CN108959914A - Malware method for automatic tracking based on cloud security - Google Patents
Malware method for automatic tracking based on cloud security Download PDFInfo
- Publication number
- CN108959914A CN108959914A CN201810789241.7A CN201810789241A CN108959914A CN 108959914 A CN108959914 A CN 108959914A CN 201810789241 A CN201810789241 A CN 201810789241A CN 108959914 A CN108959914 A CN 108959914A
- Authority
- CN
- China
- Prior art keywords
- file
- address
- format
- access
- automatic tracking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Abstract
The present invention relates to the Malware method for automatic tracking based on cloud security, applied to computer or the security maintenance of mobile terminal, S1: the file type of identification computer access target file;S2: whether the file type for judging the file destination is program installation file, is that installation file then enters in next step;It is no, attonity, program to this cut-off or return step S1;On the contrary S3: judging that the access is that automatic access then continues to install for user's actively access or automatic access, then shut down procedure installation and enter next step;S4: tracing the address of the file destination, and automatically opens the address and be shown on computer desktop.This programme can be just tracked before carrying out software installation to computer, while be cleared up, and the security risk calculated is effectively released.
Description
Technical field
The present invention relates to computer safety fields, and in particular to a kind of Malware automatic tracing side based on cloud security
Method.
Background technique
Cloud security (Cloud security), the analyst team of " writing holder " combine the theory summary of cloud development to think,
Refer to the security software based on the application of cloud computing business model, hardware, user, mechanism, the general name of safe cloud platform." cloud security "
It is that " important branch of cloud computing technology is applied widely in anti-virus field.Cloud security passes through netted
A large amount of clients obtain the up-to-date information of wooden horse, rogue program in internet, push to the exception monitoring of software action in network
It is automatically analyzed and is handled to server-side, then the solution of virus and wooden horse is distributed to each client.It is entire mutual
Networking, becomes a super big antivirus software, here it is the ambitious goals of cloud security plan.
Under the framework of cloud computing, cloud computing open network and the shared scene of business are more complicated and changeable, in terms of safety
Challenge it is more acute, some novel safety problems become than more prominent, such as the peace of concurrent service between multiple virtual machine tenants
Row for the national games, the secure storage etc. of mass data in public cloud.It is only just several below since the safety problem of cloud computing is related to extensively
Main aspect is introduced:
User identity safety problem, cloud computing are serviced by the IT that network provides elastic variable, and user needs to log on to cloud
Using application and service, system is necessary to ensure that the legitimacy of user's identity, could provide service for it.If illegal user takes
User identity was obtained, then can jeopardize the data and business of legitimate user.
Shared service safety problem, the bottom architecture (IaaS and PaaS layers) of cloud computing are to realize to provide by virtualization technology
Source is shared to call, and advantage is the high advantage of resource utilization, but new safety problem can be introduced by sharing, and on the one hand need to guarantee
On the other hand isolation between user resources needs the safety of the virtual objects such as Virtual machine, virtual switch, virtual memory to protect
Shield strategy, this is entirely different with the security strategy on traditional hardware.
Secure user data problem, the safety of data are the problem of user pay close attention to the most, and the data of broad sense not only include
The business datum of client further includes the application program of user and the entire operation system of user.Problem of data safety includes data
It loses, leak, distort.In traditional IT architecture, data are from user very " close ", and data are got over " close " then from user more pacified
Entirely.And data are often stored in from the user very data center of " remote ", needing to data using effective under cloud computing framework
Safeguard measure, such as multiple copies, data store encryption, to ensure the safety of data.
With the extensive utilization of computer technology every field in social life, rogue program is also such as its accessory
Equally come one after another.The infectivity as possessed by these rogue programs, replicability and destructiveness have become puzzlement and calculate
The significant problem that machine uses.Rogue program is a recapitulative term, refers to that any intentional creation is used to execute without awarding
The software program of power and usually harmful act.Computer virus, backdoor programs, Key Logger, password eavesdropper, Word
It is soft with Excel macrovirus, leading viruses, script virus (such as batch, windows shell, java etc.), wooden horse, crime
Part, spyware and ad ware etc. are all some examples that can be referred to as rogue program.By taking wooden horse as an example, wooden horse energy
Enough steal password of the online bank, steal network game equipment, leakage privacy photo etc..
To solve the above-mentioned problems, publication number CN103473501A discloses a kind of Malware tracking based on cloud security
Method, comprising: the information for the file that the software that needs known of record are tracked locally is generated in equipment to first database, this
File has record identification identical with the software;And it records from the information for downloading file being downloaded in network in equipment
And the record identification of the downloading file is to the second database;When the software in equipment is activated, inquire first database and/or
Second database judges whether the software is the software for needing to track;It, should according to what is known if software is the software for needing to track
The record identification of software obtains the information of corresponding downloading file from the second database, obtains tracked information;And it will be soft
Part is recorded in first database in the information for the file that equipment locally generates, and record identical with software is arranged for this document
Mark.
Disadvantage of the prior art is that: be in tracing process can be just tracked after being started by software, but
A usual Malware is often bundled there are many rogue software in practice, and unloading is very difficult after installing, thus
So that computer still remains hidden danger.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of Malwares based on cloud security to chase after automatically
Track method is just to be tracked before carrying out software installation to computer, while being cleared up, effectively releases the safety calculated
Hidden danger.
The purpose of the present invention is achieved through the following technical solutions:
Malware method for automatic tracking based on cloud security, the method steps are as follows:
S1: the file type of identification computer access target file;
S2: whether the file type for judging the file destination is program installation file, is that installation file then enters in next step;
It is no, attonity, program to this cut-off or return step S1;
S3: judging that the access is that automatic access then continues to install for user's actively access or automatic access, on the contrary then shut down procedure
It installs and enters in next step;
S4: tracing the address of the file destination, and automatically opens the address and be shown on computer desktop.
As a further improvement of the present invention, the file destination includes local file and network file, the network text
Part refers to all computer-accessible files of non-local file.
It as a further improvement of the present invention, further include a solution if file type is compressed file in the step S2
Journey is pressed through, return step S1 continues to identify the file type of decompressing files after decompression.
As a further improvement of the present invention, judgement access is that user actively accesses or accesses automatically in the step S3
According to including:
Whether user clicks the file destination;
With or, whether user on computer search column searched for this document.
As a further improvement of the present invention, the click, which is not included in Web browsing mode, clicks web page contents Chinese
The case where part.
As a further improvement of the present invention, described click includes clicking or double-clicking both of which.
As a further improvement of the present invention, the file type of the installation file include .exe format .com format,
.msi format .SIS format .SISX format .JAD format .JAR format .mtf format .mpkg format .pkg format,
.APK format.
As a further improvement of the present invention, the address of the file destination includes the storage address or network of local file
The cloud address of file.
As a further improvement of the present invention, if storage address, being shown in desktop is more than to use for 3-10 seconds for the address
Without operation, then this document is isolated automatically for system at family.
As a further improvement of the present invention, the address is cloud address, then by the cloud, address is set as system and forbids
The address is simultaneously added in recording documents by the address of access, and user can release manually this and forbid.
The beneficial effects of the present invention are: compared to the prior art, the distinctive points of this programme are to strangle Malware
Budding stage accesses this necessary step of installation file since each software will necessarily exist during the installation process, and this hair
It is bright, it is actively to be accessed then by judging that the access of file is user's actively access or computer self access if it is user
It indicates that the software is the target software that user thinks installation, is considered as evil if the access is the i.e. automatic installation of computer self access
Meaning software, tracing to this document, then provides two kinds for the treatment of mechanisms, first is that user is voluntarily handled, but is limiting at this time
The interior user that fixes time is not handled, and is isolated, so that the safety of computer be effectively ensured.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
Technical solution of the present invention is described in further detail combined with specific embodiments below, but protection scope of the present invention is not
It is confined to as described below.
As shown in Figure 1:
Malware method for automatic tracking based on cloud security, the method steps are as follows:
S1: the file type of identification computer access target file;
S2: whether the file type for judging the file destination is program installation file, is that installation file then enters in next step;
It is no, attonity, program to this cut-off or return step S1;
S3: judging that the access is that automatic access then continues to install for user's actively access or automatic access, on the contrary then shut down procedure
It installs and enters in next step;
S4: tracing the address of the file destination, and automatically opens the address and be shown on computer desktop.
Above-mentioned file destination includes local file and network file, and the network file refers to all meters of non-local file
Threaded file, cloud saving file, client relay station file in the addressable file of calculation machine, such as browsing webpage etc.,
As long as the file that is computer is able to access that all is identified.
As one embodiment, since many files are not direct openable files, but after being compressed
File, therefore in step S2 if file type be compressed file if further include a decompression procedure, return step S1 after decompression
Continue the file type of identification decompressing files, the specific steps are that:
If it is determined that the file destination is not that installation procedure file then enters judgement in next step;
Compressed file is determine whether, is if it is decompressed, continues return step S1 after decompression and carries out file type identification;
It is not compressed file then EP (end of program).
As one embodiment, judgement access is that user actively accesses or accesses automatically in step S3 in above-described embodiment
According to including:
Whether user clicks the file destination;
With or, whether user on computer search column searched for this document.
That is it includes following several combinations that actively access is judged whether it is in the present embodiment:
The first: user clicks this document and just determines that this document is actively to access;
Second: user searched for file name and is then considered as active access, and search here refers to the search on computer column, do not wrap
Include web browser or the way of search of other clients;
The third: must be user and meanwhile carried out aforesaid operations be just considered as actively access, that is, click this document, and search for
It crosses file name and is then considered as actively access.
Then browsing device net page click must be excluded, click, which is not included in Web browsing mode, clicks web page contents Chinese
The case where part, in addition to this, the click of other applications or client, which cannot all be considered as in the present invention, actively clicks behavior,
Then click includes clicking or double-clicking both of which.
It is emphasized that the file type of installation file signified in the present invention includes but is not limited to format:
.exe format .com format .msi format .SIS format .SISX format .JAD format .JAR format .mtf lattice
Formula .mpkg format .pkg format .APK format.The wherein most common installation kit format of .exe .com ratio are installed earlier
Packet format is mainly used for DOS and early stage windows system, the dedicated installation kit format of .msi Microsoft, microsoft
Installer's writes a Chinese character in simplified form, typically the format of the system of Microsoft or patch.The Windows that can only be carried with windows
Installer installation.Saipan system is usually SIS or SISX, and java applet is usually JAD or JAR, linux system
(motorola is dedicated) is mostly the subject document installation kit of mtf(moto), the installation file of mpkg or pkg, Adroid system
It is mostly APK.
IPhone is then from systematic erector or software package integrated installation device (Installer) or directly duplication
Program to be mounted (usually in the format compressions such as file or Zip packet to the file to be placed, this programme then
Do not consider such case.
As one embodiment, this programme also provides user's function of customized off-limit file type, and user can pacify
Dress program file identification process addition belongs to the file type of installation procedure file, and " the installation procedure file " belongs at this time
A kind of general designation of upperseat concept, what is represented is not installation procedure file, it is also possible to it is the non-installation file of extended formatting,
Such as trojan horse, so that this programme becomes a scheme of virus cleaning.
The address of above-mentioned file destination includes the storage address of local file or the cloud address of network file.Address if
Storage address, being shown in desktop is more than that this document is isolated automatically without the then system that operates by 3-10 seconds users, referred to herein
Time and not exclusive fixation, user carries out designed, designed in the reasonable scope all should be in protection category of the invention.
If address above mentioned is cloud address, by the cloud, address is set as system and forbids the address of access and by the address
It is added in recording documents, user can release manually this and forbid, and cloud address here generally refers to data link.
The above is only a preferred embodiment of the present invention, it should be understood that the present invention is not limited to described herein
Form should not be regarded as an exclusion of other examples, and can be used for other combinations, modifications, and environments, and can be at this
In the text contemplated scope, modifications can be made through the above teachings or related fields of technology or knowledge.And those skilled in the art institute into
Capable modifications and changes do not depart from the spirit and scope of the present invention, then all should be in the protection scope of appended claims of the present invention
It is interior.
Claims (10)
1. the Malware method for automatic tracking based on cloud security, special applied to computer or the security maintenance of mobile terminal
Sign is that the method steps are as follows:
S1: the file type of identification computer access target file;
S2: whether the file type for judging the file destination is program installation file, is that installation file then enters in next step;
It is no, attonity, program to this cut-off or return step S1;
S3: judging that the access is that automatic access then continues to install for user's actively access or automatic access, on the contrary then shut down procedure
It installs and enters in next step;
S4: tracing the address of the file destination, and automatically opens the address and be shown on computer desktop.
2. the Malware method for automatic tracking according to claim 1 based on cloud security, which is characterized in that the target
File includes local file and network file, and the network file refers to all computer-accessible texts of non-local file
Part.
3. the Malware method for automatic tracking according to claim 2 based on cloud security, which is characterized in that the step
It further include a decompression procedure if file type is compressed file in S2, return step S1 continues to identify decompressing files after decompression
File type.
4. the Malware method for automatic tracking according to claim 3 based on cloud security, which is characterized in that the step
Judgement access is that the foundation that user actively accesses or accesses automatically includes: in S3
Whether user clicks the file destination;
With or, whether user on computer search column searched for this document.
5. the Malware method for automatic tracking according to claim 4 based on cloud security, which is characterized in that the click
It is not included in Web browsing mode the case where clicking file in web page contents.
6. the Malware method for automatic tracking according to claim 5 based on cloud security, which is characterized in that the click
Including clicking or double-clicking both of which.
7. the Malware method for automatic tracking according to claim 1 based on cloud security, which is characterized in that the installation
The file type of file includes .exe format .com format .msi format .SIS format .SISX format .JAD format .JAR
Format .mtf format .mpkg format .pkg format .APK format.
8. the Malware method for automatic tracking according to claim 1 based on cloud security, which is characterized in that the target
The address of file includes the storage address of local file or the cloud address of network file.
9. the Malware method for automatic tracking according to claim 8 based on cloud security, which is characterized in that the address
If storage address, being shown in desktop is more than that this document is isolated automatically without the then system that operates by 3-10 seconds users.
10. the Malware method for automatic tracking according to claim 8 based on cloud security, which is characterized in that describedly
Location be cloud address, then by the cloud address be set as system forbid access address and the address is added in recording documents,
User can release manually this and forbid.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810789241.7A CN108959914A (en) | 2018-07-18 | 2018-07-18 | Malware method for automatic tracking based on cloud security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810789241.7A CN108959914A (en) | 2018-07-18 | 2018-07-18 | Malware method for automatic tracking based on cloud security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108959914A true CN108959914A (en) | 2018-12-07 |
Family
ID=64497840
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810789241.7A Pending CN108959914A (en) | 2018-07-18 | 2018-07-18 | Malware method for automatic tracking based on cloud security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108959914A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102385670A (en) * | 2010-09-02 | 2012-03-21 | 航天信息股份有限公司 | USB (universal serial bus) equipment configurable access method |
| CN104123495A (en) * | 2013-04-24 | 2014-10-29 | Nano安全有限公司 | Method for neutralizing malicious software blocking computer operation |
| US20160044053A1 (en) * | 2005-09-08 | 2016-02-11 | International Business Machines Corporation | Identifying Source of Malicious Network Messages |
| CN106919834A (en) * | 2017-03-06 | 2017-07-04 | 张春玲 | A kind of security of computer software means of defence |
-
2018
- 2018-07-18 CN CN201810789241.7A patent/CN108959914A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160044053A1 (en) * | 2005-09-08 | 2016-02-11 | International Business Machines Corporation | Identifying Source of Malicious Network Messages |
| CN102385670A (en) * | 2010-09-02 | 2012-03-21 | 航天信息股份有限公司 | USB (universal serial bus) equipment configurable access method |
| CN104123495A (en) * | 2013-04-24 | 2014-10-29 | Nano安全有限公司 | Method for neutralizing malicious software blocking computer operation |
| CN106919834A (en) * | 2017-03-06 | 2017-07-04 | 张春玲 | A kind of security of computer software means of defence |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Or-Meir et al. | Dynamic malware analysis in the modern era—A state of the art survey | |
| US10291634B2 (en) | System and method for determining summary events of an attack | |
| US9832226B2 (en) | Automatic curation and modification of virtualized computer programs | |
| US9229881B2 (en) | Security in virtualized computer programs | |
| US9237171B2 (en) | System and method for indirect interface monitoring and plumb-lining | |
| Lu et al. | Blade: an attack-agnostic approach for preventing drive-by malware infections | |
| JP5586216B2 (en) | Context-aware real-time computer protection system and method | |
| CN103620613A (en) | System and method for virtual machine monitor based anti-malware security | |
| Fattori et al. | Hypervisor-based malware protection with accessminer | |
| RU2723665C1 (en) | Dynamic reputation indicator for optimization of computer security operations | |
| Zhang et al. | KASR: A reliable and practical approach to attack surface reduction of commodity OS kernels | |
| CN107408176A (en) | The execution of malicious objects dissects detection | |
| US8869284B1 (en) | Systems and methods for evaluating application trustworthiness | |
| Dai et al. | Behavior-based malware detection on mobile phone | |
| Wang et al. | MalRadar: Demystifying android malware in the new era | |
| Javaheri et al. | A framework for recognition and confronting of obfuscated malwares based on memory dumping and filter drivers | |
| Ruan et al. | Survey of return‐oriented programming defense mechanisms | |
| Xu et al. | Security analysis and protection based on smali injection for android applications | |
| US10846405B1 (en) | Systems and methods for detecting and protecting against malicious software | |
| Wawryn et al. | Detection of anomalies in compiled computer program files inspired by immune mechanisms using a template method | |
| CN108959914A (en) | Malware method for automatic tracking based on cloud security | |
| Wang et al. | NOR: towards non-intrusive, real-time and OS-agnostic introspection for virtual machines in cloud environment | |
| Kuzuno et al. | KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key | |
| Jin et al. | System log-based android root state detection | |
| Langovic et al. | Processor systems security impact on business systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181207 |