CN110309652B - Active defense method for configuration management - Google Patents
Active defense method for configuration management Download PDFInfo
- Publication number
- CN110309652B CN110309652B CN201910583996.6A CN201910583996A CN110309652B CN 110309652 B CN110309652 B CN 110309652B CN 201910583996 A CN201910583996 A CN 201910583996A CN 110309652 B CN110309652 B CN 110309652B
- Authority
- CN
- China
- Prior art keywords
- defense
- value
- operating system
- record
- temporary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention relates to a method for configuration management active defense, which is characterized by comprising the following steps: generating a first attack interruption list; according to the first attack interruption list, performing query processing on a first defense interruption vector table to generate a first defense level list; generating a first final defense level according to the first defense level list; according to the first final defense level, performing query processing on the first defense strategy configuration table to generate a first defense program index; executing the first executable program identified by the value of the first defense program index according to the first defense program index, and generating a first execution result according to the execution result of the first executable program; and sending a first execution result to the upper computer. Therefore, the system can actively defend against not only single external attacks but also multiple attacks which occur simultaneously. Moreover, the method of the invention also provides the capability of correcting and upgrading for a plurality of times for the protection strategy.
Description
Technical Field
The invention relates to the field of a single-chip microcomputer embedded operating system, in particular to a configuration management active defense method.
Background
With the gradually wide industrial application of the multi-application single chip microcomputer, the types of attacks on the multi-application single chip microcomputer are gradually increased, and the attack frequency also tends to rise. The existing attack types comprise environmental factor attack, SPA/DPA attack and probe intervention attack. The purpose of attack is to achieve the effect of disturbing the normal work of the chip through attack, thereby achieving the purpose of destroying the industrial application. The existing attack defense methods generate attack interruption to give an alarm and stop working after a single-chip microcomputer detects a single external attack. The technical method belongs to passive defense, and can not perform defense action at the first time when an attack occurs, or perform screening response when a plurality of attacks occur simultaneously.
Disclosure of Invention
According to the method, a single chip microcomputer can not only make corresponding defense actions for a single external attack at the first time, but also can distinguish the security level of various attacks in a configuration management mode, and finally selects defense responses with the highest defense level. And, because the protection relationships are matched through two configuration forms: the defense interrupt vector table and the defense strategy configuration table also provide the capability of correcting and upgrading the protection strategy of the single chip microcomputer for many times by the method.
To achieve the above object, the present invention provides a method for configuration management active defense, comprising:
the method comprises the steps that an operating system obtains all external attack interrupts which occur simultaneously at a first attack time, and generates a first attack interrupt list, wherein the first attack interrupt list comprises a total number of attack interrupt records;
the operating system sends the first attack interruption list to an upper computer;
the operating system queries a first defense interrupt vector table according to the first attack interrupt list to generate a first defense level list, wherein the first defense level list comprises a total number of defense level records;
the operating system generates a first final defense level according to the first defense level list;
the operating system queries a first defense strategy configuration table according to the first final defense level to generate a first defense program index;
the operating system sequentially byte-assembles the first attack time, the first final defense level and the first defense program index to generate a first execution backup record, and performs record adding processing on a first defense execution state table according to the first execution backup record;
the operating system executes a first executable program identified by the value of the first defense program index according to the first defense program index, and generates a first execution result according to the execution result of the first executable program;
and when the value of the first execution result is successful, the operating system sends the first execution result to the upper computer.
Further, the method further comprises:
and when the value of the first execution result is execution failure, the operating system sends the first execution result to the upper computer and executes alarm processing.
Further, the operating system performs query processing on a first defense interrupt vector table according to the first attack interrupt list to generate a first defense level list, which specifically includes:
step 31, the operating system obtains the total number of attack interruption records in the first attack interruption list, and generates a first total number of records;
step 32, the operating system initializes the value of the first record index to 1; initializing a value of the first temporary defense level list to null;
step 33, the operating system extracts all bytes of the first record index attack interruption record of the first attack interruption list according to the first attack interruption list, and generates a first attack interruption identifier;
step 34, the operating system performs query processing on the first defense interrupt vector table according to the first attack interrupt identifier to generate a first defense level;
step 35, the operating system adds a record to the first temporary defense level list according to the first defense level;
step 36, the operating system adds 1 to the value of the first record index;
step 37, the operating system determines whether the value of the first record index is greater than the value of the first total number of records, and if the value of the first record index is greater than the value of the first total number of records, the operating system goes to step 38; if the value of the first record index is less than or equal to the value of the first total number of records, go to step 33;
step 38, the operating system extracts all bytes of the first temporary defense level list, generating the first defense level list.
Preferably, in step 34, the operating system performs query processing on the first defense interrupt vector table according to the first attack interrupt identifier to generate a first defense level, which specifically includes:
step 341, the operating system obtains the total number of the defensive interrupt records of the first defensive interrupt vector table, and generates a second total number of records;
step 342, the operating system initializes the value of the second record index to 1;
step 343, the operating system extracts all bytes of the second record index defensive interrupt record of the first defensive interrupt vector table according to the first defensive interrupt vector table, and generates a first defensive interrupt record;
344, the operating system disassembles the first defense interruption record to generate a first temporary attack interruption identifier and a first temporary defense level identifier;
in step 345, the operating system determines whether the value of the first temporary attack interruption identifier is equal to the value of the first attack interruption identifier, and if the value of the first temporary attack interruption identifier is equal to the value of the first attack interruption identifier, goes to step 349; if the value of the first temporary attack interruption identifier is not equal to the value of the first attack interruption identifier, go to step 346;
step 346, the operating system setting the value of the first temporary defense level identifier to 0;
step 347, the operating system adding 1 to the value of the second record index;
in step 348, the operating system determines whether the value of the second record index is greater than the value of the second total number of records, and if the value of the second record index is greater than the value of the second total number of records, go to step 349; if the value of the second record index is less than or equal to the value of the second record total, go to step 343;
step 349, the operating system generates the first defense level according to the value of the first temporary defense level identifier.
Further preferably, in the step 344, the operating system disassembles the first defense interruption record to generate a first temporary attack interruption identifier and a first temporary defense level identifier, which specifically includes:
the operating system disassembles the first defense interruption record, extracts a first temporary attack interruption identification byte of the first defense interruption record, and generates a first temporary attack interruption identification; and extracting a first temporary defense level identification byte of the first defense interruption record to generate the first temporary defense level identification.
Further, the generating, by the operating system, a first final defense level according to the first defense level list specifically includes:
step 61, the operating system acquires the total number of the defense level records in the first defense level list, and generates a third total number of records;
step 62, the operating system initializes a third record index to have a value of 1; initializing a value of a first temporary final defense level to 0;
step 63, the operating system extracts all bytes of the third record index defense level record of the first defense level list according to the first defense level list to generate a second temporary defense level identifier;
step 64, the operating system judges whether the value of the second temporary defense level identification is greater than the value of the first temporary final defense level, and if the value of the second temporary defense level identification is greater than the value of the first temporary final defense level, the operation system goes to step 65; if the value of the second temporary defense level identification is less than or equal to the value of the first temporary final defense level, go to step 66;
step 65, the operating system generates the first temporary final defense level according to the value of the second temporary defense level identifier;
step 66, the operating system adds 1 to the value of the third record index;
step 67, the operating system determines whether the value of the third record index is greater than the value of the third record total number, and if the value of the third record index is greater than the value of the third record total number, the operating system goes to step 68; if the value of the third record index is less than or equal to the value of the third record total number, go to step 63;
step 68, the operating system generates the first final defense level according to the value of the first temporary final defense level.
Further, the operating system performs query processing on a first defense policy configuration table according to the first final defense level to generate a first defense program index, and specifically includes:
step 71, the operating system obtains the total number of defense strategy configuration records of the first defense strategy configuration table, and generates a fourth total number of records;
step 72, the operating system initializes the value of the fourth record index to 1;
step 73, the operating system extracts all bytes of the fourth record index defense policy configuration record of the first defense policy configuration table according to the first defense policy configuration table to generate a first temporary defense policy configuration record;
step 74, the operating system disassembles the first temporary defense strategy configuration record to generate a third temporary defense level identifier and a first temporary defense program index;
step 75, the operating system determines whether the value of the third temporary defense level identifier is equal to the value of the first final defense level, and if the value of the third temporary defense level identifier is equal to the value of the first final defense level, the operating system goes to step 79; if the value of the third temporary defense level identification is not equal to the value of the first final defense level, go to step 76;
step 76, the operating system sets the value of the first temporary defense index to 0;
step 77, the operating system adds 1 to the value of the fourth record index;
step 78, determining whether the value of the fourth record index is greater than the value of the fourth record total number, and if the value of the fourth record index is greater than the value of the fourth record total number, going to step 79; if the value of the fourth record index is less than or equal to the value of the fourth record total, go to step 73;
and 79, generating the first defense program index by the operating system according to the value of the first temporary defense program index.
Preferably, in the step 74, the operating system disassembles the first temporary defense policy configuration record to generate a third temporary defense level identifier and a first temporary defense program index, and specifically includes:
the operating system disassembles the first temporary defense strategy configuration record, extracts a third temporary defense level identification byte of the first temporary defense strategy configuration record, and generates a third temporary defense level; and extracting a first temporary defense program index byte of the first temporary defense strategy configuration record, and generating the first temporary defense program index.
The invention provides a method for configuration management active defense, which allocates an attack interruption identifier to all external attacks which occur simultaneously at a first attack time respectively, integrates all the attack interruption identifiers as records and generates a first attack interruption list; the operating system obtains a corresponding defense level identifier by inquiring the first defense interrupt vector table aiming at the attack interrupt identifier recorded by each item of the first attack interrupt list, and integrates all the defense level identifiers to generate a first defense level list; the operating system polls all defense level records in the first defense level list to obtain a maximum defense level value and generate a first final defense level; the operating system polls the first defense strategy configuration table according to the first final defense level to obtain a first defense program index corresponding to the first defense strategy configuration table; finally, the operating system executes the first executable program identified by the operating system according to the first defense program index to complete the active defense action.
By the method, the singlechip not only realizes the active defense function against single external attack; and when a plurality of external attacks occur simultaneously, the defense levels of the attacks are screened, and finally, the highest defense level measure is selected for defense.
Drawings
FIG. 1A is a schematic diagram of an attack interruption list of a method for configuring management active defense according to the present invention;
FIG. 1B is a schematic diagram of a defense interrupt vector table of a method for configuring management active defense according to the present invention;
FIG. 1C is a diagram illustrating a defense level list of a method for configuring management active defense according to the present invention;
FIG. 1D is a schematic diagram illustrating a defense policy configuration for configuring a method of managing active defense according to the present invention;
fig. 2 is a schematic working diagram of a method for configuring management active defense according to an embodiment of the present invention;
fig. 3 is a working diagram of a method for configuring management active defense according to a second embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Before the embodiment description, first, an attack interruption list, a defense interruption vector list, a defense level list and a defense policy configuration representation intention provided by the present invention are shown through fig. 1A to 1D, and 4 important forms involved in the process are explained: the system comprises an attack interruption list, a defense interruption vector list, a defense level list and a defense strategy configuration list. Wherein, the attack interruption list and the defense level list are temporary forms generated by the operating system in the process of executing the method; the defense interruption vector table and the defense strategy configuration table are configuration forms preset and stored in local by an operating system, and a user realizes the correction and the upgrade of active defense according to the two pre-configured forms.
As shown in fig. 1A, the attack interruption list is a temporary list of processes generated by statistically integrating attack interruption identifiers of all concurrent external attacks by the operating system at the first attack time. The attack interruption list is composed of a total number of attack interruption records, wherein the total number of the attack interruption records is equal to the total number of external attacks which simultaneously occur at the first attack time. The record length of each attack interruption record is the number of bytes of the attack interruption record, and the attack interruption record only comprises one data item: attack interruption identification, wherein the data length (the number of bytes of the attack interruption identification) of the attack interruption identification is equal to the number of bytes of the attack interruption record; each attack interruption record uniquely corresponds to a certain external attack occurring at the first attack time.
As shown in fig. 1B, the defense interrupt vector table is a table preset and stored locally by the operating system, and is used to reflect the corresponding relationship between the attack interrupt identifier and the defense level identifier. The defensive interrupt vector table is composed of a defensive interrupt record total number of defensive interrupt records. The recording length of the defensive interrupt record is the number of defensive interrupt record bytes, and each defensive interrupt record comprises two data items: the device comprises an attack interruption identifier and a defense level identifier, wherein the data lengths of the attack interruption identifier and the defense level identifier are the number of bytes of the attack interruption identifier and the number of bytes of the defense level identifier respectively. The values of the attack interruption identifications in all the defense interruption records in the form are unique, and the values of the defense level identifications are also unique. The operating system queries the defense level of the defense interrupt vector table according to the attack interrupt identifier of each record in the attack interrupt list, and can obtain the unique defense level identifier which is in one-to-one correspondence with the unique attack interrupt identifier in each attack interrupt record.
As shown in fig. 1C, the defense level list is a temporary process list generated after the operating system queries the defense interrupt vector table according to the attack interrupt list, and the total defense levels corresponding to all external attacks occurring at the first attack time can be known from the temporary process list. The defense level list is composed of a total number of defense level records recorded by the defense level list, wherein the total number of the defense level records is equal to the total number of the attack interruption records. The data length of the defense level record is the number of the defense level record bytes, and each defense level record only comprises one data item: and the defense level identification, wherein the data length (the number of bytes of the defense level data identification) of the defense level identification is equal to the number of bytes of the defense level record. The value of the defense level identification of each record is unique.
As shown in fig. 1D, the defense policy configuration table is a table preset by the operating system and stored locally, and is used to reflect the corresponding relationship between the defense level identifier and the defense program index. The defense strategy configuration table is composed of a plurality of defense strategy configuration records. The record length of the defense configuration record is the number of bytes of the defense configuration record, and each defense configuration record comprises two data items: the data length of the defense level identification and the defense program index is the number of bytes of the defense level identification and the number of bytes of the defense program index respectively. The values of the defense level identifiers in all defense policy configuration records in the form are unique. And the operating system acquires the defense program index according to the defense level identification of the defense strategy configuration record, and further positions and executes the defense executable program interface according to the defense program index.
Having introduced the forms shown in FIGS. 1A-1D, a brief description of the implementation of the method of the present invention will now be given: when external attacks occur, the operating system distributes an attack interruption identifier to all external attacks which occur simultaneously at the first attack time respectively, integrates all the attack interruption identifiers as records, and generates a first attack interruption list; the operating system obtains a corresponding defense level identifier by inquiring the first defense interrupt vector table aiming at the attack interrupt identifier recorded by each item of the first attack interrupt list, and integrates all the defense level identifiers to generate a first defense level list; the operating system polls all defense level records in the first defense level list to obtain a maximum defense level value and generate a first final defense level; the operating system polls the first defense strategy configuration table according to the first final defense level to obtain a first defense program index corresponding to the first defense strategy configuration table; finally, the operating system executes the first executable program identified by the operating system according to the first defense program index to complete the active defense action.
In an embodiment of the present invention, as shown in fig. 2, which is a schematic working diagram of a method for configuring management active defense provided in an embodiment of the present invention, the method includes the following steps:
And step 112, the operating system sends a first attack interruption list to the upper computer, wherein the first attack interruption list is used for enabling the upper computer to know that the subordinate device is attacked and have an opportunity to make a corresponding protection action on an upper application layer.
the method specifically comprises the following steps: step 1131, the operating system obtains the total number of attack interruption records in the first attack interruption list, and generates a first total number of records;
step 1132, the operating system initializes the value of the first record index to 1; initializing a value of the first temporary defense level list to null;
step 1133, the operating system extracts all bytes of the first record index attack interruption record of the first attack interruption list according to the first attack interruption list, and generates a first attack interruption identifier;
step 1134, the operating system performs query processing on the first defense interrupt vector table according to the first attack interrupt identifier to generate a first defense level identifier,
the method specifically comprises the following steps: step 11341, the operating system obtains the total number of the defensive interrupt records of the first defensive interrupt vector table, and generates a second total number of records;
step 11342, the operating system initializes the value of the second record index to 1;
step 11343, the operating system extracts all bytes of the second record index defensive interrupt record of the first defensive interrupt vector table according to the first defensive interrupt vector table, and generates a first defensive interrupt record;
step 11344, the operating system disassembles the first defense interruption record to generate a first temporary attack interruption identifier and a first temporary defense level identifier,
the method specifically comprises the following steps: the operating system disassembles the first defense interruption record, extracts a first temporary attack interruption identification byte of the first defense interruption record, and generates a first temporary attack interruption identification; and extracting a first temporary defense level identification byte of the first defense interruption record to generate a first temporary defense level identification.
Step 11345, determining whether the value of the first temporary attack interruption identifier is equal to the value of the first attack interruption identifier, and if the value of the first temporary attack interruption identifier is equal to the value of the first attack interruption identifier, going to step 11349; if the value of the first temporary attack interruption flag does not equal the value of the first attack interruption flag, go to step 11346;
step 11346, the operating system sets the value of the first temporary defense level identifier to 0;
step 11347, the operating system adds 1 to the value of the second record index;
step 11348, determine whether the value of the second record index is greater than the value of the second record total, if the value of the second record index is greater than the value of the second record total, go to step 11349; if the value of the second record index is less than or equal to the value of the second record total, go to step 11343;
step 11349, the operating system generates a first defense level according to the value of the first temporary defense level identifier;
step 1135, the operating system adds a record to the first temporary defense level list according to the first defense level;
step 1136, the operating system adds 1 to the value of the first record index;
step 1137, determining whether the value of the first record index is greater than the value of the first total record number, and if the value of the first record index is greater than the value of the first total record number, going to step 1138; if the value of the first record index is less than or equal to the value of the first total number of records, go to step 1133;
in step 1138, the operating system extracts all bytes of the first temporary defense level list to generate a first defense level list.
the method specifically comprises the following steps: step 1141, the operating system obtains the total number of defense level records of the first defense level list, and generates a third total number of records;
step 1142, the operating system initializes the value of the third record index to 1; initializing a value of a first temporary final defense level to 0;
step 1143, the operating system extracts all bytes of the third record index defense level record of the first defense level list according to the first defense level list to generate a second temporary defense level identifier;
step 1144, judging whether the value of the second temporary defense level identifier is greater than the value of the first temporary final defense level, and if the value of the second temporary defense level identifier is greater than the value of the first temporary final defense level, turning to step 1145; if the value of the second temporary defense level identification is less than or equal to the value of the first temporary final defense level, go to step 1146;
step 1145, the operating system generates a first temporary final defense level according to the value of the second temporary defense level identifier;
step 1146, the operating system adds 1 to the value of the third record index;
step 1147, determining whether the value of the third record index is greater than the value of the third record total number, and if the value of the third record index is greater than the value of the third record total number, going to step 1148; if the value of the third record index is less than or equal to the value of the third record total number, go to step 1143;
in step 1148, the operating system generates a first final defense level according to the value of the first temporary final defense level.
the method specifically comprises the following steps: 1151, the operating system obtains the total number of defense strategy configuration records of the first defense strategy configuration table, and generates a fourth total number of records;
step 1152, the operating system initializes the value of the fourth record index to 1;
1153, the operating system extracts all bytes of a fourth record index defense strategy configuration record of the first defense strategy configuration table according to the first defense strategy configuration table to generate a first temporary defense strategy configuration record;
step 1154, the operating system disassembles the first temporary defense policy configuration record to generate a third temporary defense level identifier and a first temporary defense program index,
the method specifically comprises the following steps: the operating system disassembles the first temporary defense strategy configuration record, extracts a third temporary defense level identification byte of the first temporary defense strategy configuration record, and generates a third temporary defense level identification; extracting a first temporary defense program index byte of a first temporary defense strategy configuration record to generate a first temporary defense program index;
step 1155, judge whether the value of the third temporary defense level label is equal to the value of the first final defense level, if the value of the third temporary defense level label is equal to the value of the first final defense level, go to step 1159; if the value of the third temporary defense level identification is not equal to the value of the first final defense level, go to step 1156;
1156, the operating system sets the value of the first temporary defense program index to 0;
step 1157, the operating system adds 1 to the value of the fourth record index;
step 1158, determine whether the value of the fourth record index is greater than the value of the fourth record total, if the value of the fourth record index is greater than the value of the fourth record total, go to step 1159; if the value of the fourth record index is less than or equal to the value of the total number of fourth records, go to step 1153;
in step 1159, the operating system generates a first defender index according to the value of the first temporary defender index.
And step 116, the operating system sequentially performs byte splicing on the first attack time, the first final defense level and the first defense program index to generate a first execution backup record, and performs record adding processing on a first defense execution state table according to the first execution backup record, wherein the form is prepared for the upper computer to further acquire local attacked state and local operating system emergency processing information.
And step 117, the operating system executes the first executable program identified by the value of the first defense program index according to the first defense program index, and generates a first execution result according to the execution result of the first executable program.
And step 118, when the value of the first execution result is that the execution is successful, the operating system sends the first execution result to the upper computer.
In the second embodiment of the present invention, as shown in fig. 3, which is a working schematic diagram of a method for configuring management active defense provided in the second embodiment of the present invention, the method includes the following steps:
in step 211, the operating system obtains all external attack interrupts occurring at the same time at the second attack time, and generates a second attack interrupt list.
the method specifically comprises the following steps: step 2131, the operating system obtains the total number of attack interruption records of the second attack interruption list, and generates a fifth total number of records;
step 2132, the operating system initializes the value of the fifth record index to 1; initializing a value of the second temporary defense level list to null;
step 2133, the operating system extracts, according to the second attack interrupt list, all bytes of the attack interrupt record indexed by the fifth record of the second attack interrupt list, and generates a second attack interrupt identifier;
step 2134, the operating system queries the second defense interrupt vector table according to the second attack interrupt identifier to generate a second defense level,
the method specifically comprises the following steps: step 21341, the operating system obtains the total number of the defensive interrupt records of the second defensive interrupt vector table, and generates a sixth total number of records;
step 21342, the operating system initializes the value of the sixth record index to 1;
step 21343, the operating system extracts, according to the second defensive interrupt vector table, all bytes of the sixth record index defensive interrupt record of the second defensive interrupt vector table to generate a second defensive interrupt record;
in step 21344, the operating system disassembles the second defense interruption record to generate a fourth temporary attack interruption identifier and a second temporary defense level identifier,
the method specifically comprises the following steps: the operating system disassembles the second defense interruption record, extracts a second temporary attack interruption identification byte of the second defense interruption record and generates a second temporary attack interruption identification; extracting a fourth temporary defense level identification byte of the second defense interruption record to generate a fourth temporary defense level identification;
step 21345, determining whether the value of the second temporary attack interruption flag is equal to the value of the second attack interruption flag, and if so, going to step 21349; if the value of the second temporary attack interruption flag is not equal to the value of the second attack interruption flag, go to step 21346;
step 21346, the operating system sets the value of the fourth temporary defense level flag to 0;
step 21347, the operating system adds 1 to the value of the sixth record index;
step 21348, determining whether the value of the sixth record index is greater than the value of the sixth record total, and if so, going to step 21349; if the value of the sixth record index is less than or equal to the value of the sixth record total, go to step 21343;
step 21349, the operating system generates a second defense level according to the value of the fourth temporary defense level identifier;
step 2135, the operating system adds a record to the second temporary defense level list according to the second defense level;
step 2136, the operating system adds 1 to the value of the fifth record index;
step 2137, determining whether the value of the fifth record index is greater than the value of the fifth record total, and if so, going to step 2138; if the value of the fifth record index is less than or equal to the value of the fifth record total, go to step 2133;
in step 2138, the operating system extracts all bytes of the second temporary defense level list to generate a second defense level list.
the method specifically comprises the following steps: 2141, the operating system obtains the total number of records of defense levels in the second defense level list, and generates a seventh total number of records;
step 2142, the operating system initializes the value of the seventh record index to 1; initializing a value of a second temporary final defense level to 0;
2143, the operating system extracts all bytes of the eighth record index defense level record of the second defense level list according to the second defense level list, and generates a fifth temporary defense level identifier;
2144, judging whether the value of the fifth temporary defense level identification is larger than the value of the second temporary final defense level, if so, going to 2145; if the value of the fifth temporary defense level identification is less than or equal to the value of the second temporary final defense level, go to step 2146;
2145, the operating system generates a second temporary final defense level according to the value of the fifth temporary defense level identifier;
2146, the operating system adds 1 to the value of the seventh record index;
2147, determining whether the value of the seventh record index is greater than the value of the seventh record total, and if the value of the seventh record index is greater than the value of the seventh record total, go to 2148; if the value of the seventh record index is less than or equal to the value of the seventh record total, go to step 2143;
step 2148, the operating system generates a second final defense level according to the value of the second temporary final defense level.
the method specifically comprises the following steps: 2161, the operating system obtains the total number of the defense strategy configuration records of the second defense strategy configuration table, and generates an eighth total number of records;
step 2162, the operating system initializes the value of the eighth record index to 1;
2163, the operating system extracts all bytes of the eighth record index defense policy configuration record of the second defense policy configuration table according to the second defense policy configuration table, and generates a second temporary defense policy configuration record;
step 2164, the operating system disassembles the second temporary defense policy configuration record, generates a sixth temporary defense level identifier and a second temporary defense program index,
the method specifically comprises the following steps: the operating system disassembles the second temporary defense strategy configuration record, extracts a sixth temporary defense level identification byte of the second temporary defense strategy configuration record, and generates a sixth temporary defense level identification; extracting a second temporary defense program index byte of a second temporary defense strategy configuration record to generate a second temporary defense program index;
step 2165, judging whether the value of the sixth temporary defense level identification is equal to the value of the second final defense level, if so, going to step 2169; if the value of the sixth temporary defense level identification is not equal to the value of the second final defense level, proceed to step 2166;
step 2166, the operating system sets the value of the second temporary defense program index to 0;
step 2167, the operating system adds 1 to the value of the eighth record index;
step 2168, determine whether the value of the eighth record index is greater than the value of the eighth total number of records, if the value of the eighth record index is greater than the value of the eighth total number of records, go to step 2169; if the value of the eighth record index is less than or equal to the value of the eighth total number of records, go to step 2163;
at step 2169, the operating system generates a second defender index based on the value of the second temporary defender index.
And step 217, the operating system sequentially performs byte splicing on the second attack time, the second final defense level and the second defense program index to generate a second execution backup record, and performs record adding processing on the second defense execution state table according to the second execution backup record.
In step 218, the operating system executes the second executable program identified by the value of the second defense program index according to the second defense program index, and generates a second execution result according to the execution result of the second executable program.
And step 220, when the value of the second execution result is that the execution is successful, the operating system sends the second execution result to the upper computer.
And step 410, stopping defense and alarming, and simultaneously sending a second attack fault list and a final defense level error to the upper computer.
The main reason for the above error is that an error occurs during the polling of the defense level list by the operating system to generate the maximum defense level.
And step 420, stopping defense and alarming, and sending a second execution result to the upper computer.
The main reason for the above errors is that the defense executability program positioned by the operating system according to the maximum defense level has errors in the positioning and executing processes.
According to the configuration management active defense method provided by the embodiment of the invention, the active defense operation for single or multiple external attacks is realized by configuring two configuration forms of the defense interrupt vector table and the defense strategy configuration table, the concept of the highest defense level is set at the same time, when multiple external attacks occur simultaneously, the defense levels of all attacks are screened, and defense is carried out according to the highest level. The method provided by the invention can be used for configuring two form files for multiple times, and also provides the capability of secondary correction for the singlechip when defining and upgrading the protection means.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, a software module executed by a processor, or a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (5)
1. A method of configuring management proactive defenses, the method comprising:
the method comprises the steps that an operating system obtains all external attack interrupts which occur simultaneously at a first attack time, and generates a first attack interrupt list, wherein the first attack interrupt list comprises a total number of attack interrupt records;
the operating system sends the first attack interruption list to an upper computer;
the operating system queries a first defense interrupt vector table according to the first attack interrupt list to generate a first defense level list, wherein the first defense level list comprises a total number of defense level records;
the operating system generates a first final defense level according to the first defense level list;
the operating system queries a first defense strategy configuration table according to the first final defense level to generate a first defense program index;
the operating system sequentially byte-assembles the first attack time, the first final defense level and the first defense program index to generate a first execution backup record, and performs record adding processing on a first defense execution state table according to the first execution backup record;
the operating system executes a first executable program identified by the value of the first defense program index according to the first defense program index, and generates a first execution result according to the execution result of the first executable program;
when the value of the first execution result is successful, the operating system sends the first execution result to the upper computer;
the operating system performs query processing on a first defense interrupt vector table according to the first attack interrupt list to generate a first defense level list, and the method specifically includes:
step 31, the operating system obtains the total number of attack interruption records in the first attack interruption list, and generates a first total number of records;
step 32, the operating system initializes the value of the first record index to 1; initializing a value of the first temporary defense level list to null;
step 33, the operating system extracts all bytes of the first record index attack interruption record of the first attack interruption list according to the first attack interruption list, and generates a first attack interruption identifier;
step 34, the operating system performs query processing on the first defense interrupt vector table according to the first attack interrupt identifier to generate a first defense level;
step 35, the operating system adds a record to the first temporary defense level list according to the first defense level;
step 36, the operating system adds 1 to the value of the first record index;
step 37, the operating system determines whether the value of the first record index is greater than the value of the first total number of records, and if the value of the first record index is greater than the value of the first total number of records, the operating system goes to step 38; if the value of the first record index is less than or equal to the value of the first total number of records, go to step 33;
step 38, the operating system extracts all bytes of the first temporary defense level list to generate the first defense level list;
the operating system generates a first final defense level according to the first defense level list, and specifically includes:
step 61, the operating system acquires the total number of the defense level records in the first defense level list, and generates a third total number of records;
step 62, the operating system initializes a third record index to have a value of 1; initializing a value of a first temporary final defense level to 0;
step 63, the operating system extracts all bytes of the third record index defense level record of the first defense level list according to the first defense level list to generate a second temporary defense level identifier;
step 64, the operating system judges whether the value of the second temporary defense level identification is greater than the value of the first temporary final defense level, and if the value of the second temporary defense level identification is greater than the value of the first temporary final defense level, the operation system goes to step 65; if the value of the second temporary defense level identification is less than or equal to the value of the first temporary final defense level, go to step 66;
step 65, the operating system generates the first temporary final defense level according to the value of the second temporary defense level identifier;
step 66, the operating system adds 1 to the value of the third record index;
step 67, the operating system determines whether the value of the third record index is greater than the value of the third record total number, and if the value of the third record index is greater than the value of the third record total number, the operating system goes to step 68; if the value of the third record index is less than or equal to the value of the third record total number, go to step 63;
step 68, the operating system generating the first final defense level according to the value of the first temporary final defense level;
the operating system performs query processing on a first defense policy configuration table according to the first final defense level to generate a first defense program index, and specifically includes:
step 71, the operating system obtains the total number of defense strategy configuration records of the first defense strategy configuration table, and generates a fourth total number of records;
step 72, the operating system initializes the value of the fourth record index to 1;
step 73, the operating system extracts all bytes of the fourth record index defense policy configuration record of the first defense policy configuration table according to the first defense policy configuration table to generate a first temporary defense policy configuration record;
step 74, the operating system disassembles the first temporary defense strategy configuration record to generate a third temporary defense level identifier and a first temporary defense program index;
step 75, the operating system determines whether the value of the third temporary defense level identifier is equal to the value of the first final defense level, and if the value of the third temporary defense level identifier is equal to the value of the first final defense level, the operating system goes to step 79; if the value of the third temporary defense level identification is not equal to the value of the first final defense level, go to step 76;
step 76, the operating system sets the value of the first temporary defense index to 0;
step 77, the operating system adds 1 to the value of the fourth record index;
step 78, determining whether the value of the fourth record index is greater than the value of the fourth record total number, and if the value of the fourth record index is greater than the value of the fourth record total number, going to step 79; if the value of the fourth record index is less than or equal to the value of the fourth record total, go to step 73;
and 79, generating the first defense program index by the operating system according to the value of the first temporary defense program index.
2. The method of claim 1, further comprising:
and when the value of the first execution result is execution failure, the operating system sends the first execution result to the upper computer and executes alarm processing.
3. The method according to claim 1, wherein in step 34, the operating system performs query processing on the first defense interrupt vector table according to the first attack interrupt identifier to generate a first defense level, and specifically includes:
step 341, the operating system obtains the total number of the defensive interrupt records of the first defensive interrupt vector table, and generates a second total number of records;
step 342, the operating system initializes the value of the second record index to 1;
step 343, the operating system extracts all bytes of the second record index defensive interrupt record of the first defensive interrupt vector table according to the first defensive interrupt vector table, and generates a first defensive interrupt record;
344, the operating system disassembles the first defense interruption record to generate a first temporary attack interruption identifier and a first temporary defense level identifier;
in step 345, the operating system determines whether the value of the first temporary attack interruption identifier is equal to the value of the first attack interruption identifier, and if the value of the first temporary attack interruption identifier is equal to the value of the first attack interruption identifier, goes to step 349; if the value of the first temporary attack interruption identifier is not equal to the value of the first attack interruption identifier, go to step 346;
step 346, the operating system setting the value of the first temporary defense level identifier to 0;
step 347, the operating system adding 1 to the value of the second record index;
in step 348, the operating system determines whether the value of the second record index is greater than the value of the second total number of records, and if the value of the second record index is greater than the value of the second total number of records, go to step 349; if the value of the second record index is less than or equal to the value of the second record total, go to step 343;
step 349, the operating system generates the first defense level according to the value of the first temporary defense level identifier.
4. The method according to claim 3, wherein in the step 344, the operating system disassembles the first defense interruption record to generate a first temporary attack interruption identifier and a first temporary defense level identifier, specifically comprising:
the operating system disassembles the first defense interruption record, extracts a first temporary attack interruption identification byte of the first defense interruption record, and generates a first temporary attack interruption identification; and extracting a first temporary defense level identification byte of the first defense interruption record to generate the first temporary defense level identification.
5. The method according to claim 1, wherein in step 74, the operating system disassembles the first temporary defense policy configuration record to generate a third temporary defense level identifier and a first temporary defense program index, and specifically includes:
the operating system disassembles the first temporary defense strategy configuration record, extracts a third temporary defense level identification byte of the first temporary defense strategy configuration record, and generates a third temporary defense level; and extracting a first temporary defense program index byte of the first temporary defense strategy configuration record, and generating the first temporary defense program index.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910583996.6A CN110309652B (en) | 2019-06-28 | 2019-06-28 | Active defense method for configuration management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910583996.6A CN110309652B (en) | 2019-06-28 | 2019-06-28 | Active defense method for configuration management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110309652A CN110309652A (en) | 2019-10-08 |
| CN110309652B true CN110309652B (en) | 2022-03-18 |
Family
ID=68078830
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910583996.6A Active CN110309652B (en) | 2019-06-28 | 2019-06-28 | Active defense method for configuration management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110309652B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102035803A (en) * | 2009-09-29 | 2011-04-27 | 上海艾融信息科技有限公司 | Method, system and device for adjusting application security strategy |
| CN102546624A (en) * | 2011-12-26 | 2012-07-04 | 西北工业大学 | Method and system for detecting and defending multichannel network intrusion |
| CN106529287A (en) * | 2016-11-17 | 2017-03-22 | 江苏通付盾科技有限公司 | Method and device for automatically reinforcing application vulnerabilities |
| CN106961450A (en) * | 2017-05-24 | 2017-07-18 | 深信服科技股份有限公司 | Safety defense method, terminal, cloud server and safety defense system |
| US20180025156A1 (en) * | 2016-07-21 | 2018-01-25 | Ramot At Tel-Aviv University Ltd. | Anti-Spoofing Defense System for a Can Bus |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101808078B (en) * | 2009-02-13 | 2013-01-23 | 北京启明星辰信息技术股份有限公司 | Intrusion defence system having active defence capability and method thereof |
| CN106027550B (en) * | 2016-06-29 | 2019-04-12 | 北京邮电大学 | A kind of defence policies systematic analytic method and device |
| CN108491694A (en) * | 2018-03-26 | 2018-09-04 | 湖南大学 | A kind of method of dynamic randomization defence Cache attacks |
-
2019
- 2019-06-28 CN CN201910583996.6A patent/CN110309652B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102035803A (en) * | 2009-09-29 | 2011-04-27 | 上海艾融信息科技有限公司 | Method, system and device for adjusting application security strategy |
| CN102546624A (en) * | 2011-12-26 | 2012-07-04 | 西北工业大学 | Method and system for detecting and defending multichannel network intrusion |
| US20180025156A1 (en) * | 2016-07-21 | 2018-01-25 | Ramot At Tel-Aviv University Ltd. | Anti-Spoofing Defense System for a Can Bus |
| CN106529287A (en) * | 2016-11-17 | 2017-03-22 | 江苏通付盾科技有限公司 | Method and device for automatically reinforcing application vulnerabilities |
| CN106961450A (en) * | 2017-05-24 | 2017-07-18 | 深信服科技股份有限公司 | Safety defense method, terminal, cloud server and safety defense system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110309652A (en) | 2019-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9652632B2 (en) | Method and system for repairing file at user terminal | |
| US10956575B2 (en) | Determine malware using firmware | |
| US20130139265A1 (en) | System and method for correcting antivirus records to minimize false malware detections | |
| EP3474174B1 (en) | System and method of adapting patterns of dangerous behavior of programs to the computer systems of users | |
| CN112187533B (en) | Virtual network equipment defense method, device, electronic equipment and medium | |
| US10204036B2 (en) | System and method for altering application functionality | |
| US7694179B2 (en) | Suspected place identifying apparatus and processing method | |
| CN107563198B (en) | Host virus prevention and control system and method for industrial control system | |
| JP7019533B2 (en) | Attack detection device, attack detection system, attack detection method and attack detection program | |
| US11003772B2 (en) | System and method for adapting patterns of malicious program behavior from groups of computer systems | |
| CN113037774B (en) | Security management method, device, equipment and machine readable storage medium | |
| CN110309652B (en) | Active defense method for configuration management | |
| CN112035831A (en) | Data processing method, device, server and storage medium | |
| CN103593614B (en) | Unknown virus retrieval method | |
| CN111131198B (en) | Updating method and device for network security policy configuration | |
| RU96267U1 (en) | SYSTEM OF COMPLETING ANTI-VIRUS DATABASES UNDER THE DETECTION OF UNKNOWN MALIGNANT COMPONENTS | |
| WO2021144978A1 (en) | Attack estimation device, attack estimation method, and attack estimation program | |
| CN113872959A (en) | Risk asset grade judgment and dynamic degradation method, device and equipment | |
| RU2468427C1 (en) | System and method to protect computer system against activity of harmful objects | |
| CN113518055A (en) | Data security protection processing method and device, storage medium and terminal | |
| CN110308952B (en) | Method for checking configuration in starting process of embedded operating system | |
| KR101489142B1 (en) | Client system and control method thereof | |
| KR101274348B1 (en) | Anti-Malware Device, Server and Pattern Matching Method | |
| WO2017099062A1 (en) | Diagnostic device, diagnostic method, and recording medium having diagnostic program recorded therein | |
| CN112464286B (en) | Resource protection method and related device of cloud management platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100080, Beijing, Suzhou Street, Haidian District No. 20, building 2, on the north side of the four floor Applicant after: Zhaoxun Hengda Technology Co., Ltd Address before: 100080, Beijing, Suzhou Street, Haidian District No. 20, building 2, on the north side of the four floor Applicant before: MEGAHUNT MICROELECTRONIC TECH. (BEIJING) Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |