CN108829708A - File security judgment method and device - Google Patents

File security judgment method and device Download PDF

Info

Publication number
CN108829708A
CN108829708A CN201810411639.7A CN201810411639A CN108829708A CN 108829708 A CN108829708 A CN 108829708A CN 201810411639 A CN201810411639 A CN 201810411639A CN 108829708 A CN108829708 A CN 108829708A
Authority
CN
China
Prior art keywords
file
hook
data
information
judging
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810411639.7A
Other languages
Chinese (zh)
Inventor
张宇
张连帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Security Management System Technology Co ltd
Original Assignee
Guangzhou Jinshan Safety Management System Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jinshan Safety Management System Technology Co Ltd filed Critical Guangzhou Jinshan Safety Management System Technology Co Ltd
Priority to CN201810411639.7A priority Critical patent/CN108829708A/en
Publication of CN108829708A publication Critical patent/CN108829708A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of file security judgment method and devices.Wherein, this method includes:Determine that scheduled application is carrying out file process;In the file process interface setting hook hook of application layer;The corresponding data of file handled are obtained by hook;Judge whether file is safe according to data.The present invention solves in the related technology, when determining file security, user setting security control environment is needed, the technical issues of causing user inconvenient for use, reduce the experience sense of user.

Description

File security judgment method and device
Technical field
The present invention relates to file security technical fields, in particular to a kind of file security judgment method and device.
Background technique
In the related technology, when determining whether file is safe, generally by Hole Detection technology or data access skill Art is realized, for example, putting into sandbox environment and running by unknown file when carrying out Hole Detection, monitors operational process, perception is not Know whether file triggers loophole, if so, the unknown file can be considered as in the presence of malice, then to the vulnerability information of triggering into Row record, can determine that there may be safety problems for this document, it can by perceiving whether file triggers loophole, to determine text Whether part is safe.In addition, in the related technology, be also possible to after determining the file for needing to access application, to file security into Row determines, can carry out safe sex determination by setting network security baseline here, such as the server-side at Web portal is arranged Network security baseline is judged with the safety to file, wherein network security baseline can be user according to oneself net Network security control benchmark is configured.When benefit carries out file security sex determination in manner just described, file needs to be placed into sand It in case, or is compared with security control baseline, needs to understand network security correlation, and need oneself network security to be arranged Standard or detection mode, this mode cannot achieve file security inspection for ordinary user, and ordinary user can not also make With network security setting is complex, causes user inconvenient for use, reduces the experience sense of user.
For it is above-mentioned in the related technology, when determining file security, need user itself be arranged security control environment, lead The technical issues of family of applying is inconvenient for use, reduces the experience sense of user, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides a kind of file security judgment method and device, at least solve in the related technology, When determining file security, user setting security control environment is needed, causes user inconvenient for use, reduces the experience sense of user Technical problem.
According to an aspect of an embodiment of the present invention, a kind of file security judgment method is provided, including:Determine predetermined answer With carrying out file process;In the file process interface setting hook hook of application layer;Located by hook acquisition The corresponding data of the file of reason;Judge whether the file is safe according to the data.
Further, in the case where judging the file unsafe condition according to the data, the method also includes:It reports The information of the file, wherein the information includes at least one of:The source of the file, the content of the file, institute State the size of file, the title of the file.
Further, in the case where judging the file unsafe condition according to the data, the method also includes:It reports Operation information of the scheduled application to the file.
Further, according to method described in any of the above embodiments, judging that the file is unsafe according to the data In the case of, the method also includes:Issue prompt information, wherein the prompt information is for prompting described in the scheduled application File is dangerous.
According to another aspect of an embodiment of the present invention, a kind of file security judgment means are additionally provided, including:It determines single Member, for determining that scheduled application is carrying out file process;Setting unit is arranged for the file process interface in application layer and hangs Hook hook;Acquiring unit, for obtaining the corresponding data of file handled by the hook;Judging unit is used for root Judge whether the file is safe according to the data.
Further, described device further includes:First reporting unit, for judging the file not according to the data In the case where safety, the information of the file is reported, wherein the information includes at least one of:The source of the file, The content of the file, the size of the file, the title of the file.
Further, described device further includes:Second reporting unit, for judging the file not according to the data In the case where safety, report the scheduled application to the operation information of the file.
Further, according to device described in any of the above embodiments, further include:Prompt unit, for issuing prompt information, In, the prompt information is for prompting file described in the scheduled application dangerous.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, the storage medium includes storage Program, wherein described program operation when control the storage medium where equipment execute text described in above-mentioned any one Part analysis method.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, the processor is used to run program, Wherein, file security judgment method described in above-mentioned any one is executed when described program is run.
In embodiments of the present invention, it can first determine that scheduled application is carrying out file process, in the file of application layer Processing Interface setting hook hook, to obtain the corresponding data of file handled by the hook, and sentences according to the data Whether disconnected file is safe.In embodiment, the file of processing can be got by the way that the hook hook of application layer is arranged in, with Judge the safety of file, be that one hook hook is independently set in application layer here, actively handled, and then solves phase In the technology of pass, when determining file security, user setting security control environment is needed, causes user inconvenient for use, reduces use The technical issues of experience sense at family.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of file security judgment method according to an embodiment of the present invention;
Fig. 2 is the schematic diagram of file security judgment means according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product Or other step or units that equipment is intrinsic.
To understand the present invention convenient for user, solution is made to part term or noun involved in the embodiment of the present invention below It releases:
Hook, hook, be applied to network file processing in, can be in HTTP, by hook make file process by Static state become dynamic, file process have passively become actively, Information Security in file is independently judged by hook, and at informing It manages end and file subsequent processing is carried out according to judging result.Due to the difference of the request type of http, the number amount and type of hook It is different.
Hook in the embodiment of the present invention can be applied in living document and/or static file identification, also can be applied to The modification of file is captured, especially for the modification of vital document, in the related art, it is possible to define the vital document cannot It changes, but there is the case where unexpected change, can capture whether vital document modifies by hook, and important In the case that file is modified, stop the movement of modification vital document, and records the information whether vital document is modified, when Hook in right the application can also record user to the operation information of associated documents.
According to embodiments of the present invention, a kind of embodiment of the method for file security judgement is provided, it should be noted that attached The step of process of figure illustrates can execute in a computer system such as a set of computer executable instructions, though also, So logical order is shown in flow charts, but in some cases, it can be to be different from shown by sequence execution herein Or the step of description.
Following embodiment can be applied to various file securities and judge in embodiment, and the concrete type of file is not done It limits, such as word asks valence, ppt file, picture file, in current network, there is very serious transmission security risk, especially It is the file for transmitting in network, it is easy to since a dangerous file infects alternative document, make after continuous transmission There is security risk at multiple files, the embodiment of the present invention can be arranged hook hook in application layer, pass through in response to this Hook obtains file just to be processed, and judges the file of transmission with the presence or absence of danger, if judging, safety occurs in file, It can stop transmitting file, and stop handling this document, guarantee the security feature of transmission file.
Below with reference to preferred embodiment step, the present invention will be described, and Fig. 1 is file according to an embodiment of the present invention The flow chart of analysis method, as shown in Figure 1, this method comprises the following steps:
Step S102 determines that scheduled application is carrying out file process.
Wherein, above-mentioned to determine that scheduled application carrying out file process, it can be the setting monitoring mould in scheduled application Block, to monitor whether scheduled application is carrying out file process, this document processing be can include but is not limited to:File transmission, text The modes such as part arranges, file is sent.In the embodiment of the present invention without limitation for the type of file, it may include hereof not With the data of size, the embodiment of the present invention is judged by the safety to data, determines whether the file of processing is safe.
For the scheduled application in above-mentioned steps, the application installed in different terminals can be, the type of terminal does not limit It is fixed, for example, mobile phone, iPad, PC etc..Multiple applications may be installed in the terminal, for frequently handling answering for file in terminal With or often carry out the application of file update, corresponding monitoring modular can be set, to determine predetermined answer by monitoring modular With whether carrying out file process.
Step S104, in the file process interface setting hook hook of application layer.
Through the above steps, hook hook can be set in application layer, wherein the application layer can be in terminal (such as PC) Application layer, it can hook is arranged in the file process interface of the application layer in setting terminal, and this document Processing Interface can be Handle the various interface positions of file, hard-disk interface, the SATA (Serial ATA) of the terminal as used in copied files process Serial ports, the parallel port IDE (Integrated Drive Electronics), USB interface, mobile terminal Type-C interface;Or The control interface of file is transmitted between file computer;Or the interface of mobile terminal transmission file, the content for transmitting file can be with Including but not limited to:File, duplication file, copied files are sheared, as long as the application layer in terminal carries out file process, it can be with Hook is arranged to each file coffret.
Wherein, above-mentioned application layer can be the application layer of file transmission, and hook hook can be contacted with hooking function Together, to extract the file by application layer by hooking function.The application layer can be the top layer in file system, file It may include file transport layer, file physical layer, file network layer, file articulamentum, file application layer in system, it can right The physical media, such as optical fiber, cable etc. that file transmits, text should can be indicated in file transfer network agreement, file physical layer Part articulamentum can decompose file, and file is transmitted by data frame, can be by file by file articulamentum It is packed, and file is sent;File network layer can be after file is sent into network by file articulamentum, carry out file mistake The middle layer for crossing transmission, send file into destination;File transport layer, which can be, transfers the file to mesh by terminal processes The level of terminal is marked, and application layer can be understood as the level interpreted to file.It can be in file in the embodiment of the present invention Application layer one or more file process interfaces are set, and hook hook is set in each file process interface, passes through hook It is whether safe to monitor file.
Step S106 obtains the corresponding data of file handled by hook.
The above-mentioned file handled can include but is not limited to:The static file of opening, the static state text being carrying out Part (i.e. living document), mounted static file, the text mutually transmitted between stored file, machine and machine in computer The file transmitted between part, storage medium and machine, the machine in the embodiment of the present invention can be desktop computer, notebook, shifting Dynamic terminal (such as mobile phone) when mutually transmitting file between machine, can be got by the hook of setting and handled Data in file.Certainly, the hook in the application is also possible between storage medium (such as USB flash disk, CD) and terminal When transmitting file, the file handled is got by hook.
Wherein, the data of the above-mentioned file got can include but is not limited to:File attribute, file type, file Title, file particular content, file title, the preserving type of file can be binary file, txt file, word document, quiet State executable file etc., in certain the application without limitation for the specific object and type of file.Text in certain the application Part, which can be, has fallen on local file, and falling on local file can be by operations such as copy, amplitude, network downloadings, The file being stored in local device.
Optionally, it for some special files, especially vital document, does not make an amendment generally, but in existing situation, There may be the users being ignorant of surprisingly to modify vital document, and can monitor vital document by hook in the embodiment of the present invention is It is no to be modified, and when vital document is modified, prompting user's this document is vital document, does not make an amendment, and can thus be led to The various movements that hook captures processing file are crossed, and whether file is recorded by modification, user can recorde by hook In the document processing operation of application layer, recording-related information, user can pass through the state of the information inspection file of these records.
Using above-mentioned steps it is available arrive file, and can solution read the data in file, in the embodiment of the present invention In can use hooking function to obtain file, when obtaining the file Jing Guo application layer by hooking function, utilize network system The service ID of system identifies file, then carries out the operation for obtaining file, and the file after extraction is placed on service ID mark In register, it can store service identifiers ID corresponding to hook hook by register.In the file handled Afterwards, file type corresponding to file can be first interpreted, and is got by file plug-in reader corresponding with this document type The corresponding all data of the file handled.
Step S108 judges whether file is safe according to data.
In above-mentioned steps, can judge whether file is safe according to data, using various data safety detection modes to text The safety of part is checked, for example, determining whether the data in the file handled are gone here and there by antivirus detection, sandbox Change, if the file handled carries out falsification to the file of local terminal, and interferes the processing of alternative document, operation, At this moment it can be determined that file data is dangerous.Certainly, in the application for specifically how by data judge file whether safety Mode can also can be judged by other means without limitation.
It, can be with reference to terminal downloads this document different in historical process when judging whether file is safe according to data Afterwards, the file of feedback whether An Quan information, in conjunction with the data that this gets, determine this document whether safety.For example, going through There are after multiple terminal downloads this documents, feed back file out to there is virus or feedback file in the presence of safe hidden during history The file of trouble can send safety instruction information before terminal processes data, and the file to inform user's secondary downloading is uneasy Entirely, there are security risks, and propose the suggestion of cleaning file.
Whether the file being presently processing that application layer can be determined through the above steps is safe, unsafe In the case of, file clean-up is carried out, in time to prevent file from the File Infection of the large area such as virus occur.
Through the above steps, it can first determine that scheduled application is carrying out file process, in the file process of application layer Interface setting hook hook, to obtain the corresponding data of file handled by the hook, and judges text according to the data Whether part is safe.In embodiment, the file of processing can be got by the way that the hook hook of application layer is arranged in, with judgement The safety of file out is that a hook hook is independently arranged in application layer here, is actively handled, and then solves related skill In art, when determining file security, user setting security control environment is needed, causes user inconvenient for use, reduces user's The technical issues of experience sense.
For above-described embodiment, in the case where judging file unsafe condition according to data, method further includes:Reporting file Information, wherein information includes at least one of:The source of file, the content of file, the size of file, the title of file.
Wherein, the source of above-mentioned file can be file download network address, and the content of file can include but is not limited to: File type, file title, file physical contents, and the size of file can be the corresponding size of this document, such as 3M, file Title can refer to the title of file, may also mean that the name title of file.
Optionally, in the case where judging file unsafe condition according to data, method further includes:Report scheduled application to file Operation information.Wherein, reporting to apply can include but is not limited to the operation information of file:File updates operation, uses text Part operation, file download operation, file copy operation, paper cut operation, file designation operation etc..Every kind of operation is divided Analysis, to determine the position of this document, when file is dangerous, can stop the operation of file in time.
It should be noted that it is above-mentioned in the case where judging file unsafe condition, prompt information can be issued, by being somebody's turn to do Prompt information prompt application file it is dangerous, wherein may include in prompt information the operation information to file, the information of file, The unsafe prompt mark of file, prompt mark unsafe for file can be setting and prompt watchful exclamation, to prompt text Part is dangerous.
Fig. 2 is the schematic diagram of file security judgment means according to an embodiment of the present invention, as shown in Fig. 2, the device can be with Including:Determination unit 21, for determining that scheduled application is carrying out file process;Setting unit 23, for the text in application layer Part Processing Interface setting hook hook;Acquiring unit 25, for obtaining the corresponding data of file handled by hook;Sentence Disconnected unit 27, for judging whether file is safe according to data.
Using above-mentioned file security judgment means, it can determine that scheduled application is carrying out text by determination unit 21 Part processing is utilized using setting unit 23 in the file process interface setting hook hook of application layer with passing through acquiring unit 25 Hook obtains the corresponding data of file handled, and judges whether file is safe according to the data using judging unit 27. In embodiment, the file of processing can be got by the way that the hook hook of application layer is arranged in, to judge the peace of file Quan Xing is that a hook hook is independently arranged in application layer here, is actively handled, and then solves in the related technology, sentencing When determining file security, user setting security control environment is needed, causes user inconvenient for use, reduces the skill of the experience sense of user Art problem.
Wherein, above-mentioned device further includes:First reporting unit, for judging file unsafe condition according to data Under, the information of reporting file, wherein information includes at least one of:The source of file, the content of file, the size of file, The title of file.
Optionally, device further includes:Second reporting unit is used in the case where judging file unsafe condition according to data, Report scheduled application to the operation information of file.
Optionally, according to the device of any of the above-described, further include:Prompt unit, for issuing prompt information, wherein mention Show information for prompting scheduled application this document dangerous.
Above-mentioned file security judgment means can also include processor and memory, and above-mentioned determination unit 21, setting are single Member 23, acquiring unit 25, judging unit 27 etc. store in memory as program unit, are stored in by processor execution Above procedure unit in reservoir realizes corresponding function.
Include kernel in processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can be set one Or more, hook is linked up with to utilize the file process interface of application layer to be arranged by adjusting kernel parameter, is obtained with passing through hook File, and determine whether file is safe.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/ Or the forms such as Nonvolatile memory, if read-only memory (ROM) or flash memory (flash RAM), memory include that at least one is deposited Store up chip.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, storage medium includes the journey of storage Sequence, wherein equipment where control storage medium executes the file security judgment method of above-mentioned any one in program operation.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, processor is used to run program, In, program executes the file security judgment method of above-mentioned any one when running.
The embodiment of the invention provides a kind of equipment, equipment include processor, memory and storage on a memory and can The program run on a processor, processor realize following steps when executing program:Determine that scheduled application is carrying out at file Reason;In the file process interface setting hook hook of application layer;The corresponding data of file handled are obtained by hook;Root Judge whether file is safe according to data.
Optionally, above-mentioned processor is when executing program, can also in the case where judging file unsafe condition according to data, The information of reporting file, wherein information includes at least one of:The source of file, the content of file, the size of file, text The title of part.
Optionally, above-mentioned processor is when executing program, can also in the case where judging file unsafe condition according to data, Report scheduled application to the operation information of file.
Optionally, above-mentioned processor is when executing program, can also in the case where judging file unsafe condition according to data, Issue prompt information, wherein prompt information is for prompting file described in scheduled application dangerous.
Present invention also provides a kind of computer program products, when executing on data processing equipment, are adapted for carrying out just The program of beginningization there are as below methods step:Determine that scheduled application is carrying out file process;In the file process interface of application layer Setting hook hook;The corresponding data of file handled are obtained by hook;Judge whether file is safe according to data.
Optionally, above-mentioned data processing equipment can also judge that file is unsafe according to data when executing program In the case of, the information of reporting file, wherein information includes at least one of:The source of file, the content of file, file Size, the title of file.
Optionally, above-mentioned data processing equipment can also judge that file is unsafe according to data when executing program In the case of, report scheduled application to the operation information of file.
Optionally, above-mentioned data processing equipment can also judge that file is unsafe according to data when executing program In the case of, issue prompt information, wherein prompt information is for prompting file described in scheduled application dangerous.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, Ke Yiwei A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or Part steps.And storage medium above-mentioned includes:USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (10)

1. a kind of file security judgment method, which is characterized in that including:
Determine that scheduled application is carrying out file process;
In the file process interface setting hook hook of application layer;
The corresponding data of file handled are obtained by the hook;
Judge whether the file is safe according to the data.
2. the method according to claim 1, wherein judging the unsafe feelings of the file according to the data Under condition, the method also includes:
Report the information of the file, wherein the information includes at least one of:The source of the file, the file Content, the size of the file, the title of the file.
3. according to the method described in claim 2, it is characterized in that, judging the unsafe feelings of the file according to the data Under condition, the method also includes:Report the scheduled application to the operation information of the file.
4. according to the method in any one of claims 1 to 3, judging the unsafe feelings of the file according to the data Under condition, the method also includes:Issue prompt information, wherein the prompt information is for prompting text described in the scheduled application Part is dangerous.
5. a kind of file security judgment means, which is characterized in that including:
Determination unit, for determining that scheduled application is carrying out file process;
Setting unit, for the file process interface setting hook hook in application layer;
Acquiring unit, for obtaining the corresponding data of file handled by the hook;
Judging unit, for judging whether the file is safe according to the data.
6. device according to claim 5, which is characterized in that described device further includes:
First reporting unit, for reporting the file in the case where judging the file unsafe condition according to the data Information, wherein the information includes at least one of:The source of the file, the content of the file, the file it is big The title of small, the described file.
7. device according to claim 6, which is characterized in that described device further includes:Second reporting unit, in root Judge to report the scheduled application to the operation information of the file under the file unsafe condition according to the data.
8. device according to any one of claims 5 to 7, further includes:Prompt unit, for issuing prompt information, In, the prompt information is for prompting file described in the scheduled application dangerous.
9. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program When control the storage medium where equipment perform claim require any one of 1 to 4 described in file security judgment method.
10. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run Benefit require any one of 1 to 4 described in file security judgment method.
CN201810411639.7A 2018-05-02 2018-05-02 File security judgment method and device Pending CN108829708A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810411639.7A CN108829708A (en) 2018-05-02 2018-05-02 File security judgment method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810411639.7A CN108829708A (en) 2018-05-02 2018-05-02 File security judgment method and device

Publications (1)

Publication Number Publication Date
CN108829708A true CN108829708A (en) 2018-11-16

Family

ID=64147888

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810411639.7A Pending CN108829708A (en) 2018-05-02 2018-05-02 File security judgment method and device

Country Status (1)

Country Link
CN (1) CN108829708A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090049550A1 (en) * 2007-06-18 2009-02-19 Pc Tools Technology Pty Ltd Method of detecting and blocking malicious activity
CN101645815A (en) * 2008-08-06 2010-02-10 百度在线网络技术(北京)有限公司 Video and audio file download prompt method
CN101719821A (en) * 2008-10-09 2010-06-02 爱思开电讯投资(中国)有限公司 System for managing application program of intelligent card and method thereof
CN102609654A (en) * 2012-02-08 2012-07-25 北京百度网讯科技有限公司 Method and device for detecting malicious flash files
CN103605930A (en) * 2013-11-27 2014-02-26 湖北民族学院 Double file anti-divulging method and system based on HOOK and filtering driving
CN106529292A (en) * 2016-10-31 2017-03-22 北京奇虎科技有限公司 Virus checking and killing method and apparatus
CN106951789A (en) * 2016-12-09 2017-07-14 中国电子科技集团公司第三十研究所 A kind of USB Anti-ferry methods based on safety label

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090049550A1 (en) * 2007-06-18 2009-02-19 Pc Tools Technology Pty Ltd Method of detecting and blocking malicious activity
CN101645815A (en) * 2008-08-06 2010-02-10 百度在线网络技术(北京)有限公司 Video and audio file download prompt method
CN101719821A (en) * 2008-10-09 2010-06-02 爱思开电讯投资(中国)有限公司 System for managing application program of intelligent card and method thereof
CN102609654A (en) * 2012-02-08 2012-07-25 北京百度网讯科技有限公司 Method and device for detecting malicious flash files
CN103605930A (en) * 2013-11-27 2014-02-26 湖北民族学院 Double file anti-divulging method and system based on HOOK and filtering driving
CN106529292A (en) * 2016-10-31 2017-03-22 北京奇虎科技有限公司 Virus checking and killing method and apparatus
CN106951789A (en) * 2016-12-09 2017-07-14 中国电子科技集团公司第三十研究所 A kind of USB Anti-ferry methods based on safety label

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张焕国: "《可信计算》", 31 August 2011, pages: 260 - 266 *

Similar Documents

Publication Publication Date Title
US10896254B2 (en) Sandbox environment for document preview and analysis
CN103679031B (en) A kind of immune method and apparatus of file virus
CN109076063A (en) Protection dynamic and short-term virtual machine instance in cloud environment
CN108683652A (en) A kind of method and device of the processing attack of Behavior-based control permission
CN109871691A (en) Process management method, system, equipment and readable storage medium storing program for executing based on permission
CN100590613C (en) Invalidity monitoring method and invalidity monitoring system
CN110870278B (en) Method and system for security policy monitoring service and storage medium
US20120204260A1 (en) Controlling access to sensitive data based on changes in information classification
CN108293048A (en) The method and system of software hazard for control software exploitation
CN111241565B (en) File control method and device, electronic equipment and storage medium
CN104025544B (en) Sensitive information leakage prevention system, and sensitive information leakage prevention method
CN110417718A (en) Handle method, apparatus, equipment and the storage medium of the risk data in website
CN109800571B (en) Event processing method and device, storage medium and electronic device
CN103095693A (en) Method for positioning and accessing database user host information
CN108446543B (en) Mail processing method, system and mail proxy gateway
CN109783316A (en) The recognition methods and device, storage medium, computer equipment of system security log tampering
CN109800576A (en) Monitoring method, device and the electronic device of unknown program exception request
KR20140071573A (en) System capable of Providing Specialized Function for Host Terminal based Unix and Linux
JP2020502699A (en) Architecture, method and apparatus for implementing collection and display of computer file metadata
CN110472381B (en) Root permission hiding method and system based on android system and storage medium
US8949194B1 (en) Active records management
CN108829708A (en) File security judgment method and device
JP2012182737A (en) Secret data leakage preventing system, determining apparatus, secret data leakage preventing method and program
JP5740260B2 (en) Security policy management server, security monitoring system
CN109474560A (en) Control method, device and the computer readable storage medium of network access

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20190321

Address after: Room A-0003, 2nd floor, 3rd building, 30 Shixing Street, Shijingshan District, Beijing

Applicant after: BEIJING KINGSOFT SECURITY MANAGEMENT SYSTEM TECHNOLOGY Co.,Ltd.

Address before: 510280 Building 901, C1, Guangzhou Information Port, 16 Keyun Road, Tianhe District, Guangzhou City, Guangdong Province

Applicant before: GUANGZHOU JINSHAN SAFETY MANAGEMENT SYSTEM TECHNOLOGY Co.,Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181116