file in time.
It should be noted that it is above-mentioned in the case where judging file unsafe condition, prompt information can be issued, by being somebody's turn to do
Prompt information prompt application file it is dangerous, wherein may include in prompt information the operation information to file, the information of file,
The unsafe prompt mark of file, prompt mark unsafe for file can be setting and prompt watchful exclamation, to prompt text
Part is dangerous.
Fig. 2 is the schematic diagram of file security judgment means according to an embodiment of the present invention, as shown in Fig. 2, the device can be with
Including:Determination unit 21, for determining that scheduled application is carrying out file process;Setting unit 23, for the text in application layer
Part Processing Interface setting hook hook;Acquiring unit 25, for obtaining the corresponding data of file handled by hook;Sentence
Disconnected unit 27, for judging whether file is safe according to data.
Using above-mentioned file security judgment means, it can determine that scheduled application is carrying out text by determination unit 21
Part processing is utilized using setting unit 23 in the file process interface setting hook hook of application layer with passing through acquiring unit 25
Hook obtains the corresponding data of file handled, and judges whether file is safe according to the data using judging unit 27.
In embodiment, the file of processing can be got by the way that the hook hook of application layer is arranged in, to judge the peace of file
Quan Xing is that a hook hook is independently arranged in application layer here, is actively handled, and then solves in the related technology, sentencing
When determining file security, user setting security control environment is needed, causes user inconvenient for use, reduces the skill of the experience sense of user
Art problem.
Wherein, above-mentioned device further includes:First reporting unit, for judging file unsafe condition according to data
Under, the information of reporting file, wherein information includes at least one of:The source of file, the content of file, the size of file,
The title of file.
Optionally, device further includes:Second reporting unit is used in the case where judging file unsafe condition according to data,
Report scheduled application to the operation information of file.
Optionally, according to the device of any of the above-described, further include:Prompt unit, for issuing prompt information, wherein mention
Show information for prompting scheduled application this document dangerous.
Above-mentioned file security judgment means can also include processor and memory, and above-mentioned determination unit 21, setting are single
Member 23, acquiring unit 25, judging unit 27 etc. store in memory as program unit, are stored in by processor execution
Above procedure unit in reservoir realizes corresponding function.
Include kernel in processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can be set one
Or more, hook is linked up with to utilize the file process interface of application layer to be arranged by adjusting kernel parameter, is obtained with passing through hook
File, and determine whether file is safe.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/
Or the forms such as Nonvolatile memory, if read-only memory (ROM) or flash memory (flash RAM), memory include that at least one is deposited
Store up chip.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, storage medium includes the journey of storage
Sequence, wherein equipment where control storage medium executes the file security judgment method of above-mentioned any one in program operation.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, processor is used to run program,
In, program executes the file security judgment method of above-mentioned any one when running.
The embodiment of the invention provides a kind of equipment, equipment include processor, memory and storage on a memory and can
The program run on a processor, processor realize following steps when executing program:Determine that scheduled application is carrying out at file
Reason;In the file process interface setting hook hook of application layer;The corresponding data of file handled are obtained by hook;Root
Judge whether file is safe according to data.
Optionally, above-mentioned processor is when executing program, can also in the case where judging file unsafe condition according to data,
The information of reporting file, wherein information includes at least one of:The source of file, the content of file, the size of file, text
The title of part.
Optionally, above-mentioned processor is when executing program, can also in the case where judging file unsafe condition according to data,
Report scheduled application to the operation information of file.
Optionally, above-mentioned processor is when executing program, can also in the case where judging file unsafe condition according to data,
Issue prompt information, wherein prompt information is for prompting file described in scheduled application dangerous.
Present invention also provides a kind of computer program products, when executing on data processing equipment, are adapted for carrying out just
The program of beginningization there are as below methods step:Determine that scheduled application is carrying out file process;In the file process interface of application layer
Setting hook hook;The corresponding data of file handled are obtained by hook;Judge whether file is safe according to data.
Optionally, above-mentioned data processing equipment can also judge that file is unsafe according to data when executing program
In the case of, the information of reporting file, wherein information includes at least one of:The source of file, the content of file, file
Size, the title of file.
Optionally, above-mentioned data processing equipment can also judge that file is unsafe according to data when executing program
In the case of, report scheduled application to the operation information of file.
Optionally, above-mentioned data processing equipment can also judge that file is unsafe according to data when executing program
In the case of, issue prompt information, wherein prompt information is for prompting file described in scheduled application dangerous.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment
The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others
Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, Ke Yiwei
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module
It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or
Part steps.And storage medium above-mentioned includes:USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code
Medium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (10)
1. a kind of file security judgment method, which is characterized in that including:
Determine that scheduled application is carrying out file process;
In the file process interface setting hook hook of application layer;
The corresponding data of file handled are obtained by the hook;
Judge whether the file is safe according to the data.
2. the method according to claim 1, wherein judging the unsafe feelings of the file according to the data
Under condition, the method also includes:
Report the information of the file, wherein the information includes at least one of:The source of the file, the file
Content, the size of the file, the title of the file.
3. according to the method described in claim 2, it is characterized in that, judging the unsafe feelings of the file according to the data
Under condition, the method also includes:Report the scheduled application to the operation information of the file.
4. according to the method in any one of claims 1 to 3, judging the unsafe feelings of the file according to the data
Under condition, the method also includes:Issue prompt information, wherein the prompt information is for prompting text described in the scheduled application
Part is dangerous.
5. a kind of file security judgment means, which is characterized in that including:
Determination unit, for determining that scheduled application is carrying out file process;
Setting unit, for the file process interface setting hook hook in application layer;
Acquiring unit, for obtaining the corresponding data of file handled by the hook;
Judging unit, for judging whether the file is safe according to the data.
6. device according to claim 5, which is characterized in that described device further includes:
First reporting unit, for reporting the file in the case where judging the file unsafe condition according to the data
Information, wherein the information includes at least one of:The source of the file, the content of the file, the file it is big
The title of small, the described file.
7. device according to claim 6, which is characterized in that described device further includes:Second reporting unit, in root
Judge to report the scheduled application to the operation information of the file under the file unsafe condition according to the data.
8. device according to any one of claims 5 to 7, further includes:Prompt unit, for issuing prompt information,
In, the prompt information is for prompting file described in the scheduled application dangerous.
9. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program
When control the storage medium where equipment perform claim require any one of 1 to 4 described in file security judgment method.
10. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run
Benefit require any one of 1 to 4 described in file security judgment method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810411639.7A CN108829708A (en) | 2018-05-02 | 2018-05-02 | File security judgment method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810411639.7A CN108829708A (en) | 2018-05-02 | 2018-05-02 | File security judgment method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108829708A true CN108829708A (en) | 2018-11-16 |
Family
ID=64147888
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810411639.7A Pending CN108829708A (en) | 2018-05-02 | 2018-05-02 | File security judgment method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108829708A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090049550A1 (en) * | 2007-06-18 | 2009-02-19 | Pc Tools Technology Pty Ltd | Method of detecting and blocking malicious activity |
CN101645815A (en) * | 2008-08-06 | 2010-02-10 | 百度在线网络技术(北京)有限公司 | Video and audio file download prompt method |
CN101719821A (en) * | 2008-10-09 | 2010-06-02 | 爱思开电讯投资(中国)有限公司 | System for managing application program of intelligent card and method thereof |
CN102609654A (en) * | 2012-02-08 | 2012-07-25 | 北京百度网讯科技有限公司 | Method and device for detecting malicious flash files |
CN103605930A (en) * | 2013-11-27 | 2014-02-26 | 湖北民族学院 | Double file anti-divulging method and system based on HOOK and filtering driving |
CN106529292A (en) * | 2016-10-31 | 2017-03-22 | 北京奇虎科技有限公司 | Virus checking and killing method and apparatus |
CN106951789A (en) * | 2016-12-09 | 2017-07-14 | 中国电子科技集团公司第三十研究所 | A kind of USB Anti-ferry methods based on safety label |
-
2018
- 2018-05-02 CN CN201810411639.7A patent/CN108829708A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090049550A1 (en) * | 2007-06-18 | 2009-02-19 | Pc Tools Technology Pty Ltd | Method of detecting and blocking malicious activity |
CN101645815A (en) * | 2008-08-06 | 2010-02-10 | 百度在线网络技术(北京)有限公司 | Video and audio file download prompt method |
CN101719821A (en) * | 2008-10-09 | 2010-06-02 | 爱思开电讯投资(中国)有限公司 | System for managing application program of intelligent card and method thereof |
CN102609654A (en) * | 2012-02-08 | 2012-07-25 | 北京百度网讯科技有限公司 | Method and device for detecting malicious flash files |
CN103605930A (en) * | 2013-11-27 | 2014-02-26 | 湖北民族学院 | Double file anti-divulging method and system based on HOOK and filtering driving |
CN106529292A (en) * | 2016-10-31 | 2017-03-22 | 北京奇虎科技有限公司 | Virus checking and killing method and apparatus |
CN106951789A (en) * | 2016-12-09 | 2017-07-14 | 中国电子科技集团公司第三十研究所 | A kind of USB Anti-ferry methods based on safety label |
Non-Patent Citations (1)
Title |
---|
张焕国: "《可信计算》", 31 August 2011, pages: 260 - 266 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10896254B2 (en) | Sandbox environment for document preview and analysis | |
CN103679031B (en) | A kind of immune method and apparatus of file virus | |
CN109076063A (en) | Protection dynamic and short-term virtual machine instance in cloud environment | |
CN108683652A (en) | A kind of method and device of the processing attack of Behavior-based control permission | |
CN109871691A (en) | Process management method, system, equipment and readable storage medium storing program for executing based on permission | |
CN100590613C (en) | Invalidity monitoring method and invalidity monitoring system | |
CN110870278B (en) | Method and system for security policy monitoring service and storage medium | |
US20120204260A1 (en) | Controlling access to sensitive data based on changes in information classification | |
CN108293048A (en) | The method and system of software hazard for control software exploitation | |
CN111241565B (en) | File control method and device, electronic equipment and storage medium | |
CN104025544B (en) | Sensitive information leakage prevention system, and sensitive information leakage prevention method | |
CN110417718A (en) | Handle method, apparatus, equipment and the storage medium of the risk data in website | |
CN109800571B (en) | Event processing method and device, storage medium and electronic device | |
CN103095693A (en) | Method for positioning and accessing database user host information | |
CN108446543B (en) | Mail processing method, system and mail proxy gateway | |
CN109783316A (en) | The recognition methods and device, storage medium, computer equipment of system security log tampering | |
CN109800576A (en) | Monitoring method, device and the electronic device of unknown program exception request | |
KR20140071573A (en) | System capable of Providing Specialized Function for Host Terminal based Unix and Linux | |
JP2020502699A (en) | Architecture, method and apparatus for implementing collection and display of computer file metadata | |
CN110472381B (en) | Root permission hiding method and system based on android system and storage medium | |
US8949194B1 (en) | Active records management | |
CN108829708A (en) | File security judgment method and device | |
JP2012182737A (en) | Secret data leakage preventing system, determining apparatus, secret data leakage preventing method and program | |
JP5740260B2 (en) | Security policy management server, security monitoring system | |
CN109474560A (en) | Control method, device and the computer readable storage medium of network access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20190321 Address after: Room A-0003, 2nd floor, 3rd building, 30 Shixing Street, Shijingshan District, Beijing Applicant after: BEIJING KINGSOFT SECURITY MANAGEMENT SYSTEM TECHNOLOGY Co.,Ltd. Address before: 510280 Building 901, C1, Guangzhou Information Port, 16 Keyun Road, Tianhe District, Guangzhou City, Guangdong Province Applicant before: GUANGZHOU JINSHAN SAFETY MANAGEMENT SYSTEM TECHNOLOGY Co.,Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181116 |