CN112417436A - Program white list updating method based on TCM software server - Google Patents
Program white list updating method based on TCM software server Download PDFInfo
- Publication number
- CN112417436A CN112417436A CN202011105399.1A CN202011105399A CN112417436A CN 112417436 A CN112417436 A CN 112417436A CN 202011105399 A CN202011105399 A CN 202011105399A CN 112417436 A CN112417436 A CN 112417436A
- Authority
- CN
- China
- Prior art keywords
- white list
- module
- training
- model
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/20—Image preprocessing
- G06V10/22—Image preprocessing by selection of a specific region containing or referencing a pattern; Locating or processing of specific regions to guide the detection or recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V30/00—Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
- G06V30/10—Character recognition
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Multimedia (AREA)
- Mathematical Physics (AREA)
- Image Analysis (AREA)
Abstract
The invention discloses a program white list updating method based on a TCM software server, which comprises the following specific steps: (1) constructing a learning neural network, wherein a white list acquisition layer, a white list training layer and a white list formation layer are arranged in the learning neural network; (2) white list learning training; (3) constructing a correlation module; (4) and constructing a protection model, wherein the protection model comprises an operation detection module, a buffer area module and an alarm module. The invention is provided with an association module and a protection module, the white list is connected through the association module, the input operation and instruction are checked through a white list model, if the operation and instruction accord with the white list, the operation is executed, if the operation and instruction do not accord with the white list, the operation is not executed, the illegal operation record is recorded, the detection and the protection can be automatically implemented, and the white list is updated and optimized through continuous training, so that the white list model is more comprehensive and accurate, and the protection comprehensiveness is improved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a program white list updating method based on a TCM software server.
Background
The concept of whitelists corresponds to "blacklisting", which is a technology that can resist zero-day malware and targeted attacks because by default, no unauthorized software, tools and processes can run on an endpoint, and if malware attempts to install on a whitelist-enabled endpoint, whitelisting technology will determine that this is not a trusted process and deny its operation by identifying whether processes or files in the system have approved properties, common process names, file names, publisher names, digital signatures, whitelisting technology can allow enterprises to approve which processes are allowed to run on a particular system, some vendor products include executable files only, while others include scripts and macros, and can block more extensive files, wherein an increasingly popular whitelisting method is called "application control", this approach focuses exclusively on managing the behavior of the endpoint application;
deep learning is the intrinsic law and expression level of the learning sample data, and the information obtained in the learning process is very helpful for the interpretation of data such as characters, images and sounds. The final aim of the method is to enable the machine to have the analysis and learning capability like a human body and to recognize data such as characters, images and sounds; the deep learning is a complex machine learning algorithm, the effect in the aspect of speech and image recognition is far superior to that of the prior related technology, a typical deep learning model comprises a convolutional neural network, a DBN (direct binary network) and a stack self-coding network model, and neurons with the same parameters are applied to different positions of a previous layer of neural network based on local connection and hierarchical organization image conversion among the neurons to obtain a translation invariant neural network structure form. Later, on the basis of the idea, the convolutional neural network is designed and trained by using error gradients, and excellent performance is obtained on some pattern recognition tasks; to date, pattern recognition systems based on convolutional neural networks are one of the best implementations, especially demonstrating extraordinary performance on the task of handwriting character recognition.
At present, a firewall technology and antivirus software are generally adopted for protecting a system, a blacklist defense strategy is adopted for both the firewall technology and the antivirus software, the defense range is small, and the hysteresis of updating of the antivirus software cannot provide comprehensive real-time protection for the system.
Disclosure of Invention
The invention aims to provide a program white list updating method based on a TCM software server, which combines a white list technology and an artificial intelligence technology to improve the real-time property and the comprehensiveness of protection so as to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a program white list updating method based on a TCM software server comprises the following specific steps:
(1) constructing a learning neural network, wherein a white list acquisition layer, a white list training layer and a white list formation layer are arranged in the learning neural network;
(2) white list learning training;
(3) constructing a correlation module;
(4) and constructing a protection model, wherein the protection model comprises an operation detection module, a buffer area module and an alarm module.
Preferably, an image recognition module and a character recognition module are arranged in the white list input layer.
Preferably, a training algorithm set according to a deep learning task is arranged in the white list training layer.
Preferably, the training algorithm includes a white list vulnerability detection algorithm.
Preferably, a white list writing module and a white list database connection module are arranged in the white list updating layer.
Preferably, the step (2) comprises the following steps: (2.1) after receiving the deep learning task of the white list, acquiring input white list information through a white list acquisition layer, inputting the white list information into a white list training layer, and matching a corresponding training algorithm according to the deep learning task selected by a user; (2.2) starting a training algorithm, and executing a corresponding logic model for training according to the corresponding training algorithm; and (2.3) forming a white list model through multiple training.
Preferably, in the step (2.1), the white list information in the input image is identified by the image identification module, and the input character information is identified by the character identification module.
Preferably, in the step (2.2), after the corresponding logic model is executed for training, the trained model and parameters are stored, then the input white list information is automatically released, the trained module and parameters are used for performing model test, and a test result is output.
Preferably, in the step (2.2), after the corresponding logic model is executed for training, the trained model is pushed to a plurality of servers, and the data information in the plurality of online servers is used for training, so as to continuously optimize and perfect the model.
Preferably, in the step (4), the detection module detects the operation instruction, the file pointed by the instruction and the operation authority, the association module stores the operation instruction, the file pointed by the instruction and the operation authority into the buffer module, the association module is connected with the white list model, the white list model detects whether the operation instruction, the file pointed by the instruction and the operation authority are a white list, and if so, the operation is executed; if not, the operation is not executed, the alarm is displayed on the operation interface through the alarm module, and the operation instruction record of the buffer area module is stored.
Compared with the prior art, the invention has the beneficial effects that:
1. the method is provided with a learning neural network, a white list model is formed by autonomous training and learning, a white list is detected, after a white list deep learning task is received, input white list information is obtained through a white list obtaining layer and is input to a white list training layer, and a corresponding training algorithm is matched according to the deep learning task selected by a user; (2.2) starting a training algorithm, and executing a corresponding logic model for training according to the corresponding training algorithm; (2.3) forming a white list model through multiple training; in the step (2.1), the white list information in the input image is identified through the image identification module, and the input character information is identified through the character identification module; in the step (2.2), after the corresponding logic model is executed for training, the trained model and parameters are stored, and then the input white list information is automatically released; in the step (2.2), after the corresponding logic model is executed for training, the trained module and parameters are used for model testing, and a test result is output; in the step (2.2), after the corresponding logic model is executed for training, the trained model is pushed into a plurality of servers, data information in a plurality of online servers is utilized for training, the model is continuously optimized and perfected, and the white list is continuously trained and updated, so that the white list model is more comprehensive and accurate, and the protection comprehensiveness is improved;
2. the invention is provided with an association module and a protection module, the white list is connected through the association module, the input operation and instruction are checked through a white list model, if the operation and instruction accord with the white list, the operation and instruction are executed, if the operation and instruction do not accord with the white list, the operation and instruction are not executed, and the detection and protection can be automatically implemented by recording the illegal operation.
Drawings
FIG. 1 is a block diagram illustrating steps of a method for updating a white list of programs based on a TCM software server according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution: a program white list updating method based on a TCM software server comprises the following specific steps: (1) constructing a learning neural network; (2) white list learning training; (3) constructing a correlation module; (4) and constructing a protection model.
A white list acquisition layer, a white list training layer and a white list formation layer are arranged in the learning neural network; an image recognition module and a character recognition module are arranged in the white list input layer; a training algorithm set according to a deep learning task is arranged in the white list training layer; the training algorithm comprises a white list vulnerability detection algorithm; a white list writing module and a white list database contact module are arranged in the white list updating layer; the step (2) comprises the following steps: (2.1) after receiving the deep learning task of the white list, acquiring input white list information through a white list acquisition layer, inputting the white list information into a white list training layer, and matching a corresponding training algorithm according to the deep learning task selected by a user; (2.2) starting a training algorithm, and executing a corresponding logic model for training according to the corresponding training algorithm; (2.3) forming a white list model through multiple training; in the step (2.1), the white list information in the input image is identified through the image identification module, and the input character information is identified through the character identification module; in the step (2.2), after the corresponding logic model is executed for training, the trained model and parameters are stored, and then the input white list information is automatically released; in the step (2.2), after the corresponding logic model is executed for training, the trained module and parameters are used for model testing, and a test result is output; in the step (2.2), after the corresponding logic model is executed for training, the trained model is pushed into a plurality of servers, and the data information in the plurality of online servers is utilized for training, so that the model is continuously optimized and perfected; the protection model comprises an operation detection module, a buffer area module and an alarm module; in the step (4), the operation instruction, the file pointed by the instruction and the operation authority are detected through the detection module, the operation instruction, the instruction pointed file and the operation authority are stored in the buffer area module through the association module, the white list model is connected through the association module, whether the operation instruction, the instruction pointed file and the operation authority are the white list is detected through the white list model, if yes, the operation is executed, if not, the operation is not executed, meanwhile, the alarm is displayed on the operation interface through the alarm module, and meanwhile, the operation instruction record of the buffer area module is stored.
The working principle is as follows: the method comprises the steps of self-learning and training through a learning neural network, gradually forming and perfecting a white list model, putting an operation instruction into a buffer area module when a system detects that the operation instruction is input, isolating, calling the white list detection model to perform white list detection on the operation, executing the operation if the operation accords with a white list, not executing the operation if the operation does not accord with the white list, recording illegal operation, continuously updating and perfecting the white list model through continuous training, and therefore accuracy and completeness of white list model detection are improved.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A program white list updating method based on a TCM software server is characterized by comprising the following specific steps:
(1) constructing a learning neural network, wherein a white list acquisition layer, a white list training layer and a white list formation layer are arranged in the learning neural network;
(2) white list learning training;
(3) constructing a correlation module;
(4) and constructing a protection model, wherein the protection model comprises an operation detection module, a buffer area module and an alarm module.
2. The method according to claim 1, wherein the white list updating method comprises: and an image recognition module and a character recognition module are arranged in the white list input layer.
3. The method according to claim 1, wherein the white list updating method comprises: and a training algorithm set according to a deep learning task is arranged in the white list training layer.
4. The method according to claim 1, wherein the white list updating method comprises: the training algorithm comprises a white list vulnerability detection algorithm.
5. The method according to claim 1, wherein the white list updating method comprises: and a white list writing module and a white list database contact module are arranged in the white list updating layer.
6. The method according to claim 1, wherein the white list updating method comprises: the step (2) comprises the following steps: (2.1) after receiving the deep learning task of the white list, acquiring input white list information through a white list acquisition layer, inputting the white list information into a white list training layer, and matching a corresponding training algorithm according to the deep learning task selected by a user; (2.2) starting a training algorithm, and executing a corresponding logic model for training according to the corresponding training algorithm; and (2.3) forming a white list model through multiple training.
7. The method according to claim 6, wherein the white list updating method comprises: in the step (2.1), the white list information in the input image is identified through the image identification module, and the input character information is identified through the character identification module.
8. The method according to claim 6, wherein the white list updating method comprises: in the step (2.2), after the corresponding logic model is executed for training, the trained model and parameters are stored, then the input white list information is automatically released, the trained module and parameters are used for carrying out model test, and a test result is output.
9. The method according to claim 1, wherein the white list updating method comprises: in the step (4), the operation instruction, the file pointed by the instruction and the operation authority are detected through the detection module, the operation instruction, the instruction pointed file and the operation authority are stored in the buffer area module through the association module, the white list model is connected through the association module, whether the operation instruction, the instruction pointed file and the operation authority are the white list is detected through the white list model, if yes, the operation is executed, if not, the operation is not executed, meanwhile, the alarm is displayed on the operation interface through the alarm module, and meanwhile, the operation instruction record of the buffer area module is stored.
10. The method according to claim 6, wherein the white list updating method comprises: in the step (2.2), after the corresponding logic model is executed for training, the trained model is pushed into a plurality of servers, and the data information in the plurality of online servers is utilized for training, so that the model is continuously optimized and perfected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011105399.1A CN112417436A (en) | 2020-10-15 | 2020-10-15 | Program white list updating method based on TCM software server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011105399.1A CN112417436A (en) | 2020-10-15 | 2020-10-15 | Program white list updating method based on TCM software server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112417436A true CN112417436A (en) | 2021-02-26 |
Family
ID=74854866
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011105399.1A Pending CN112417436A (en) | 2020-10-15 | 2020-10-15 | Program white list updating method based on TCM software server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112417436A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897676A (en) * | 2015-12-01 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | User resource access behavior processing method and device |
| CN106529282A (en) * | 2016-11-10 | 2017-03-22 | 广东电网有限责任公司电力科学研究院 | Execution system and execution method for white list based on trust chain |
| CN108345902A (en) * | 2018-01-24 | 2018-07-31 | 深圳市永达电子信息股份有限公司 | Self study white list model library structure based on transaction characteristics and white list detection method |
| US20190036930A1 (en) * | 2017-07-31 | 2019-01-31 | International Business Machines Corporation | Managing a whitelist of internet domains |
-
2020
- 2020-10-15 CN CN202011105399.1A patent/CN112417436A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897676A (en) * | 2015-12-01 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | User resource access behavior processing method and device |
| CN106529282A (en) * | 2016-11-10 | 2017-03-22 | 广东电网有限责任公司电力科学研究院 | Execution system and execution method for white list based on trust chain |
| US20190036930A1 (en) * | 2017-07-31 | 2019-01-31 | International Business Machines Corporation | Managing a whitelist of internet domains |
| CN108345902A (en) * | 2018-01-24 | 2018-07-31 | 深圳市永达电子信息股份有限公司 | Self study white list model library structure based on transaction characteristics and white list detection method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Arp et al. | Dos and don'ts of machine learning in computer security | |
| Wang et al. | A survey on ChatGPT: AI-generated contents, challenges, and solutions | |
| CN104123500B (en) | A kind of Android platform malicious application detection method and device based on deep learning | |
| CN108717550B (en) | Image countermeasure verification code generation method and system based on countermeasure learning | |
| CN106549980B (en) | Malicious C & C server determination method and device | |
| Qiu et al. | Cyber code intelligence for android malware detection | |
| Zhu et al. | Android malware detection based on multi-head squeeze-and-excitation residual network | |
| Shezan et al. | Read between the lines: An empirical measurement of sensitive applications of voice personal assistant systems | |
| CN109784059B (en) | Trojan file tracing method, system and equipment | |
| CN115100739B (en) | Man-machine behavior detection method, system, terminal device and storage medium | |
| Wang et al. | Security and privacy on generative data in aigc: A survey | |
| CN113190838A (en) | Web attack behavior detection method and system based on expression | |
| Macas et al. | Adversarial examples: A survey of attacks and defenses in deep learning-enabled cybersecurity systems | |
| Alhassan et al. | A fuzzy classifier-based penetration testing for web applications | |
| CN110858247A (en) | Android malicious application detection method, system, device and storage medium | |
| Song et al. | Generating fake cyber threat intelligence using the gpt-neo model | |
| US11431748B2 (en) | Predictive crowdsourcing-based endpoint protection system | |
| Dang et al. | Data poisoning attack on deep neural network and some defense methods | |
| Abdali et al. | Securing Large Language Models: Threats, Vulnerabilities and Responsible Practices | |
| CN113536322A (en) | Intelligent contract reentry vulnerability detection method based on countermeasure neural network | |
| Berghoff et al. | The interplay of AI and biometrics: Challenges and opportunities | |
| CN110581857B (en) | Virtual execution malicious software detection method and system | |
| CN114285587A (en) | Domain name identification method and device and domain name classification model acquisition method and device | |
| CN115277065B (en) | Anti-attack method and device in abnormal traffic detection of Internet of things | |
| CN112417436A (en) | Program white list updating method based on TCM software server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |