CN112560030A - File monitoring method and device, electronic equipment and computer readable storage medium - Google Patents
File monitoring method and device, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN112560030A CN112560030A CN201910857533.4A CN201910857533A CN112560030A CN 112560030 A CN112560030 A CN 112560030A CN 201910857533 A CN201910857533 A CN 201910857533A CN 112560030 A CN112560030 A CN 112560030A
- Authority
- CN
- China
- Prior art keywords
- file
- files
- list
- difference
- comparing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a file monitoring method, a file monitoring device, electronic equipment and a computer readable storage medium. The method comprises the following steps: acquiring a configuration file from a target link; analyzing the configuration file to obtain a link address list; acquiring and storing a corresponding file list according to the link address list; and comparing the acquired file list with a pre-stored file list, and determining the monitored difference file according to the comparison result. The technical scheme solves the problem that a monitoring tool is lacked for files in software products at present; by means of 24-hour cyclic monitoring or real-time monitoring on application file updating and the like, updating changes of the application files can be found quickly, and an updated file list can be obtained; determining updated content by comparing with a previously saved file list; and then informing relevant personnel to analyze information or carry out follow-up treatment work.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a file monitoring method, a file monitoring device, electronic equipment and a computer readable storage medium.
Background
Competition between software applications of the same or similar type or other products of the software type is increasingly intense, and the real-time attention to the updating of other competitive products and even the acquisition of functional files and/or database files thereof help developers to know the dynamics of the competitive products so as to follow up or make other subsequent operations as soon as possible. On the other hand, the safety of a part of released applications or software products is not high, the possibility of infecting viruses or trojan horse programs exists, and how to monitor the files of the part of applications so as to intercept the infected applications in time to improve the safety of the application terminal is also a practical problem to be solved.
Disclosure of Invention
In view of the above, the present invention has been made to provide a file monitoring method, apparatus, server and system that overcome or at least partially solve the above problems.
According to an aspect of the present invention, there is provided a file monitoring method, wherein the method includes:
acquiring a configuration file from a target link;
analyzing the configuration file to obtain a link address list;
acquiring and storing a corresponding file list according to the link address list;
and comparing the acquired file list with a pre-stored file list, and determining the monitored difference file according to the comparison result.
Optionally, the obtaining the configuration file from the target link includes:
downloading the configuration file from the target link at preset intervals;
and/or the presence of a gas in the gas,
and downloading the configuration file from the target link when the updating of the configuration file is monitored.
Optionally, the analyzing the configuration file to obtain the link address list includes:
decrypting the configuration file to obtain a plurality of sub-configuration files;
and respectively analyzing each sub-configuration file, and splicing according to the analysis result to obtain a URL address list.
Optionally, the obtaining and storing a corresponding file list according to the link address list includes:
the file is downloaded according to the URL address list and the downloaded file is copied to a new directory.
Optionally, the comparing the acquired file list with the pre-stored file list includes:
classifying the files in the acquired file list;
and comparing the various files with the files classified correspondingly in the pre-stored file list, deleting the files with the same size, and performing difference comparison on the rest files.
Optionally, the performing difference comparison on the remaining files includes:
sorting the files in the acquired file list and the files in the pre-stored file list according to file names respectively;
and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
Optionally, the performing difference comparison on the remaining files includes:
sorting the files in the acquired file list and the files in the pre-stored file list according to the sizes of the files respectively;
and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
Optionally, the determining the monitored difference file according to the comparison result includes:
taking the two files with difference as difference files;
the method further comprises the following steps:
sending the monitored difference file through a preset alarm mode, wherein the preset alarm mode comprises the following steps: mail and/or application messages;
and taking the difference file as an attachment of the mail and/or the application message, and taking the difference information between the two files as the content of the mail and/or the application message.
Another aspect of the present invention provides a document monitoring apparatus, wherein the apparatus includes:
the acquisition unit is suitable for acquiring the configuration file from the target link;
the analysis unit is suitable for analyzing the configuration file to obtain a webpage address list;
the storage unit is suitable for acquiring and storing a corresponding file list according to the link address list;
and the comparison unit is suitable for comparing the acquired file list with a pre-stored file list and determining the monitored difference file according to the comparison result.
Optionally, the obtaining unit is adapted to: and downloading the configuration file from the target link at preset intervals.
Optionally, the parsing unit is adapted to: decrypting the configuration file to obtain a plurality of sub-configuration files; and respectively analyzing each sub-configuration file, and splicing according to the analysis result to obtain a URL address list.
Optionally, the saving unit is adapted to: the file is downloaded according to the URL address list and the downloaded file is copied to a new directory.
Optionally, the comparison unit is adapted to: classifying the files in the acquired file list; and comparing the various files with the files classified correspondingly in the pre-stored file list, deleting the files with the same size, and performing difference comparison on the rest files.
Optionally, the comparison unit is adapted to: sorting the files in the acquired file list and the files in the pre-stored file list according to file names respectively; and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
Optionally, the comparison unit is adapted to: sorting the files in the acquired file list and the files in the pre-stored file list according to the sizes of the files respectively; and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
Optionally, the comparison unit is adapted to: taking the two files with difference as difference files;
the device also includes: and the sending alarm unit is suitable for sending the monitored difference file in a preset alarm mode, and the preset alarm mode comprises the following steps: mail and/or application messages; and taking the difference file as an attachment of the mail and/or the application message, and taking the difference information between the two files as the content of the mail and/or the application message.
In accordance with still another aspect of the present invention, there is provided an electronic apparatus including: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform a method as any one of the above.
According to a further aspect of the invention, there is provided a computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement a method as any one of the above.
In view of the above, the technical solution of the present invention provides a file monitoring method, where the method obtains a configuration file from a target link; analyzing the configuration file to obtain a link address list; acquiring and storing a corresponding file list according to the link address list; and comparing the acquired file list with a pre-stored file list, and determining the monitored difference file according to the comparison result. The technical scheme solves the problem that a monitoring tool is lacked for files in software products at present; by means of 24-hour cyclic monitoring or real-time monitoring on application file updating and the like, updating changes of the application files can be found quickly, and an updated file list can be obtained; determining updated content by comparing with a previously saved file list; and then informing relevant personnel to analyze information or carry out follow-up treatment work.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 shows a schematic flow diagram of a document monitoring method according to one embodiment of the invention;
FIG. 2 shows a schematic structural diagram of a document monitoring apparatus according to one embodiment of the present invention;
FIG. 3 shows a schematic structural diagram of an electronic device according to one embodiment of the invention;
fig. 4 shows a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
FIG. 1 shows a schematic flow diagram of a document monitoring method according to one embodiment of the invention; wherein the method comprises the following steps:
step S110, a configuration file is acquired from the target link.
For example, a system for monitoring application files is designed and implemented, which can exist as an independent tool or a plug-in, and the universality and portability of the monitoring system are implemented by setting a uniform interface, so that the application of the monitoring system in various scenes is implemented.
Firstly, a specific request is sent to a target link for publishing an application class file through a monitoring means, and an application configuration file published by the target link is automatically downloaded by using the tool or the plug-in the embodiment. For example, the antivirus software application may continuously update the virus library, and the updated virus library includes a new type of virus and needs to update the antivirus function, so that the antivirus software can effectively target the new type of virus. In order to obtain files such as a virus library and the like after updating of certain antivirus software, the updating of the antivirus software is continuously monitored, and a main configuration file issued by a website of the antivirus software is obtained firstly. Of course, viruses, problem sites, and other sample information that may be compromised may also be obtained.
Step S120, the configuration file is analyzed to obtain a link address list.
After the configuration file of the application is obtained, the link address list in the configuration file is obtained through automatic analysis of the configuration file. Of course, before parsing the configuration file, the configuration file often needs to be decrypted, and the purpose of parsing the configuration file is to obtain a link address list in which the target file is stored.
And step S130, acquiring and storing a corresponding file list according to the link address list.
In this step, the corresponding links are opened one by the obtained link address list, and the database file and/or the function class file and the like stored in the link are downloaded, and then the downloaded file is stored in the local folder.
Step S140, comparing the acquired file list with a pre-stored file list, and determining the monitored difference file according to the comparison result.
For example, in the case of circular monitoring, a file list is downloaded at regular intervals, then the newly downloaded file list is compared with a previously stored file list, and a file with a difference is obtained according to the comparison condition, so that monitoring of an updated file or a file infected with a virus or a trojan horse program is realized.
In summary, in the technical solution disclosed in this embodiment of the present invention, first, a configuration file is obtained from a target link; then, analyzing the configuration file to obtain a link address list; then according to the link address list, acquiring and storing a corresponding file list; and finally, comparing the acquired file list with a pre-stored file list, and determining the monitored difference file according to the comparison result. The technical scheme is provided, so that the problem that the files in the existing software application have no monitoring tool is solved; by means of 24-hour cyclic monitoring or real-time monitoring on application file updating and the like, updating changes of the application files can be found quickly, and updated files can be obtained; further determining updated content by comparing with previously saved files; the relevant personnel are then notified to carry out subsequent follow-up or carry out the corresponding treatment.
In one embodiment, obtaining the configuration file from the target link includes: and downloading the configuration file from the target link at preset intervals.
In this embodiment, a way to obtain the configuration file from the target link is given, or a way to monitor the target link is given, that is, the target link is monitored cyclically, and the configuration file is obtained from the target link at regular time intervals, for example, every half hour or an hour.
In one embodiment, parsing the configuration file to obtain the list of link addresses comprises: decrypting the configuration file to obtain a plurality of sub-configuration files; and respectively analyzing each sub-configuration file, and splicing according to the analysis result to obtain a URL address list.
When the configuration file is parsed, the configuration file often needs to be decrypted, and after decryption, at least two sub-configuration files may be obtained according to the structural features of the configuration file, for example, a first segment of URL address is obtained from one of the sub-configuration files, a URL address list of a second segment is obtained from one or more other sub-configuration files, and a complete URL list is obtained by splicing.
In one embodiment, obtaining and storing the corresponding file list according to the link address list includes: the file is downloaded according to the URL address list and the downloaded file is copied to a new directory.
According to the obtained URL address list, the corresponding links can be traversed and accessed, the required files are automatically downloaded in the corresponding links, and then the downloaded files are copied to a newly-built directory, so that the subsequent comparison processing is facilitated. For example, according to the URL address list stored in the virus software configuration file obtained by parsing, open the corresponding link, click and download the type files such as virus library therein through image recognition, and copy them into a newly created file directory.
In one embodiment, comparing the retrieved list of files to the pre-saved list of files comprises: classifying the files in the acquired file list; and comparing the various files with the files classified correspondingly in the pre-stored file list, deleting the files with the same size, and performing difference comparison on the rest files.
Since names of files in the software before and after updating may change, a certain algorithm needs to be designed to realize the purpose of finding out the files with differences in order to facilitate subsequent file comparison. In this embodiment, in order to improve the comparison efficiency, the files in the obtained file list are firstly classified, and each type of file is compared with each file of the corresponding type in the stored file list, so that the pertinence and the effectiveness of the comparison are improved.
Under the same category, files with the same size indicate that the file is not updated, such files can be deleted, and then difference comparison is performed on other files with different sizes.
In one embodiment, the performing a difference comparison on the remaining files comprises: sorting the files in the acquired file list and the files in the pre-stored file list according to file names respectively; and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
Considering the rule of file coding, the probability that files with the same or similar file sequence numbers or names are the same file is higher, so that in comparison, in the new and old lists, the files are respectively sorted according to the file names, and whether two files with the same sequence numbers in the two file lists have differences is compared one by one. If there is a difference, the two files are selected as difference files.
In one embodiment, the performing a difference comparison on the remaining files comprises: sorting the files in the acquired file list and the files in the pre-stored file list according to the sizes of the files respectively; and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
In addition to the comparison according to the sequence number sorting, the comparison can also be performed by using the file size sorting, and certainly, the sequence number sorting and the size sorting can be performed respectively, and also can be performed successively by using the two modes. After sorting according to the file sizes, comparing two files with the same sorting one by one to determine whether a difference exists, and selecting the two files with the difference.
In one embodiment, the determining the monitored difference file according to the comparison result includes: taking the two files with difference as difference files; the method further comprises the following steps: sending the monitored difference file through a preset alarm mode, wherein the preset alarm mode comprises the following steps: mail and/or application messages; and taking the difference file as an attachment of the mail and/or the application message, and taking the difference information between the two files as the content of the mail and/or the application message.
In order to achieve the purpose of warning, two files with difference can be sent to related personnel so as to obtain updated content, or virus or trojan horse program extraction is carried out, or competitive intelligence analysis is carried out. The specific alarm may be by way of mail and/or application message. In a specific operation, in order to give consideration to intuitive and comprehensive display of the difference content, the difference file may be used as an attachment of the mail and/or the application message, and the difference information between the two files may be used as the content of the mail and/or the application message.
Fig. 2 shows a schematic structural diagram of a document monitoring apparatus according to an embodiment of the present invention. As shown in fig. 2, the document monitoring apparatus 200 includes:
the obtaining unit 210 is adapted to obtain the configuration file from the target link.
For example, a system for monitoring application files may be designed, which may be an independent tool or a plug-in, and the monitoring system is implemented in versatility and portability by setting a uniform interface, thereby implementing applications in various scenarios.
First, a specific request is sent to a target link for publishing an application class file by using a monitoring means, and the tool or the plug-in the embodiment automatically downloads an application configuration file published by the target link. For example, antivirus software applications may continuously update virus libraries, and the updated virus libraries typically include new virus codes and require updating antivirus functions so that antivirus software can effectively target the viruses. In order to obtain a file after updating of some antivirus software, data updating of the antivirus software can be continuously monitored, and a software configuration file issued by the antivirus software website is obtained firstly. Of course, viruses, problem sites, and other sample information that may be compromised may also be obtained.
The parsing unit 220 is adapted to parse the configuration file to obtain a link address list.
After the configuration file of the application is obtained, the link address list in the configuration file is obtained through automatic analysis of the configuration file. Of course, before parsing the configuration file, the configuration file often needs to be decrypted, and the purpose of parsing the configuration file is to obtain a link address list in which the target file is stored.
The saving unit 230 is adapted to obtain and save a corresponding file list according to the link address list.
The saving unit 230 opens the corresponding links one by one from the obtained link address list, and downloads the database file and/or function description class file and the like saved in the link, and then saves the downloaded file in the local folder.
The comparing unit 240 is adapted to compare the acquired file list with a pre-stored file list, and determine a monitored difference file according to a comparison result.
For example, in the case of circular monitoring, the file type is downloaded at regular intervals, then the newly downloaded file list is compared with the previously stored file list, and a file with a difference is obtained according to the comparison condition, so that the monitoring of the updated file or the file infected with a virus or a Trojan horse program is realized.
In summary, in the technical solution disclosed in this embodiment of the present invention, the obtaining unit 210 is adapted to obtain the configuration file from the target link; the parsing unit 220 is adapted to parse the configuration file to obtain a linked address list; the saving unit 230 is adapted to obtain and save a corresponding file list according to the link address list; the comparing unit 240 is adapted to compare the obtained file list with a pre-saved file list, and determine a monitored difference file according to a comparison result. The technical scheme is provided, so that the problem that the files in the existing software application have no monitoring tool is solved; by means of 24-hour cyclic monitoring or real-time monitoring on application file updating and the like, updating changes of the application files can be found quickly, and updated files can be obtained; further determining updated content by comparing with previously saved files; the relevant personnel are then notified to carry out subsequent follow-up or carry out the corresponding treatment.
In one embodiment, the obtaining unit 210 is adapted to: and downloading the configuration file from the target link at preset intervals.
In this embodiment, the obtaining unit 210 gives a way to obtain the configuration file from the target link, or gives a way to monitor the target link, that is, the target link is monitored in a loop, and the configuration file is obtained from the target link at regular time intervals.
In one embodiment, the parsing unit 220 is adapted to: decrypting the configuration file to obtain a plurality of sub-configuration files; and respectively analyzing each sub-configuration file, and splicing according to the analysis result to obtain a URL address list.
When the configuration file is parsed, the configuration file often needs to be decrypted, and after decryption, at least two sub-configuration files may be obtained according to the structural features of the configuration file, for example, a first segment of URL address is obtained from one of the sub-configuration files, a URL address list of a second segment is obtained from one or more other sub-configuration files, and a complete URL list is obtained by splicing.
In one embodiment, the holding unit 230 is adapted to: the file is downloaded according to the URL address list and the downloaded file is copied to a new directory.
According to the obtained URL address list, the corresponding links can be traversed and accessed, the required files are automatically downloaded in the corresponding links, and then the downloaded files are copied to a newly-built directory, so that the subsequent comparison processing is facilitated. For example, according to the URL address list stored in the virus software configuration file obtained by parsing, open the corresponding link, click and download the type files such as virus library therein through image recognition, and copy them into a newly created file directory.
In one embodiment, the comparison unit 240 is adapted to: classifying the files in the acquired file list; and comparing the various files with the files classified correspondingly in the pre-stored file list, deleting the files with the same size, and performing difference comparison on the rest files.
Since names of files in the software before and after updating may change, a certain algorithm needs to be designed to realize the purpose of finding out the files with differences in order to facilitate subsequent file comparison. In this embodiment, in order to improve the comparison efficiency, the files in the obtained file list are firstly classified, and each type of file is compared with each file of the corresponding type in the stored file list, so that the pertinence and the effectiveness of the comparison are improved.
Under the same category, files with the same size indicate that the file is not updated, such files can be deleted, and then difference comparison is performed on other files with different sizes.
In one embodiment, the comparison unit 240 is adapted to: sorting the files in the acquired file list and the files in the pre-stored file list according to file names respectively; and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
Considering the rule of file coding, the probability that files with the same or similar file sequence numbers or names are the same file is higher, so that in comparison, in the new and old lists, the files are respectively sorted according to the file names, and whether two files with the same sequence numbers in the two file lists have differences is compared one by one. If there is a difference, the two files are selected as difference files.
In one embodiment, the comparison unit 240 is adapted to: sorting the files in the acquired file list and the files in the pre-stored file list according to the sizes of the files respectively; and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
In addition to the sorting and comparison according to the sequence numbers, the file size sorting can be used for comparison, and the sequence number sorting and the size sorting can be respectively carried out or can be successively compared. After sorting according to the file sizes, comparing two files with the same sorting one by one to determine whether a difference exists, and selecting the two files with the difference.
In one embodiment, the comparison unit 240 is adapted to: taking the two files with difference as difference files; the device also includes: and the sending alarm unit is suitable for sending the monitored difference files in a preset alarm mode, and the preset alarm mode comprises the following steps: mail and/or application messages; and taking the difference file as an attachment of the mail and/or the application message, and taking the difference information between the two files as the content of the mail and/or the application message.
In order to achieve the purpose of warning, two files with difference can be sent to related personnel so as to obtain updated content, or virus or trojan horse program extraction is carried out, or competitive intelligence analysis is carried out. The specific alarm may be by way of mail and/or application message. In a specific operation, in order to give consideration to intuitive and comprehensive display of the difference content, the difference file may be used as an attachment of the mail and/or the application message, and the difference information between the two files may be used as the content of the mail and/or the application message.
In summary, according to the technical solution of the present invention, a configuration file is first obtained from a target link; then analyzing the configuration file to obtain a webpage address list; then according to the link address list, acquiring and storing a corresponding file list; and finally, comparing the acquired file list with a pre-stored file list, and determining the monitored difference file according to the comparison result. The technical scheme solves the problem that a monitoring tool is lacked for files in software products at present; by means of 24-hour cyclic monitoring or real-time monitoring on application file updating and the like, updating changes of the application files can be found quickly, and an updated file list can be obtained; determining updated content by comparing with a previously saved file list; and then informing relevant personnel to analyze information or carry out follow-up treatment work.
It should be noted that:
the algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose devices may be used with the teachings herein. The required structure for constructing such a device will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in a document monitoring apparatus according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
For example, fig. 3 shows a schematic structural diagram of an electronic device according to an embodiment of the invention. The electronic device 300 comprises a processor 310 and a memory 320 arranged to store computer executable instructions (computer readable program code). The memory 320 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. The memory 320 has a storage space 330 storing computer readable program code 331 for performing any of the method steps described above. For example, the storage space 330 for storing the computer readable program code may comprise respective computer readable program codes 331 for respectively implementing various steps in the above method. The computer readable program code 331 may be read from or written to one or more computer program products. These computer program products comprise a program code carrier such as a hard disk, a Compact Disc (CD), a memory card or a floppy disk. Such a computer program product is typically a computer readable storage medium such as described in fig. 4. Fig. 4 shows a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention. The computer readable storage medium 400 has stored thereon a computer readable program code 331 for performing the steps of the method according to the invention, readable by a processor 310 of the electronic device 300, which computer readable program code 331, when executed by the electronic device 300, causes the electronic device 300 to perform the steps of the method described above, in particular the computer readable program code 331 stored on the computer readable storage medium may perform the method shown in any of the embodiments described above. The computer readable program code 331 may be compressed in a suitable form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
A1, a document monitoring method, wherein the method comprises:
acquiring a configuration file from a target link;
analyzing the configuration file to obtain a link address list;
acquiring and storing a corresponding file list according to the link address list;
and comparing the acquired file list with a pre-stored file list, and determining the monitored difference file according to the comparison result.
A2 the method of claim a1, wherein said obtaining a configuration file from a target link comprises:
and downloading the configuration file from the target link at preset intervals.
A3, the method of claim a1, wherein the parsing the configuration file to obtain a list of linked addresses includes:
decrypting the configuration file to obtain a plurality of sub-configuration files;
and respectively analyzing each sub-configuration file, and splicing according to the analysis result to obtain a URL address list.
A4, the method of claim A3, wherein the obtaining and saving the corresponding file list according to the link address list comprises:
the file is downloaded according to the URL address list and the downloaded file is copied to a new directory.
A5 the method of claim a1, wherein said comparing the retrieved file list with the pre-saved file list comprises:
classifying the files in the acquired file list;
and comparing the various files with the files classified correspondingly in the pre-stored file list, deleting the files with the same size, and performing difference comparison on the rest files.
A6, the method of claim A5, wherein the performing a difference comparison on the remaining files includes:
sorting the files in the acquired file list and the files in the pre-stored file list according to file names respectively;
and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
A7, the method of claim A5 or A6, wherein the performing a difference comparison on the remaining files comprises:
sorting the files in the acquired file list and the files in the pre-stored file list according to the sizes of the files respectively;
and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
A8, the method of claim A5 or A6, wherein the determining the monitored difference file based on the comparison comprises:
taking the two files with difference as difference files;
the method further comprises the following steps:
sending the monitored difference file through a preset alarm mode, wherein the preset alarm mode comprises the following steps: mail and/or application messages;
and taking the difference file as an attachment of the mail and/or the application message, and taking the difference information between the two files as the content of the mail and/or the application message.
B9, a document monitoring apparatus, wherein the apparatus comprises:
the acquisition unit is suitable for acquiring the configuration file from the target link;
the analysis unit is suitable for analyzing the configuration file to obtain a link address list;
the storage unit is suitable for acquiring and storing a corresponding file list according to the link address list;
and the comparison unit is suitable for comparing the acquired file list with a pre-stored file list and determining the monitored difference file according to the comparison result.
B10 the apparatus of claim B9,
the acquisition unit is suitable for downloading the configuration file from the target link at preset intervals.
B11, the apparatus of claim B9, wherein the parsing unit is adapted to: decrypting the configuration file to obtain a plurality of sub-configuration files; and respectively analyzing each sub-configuration file, and splicing according to the analysis result to obtain a URL address list.
B12, the apparatus of claim B11, wherein the holding unit is adapted to: the file is downloaded according to the URL address list and the downloaded file is copied to a new directory.
B13 the apparatus of claim B9, wherein the contrast unit is adapted to: classifying the files in the acquired file list; and comparing the various files with the files classified correspondingly in the pre-stored file list, deleting the files with the same size, and performing difference comparison on the rest files.
B14 the apparatus of claim B9, wherein the contrast unit is adapted to: sorting the files in the acquired file list and the files in the pre-stored file list according to file names respectively; and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
B15, the device of claim B13 or B14, wherein the comparison unit is adapted to: sorting the files in the acquired file list and the files in the pre-stored file list according to the sizes of the files respectively; comparing two files with the same sequence number in two file lists one by one to see whether difference exists
B16, the device of claim B13 or B14, wherein the comparison unit is adapted to: taking the two files with difference as difference files;
the device also includes: and the sending alarm unit is suitable for sending the monitored difference file in a preset alarm mode, and the preset alarm mode comprises the following steps: mail and/or application messages; and taking the difference file as an attachment of the mail and/or the application message, and taking the difference information between the two files as the content of the mail and/or the application message.
C17, an electronic device, wherein the electronic device comprises: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method of any one of claims a 1-A8.
D18, a computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims a1-a 8.
Claims (10)
1. A method of document monitoring, wherein the method comprises:
acquiring a configuration file from a target link;
analyzing the configuration file to obtain a link address list;
acquiring and storing a corresponding file list according to the link address list;
and comparing the acquired file list with a pre-stored file list, and determining the monitored difference file according to the comparison result.
2. The method of claim 1, wherein the obtaining the configuration file from the target link comprises:
and downloading the configuration file from the target link at preset intervals.
3. The method of claim 1, wherein said parsing the configuration file to obtain a list of linked addresses comprises:
decrypting the configuration file to obtain a plurality of sub-configuration files;
and respectively analyzing each sub-configuration file, and splicing according to the analysis result to obtain a URL address list.
4. The method of claim 3, wherein the obtaining and saving the corresponding file list according to the link address list comprises:
the file is downloaded according to the URL address list and the downloaded file is copied to a new directory.
5. The method of claim 1, wherein comparing the retrieved list of files to a pre-saved list of files comprises:
classifying the files in the acquired file list;
and comparing the various files with the files classified correspondingly in the pre-stored file list, deleting the files with the same size, and performing difference comparison on the rest files.
6. The method of claim 5, wherein the performing a difference comparison on the remaining files comprises:
sorting the files in the acquired file list and the files in the pre-stored file list according to file names respectively;
and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
7. The method of claim 5 or 6, wherein the performing a difference comparison on the remaining files comprises:
sorting the files in the acquired file list and the files in the pre-stored file list according to the sizes of the files respectively;
and comparing two files with the same sequence number in the two file lists one by one to determine whether a difference exists.
8. A document monitoring apparatus, wherein the apparatus comprises:
the acquisition unit is suitable for acquiring the configuration file from the target link;
the analysis unit is suitable for analyzing the configuration file to obtain a link address list;
the storage unit is suitable for acquiring and storing a corresponding file list according to the link address list;
and the comparison unit is suitable for comparing the acquired file list with a pre-stored file list and determining the monitored difference file according to the comparison result.
9. An electronic device, wherein the electronic device comprises: a processor; and a memory arranged to store computer-executable instructions that, when executed, cause the processor to perform the method of any one of claims 1-7.
10. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910857533.4A CN112560030A (en) | 2019-09-09 | 2019-09-09 | File monitoring method and device, electronic equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910857533.4A CN112560030A (en) | 2019-09-09 | 2019-09-09 | File monitoring method and device, electronic equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112560030A true CN112560030A (en) | 2021-03-26 |
Family
ID=75028913
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910857533.4A Pending CN112560030A (en) | 2019-09-09 | 2019-09-09 | File monitoring method and device, electronic equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112560030A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115577328A (en) * | 2022-10-25 | 2023-01-06 | 长沙源小印科技有限公司 | Software infringement evidence obtaining method, system, equipment and medium |
| CN116775419A (en) * | 2023-08-28 | 2023-09-19 | 荣耀终端有限公司 | File system monitoring method and device |
-
2019
- 2019-09-09 CN CN201910857533.4A patent/CN112560030A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115577328A (en) * | 2022-10-25 | 2023-01-06 | 长沙源小印科技有限公司 | Software infringement evidence obtaining method, system, equipment and medium |
| CN116775419A (en) * | 2023-08-28 | 2023-09-19 | 荣耀终端有限公司 | File system monitoring method and device |
| CN116775419B (en) * | 2023-08-28 | 2023-12-05 | 荣耀终端有限公司 | File system monitoring method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101161493B1 (en) | Method of Examining Malicious Codes and Dangerous Files in Android Terminal Platform | |
| EP1986120B1 (en) | Systems, apparatus, and methods for detecting malware | |
| US9965630B2 (en) | Method and apparatus for anti-virus scanning of file system | |
| US9294486B1 (en) | Malware detection and analysis | |
| KR101582601B1 (en) | Method for detecting malignant code of android by activity string analysis | |
| US20130167236A1 (en) | Method and system for automatically generating virus descriptions | |
| US20180082061A1 (en) | Scanning device, cloud management device, method and system for checking and killing malicious programs | |
| CN109714346B (en) | Searching and killing method and device for back door files | |
| US20150007328A1 (en) | Method and System for Quickly Scanning Files | |
| CN113486350B (en) | Method, device, equipment and storage medium for identifying malicious software | |
| CN103793649A (en) | Method and device for cloud-based safety scanning of files | |
| CN114386032A (en) | Firmware detection system and method for power Internet of things equipment | |
| CN112560030A (en) | File monitoring method and device, electronic equipment and computer readable storage medium | |
| CN111859399A (en) | Vulnerability detection method and device based on oval | |
| CN105791250B (en) | Application program detection method and device | |
| CN115470491A (en) | File detection method and device | |
| US10248789B2 (en) | File clustering using filters working over file attributes | |
| JP6169497B2 (en) | Connection destination information determination device, connection destination information determination method, and program | |
| CN110502900B (en) | Detection method, terminal, server and computer storage medium | |
| US10909243B2 (en) | Normalizing entry point instructions in executable program files | |
| CN112182569A (en) | File identification method, device, equipment and storage medium | |
| CN106372508B (en) | Malicious document processing method and device | |
| CN109472138B (en) | Method, device and storage medium for detecting snort rule conflict | |
| CN113778841A (en) | Detection method, device and equipment for file to be tested and storage medium | |
| CN115310082A (en) | Information processing method, information processing device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |