CN112256527B - Method, device and storage medium for protecting equipment operation safety - Google Patents

Method, device and storage medium for protecting equipment operation safety Download PDF

Info

Publication number
CN112256527B
CN112256527B CN202011116369.0A CN202011116369A CN112256527B CN 112256527 B CN112256527 B CN 112256527B CN 202011116369 A CN202011116369 A CN 202011116369A CN 112256527 B CN112256527 B CN 112256527B
Authority
CN
China
Prior art keywords
state
sub
state machine
storage medium
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011116369.0A
Other languages
Chinese (zh)
Other versions
CN112256527A (en
Inventor
王仲宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Ezviz Network Co Ltd
Original Assignee
Hangzhou Ezviz Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Ezviz Network Co Ltd filed Critical Hangzhou Ezviz Network Co Ltd
Priority to CN202011116369.0A priority Critical patent/CN112256527B/en
Publication of CN112256527A publication Critical patent/CN112256527A/en
Application granted granted Critical
Publication of CN112256527B publication Critical patent/CN112256527B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3055Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a method, a device and a storage medium for protecting the safety of equipment in operation, wherein the method comprises the following steps: after the equipment is started for the first time, a main state machine is established; the method comprises the steps that a main state machine collects initial equipment state information, the initial equipment state information is stored in a storage medium of equipment, and sub-state machines are created; the state of the sub-state machine is determined according to the current equipment state information and the initial equipment state information stored in a storage medium of the equipment, and when the equipment is determined to be abnormal in operation according to the state of the sub-state machine, the equipment is subjected to abnormal processing. For the lightweight equipment with a simple system structure and single function, the application of the invention can effectively defend external attack.

Description

Method, device and storage medium for protecting equipment operation safety
Technical Field
The present invention relates to the field of device security technologies, and in particular, to a method, an apparatus, and a storage medium for protecting security of a device during operation.
Background
The internet of things (Internet of Things, IOT) is a network which is based on information carriers such as the internet, a traditional telecommunication network and the like, and enables all common objects capable of performing independent functions to realize interconnection and intercommunication. These common objects accessing the internet of things, i.e., internet of things devices, are also referred to as IOT devices.
The internet of things device has more intelligence and interconnectivity than traditional computing devices, but more potential safety hazards exist at the same time. In the prior art, although the traditional security state machine model can be configured in the device to defend external attack, because the implementation is complex and is not suitable for lightweight IOT devices, in the field of security of the internet of things devices at the present stage, the state machine model suitable for the IOT devices to defend external attack is lacking.
Disclosure of Invention
In view of the above, the present invention aims to provide a method, an apparatus and a storage medium for protecting security of a device during operation, which can effectively defend external attack for a lightweight device with a simple system structure and a single function.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a method of protecting security of a device at runtime, comprising:
after the equipment is started for the first time, a main state machine is established;
the method comprises the steps that a main state machine collects initial equipment state information, the initial equipment state information is stored in a storage medium of equipment, and sub-state machines are created;
the state of the sub-state machine is determined according to the current equipment state information and the initial equipment state information stored in a storage medium of the equipment, and when the equipment is determined to be abnormal in operation according to the state of the sub-state machine, the equipment is subjected to abnormal processing.
An apparatus for protecting the safety of a device during operation, comprising: a processor, and a non-transitory computer readable storage medium coupled to the processor via a bus;
the non-transitory computer readable storage medium storing one or more computer programs executable by the processor; the processor, when executing the one or more computer programs, performs the steps in the method for protecting the security of the device during operation.
A non-transitory computer readable storage medium storing instructions that, when executed by a processor, cause the processor to perform steps in a method of securing a device at runtime as described above.
According to the technical scheme, the initial equipment state information is collected by the master state machine, the current equipment state information is collected by the slave state machine regularly, the state of the sub-state machine is determined according to the initial equipment state information and the current equipment state information, and further when the equipment operation abnormality is determined according to the state of the sub-state machine, the abnormality processing is carried out on the equipment. The technical scheme provided by the invention is suitable for lightweight equipment (such as IOT equipment) with simpler system structure and single function, and because the equipment state information is not changed usually after the equipment is powered on and started, the equipment state information is changed only when the equipment is attacked, the equipment state information change can be detected in time by applying the scheme of the invention, thereby determining the equipment operation abnormality and carrying out corresponding abnormality processing, and thus, the external attack can be effectively defended.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flow chart of a method for protecting security of a device during operation according to an embodiment of the present application;
FIG. 2 is a flow chart of a method for protecting security of a device during operation according to a second embodiment of the present application;
FIG. 3 is a flow chart of a method for protecting the security of a device during operation according to a third embodiment of the present application;
FIG. 4 is a flow chart of a method for protecting the security of a device during operation according to the fourth embodiment of the application;
FIG. 5 is a flow chart of a method of protecting the security of a device during operation in accordance with an embodiment of the present application;
FIG. 6 is a flow chart of a method for protecting the security of a device during operation according to a sixth embodiment of the present application;
FIG. 7 is a flow chart of a method for protecting security of a device during operation according to a seventh embodiment of the present application;
FIG. 8 is a flow chart of a method for protecting security of a device during operation according to an embodiment of the present application;
fig. 9 is a schematic structural view of an apparatus for protecting safety of a device in operation according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Aiming at the characteristics that the equipment state information is basically unchanged under the condition that the equipment is not attacked after the equipment is electrified and started, the application provides a technical scheme for collecting the initial equipment state information and periodically collecting the current equipment state information, determining whether the equipment is abnormal in operation or not according to the initial equipment state information, and performing corresponding abnormal processing when the equipment is abnormal in operation so as to achieve the aim of preventing external attack. In addition, for the equipment which satisfies the characteristic that the equipment state information is basically unchanged under the condition of not being attacked after power-on, the technical scheme of the application can be applied even if the system structure is complex or the function is complex, namely the application is also applicable to the equipment.
Embodiments of the present invention will be described in detail below with reference to the attached drawings:
referring to fig. 1, fig. 1 is a flowchart of a method for protecting security of a device during operation according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step 101, after equipment is started for the first time, a main state machine is established;
102, collecting initial equipment state information by a main state machine, storing the initial equipment state information into a storage medium of equipment, and creating a sub-state machine;
in this embodiment, the device status information includes: hardware state information, system state information, and process state information. After the master state machine is created, hardware state information, system state information, and process state information of the device are collected, and these information are stored as initial device state information into a storage medium of the device for subsequent determination of the state of the sub-state machines.
Step 103, the sub-state machine periodically collects the current equipment state information, determines the state of the sub-state machine according to the current equipment state information and the initial equipment state information stored in a storage medium of the equipment, determines whether the equipment is abnormal according to the state of the sub-state machine, and executes step 104 when the equipment is abnormal, otherwise, executes step 103 again;
In this embodiment, the main state machine is responsible for collecting initial device state information, and the sub state machine is responsible for periodically collecting current device state information, determining the state of the sub state machine by using the initial device state information and the current device state information, and further determining the running state of the device according to the state of the sub state machine.
And 104, performing exception handling on the equipment.
As can be seen from the method shown in fig. 1, in this embodiment, initial device state information is collected by using a master state machine, current device state information is periodically collected by using a slave state machine, and the state of a sub-state machine is determined according to the initial device state information and the current device state information, so as to determine whether the device is abnormal in operation, and perform exception handling on the device when the device is abnormal in operation. By applying the method provided by the embodiment, the equipment can timely detect the equipment operation abnormality and perform abnormality processing when being attacked, so that external attack can be effectively defended.
Referring to fig. 2, fig. 2 is a flowchart of a method for protecting the security of a device during operation according to a second embodiment of the present invention, as shown in fig. 2, the method includes the following steps:
step 201, after the equipment is started for the first time, a main state machine is created;
Step 202, a main state machine collects initial equipment state information, stores the initial equipment state information into a storage medium of equipment, and creates a sub-state machine;
in this embodiment, the device status information includes: hardware state information, system state information, and process state information.
Step 2031, periodically collecting current equipment state information by a sub-state machine;
step 2032, judging whether the current device state information and the initial device state information stored in the storage medium of the device are the same, if so, executing step 2033, otherwise, executing step 2034;
in this embodiment, the states of the sub-state machine are as follows: normal state, abnormal state, and fault state.
Step 2033, determining that the state of the sub-state machine is a normal state;
in this embodiment, when the current device state information collected by the sub-state machine is the same as the initial device state information, it is determined that the state of the sub-state machine is a normal state.
Step 2034, determining that the sub-state machine is in an abnormal state, increasing the number of times of continuous abnormal states of the sub-state machine, if the number of times of continuous abnormal states of the sub-state machine does not exceed a preset threshold, determining that the state of the sub-state machine is an abnormal state, otherwise, determining that the state of the sub-state machine is a fault state.
In this embodiment, when the current device state information collected by the sub-state machine is different from the initial device state information, determining that the state of the sub-state machine is an abnormal state, at this time, the number of times of continuous abnormal states of the sub-state machine may be increased, and distinguishing the abnormal state and the fault state of the sub-state machine according to the number of times of continuous abnormal states of the sub-state machine.
The above steps 2032 to 2034 are specific refinements of "determining the state of the sub-state machine from the current device state information and the initial device state information stored in the storage medium of the device" in step 103 shown in fig. 1.
Step 2035, determining whether the device is abnormal according to the state of the sub-state machine, executing step 2036 when the device is abnormal, otherwise, returning to execute step 2031;
step 2036, performing exception handling on the device.
The above steps 2031 to 2036 are specific refinements of step 103 shown in fig. 1.
As can be seen from the method shown in fig. 2, in this embodiment, initial device state information is collected by using a master state machine, current device state information is collected periodically by using a slave state machine, normal states and abnormal states of the sub-state machine are distinguished according to the initial device state information and the current device state information, and abnormal states and fault states of the sub-state machine are distinguished by using the number of times of continuous abnormal states of the sub-state machine, so that whether the device is abnormal in operation or not can be determined according to the specific state of the sub-state machine, and corresponding abnormal processing can be performed on the device when the device is abnormal in operation. By applying the method provided by the embodiment, the equipment can timely detect the equipment operation abnormality and perform corresponding abnormality processing when being attacked, so that external attack can be effectively defended.
Referring to fig. 3, fig. 3 is a flowchart of a method for protecting the security of a device during operation according to the third embodiment of the present invention, as shown in fig. 3, the method includes the following steps:
step 301, after the device is started for the first time, creating a main state machine;
step 302, the main state machine collects the initial equipment state information, stores the initial equipment state information into a storage medium of the equipment, and creates a sub-state machine;
in this embodiment, the device status information includes: hardware state information, system state information, and process state information.
Step 3031, the sub-state machine periodically collects the current equipment state information;
in this embodiment, the sub-state machine is initialized to 0 and then stored in the storage medium of the device at the beginning of its creation.
Step 3032, judging whether the current device state information is the same as the initial device state information stored in the storage medium of the device, if so, executing step 3033, otherwise, executing step 3034;
in this embodiment, the states of the sub-state machine are as follows: normal state, abnormal state, and fault state.
Step 3033, determining that the state of the sub-state machine is a normal state, if the number of times of continuous abnormal states of the sub-state machine stored in the storage medium of the device is not 0, updating the number of times of continuous abnormal states of the sub-state machine stored in the storage medium of the device to be 0;
In this embodiment, when the current device state information collected by the sub-state machine is the same as the initial device state information, it is determined that the state of the sub-state machine is a normal state, and if the number of consecutive abnormal times of the sub-state machine stored in the storage medium of the device is not 0, then the sub-state machine is corrected.
Step 3034, determining that the sub-state machine is in an abnormal state, increasing the number of continuous abnormal states of the sub-state machine stored in the storage medium of the device, if the number of continuous abnormal states of the sub-state machine does not exceed a preset threshold, determining that the state of the sub-state machine is an abnormal state, otherwise, determining that the state of the sub-state machine is a fault state.
In this embodiment, when the current device state information collected by the sub-state machine is different from the initial device state information, determining that the state of the sub-state machine is an abnormal state, at this time, the number of times of continuous abnormal states of the sub-state machine stored in the storage medium of the device may be increased, and the abnormal state and the fault state of the sub-state machine may be distinguished according to the number of times of continuous abnormal states of the sub-state machine.
Step 3034 above is a detailed refinement of step 2034 shown in FIG. 2.
The above steps 3032 to 3034 are specific refinements of "determining the state of the sub-state machine from the current device state information and the initial device state information stored in the storage medium of the device" in step 103 shown in fig. 1.
Step 3035, determining whether the device is abnormal according to the state of the sub-state machine, executing step 3036 when the device is abnormal, otherwise, returning to execute step 3031;
step 3036, performing exception handling on the equipment.
The above steps 3031 to 3036 are specific refinements of step 103 shown in fig. 1.
As can be seen from the method shown in fig. 3, in this embodiment, initial device state information is collected by using a master state machine, current device state information is collected periodically by using a slave state machine, normal states and abnormal states of the sub-state machine are distinguished according to the initial device state information and the current device state information, and abnormal states and fault states of the sub-state machine are distinguished by using the number of times of continuous abnormal states of the sub-state machine, so that whether the device is abnormal in operation or not can be determined according to the specific state of the sub-state machine, and corresponding abnormal processing can be performed on the device when the device is abnormal in operation. In addition, in this embodiment, the number of times of continuous abnormal states of the sub-state machine is stored in the storage medium of the device, so that even if the device is restarted, the count result of the number of times of continuous abnormal states of the sub-state machine is not affected, and thus misjudgment of the state of the sub-state machine can be avoided. By applying the method provided by the embodiment, the equipment can timely detect the equipment operation abnormality and perform corresponding abnormality processing when being attacked, so that external attack can be effectively defended.
Referring to fig. 4, fig. 4 is a flowchart of a method for protecting the security of a device during operation according to a fourth embodiment of the present invention, as shown in fig. 4, the method includes the following steps:
step 401, after the equipment is started for the first time, a main state machine is created;
step 402, the main state machine collects the initial equipment state information, stores the initial equipment state information into a storage medium of the equipment, and creates a sub-state machine;
in this embodiment, the device status information includes: hardware state information, system state information, and process state information.
Step 4031, periodically collecting current equipment state information by the sub-state machine;
in this embodiment, the sub-state machine is initialized to 0 and then stored in the storage medium of the device at the beginning of its creation.
Step 4032, judging whether the current device state information is the same as the initial device state information stored in the storage medium of the device, if so, executing step 4033, otherwise, executing step 4034;
in this embodiment, the states of the sub-state machine are as follows: normal state, abnormal state, and fault state.
Step 4033, determining that the state of the sub-state machine is a normal state, if the number of times of continuous abnormal states of the sub-state machine stored in the storage medium of the device is not 0, updating the number of times of continuous abnormal states of the sub-state machine stored in the storage medium of the device to 0;
In this embodiment, when the current device state information collected by the sub-state machine is the same as the initial device state information, it is determined that the state of the sub-state machine is a normal state, and if the number of consecutive abnormal times of the sub-state machine stored in the storage medium of the device is not 0, then the sub-state machine is corrected.
Step 4034, determining that the sub-state machine is in an abnormal state, increasing the number of continuous abnormal states of the sub-state machine stored in the storage medium of the device, if the number of continuous abnormal states of the sub-state machine does not exceed the preset threshold, determining that the state of the sub-state machine is an abnormal state, otherwise, determining that the state of the sub-state machine is a fault state.
In this embodiment, when the current device state information collected by the sub-state machine is different from the initial device state information, determining that the state of the sub-state machine is an abnormal state, at this time, the number of times of continuous abnormal states of the sub-state machine stored in the storage medium of the device may be increased, and the abnormal state and the fault state of the sub-state machine may be distinguished according to the number of times of continuous abnormal states of the sub-state machine.
The above steps 4032 to 4034 are specific refinements of "determining the state of the sub-state machine from the current device state information and the initial device state information stored in the storage medium of the device" in step 103 shown in fig. 1.
Step 4035a, when the state of the sub-state machine is abnormal, determining that the operation of the device is abnormal, and executing step 4036a;
step 4035b, when the state of the sub-state machine is a fault state, determining that the device is abnormal in operation, and executing 4036b;
step 4035c, when the state of the sub-state machine is normal, determining that the device is running normally, and returning to execute step 4031;
step 4036a, restarting the device;
in this embodiment, after restarting the device, the state of the sub-state machine is restored to the normal state.
Step 4036b, suspending the operating system of the device, outputting a reset system prompt, and resetting the operating system of the device to restore the factory setting if a reset system instruction triggered by the user based on the reset system prompt is received.
The above steps 4031 to 4036b are specific refinements of step 103 shown in fig. 1.
As can be seen from the method shown in fig. 4, in this embodiment, initial device state information is collected by using a master state machine, current device state information is collected periodically by using a slave state machine, normal states and abnormal states of the sub-state machine are distinguished according to the initial device state information and the current device state information, and abnormal states and fault states of the sub-state machine are distinguished by using the number of times of continuous abnormal states of the sub-state machine, so that whether the device is abnormal in operation or not can be determined according to a specific state of the sub-state machine, and corresponding abnormal processing can be performed on the device according to the specific state of the sub-state machine when the device is abnormal in operation. In addition, in this embodiment, by storing the number of times of continuous abnormal states of the sub-state machine in the storage medium of the device, the count result of the number of times of continuous abnormal states of the sub-state machine is not affected even if the device is restarted, so that erroneous judgment of the state of the sub-state machine can be avoided. By applying the method provided by the embodiment, the equipment can timely detect the equipment operation abnormality and perform corresponding abnormality processing when being attacked, so that external attack can be effectively defended.
Referring to fig. 5, fig. 5 is a flowchart of a method for protecting the safety of a device during operation according to an embodiment of the present invention, as shown in fig. 5, the method includes the steps of:
step 501, after the device is started for the first time, a main state machine is created;
step 502, the main state machine collects the initial equipment state information, stores the initial equipment state information into a storage medium of the equipment, and creates a sub-state machine;
in this embodiment, the device status information includes: hardware state information, system state information, and process state information.
Step 5031, periodically collecting current equipment state information by the sub-state machine;
in this embodiment, the state of the sub-state machine is set to the normal state at the beginning of creation or after the device is restarted, and then the state is stored in the storage medium of the storage device.
Step 5032, judging whether the current device state information is the same as the initial device state information stored in the storage medium of the device, if so, executing step 5033, otherwise, executing step 5034a;
in this embodiment, the states of the sub-state machine are as follows: normal state, abnormal state, and fault state.
Step 5033, determining that the state of the sub-state machine is a normal state, and if the state of the sub-state machine stored in the storage medium of the device is not the normal state, updating the state of the sub-state machine stored in the storage medium of the device to the normal state;
In this embodiment, when the current device state information collected by the sub-state machine is the same as the initial device state information, it is determined that the state of the sub-state machine is a normal state.
Step 5034a, determining that the sub-state machine is in an abnormal state, and increasing the number of continuous abnormal states of the sub-state machine;
step 5034b, judging whether the number of continuous abnormal states of the sub-state machine does not exceed a preset threshold, if yes, executing step 5034c, otherwise, executing step 5034d;
step 5034c, determining that the state of the sub-state machine is an abnormal state, and if the state of the sub-state machine stored in the storage medium of the device is not the abnormal state, updating the state of the sub-state machine stored in the storage medium of the device to be the abnormal state;
in step 5034d, it is determined that the state of the sub-state machine is a failure state, and if the state of the sub-state machine stored in the storage medium of the device is not the failure state, the state of the sub-state machine stored in the storage medium of the device is updated to the failure state.
In this embodiment, when the current device state information collected by the sub-state machine is different from the initial device state information, determining that the state of the sub-state machine is an abnormal state, at this time, the number of times of continuous abnormal states of the sub-state machine may be increased, and distinguishing the abnormal state and the fault state of the sub-state machine according to the number of times of continuous abnormal states of the sub-state machine.
The above steps 5032 to 5034d are specific refinements of "determining the state of the sub-state machine from the current device state information and the initial device state information stored in the storage medium of the device" in step 103 shown in fig. 1.
Step 5035, determining whether the device is abnormal according to the state of the sub-state machine, executing step 5036 when the device is abnormal, otherwise, returning to execute step 5031;
step 5036, performing exception handling on the device.
The above steps 5031 to 5036 are specific refinements of step 103 shown in fig. 1.
As can be seen from the method shown in fig. 5, in this embodiment, initial device state information is collected by using a master state machine, current device state information is periodically collected by using a slave state machine, and the state of a sub-state machine is determined according to the initial device state information and the current device state information and updated into a storage medium of the device, so that the device or a functional module on the device can obtain the state of the sub-state machine without interaction with the sub-state machine; and meanwhile, determining whether the equipment is abnormal in operation or not according to the state of the sub-state machine, and carrying out corresponding abnormal processing on the equipment when the equipment is abnormal in operation. By applying the method provided by the embodiment, the equipment can timely detect the equipment operation abnormality and perform corresponding abnormality processing when being attacked, so that external attack can be effectively defended.
Referring to fig. 6, fig. 6 is a flowchart of a method for protecting the security of a device during operation according to a sixth embodiment of the present invention, as shown in fig. 6, the method includes the following steps:
step 601, after equipment is started for the first time, a main state machine is created;
step 602, a main state machine collects initial equipment state information, stores the initial equipment state information into a storage medium of equipment, creates a sub-state machine, and records that the state of the sub-state machine is a normal state in the main state machine;
in this embodiment, the device status information includes: hardware state information, system state information, and process state information.
Step 6031, the sub-state machine periodically collects the current equipment state information;
in this embodiment, the state of the sub-state machine is set to the normal state at the beginning of creation or after the device is restarted, and then the state is stored in the storage medium of the storage device.
Step 6032, judging whether the current device state information and the initial device state information stored in the storage medium of the device are the same, if so, executing step 6033a, otherwise, executing step 6034a;
in this embodiment, the states of the sub-state machine are as follows: normal state, abnormal state, and fault state.
Step 6033a, determining the state of the sub-state machine to be a normal state;
step 6033b, judging whether the state of the sub-state machine stored in the storage medium of the device is a normal state, if so, executing step 6035, otherwise, executing step 6033c;
step 6033c, the sub-state sends a modification state request carrying the normal state to the main state machine;
step 6033d, the main state machine receives the update state request of the sub state machine, sends the modification state response to the sub state machine, and sets the state of the main state machine to be in a suspension state;
in this embodiment, the state of the main state machine is set to the normal state after the main state machine is created and the device is restarted.
Step 6033e, the sub-state machine receives the modification state response of the main state machine, modifies the state of the sub-state machine stored in the storage medium of the device into a normal state, and sends a modification state completion notification;
step 6033f, the main state machine receives the modification state completion notification of the sub state machine, modifies the recorded state of the sub state machine into the normal state carried by the modification state request, and restores the normal state of the main state machine.
The above steps 6033c to 6033f are specific refinements of "update state of sub-state machine stored in storage medium of device to normal state" in step 5033 shown in fig. 5.
The above steps 6033a to 6033f are specific refinements of step 5033 shown in fig. 5.
Step 6034a, determining that the sub-state machine is in an abnormal state, and increasing the number of times of continuous abnormal states of the sub-state machine;
step 6034b, judging whether the number of continuous abnormal states of the sub-state machine does not exceed a preset threshold, if yes, executing step 6034c_1, otherwise, executing step 6034d_1;
step 6034c_1, determining the state of the sub-state machine as an abnormal state;
step 6034c_2, judging whether the state of the sub-state machine stored in the storage medium of the device is an abnormal state, if so, executing step 6035, otherwise, executing step 6034c_3;
step 6034c_3, the sub-state sends a modification state request carrying an abnormal state to the main state machine;
step 6034c_4, the main state machine receives the update state request of the sub state machine, sends the modification state response to the sub state machine, and sets the state of the main state machine to be in a suspended state;
in this embodiment, the state of the main state machine is set to the normal state after the main state machine is created and the device is restarted.
Step 6034c_5, the sub-state machine receives the modification state response of the main state machine, modifies the state of the sub-state machine stored in the storage medium of the device into an abnormal state, and sends a modification state completion notification;
Step 6034c_6, the main state machine receives the modification state completion notice of the sub state machine, modifies the recorded state of the sub state machine into an abnormal state carried by the modification state request, and restores the normal state of the main state machine.
The above steps 6034c_3 to 6034c_6 are specific refinements of "update state of sub-state machine stored in storage medium of device to abnormal state" in step 5034c shown in fig. 5.
The above steps 6034c_1 to 6034c_6 are specific refinements of the step 5034c shown in fig. 5.
Step 6034d_1, determining the state of the sub-state machine as a fault state;
step 6034d_2, judging whether the state of the sub-state machine stored in the storage medium of the device is a fault state, if so, executing step 6035, otherwise, executing step 6034d_3;
step 6034d_3, the sub-state sends a modification state request carrying a fault state to the main state machine;
step 6034d_4, the main state machine receives the update state request of the sub state machine, sends the modification state response to the sub state machine, and sets the state of the main state machine to be in a suspension state;
step 6034d_5, the sub-state machine receives the modification state response of the main state machine, modifies the state of the sub-state machine stored in the storage medium of the device into a fault state, and sends a modification state completion notification;
Step 6034d_6, the main state machine receives the modification state completion notice of the sub state machine, modifies the recorded state of the sub state machine into a fault state carried by the modification state request, and restores the normal state of the main state machine.
The above steps 6034d_3 to 6034d_6 are specific refinements of "update state of sub-state machine stored in storage medium of device to failure state" in step 5034d shown in fig. 5.
The above steps 6034d_1 to 6034d_6 are specific refinements of the step 5034d shown in fig. 5.
In this embodiment, when the current device state information collected by the sub-state machine is different from the initial device state information, determining that the state of the sub-state machine is an abnormal state, at this time, the number of times of continuous abnormal states of the sub-state machine may be increased, and distinguishing the abnormal state and the fault state of the sub-state machine according to the number of times of continuous abnormal states of the sub-state machine.
The above steps 6032 to 6034d_6 are specific refinements of "determining the state of the sub-state machine from the current device state information and the initial device state information stored in the storage medium of the device" in step 103 shown in fig. 1.
According to the specific method of updating the state of the sub-state machine stored in the storage medium of the device to the normal state given in the above steps 6033c to 6033f, the specific method of updating the state of the sub-state machine stored in the storage medium of the device to the abnormal state given in the steps 6034c_3 to 6034c_6, and the specific method of updating the state of the sub-state machine stored in the storage medium of the device to the failure state given in the steps 6034d_3 to 6034d_6, it can be inferred that in this embodiment, the implementation method of updating the state of the sub-state machine stored in the storage medium of the device to the normal state, the abnormal state, or the failure state may specifically include the following steps:
S11, the sub-state machine sends a state modifying request carrying a state to be updated by the sub-state machine to the main state machine;
s12, the main state machine receives an update state request of the sub state machine, sends a modification state response to the sub state machine, and sets the state of the main state machine to be a suspension state;
s13, the sub-state machine receives the modification state response of the main state machine, modifies the state of the sub-state machine stored in the storage medium of the equipment into the state to be updated by the sub-state machine, and sends a modification state completion notice;
s14, the main state machine receives the state modification completion notification of the sub state machine, modifies the recorded state of the sub state machine into the state to be updated by the sub state machine carried by the state update request, and restores the normal state of the main state machine.
Step 6035, determining whether the device is abnormal according to the state of the sub-state machine, executing step 6036 when the device is abnormal, otherwise, returning to execute step 6031;
step 6036, performing exception handling on the device.
The above steps 6031 to 6036 are specific refinements of step 103 shown in fig. 1.
As can be seen from the method shown in fig. 6, in this embodiment, initial device state information is collected by using a master state machine, current device state information is periodically collected by using a slave state machine, the state of a sub-state machine is determined according to the initial device state information and the current device state information, when the state of the sub-state machine is inconsistent with the state of the sub-state machine stored in a storage medium of the device, the state of the sub-state machine stored in the storage medium of the device is notified to the master state machine, and then the state of the sub-state machine is modified, so that the master state machine synchronously knows the state change of the sub-state machine; and meanwhile, determining whether the equipment is abnormal in operation or not according to the state of the sub-state machine, and carrying out corresponding abnormal processing on the equipment when the equipment is abnormal in operation. By applying the method provided by the embodiment, the equipment can timely detect the equipment operation abnormality and perform corresponding abnormality processing when being attacked, so that external attack can be effectively defended.
Referring to fig. 7, fig. 7 is a flowchart of a method for protecting the security of a device during operation according to a seventh embodiment of the present invention, as shown in fig. 7, the method includes the steps of:
step 701, after the equipment is started for the first time, a main state machine is created;
step 702, collecting initial equipment state information by a main state machine, storing the initial equipment state information into a storage medium of equipment, creating a sub-state machine, and recording the state of the sub-state machine as a normal state in the main state machine;
in this embodiment, the device status information includes: hardware state information, system state information, and process state information.
In this embodiment, step 702 is followed by two parallel branches, branch one being: step 70a; branch 2 is: step 7031 to step 7036.
In step 70a, the main state machine periodically detects the state of the sub-state machine stored in the storage medium of the device, and if the state of the sub-state machine stored in the storage medium of the device is different from the state of the sub-state machine recorded by the main state machine, the operation abnormality of the device is determined, and the device is restarted.
Step 7031, periodically collecting current equipment state information by the sub-state machine;
in this embodiment, the state of the sub-state machine is set to the normal state at the beginning of creation or after the device is restarted, and then the state is stored in the storage medium of the storage device.
Step 7032, judging whether the current device state information is the same as the initial device state information stored in the storage medium of the device, if so, executing step 7033a, otherwise, executing step 7034a;
in this embodiment, the states of the sub-state machine are as follows: normal state, abnormal state, and fault state.
Step 7033a, determining that the state of the sub-state machine is a normal state;
step 7033b, judging whether the state of the sub-state machine stored in the storage medium of the device is a normal state, if so, executing step 7035, otherwise, executing step 7033c;
step 7033c, the sub-state sends a modification state request carrying the normal state to the main state machine;
step 7033d, the main state machine receives the update state request of the sub state machine, sends a modification state response to the sub state machine, and sets the state of the main state machine to be in a suspension state;
in this embodiment, the state of the main state machine is set to the normal state after the main state machine is created and the device is restarted.
Step 7033e, the sub-state machine receives the modification state response of the main state machine, modifies the state of the sub-state machine stored in the storage medium of the device into a normal state, and sends a modification state completion notification;
Step 7033f, the main state machine receives the notification of completion of the modification state of the sub state machine, modifies the recorded state of the sub state machine into the normal state carried by the modification state request, and restores the normal state of the main state machine.
The above steps 7033c to 7033f are specific refinements of "update state of sub-state machine stored in storage medium of device to normal state" in step 5033 shown in fig. 5.
The above steps 7033a to 7033f are specific refinements of step 5033 shown in fig. 5.
Step 7034a, determining that the sub-state machine is in an abnormal state, and increasing the number of times of continuous abnormal states of the sub-state machine;
step 7034b, judging whether the number of continuous abnormal states of the sub-state machine does not exceed a preset threshold, if yes, executing step 7034c_1, otherwise, executing step 7034d_1;
step 7034c_1, determining that the state of the sub-state machine is an abnormal state;
step 7034c_2, judging whether the state of the sub-state machine stored in the storage medium of the device is an abnormal state, if so, executing step 7035, otherwise, executing step 7034c_3;
step 7034c_3, the sub-state sends a modification state request carrying an abnormal state to the main state machine;
step 7034c_4, the main state machine receives the update state request of the sub state machine, sends a modification state response to the sub state machine, and sets the state of the main state machine to be in a suspended state;
In this embodiment, the state of the main state machine is set to the normal state after the main state machine is created and the device is restarted.
Step 7034c_5, the sub-state machine receives the modification state response of the main state machine, modifies the state of the sub-state machine stored in the storage medium of the device to an abnormal state, and sends a modification state completion notification;
step 7034c_6, the main state machine receives the notification of completion of the modification state of the sub state machine, modifies the recorded state of the sub state machine to an abnormal state carried by the modification state request, and restores the normal state of the main state machine.
The above steps 7034c_3 to 7034c_6 are specific refinements of "update state of sub-state machine stored in storage medium of device to abnormal state" in step 5034c shown in fig. 5.
The above steps 7034c_1 to 7034c_6 are specific refinements of step 5034c shown in fig. 5.
Step 7034d_1, determining that the state of the sub-state machine is a fault state;
step 7034d_2, judging whether the state of the sub-state machine stored in the storage medium of the device is a fault state, if so, executing step 7035, otherwise, executing step 7034d_3;
step 7034d_3, the sub-state machine sends a modification state request carrying a fault state to the main state machine;
Step 7034d_4, the main state machine receives the update state request of the sub state machine, sends a modification state response to the sub state machine, and sets the state of the main state machine to be in a suspended state;
step 7034d_5, the sub-state machine receives the modification state response of the main state machine, modifies the state of the sub-state machine stored in the storage medium of the device into a fault state, and sends a modification state completion notification;
step 7034d_6, the main state machine receives the notification of completion of the modification state of the sub state machine, modifies the recorded state of the sub state machine to the fault state carried by the modification state request, and restores the normal state of the main state machine.
The above steps 7034d_3 to 7034d_6 are specific refinements of "update state of sub-state machine stored in storage medium of device to failure state" in step 5034d shown in fig. 5.
The above steps 7034d_1 to 7034d_6 are specific refinements of step 5034d shown in fig. 5.
The above steps 7032 to 7034d_6 are specific refinements of "determining the state of the sub-state machine from the current device state information and the initial device state information stored in the storage medium of the device" in step 103 shown in fig. 1.
Step 7035, determining whether the device is abnormal according to the state of the sub-state machine, executing step 7036 when the device is abnormal, otherwise, returning to execute step 7031;
Step 7036, performing exception handling on the device.
The above steps 7031 to 7036 are specific refinements of step 103 shown in fig. 1.
As can be seen from the method shown in fig. 7, in this embodiment, initial device state information is collected by using a master state machine, current device state information is periodically collected by using a slave state machine, the state of a sub-state machine is determined according to the initial device state information and the current device state information, when the state of the sub-state machine is inconsistent with the state of the sub-state machine stored in a storage medium of the device, the state of the sub-state machine stored in the storage medium of the device is notified to the master state machine, and then the state of the sub-state machine is modified, so that the master state machine synchronously knows the state change of the sub-state machine; and meanwhile, determining whether the equipment is abnormal in operation or not according to the state of the sub-state machine, and carrying out corresponding abnormal processing on the equipment when the equipment is abnormal in operation. In addition, the main state machine also periodically detects whether the state of the sub state machine stored in the storage medium of the device is consistent with the state of the sub state machine recorded by the main state machine, and if the state of the sub state machine is inconsistent with the state of the sub state machine recorded by the main state machine, the device is restarted, so that the state of the sub state machine is prevented from being tampered. By applying the method provided by the embodiment, the equipment can timely detect the equipment operation abnormality and perform corresponding abnormality processing when being attacked, so that external attack can be effectively defended.
Referring to fig. 8, fig. 8 is a flowchart of a method for protecting the safety of a device during operation according to an embodiment of the present invention, as shown in fig. 8, the method includes the following steps:
step 801, after the equipment is started for the first time, a main state machine is created;
step 802, the main state machine collects the initial device state information, stores the initial device state information in a storage medium of the device, creates sub-state machines, and generates a state key for encrypting the device state information, and stores the state key in the storage medium of the device.
In this embodiment, the device status information includes: hardware state information, system state information, and process state information.
In this embodiment, after each device is started (including restarting), the master state machine may randomly generate a state key for encrypting the device state information, and store the state key in a storage medium of the device, so as to be used for encrypting the device state information subsequently.
Step 8031, periodically collecting current equipment state information by the sub-state machine;
step 8032a, encrypting the current device state information and the initial device state information stored in the storage medium of the device using the state key stored in the storage medium of the device;
Step 8032b, comparing the encrypted current device state information with the encrypted initial device state information, if the two are the same, executing step 8032c, otherwise, executing step 8032d;
step 8032c, determining that the current device state information is the same as the initial device state information stored in the storage medium of the device, and executing step 8033;
step 8032d, determining that the current device state information is different from the initial device state information stored in the storage medium of the device, and executing step 8034;
the above steps 8032a to 8032d are specific refinements of step 8032 shown in fig. 2.
Step 8033, determining that the state of the sub-state machine is a normal state;
in this embodiment, when the current device state information collected by the sub-state machine is the same as the initial device state information, it is determined that the state of the sub-state machine is a normal state.
Step 8034, determining that the sub-state machine is in an abnormal state, increasing the number of times of continuous abnormal states of the sub-state machine, if the number of times of continuous abnormal states of the sub-state machine does not exceed a preset threshold, determining that the state of the sub-state machine is an abnormal state, otherwise, determining that the state of the sub-state machine is a fault state.
In this embodiment, when the current device state information collected by the sub-state machine is different from the initial device state information, determining that the state of the sub-state machine is an abnormal state, at this time, the number of times of continuous abnormal states of the sub-state machine may be increased, and distinguishing the abnormal state and the fault state of the sub-state machine according to the number of times of continuous abnormal states of the sub-state machine.
The above steps 8032 to 8034 are specific refinements of "determining the state of the sub-state machine from the current device state information and the initial device state information stored in the storage medium of the device" in step 103 shown in fig. 1.
Step 8035, determining whether the equipment is abnormal according to the state of the sub-state machine, executing step 8036 when the equipment is abnormal, otherwise, returning to execute step 8031;
step 8036, performing exception handling on the device.
The above steps 8031 to 8036 are specific refinements of step 103 shown in fig. 1.
As can be seen from the method shown in fig. 8, in this embodiment, the primary state machine is used to collect the initial device state information, the secondary state machine is used to periodically collect the current device state information, the state key generated by the primary state machine is used to encrypt the initial device state information and the current device state information, and then the state of the sub-state machine is determined according to the encrypted state key, so that whether the device is abnormal in operation or not can be determined according to the specific state of the sub-state machine, and the corresponding abnormality processing can be performed on the device when the device is abnormal in operation. In addition, in this embodiment, by using the main state machine to generate the state key, an attacker needs to obtain the state key to bypass the state detection of the sub-state machine, and obtaining the state key generally causes the change of the device state information, so that the sub-state machine may trigger the exception handling of the device, thereby achieving the purpose of actively defending the attack. By applying the method provided by the embodiment, the equipment can timely detect the equipment operation abnormality and perform corresponding abnormality processing when being attacked, so that external attack can be effectively defended.
The above detailed description of the method for protecting the security of the device during operation provided by the embodiment of the present invention shows that in the scheme provided by the embodiment of the present invention, a state machine model (a model in which a main state machine and a sub-state machine are mutually matched) for protecting the security of the device during operation is provided, which has functions of anomaly detection, active attack defense, and the like, and can protect the security of the device during operation.
The embodiment of the invention also provides a device for protecting the safety of the equipment in operation, and the device is described in detail below with reference to fig. 9.
Referring to fig. 9, fig. 9 is a schematic structural view of an apparatus for protecting safety of a device in operation according to an embodiment of the present invention, as shown in fig. 9, the apparatus includes: a processor 901, and a non-transitory computer readable storage medium 902 coupled to the processor 901 via a bus;
the non-transitory computer readable storage medium 902 stores one or more computer programs executable by the processor 901; the processor, when executing the one or more computer programs, performs the steps in the method of protecting the runtime security of a device shown in any one of figures 1 to 8.
Embodiments of the present invention also provide a non-transitory computer readable storage medium storing instructions that, when executed by a processor, cause the processor to perform steps in a method of protecting device runtime security as shown in any of fig. 1-8.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather to enable any modification, equivalent replacement, improvement or the like to be made within the spirit and principles of the invention.

Claims (9)

1. A method of protecting the security of a device during operation, the method comprising:
after the equipment is started for the first time, a main state machine is established; the equipment state information is unchanged under the condition that the equipment is not attacked after being powered on and started;
the method comprises the steps that a main state machine collects initial equipment state information, the initial equipment state information is stored in a storage medium of equipment, and sub-state machines are created;
the state machine periodically collects current equipment state information, determines the state of the sub-state machine according to the current equipment state information and initial equipment state information stored in a storage medium of the equipment, and performs exception handling on the equipment when the equipment is determined to be abnormal in operation according to the state of the sub-state machine;
wherein determining the state of the sub-state machine based on the current device state information and the initial device state information stored in the storage medium of the device comprises:
judging whether the current equipment state information is the same as the initial equipment state information stored in a storage medium of the equipment;
If the two states are the same, determining that the state of the sub-state machine is a normal state;
if the two states are different, determining that the sub-state machine is in an abnormal state, increasing the number of times of continuous abnormal states of the sub-state machine, if the number of times of continuous abnormal states of the sub-state machine does not exceed a preset threshold, determining that the state of the sub-state machine is an abnormal state, otherwise, determining that the state of the sub-state machine is a fault state.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
after determining that the state of the sub-state machine is the normal state, further comprising: if the number of continuous abnormal states of the sub-state machine stored in the storage medium of the device is not 0, updating the number of continuous abnormal states of the sub-state machine stored in the storage medium of the device to 0;
increasing successive abnormal state counts of the sub-state machine, comprising: the number of consecutive abnormal states of the sub-state machine stored in the storage medium of the device is increased.
3. The method of claim 2, wherein the step of determining the position of the substrate comprises,
when the running abnormality of the equipment is determined according to the state of the sub-state machine, the abnormality processing is carried out on the equipment, and the method comprises the following steps:
when the state of the sub-state machine is abnormal, determining that the operation of the equipment is abnormal, restarting the equipment to enable the sub-state machine to return to the normal state again;
When the state of the sub-state machine is a fault state, determining that the equipment is abnormal in operation, suspending an operating system of the equipment, outputting a reset system prompt, and resetting the operating system of the equipment to restore factory settings if a reset system instruction triggered by a user based on the reset system prompt is received.
4. The method of claim 1, wherein the step of determining the position of the substrate comprises,
after determining that the state of the sub-state machine is the normal state, further comprising: if the state of the sub-state machine stored in the storage medium of the device is not the normal state, updating the state of the sub-state machine stored in the storage medium of the device to the normal state;
after determining that the state of the sub-state machine is an abnormal state, further comprising: if the state of the sub-state machine stored in the storage medium of the device is not an abnormal state, updating the state of the sub-state machine stored in the storage medium of the device to the abnormal state;
after determining that the state of the sub-state machine is a fault state, further comprising: if the state of the sub-state machine stored in the storage medium of the device is not a failure state, the state of the sub-state machine stored in the storage medium of the device is updated to a failure state.
5. The method of claim 4, wherein the step of determining the position of the first electrode is performed,
after the main state machine creates the sub state machine, further comprising: recording the state of the sub-state machine as a normal state in the main state machine;
updating a state of a sub-state machine stored in a storage medium of a device to a normal state, an abnormal state, or a failure state, comprising:
the sub-state machine sends a state modifying request carrying a state to be updated by the sub-state machine to the main state machine;
the method comprises the steps that a main state machine receives an update state request of a sub-state machine, sends a modification state response to the sub-state machine, and sets the state of the main state machine to be a suspension state;
the sub-state machine receives the modification state response of the main state machine, modifies the state of the sub-state machine stored in the storage medium of the device into the state to be updated by the sub-state machine, and sends a modification state completion notification;
the main state machine receives the state modifying completion notice of the sub state machine, modifies the recorded state of the sub state machine into the state to be updated by the sub state machine carried by the state updating request, and restores the normal state of the main state machine.
6. The method of claim 5, wherein the step of determining the position of the probe is performed,
the method further comprises the steps of: the main state machine periodically detects the state of the sub-state machine stored in the storage medium of the device, and if the state of the sub-state machine stored in the storage medium of the device is different from the state of the sub-state machine recorded by the main state machine, the operation abnormality of the device is determined, and the device is restarted.
7. The method of claim 1, wherein the step of determining the position of the substrate comprises,
after each time of starting the device, the main state machine generates a state key for encrypting the state information of the device, and stores the state key into a storage medium of the device;
determining whether the current device state information is the same as initial device state information stored in a storage medium of the device includes:
encrypting the current device state information and the initial device state information stored in the storage medium of the device by using the state key stored in the storage medium of the device;
comparing the encrypted current device state information with the encrypted initial device state information, if the current device state information and the encrypted initial device state information are the same, determining that the current device state information is the same as the initial device state information stored in the storage medium of the device, otherwise, determining that the current device state information is different from the initial device state information stored in the storage medium of the device.
8. An apparatus for protecting the safety of a device during operation, the apparatus comprising: a processor, and a non-transitory computer readable storage medium coupled to the processor via a bus;
the non-transitory computer readable storage medium storing one or more computer programs executable by the processor; the processor, when executing the one or more computer programs, implements the steps of the method of protecting device runtime security of any of claims 1-7.
9. A non-transitory computer readable storage medium storing instructions which, when executed by a processor, cause the processor to perform the steps in the method of protecting device runtime security of any of claims 1 to 7.
CN202011116369.0A 2020-10-19 2020-10-19 Method, device and storage medium for protecting equipment operation safety Active CN112256527B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011116369.0A CN112256527B (en) 2020-10-19 2020-10-19 Method, device and storage medium for protecting equipment operation safety

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011116369.0A CN112256527B (en) 2020-10-19 2020-10-19 Method, device and storage medium for protecting equipment operation safety

Publications (2)

Publication Number Publication Date
CN112256527A CN112256527A (en) 2021-01-22
CN112256527B true CN112256527B (en) 2023-08-25

Family

ID=74244268

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011116369.0A Active CN112256527B (en) 2020-10-19 2020-10-19 Method, device and storage medium for protecting equipment operation safety

Country Status (1)

Country Link
CN (1) CN112256527B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104869018A (en) * 2015-05-06 2015-08-26 深圳市小兵智能科技有限公司 Cloud-based terminal equipment maintenance method and system
CN105933176A (en) * 2015-12-17 2016-09-07 中国银联股份有限公司 Method and device for detecting states of host
CN107317849A (en) * 2017-06-19 2017-11-03 深圳市盛路物联通讯技术有限公司 A kind of determination method and apparatus of the working condition of terminal device
CN108469109A (en) * 2018-03-01 2018-08-31 广东美的制冷设备有限公司 Detection method, device, system, air conditioner and the storage medium of unit exception
CN108566320A (en) * 2018-03-28 2018-09-21 青岛海信智慧家居系统股份有限公司 A kind of method and electronic equipment of information reporting
CN110413470A (en) * 2019-06-25 2019-11-05 苏州浪潮智能科技有限公司 A kind of server I SS function test method, system, terminal and storage medium
CN110427267A (en) * 2019-07-12 2019-11-08 清华大学建筑设计研究院有限公司 Wisdom Internet of Things data acquisition transmission and analysis system
CN111078471A (en) * 2019-12-06 2020-04-28 深圳创维-Rgb电子有限公司 System fault recovery method and device for display device and computer storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2895168A1 (en) * 2012-12-20 2014-06-26 Volcano Corporation System and method for multi-modality workflow management using hierarchical state machines

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104869018A (en) * 2015-05-06 2015-08-26 深圳市小兵智能科技有限公司 Cloud-based terminal equipment maintenance method and system
CN105933176A (en) * 2015-12-17 2016-09-07 中国银联股份有限公司 Method and device for detecting states of host
CN107317849A (en) * 2017-06-19 2017-11-03 深圳市盛路物联通讯技术有限公司 A kind of determination method and apparatus of the working condition of terminal device
CN108469109A (en) * 2018-03-01 2018-08-31 广东美的制冷设备有限公司 Detection method, device, system, air conditioner and the storage medium of unit exception
CN108566320A (en) * 2018-03-28 2018-09-21 青岛海信智慧家居系统股份有限公司 A kind of method and electronic equipment of information reporting
CN110413470A (en) * 2019-06-25 2019-11-05 苏州浪潮智能科技有限公司 A kind of server I SS function test method, system, terminal and storage medium
CN110427267A (en) * 2019-07-12 2019-11-08 清华大学建筑设计研究院有限公司 Wisdom Internet of Things data acquisition transmission and analysis system
CN111078471A (en) * 2019-12-06 2020-04-28 深圳创维-Rgb电子有限公司 System fault recovery method and device for display device and computer storage medium

Also Published As

Publication number Publication date
CN112256527A (en) 2021-01-22

Similar Documents

Publication Publication Date Title
CN110290100B (en) Simulation Web server based on SDN and user request processing method
US10032025B1 (en) Behavior-based ransomware detection
US10970396B2 (en) Intelligent event collection for rolling back an endpoint state in response to malware
US10922411B2 (en) Intelligent event collection for cloud-based malware detection
US9838415B2 (en) Fight-through nodes for survivable computer network
CN110545276B (en) Threat event warning method and device, warning equipment and machine-readable storage medium
US9769250B2 (en) Fight-through nodes with disposable virtual machines and rollback of persistent state
JP5926491B2 (en) Method for security maintenance in a network and computer readable medium having computer readable instructions of a computer program causing a processor to perform the method for security maintenance
CN111181926B (en) Security device based on mimicry defense idea and operation method thereof
US10204036B2 (en) System and method for altering application functionality
CN110505246B (en) Client network communication detection method, device and storage medium
EP2980697B1 (en) System and method for altering a functionality of an application
RU2630415C2 (en) Method for detecting anomalous work of network server (options)
CN112256527B (en) Method, device and storage medium for protecting equipment operation safety
CN116633694B (en) WEB defense method and system based on multimode heterogeneous component
US20170041329A1 (en) Method and device for detecting autonomous, self-propagating software
CN109785537B (en) Safety protection method and device for ATM
JP2016181074A (en) Computer terminal, program for same, and computer system
KR101580624B1 (en) Method of Penalty-based Unknown Malware Detection and Response
CN103679024A (en) Virus treating method and device
CN113904920A (en) Network security defense method, device and system based on lost equipment
CN106844002B (en) Cloud platform client system availability improving method based on virtualization technology
CN114760095B (en) Intention-driven network defense strategy generation method, system and application
KR101489142B1 (en) Client system and control method thereof
WO2017099066A1 (en) Diagnostic device, diagnostic method, and recording medium having diagnostic program recorded therein

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant