CN112668649A - Reliability verification method, device and system based on computer forensics - Google Patents

Reliability verification method, device and system based on computer forensics Download PDF

Info

Publication number
CN112668649A
CN112668649A CN202011593430.0A CN202011593430A CN112668649A CN 112668649 A CN112668649 A CN 112668649A CN 202011593430 A CN202011593430 A CN 202011593430A CN 112668649 A CN112668649 A CN 112668649A
Authority
CN
China
Prior art keywords
image
visible light
code
computer
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011593430.0A
Other languages
Chinese (zh)
Other versions
CN112668649B (en
Inventor
樊凯
明哲
毕凯峰
张佳发
陈华军
张华兵
王健
母天石
李慧娟
邓子杰
付志博
黄海英
李昳
周磊
刘家豪
叶思斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Digital Power Grid Group Information Communication Technology Co ltd
China Southern Power Grid Co Ltd
Southern Power Grid Digital Grid Research Institute Co Ltd
Original Assignee
China Southern Power Grid Co Ltd
Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Southern Power Grid Co Ltd, Southern Power Grid Digital Grid Research Institute Co Ltd filed Critical China Southern Power Grid Co Ltd
Priority to CN202011593430.0A priority Critical patent/CN112668649B/en
Publication of CN112668649A publication Critical patent/CN112668649A/en
Application granted granted Critical
Publication of CN112668649B publication Critical patent/CN112668649B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Image Analysis (AREA)

Abstract

The application discloses a reliability verification method, a device and a system for computer forensics, which are used for acquiring hidden computer viruses, an image identification model and a coding rule; irradiating visible light on the real picture frame; carrying out first image acquisition processing to obtain a first image and obtain a first image identification result; carrying out first coding processing to obtain a first code; simultaneously irradiating ultraviolet rays and visible light on the real picture frame; carrying out second image acquisition processing to obtain a second image and obtain a second image identification result; obtaining a second code; the real picture frame is only irradiated by ultraviolet rays; carrying out third image acquisition processing to obtain a third image and a third image identification result; carrying out third coding processing to obtain a third code; integrating the total code, and calculating a similarity value; and if the similarity value is larger than the similarity threshold value, judging that the computer is reliable in evidence obtaining. Therefore, the reliability verification of the evidence obtaining of the hidden computer virus is realized.

Description

Reliability verification method, device and system based on computer forensics
Technical Field
The present application relates to the field of computers, and in particular, to a method, an apparatus, and a system for verifying reliability of computer forensics.
Background
Computer forensics refers to the use of computer analysis techniques to resolve recorded content generated during the operation of a computer system to prove case facts. It is applicable to the forensics of computer viruses and also needs to be able to perform a reliability verification. However, the traditional computer forensics and computer forensics reliability verification scheme can only process explicit computer viruses, but cannot complete the reliability verification of forensics of hidden computer viruses (hidden computer viruses mean that the codes of computer viruses are not directly stored in a computer, but are hidden in a real space, for example).
Disclosure of Invention
The application provides a reliability verification method for computer forensics, which is the forensics of hidden computer viruses and comprises the following steps:
s1, acquiring hidden computer viruses, image recognition models and coding rules obtained by computer forensics;
s2, starting a preset visible light generator to enable visible light to irradiate on a real picture frame in the real space; wherein the real picture frame has a real picture therein; the real image is composed of a first image layer and a second image layer, the thickness of the first image layer is smaller than that of the second image layer, and the first image layer covers the second image layer; the first image layer is formed by drawing a first coating, and the second image layer is formed by drawing a second coating; the color of the first coating can be acquired by a visible light camera under visible light, but cannot be acquired by the visible light camera under ultraviolet light; the color of the second coating can be acquired by a visible light camera under both visible light and ultraviolet light, but the color presented under the visible light is different from the color presented under the ultraviolet light;
s3, carrying out first image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first image, and carrying out first image identification processing on the first image by adopting the image identification model to obtain a first image identification result;
s4, carrying out first coding processing on the first image recognition result according to the coding rule, thereby obtaining a first code;
s5, under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light can be irradiated on the real picture frame at the same time;
s6, carrying out second image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second image, and carrying out second image identification processing on the second image by adopting the image identification model to obtain a second image identification result;
s7, carrying out second coding processing on the second image recognition result according to the coding rule, thereby obtaining a second code;
s8, turning off the visible light generator, but keeping the opening state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays;
s9, carrying out third-time image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a third image, and carrying out third-time image recognition processing on the first image by adopting the image recognition model to obtain a third image recognition result;
s10, carrying out third encoding processing on the third image identification result according to the encoding rule, thereby obtaining a third code;
s11, integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method;
s12, judging whether the similarity value is larger than a preset similarity threshold value;
and S13, if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining.
Further, the first image at least comprises a plurality of animal figures, the first image recognition result output by the image recognition model is a plurality of parallel object image recognition results, and the plurality of parallel object image recognition results at least comprise a plurality of animal recognition results; the step S4 of performing a first encoding process on the first image recognition result according to the encoding rule to obtain a first code includes:
s401, respectively mapping a plurality of parallel object image recognition results in the first image recognition result into a code 1 and a code 0 according to the mode that the recognition result is corresponding to the code 1 and the recognition result is not corresponding to the code 0;
s402, according to the sequence of the first image recognition result, connecting the code 1 and the code 0 obtained by mapping to obtain a binary coding group;
and S403, recording the binary code group as a first code.
Further, the step S6 of performing a second image capturing process on the real picture frame by using a preset visible light camera to obtain a second image includes:
s601, performing cooperative parameter adjustment on the visible light generator and the ultraviolet generator according to a preset first parameter group, and performing image acquisition processing on the real picture frame by using a preset visible light camera to obtain a first temporary image;
s602, performing collaborative parameter adjustment on the visible light generator and the ultraviolet generator according to a preset second parameter group, and performing image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second temporary image; wherein the power ratio of the ultraviolet generator to the visible light generator in the second parameter set is greater than the power ratio of the ultraviolet generator to the visible light generator in the first parameter set;
s603, determining whether the visible light emitted by the second layer of the real image, which absorbs the ultraviolet light, in the first temporary image passes through the first layer based on the comparison between the first image and the second image, and determining whether the visible light emitted by the second layer of the real image, which absorbs the ultraviolet light, in the second temporary image passes through the first layer;
s604, if the second layer of the real image absorbs the ultraviolet light and the emitted visible light does not pass through the first layer in the first temporary image, and if the second layer of the real image absorbs the ultraviolet light and the emitted visible light passes through the first layer in the second temporary image, recording the second temporary image as a second image.
Further, a ratio of the power ratio of the ultraviolet generator to the visible light generator in the second parameter set to the power ratio of the ultraviolet generator to the visible light generator in the first parameter set is equal to 2: 1.
further, after the step S12 of determining whether the similarity value is greater than the preset similarity threshold, the method includes:
s121, if the similarity value is not larger than a preset similarity threshold, performing reverse coding processing on the total code to obtain a reverse code; wherein, the reverse encoding process refers to changing binary code 0 into 1 and binary code 1 into 0;
s122, calculating a similarity value between the reverse code and the hidden computer virus according to a preset similarity calculation method;
s123, judging whether the similarity value between the reverse code and the hidden computer virus is larger than a preset similarity threshold value or not;
and S124, if the similarity value between the reverse code and the hidden computer virus is larger than a preset similarity threshold value, judging that the computer evidence collection is reliable.
The application provides a reliability verification device based on computer is forensics, the computer is forensics to hidden computer virus, include:
the hidden computer virus acquisition unit is used for acquiring hidden computer viruses, image identification models and coding rules obtained by computer forensics;
a visible light irradiation unit for turning on a preset visible light generator to irradiate the visible light on a real picture frame existing in a real space; wherein the real picture frame has a real picture therein; the real image is composed of a first image layer and a second image layer, the thickness of the first image layer is smaller than that of the second image layer, and the first image layer covers the second image layer; the first image layer is formed by drawing a first coating, and the second image layer is formed by drawing a second coating; the color of the first coating can be acquired by a visible light camera under visible light, but cannot be acquired by the visible light camera under ultraviolet light; the color of the second coating can be acquired by a visible light camera under both visible light and ultraviolet light, but the color presented under the visible light is different from the color presented under the ultraviolet light;
the first image acquisition unit is used for carrying out first image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first image, and carrying out first image identification processing on the first image by adopting the image identification model to obtain a first image identification result;
a first code obtaining unit, configured to perform first coding processing on the first image recognition result according to the coding rule, so as to obtain a first code;
the simultaneous irradiation unit is used for opening a preset ultraviolet generator under the condition that the visible light generator is not closed so as to enable ultraviolet rays and visible light to irradiate on the real picture frame simultaneously;
the second image acquisition unit is used for carrying out second image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second image, and carrying out second image identification processing on the second image by adopting the image identification model to obtain a second image identification result;
a second code obtaining unit, configured to perform a second encoding process on the second image recognition result according to the encoding rule, so as to obtain a second code;
an ultraviolet irradiation unit for turning off the visible light generator but maintaining an on state of the ultraviolet generator so that the real frame is irradiated only by ultraviolet rays;
the third image acquisition unit is used for carrying out third image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a third image, and carrying out third image recognition processing on the first image by adopting the image recognition model to obtain a third image recognition result;
a third code obtaining unit, configured to perform third coding processing on the third image identification result according to the coding rule, so as to obtain a third code;
a similarity value calculation unit for integrating the first code, the second code and the third code into a total code and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method;
the similarity value judging unit is used for judging whether the similarity value is larger than a preset similarity threshold value or not;
and the computer evidence obtaining judging unit is used for judging that the computer evidence obtaining is reliable if the similarity value is greater than a preset similarity threshold value.
The application provides a reliability verification system based on computer forensics, which comprises a computer terminal, wherein the computer terminal is used for executing the steps of any one of the methods.
The present application provides a computer device comprising a memory storing a computer program and a processor implementing the steps of any of the above methods when the processor executes the computer program.
The present application provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of any of the above.
According to the reliability verification method, device and system for computer forensics, hidden computer viruses, image identification models and coding rules obtained by computer forensics are obtained; starting a preset visible light generator to enable visible light to irradiate on a real picture frame in a real space; carrying out first image acquisition processing to obtain a first image and obtain a first image identification result; carrying out first coding processing to obtain a first code; under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light are irradiated on the real picture frame at the same time; carrying out second image acquisition processing to obtain a second image and obtain a second image identification result; obtaining a second code; turning off the visible light generator, but keeping the on state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays; carrying out third image acquisition processing to obtain a third image and a third image identification result; carrying out third coding processing to obtain a third code; integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method; judging whether the similarity value is larger than a preset similarity threshold value or not; and if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining. Therefore, the defect that the traditional reliability verification scheme for computer evidence obtaining is not suitable for the hidden computer viruses is overcome, and the reliability verification for the evidence obtaining of the hidden computer viruses is realized.
Drawings
Fig. 1-2 are schematic flow charts illustrating a computer-based forensic reliability verification method according to an embodiment of the present application;
fig. 3 is a block diagram illustrating a structure of a computer device according to an embodiment of the present application.
The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Referring to fig. 1-2, an embodiment of the present application provides a reliability verification method based on computer forensics, where the computer forensics are forensics of a hidden computer virus, and the method includes:
s1, acquiring hidden computer viruses, image recognition models and coding rules obtained by computer forensics;
s2, starting a preset visible light generator to enable visible light to irradiate on a real picture frame in the real space; wherein the real picture frame has a real picture therein; the real image is composed of a first image layer and a second image layer, the thickness of the first image layer is smaller than that of the second image layer, and the first image layer covers the second image layer; the first image layer is formed by drawing a first coating, and the second image layer is formed by drawing a second coating; the color of the first coating can be acquired by a visible light camera under visible light, but cannot be acquired by the visible light camera under ultraviolet light; the color of the second coating can be acquired by a visible light camera under both visible light and ultraviolet light, but the color presented under the visible light is different from the color presented under the ultraviolet light;
s3, carrying out first image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first image, and carrying out first image identification processing on the first image by adopting the image identification model to obtain a first image identification result;
s4, carrying out first coding processing on the first image recognition result according to the coding rule, thereby obtaining a first code;
s5, under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light can be irradiated on the real picture frame at the same time;
s6, carrying out second image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second image, and carrying out second image identification processing on the second image by adopting the image identification model to obtain a second image identification result;
s7, carrying out second coding processing on the second image recognition result according to the coding rule, thereby obtaining a second code;
s8, turning off the visible light generator, but keeping the opening state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays;
s9, carrying out third-time image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a third image, and carrying out third-time image recognition processing on the first image by adopting the image recognition model to obtain a third image recognition result;
s10, carrying out third encoding processing on the third image identification result according to the encoding rule, thereby obtaining a third code;
s11, integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method;
s12, judging whether the similarity value is larger than a preset similarity threshold value;
and S13, if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining.
Obtaining the hidden computer virus, the image recognition model and the coding rule obtained by computer forensics as described in the above steps S1-S4; starting a preset visible light generator to enable visible light to irradiate on a real picture frame in a real space; wherein the real picture frame has a real picture therein; the real image is composed of a first image layer and a second image layer, the thickness of the first image layer is smaller than that of the second image layer, and the first image layer covers the second image layer; the first image layer is formed by drawing a first coating, and the second image layer is formed by drawing a second coating; the color of the first coating can be acquired by a visible light camera under visible light, but cannot be acquired by the visible light camera under ultraviolet light; the color of the second coating can be acquired by a visible light camera under both visible light and ultraviolet light, but the color presented under the visible light is different from the color presented under the ultraviolet light; carrying out first image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first image, and carrying out first image identification processing on the first image by adopting the image identification model to obtain a first image identification result; and carrying out first coding processing on the first image recognition result according to the coding rule so as to obtain a first code. The hidden computer virus is a special computer virus, and is characterized in that the hidden computer virus can be hidden in a real image in a real space and is displayed through a specific image recognition model, a coding rule, the real image, a visible light generator, an ultraviolet generator and a visible light camera. Therefore, before the visualization is carried out, the computer does not have codes corresponding to computer viruses, which is also the reason that the traditional reliability verification scheme for computer evidence collection is not applicable. The process of visualization will be described in detail later. The hidden computer virus, the image recognition model and the coding rule obtained by the computer forensics can be from the same computer or from different computers, because the hidden computer virus does not need to be stored in the original computer but needs to be spread into a computer network, so the hidden computer virus exists on the infected computer, and the image recognition model and the coding rule come from the original computer. One feature of the present application is that the real image in the real frame is special, and is characterized in that the real image is composed of a first layer and a second layer, the thickness of the first layer is smaller than that of the second layer, and the first layer covers the second layer; the first image layer is formed by drawing a first coating, and the second image layer is formed by drawing a second coating; the color of the first coating can be acquired by a visible light camera under visible light, but cannot be acquired by the visible light camera under ultraviolet light; the color of the second paint can be acquired by the visible light camera under visible light and ultraviolet light, but the color presented under visible light is different from the color presented under ultraviolet light, by this way, the real image presents a first pattern under visible light (the pattern is formed by the color presented by the paint of the first layer, but the second layer does not participate in color development, or the color of the ultraviolet converted light of the second layer does not participate in color development), presents a second pattern under visible light and ultraviolet light (the pattern is formed by the color presented by the paint of the first layer and the second layer, at this time, the color of the second layer is mixed with the color of the first layer to form), presents a third pattern under ultraviolet light (the pattern is formed by the color presented by the paint of the second layer, but the first layer does not participate in color development), by this way, information can be hidden in a real representation. The first paint can be any feasible paint, such as common painting paint, and the second paint can be made of any feasible material, such as ultraviolet down-conversion material (for example, made into a form of rare earth-based light conversion film), such as rare earth-based light conversion material, fluorescent material, and the like, and the principle is that, due to the specific energy band structure, electrons can absorb ultraviolet photons in a low-energy state and transition to a high-energy state, and electrons in a high-energy state are unstable and transition to the low-energy state or transition to the low-energy level for multiple times, so that photons with the wavelength in the visible light band are released. Then, carrying out first image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first image, and carrying out first image identification processing on the first image by adopting the image identification model to obtain a first image identification result; and carrying out first coding processing on the first image recognition result according to the coding rule so as to obtain a first code. In this way, the hidden information of the first existing form in the real image is visualized as the first code. The information hiding mode needs to correspond to the image recognition model, the pattern on the real image and the coding rule respectively, that is, the information hiding can not be realized by any image recognition model, the pattern on any real image and any coding rule, which is also the basis for the reliable evidence verification that the computer evidence can be obtained in the present application, because the corresponding image recognition model and the corresponding coding rule are difficult to exist simultaneously in the computer unless the information is the heart hidden information (namely the hidden computer virus in the present application), and the corresponding real image is difficult to exist simultaneously in the real space (namely the true image is owned by the computer evidence obtaining object). In addition, it should be noted that the amount of computer viruses can be very small, such as the Tiny family of the.
Further, the first image at least comprises a plurality of animal figures, the first image recognition result output by the image recognition model is a plurality of parallel object image recognition results, and the plurality of parallel object image recognition results at least comprise a plurality of animal recognition results; the step S4 of performing a first encoding process on the first image recognition result according to the encoding rule to obtain a first code includes:
s401, respectively mapping a plurality of parallel object image recognition results in the first image recognition result into a code 1 and a code 0 according to the mode that the recognition result is corresponding to the code 1 and the recognition result is not corresponding to the code 0;
s402, according to the sequence of the first image recognition result, connecting the code 1 and the code 0 obtained by mapping to obtain a binary coding group;
and S403, recording the binary code group as a first code.
Thereby enabling the first code to be obtained. Image recognition technology is well established, which can recognize, for example, an animal category (cat, dog, etc.), an object category (car, etc.) in a picture. In the application, the first image at least comprises a plurality of animal graphics (for example, an image of a cat with a small size at the upper left corner of the first image, an image of a dog with a small size at the upper right corner of the first image, and the like), the first image recognition result output by the image recognition model is a plurality of parallel object image recognition results, and the plurality of parallel object image recognition results at least comprise designs of a plurality of animal recognition results, so that the first image recognition result is a plurality of yes or no sets, and binary coding is easier to perform. Respectively mapping a plurality of parallel object image recognition results in the first image recognition result into a code 1 and a code 0 according to the mode that the recognition result is corresponding to the code 1 and the recognition result is not corresponding to the code 0; according to the sequence of the first image recognition result, connecting the code 1 and the code 0 obtained by mapping to obtain a binary coding group; and recording the binary code group as a first code, so that the coding can be completed quickly.
Turning on a preset ultraviolet ray generator without turning off the visible light generator, as described in the above steps S5-S10, so that ultraviolet rays and visible light are simultaneously irradiated on the real picture frame; carrying out second image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second image, and carrying out second image identification processing on the second image by adopting the image identification model to obtain a second image identification result; performing second coding processing on the second image recognition result according to the coding rule, so as to obtain a second code; turning off the visible light generator, but keeping the on state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays; carrying out third-time image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a third image, and carrying out third-time image identification processing on the first image by adopting the image identification model to obtain a third image identification result; and carrying out third-time coding processing on the third image recognition result according to the coding rule, thereby obtaining a third code. The information in the first form is hidden by the real image only under visible light, the information in the second form is hidden by the real image only under visible light and ultraviolet light, and the information in the third form is hidden by the real image only under ultraviolet light. Therefore, the preset ultraviolet generator is started under the condition that the visible light generator is not closed, so that ultraviolet rays and visible light are irradiated on the real picture frame at the same time; carrying out second image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second image, and carrying out second image identification processing on the second image by adopting the image identification model to obtain a second image identification result; performing second coding processing on the second image recognition result according to the coding rule, so as to obtain a second code; turning off the visible light generator, but keeping the on state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays; carrying out third-time image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a third image, and carrying out third-time image identification processing on the first image by adopting the image identification model to obtain a third image identification result; and carrying out third-time coding processing on the third image recognition result according to the coding rule, thereby obtaining a third code. Thereby, the hidden information in the second form and the hidden information in the third form are sequentially displayed.
Further, the step S6 of performing a second image capturing process on the real picture frame by using a preset visible light camera to obtain a second image includes:
s601, performing cooperative parameter adjustment on the visible light generator and the ultraviolet generator according to a preset first parameter group, and performing image acquisition processing on the real picture frame by using a preset visible light camera to obtain a first temporary image;
s602, performing collaborative parameter adjustment on the visible light generator and the ultraviolet generator according to a preset second parameter group, and performing image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second temporary image; wherein the power ratio of the ultraviolet generator to the visible light generator in the second parameter set is greater than the power ratio of the ultraviolet generator to the visible light generator in the first parameter set;
s603, determining whether the visible light emitted by the second layer of the real image, which absorbs the ultraviolet light, in the first temporary image passes through the first layer based on the comparison between the first image and the second image, and determining whether the visible light emitted by the second layer of the real image, which absorbs the ultraviolet light, in the second temporary image passes through the first layer;
s604, if the second layer of the real image absorbs the ultraviolet light and the emitted visible light does not pass through the first layer in the first temporary image, and if the second layer of the real image absorbs the ultraviolet light and the emitted visible light passes through the first layer in the second temporary image, recording the second temporary image as a second image.
So that visible light emitted by the second layer can pass through the first layer. Because the second layer is located at the lower layer, if the ultraviolet intensity is low, the visible light emitted by the second layer absorbing the ultraviolet is too weak to penetrate the first layer, which may result in a small difference between the image acquired under the visible light and the ultraviolet and the image acquired under the visible light, thereby resulting in an erroneous analysis result. Therefore, the method and the device perform collaborative parameter adjustment on the visible light generator and the ultraviolet generator according to a preset first parameter group, and then perform image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first temporary image; performing collaborative parameter adjustment on the visible light generator and the ultraviolet generator according to a preset second parameter group, and then performing image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second temporary image; wherein the power ratio of the ultraviolet generator to the visible light generator in the second parameter set is greater than the power ratio of the ultraviolet generator to the visible light generator in the first parameter set; determining whether the second layer of the real image absorbs the ultraviolet rays and emits the visible light to penetrate through the first layer in the first temporary image and determining whether the second layer of the real image absorbs the ultraviolet rays and emits the visible light to penetrate through the first layer in the second temporary image according to the comparison of the first image; in the first temporary image, the second layer of the real image absorbs the ultraviolet light and emits the visible light without passing through the first layer, and in the second temporary image, the second layer of the real image absorbs the ultraviolet light and emits the visible light with passing through the first layer, and the second temporary image is recorded as the second image. Therefore, the second image is the result of common color development of the first image layer and the second image layer, and the reliability of subsequent analysis is guaranteed.
Further, a ratio of the power ratio of the ultraviolet generator to the visible light generator in the second parameter set to the power ratio of the ultraviolet generator to the visible light generator in the first parameter set is equal to 2: 1.
as described in the above steps S11-S13, the first code, the second code and the third code are integrated into a total code, and a similarity value between the total code and the hidden computer virus is calculated according to a preset similarity calculation method; judging whether the similarity value is larger than a preset similarity threshold value or not; and if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining. Wherein the integration of the first code, the second code, and the third code into a total code may be implemented in any feasible manner, such as by concatenating the first code, the second code, and the third code in sequence, thereby forming a total code; or code interpenetration is carried out according to a preset rule to form a total code. The preset similarity calculation method can be any feasible algorithm, for example, a similarity calculation method between any feasible binary codes is adopted, for example, hamming distance is used for calculating similarity, and further, the similarity detection of the cross-platform binary codes embedded on the basis of the neural network diagram can also be realized. Judging whether the similarity value is larger than a preset similarity threshold value or not; if the similarity value is larger than the preset similarity threshold value, the total code obtained according to the steps is the same as the hidden computer virus obtained by computer forensics, and therefore the computer forensics is judged to be reliable.
Further, after the step S12 of determining whether the similarity value is greater than the preset similarity threshold, the method includes:
s121, if the similarity value is not larger than a preset similarity threshold, performing reverse coding processing on the total code to obtain a reverse code; wherein, the reverse encoding process refers to changing binary code 0 into 1 and binary code 1 into 0;
s122, calculating a similarity value between the reverse code and the hidden computer virus according to a preset similarity calculation method;
s123, judging whether the similarity value between the reverse code and the hidden computer virus is larger than a preset similarity threshold value or not;
and S124, if the similarity value between the reverse code and the hidden computer virus is larger than a preset similarity threshold value, judging that the computer evidence collection is reliable.
Thereby realizing flexible processing to flexibly adapt to special conditions. Because the application relates to binary codes, the coding process of the binary codes has two possibilities of forward and reverse, and when the similarity value is not greater than a preset similarity threshold value, the coding process is possible to be reverse, the total codes are subjected to reverse coding process to obtain reverse codes; wherein, the reverse encoding process refers to changing binary code 0 into 1 and binary code 1 into 0; calculating a similarity value between the reverse code and the hidden computer virus according to a preset similarity calculation method; judging whether the similarity value between the reverse code and the hidden computer virus is larger than a preset similarity threshold value or not; and if the similarity value between the reverse code and the hidden computer virus is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining so as to carry out flexible adjustment. This process can only be implemented in the present application for the authenticity verification scheme of the particular binary hidden computer virus.
According to the reliability verification method for computer forensics, a hidden computer virus, an image identification model and a coding rule which are obtained by computer forensics are obtained; starting a preset visible light generator to enable visible light to irradiate on a real picture frame in a real space; carrying out first image acquisition processing to obtain a first image and obtain a first image identification result; carrying out first coding processing to obtain a first code; under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light are irradiated on the real picture frame at the same time; carrying out second image acquisition processing to obtain a second image and obtain a second image identification result; obtaining a second code; turning off the visible light generator, but keeping the on state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays; carrying out third image acquisition processing to obtain a third image and a third image identification result; carrying out third coding processing to obtain a third code; integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method; judging whether the similarity value is larger than a preset similarity threshold value or not; and if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining. Therefore, the defect that the traditional reliability verification scheme for computer evidence obtaining is not suitable for the hidden computer viruses is overcome, and the reliability verification for the evidence obtaining of the hidden computer viruses is realized.
The embodiment of the application provides a reliability verification device that computer was forensics, computer forensics is to the forensics of hidden computer virus, include:
the hidden computer virus acquisition unit is used for acquiring hidden computer viruses, image identification models and coding rules obtained by computer forensics;
a visible light irradiation unit for turning on a preset visible light generator to irradiate the visible light on a real picture frame existing in a real space; wherein the real picture frame has a real picture therein; the real image is composed of a first image layer and a second image layer, the thickness of the first image layer is smaller than that of the second image layer, and the first image layer covers the second image layer; the first image layer is formed by drawing a first coating, and the second image layer is formed by drawing a second coating; the color of the first coating can be acquired by a visible light camera under visible light, but cannot be acquired by the visible light camera under ultraviolet light; the color of the second coating can be acquired by a visible light camera under both visible light and ultraviolet light, but the color presented under the visible light is different from the color presented under the ultraviolet light;
the first image acquisition unit is used for carrying out first image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first image, and carrying out first image identification processing on the first image by adopting the image identification model to obtain a first image identification result;
a first code obtaining unit, configured to perform first coding processing on the first image recognition result according to the coding rule, so as to obtain a first code;
the simultaneous irradiation unit is used for opening a preset ultraviolet generator under the condition that the visible light generator is not closed so as to enable ultraviolet rays and visible light to irradiate on the real picture frame simultaneously;
the second image acquisition unit is used for carrying out second image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second image, and carrying out second image identification processing on the second image by adopting the image identification model to obtain a second image identification result;
a second code obtaining unit, configured to perform a second encoding process on the second image recognition result according to the encoding rule, so as to obtain a second code;
an ultraviolet irradiation unit for turning off the visible light generator but maintaining an on state of the ultraviolet generator so that the real frame is irradiated only by ultraviolet rays;
the third image acquisition unit is used for carrying out third image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a third image, and carrying out third image recognition processing on the first image by adopting the image recognition model to obtain a third image recognition result;
a third code obtaining unit, configured to perform third coding processing on the third image identification result according to the coding rule, so as to obtain a third code;
a similarity value calculation unit for integrating the first code, the second code and the third code into a total code and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method;
the similarity value judging unit is used for judging whether the similarity value is larger than a preset similarity threshold value or not;
and the computer evidence obtaining judging unit is used for judging that the computer evidence obtaining is reliable if the similarity value is greater than a preset similarity threshold value.
The operations respectively executed by the above units correspond to the steps of the reliability verification method for computer forensics of the foregoing embodiment one by one, and are not described herein again.
The reliability verification device for computer forensics obtains a hidden computer virus, an image identification model and a coding rule which are obtained by computer forensics; starting a preset visible light generator to enable visible light to irradiate on a real picture frame in a real space; carrying out first image acquisition processing to obtain a first image and obtain a first image identification result; carrying out first coding processing to obtain a first code; under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light are irradiated on the real picture frame at the same time; carrying out second image acquisition processing to obtain a second image and obtain a second image identification result; obtaining a second code; turning off the visible light generator, but keeping the on state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays; carrying out third image acquisition processing to obtain a third image and a third image identification result; carrying out third coding processing to obtain a third code; integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method; judging whether the similarity value is larger than a preset similarity threshold value or not; and if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining. Therefore, the defect that the traditional reliability verification scheme for computer evidence obtaining is not suitable for the hidden computer viruses is overcome, and the reliability verification for the evidence obtaining of the hidden computer viruses is realized.
The embodiment of the invention also provides a computer forensics reliability verification system which comprises a computer terminal, wherein the computer terminal is used for executing the steps of any one of the methods.
The reliability verification system for computer forensics obtains a hidden computer virus, an image identification model and a coding rule which are obtained by computer forensics; starting a preset visible light generator to enable visible light to irradiate on a real picture frame in a real space; carrying out first image acquisition processing to obtain a first image and obtain a first image identification result; carrying out first coding processing to obtain a first code; under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light are irradiated on the real picture frame at the same time; carrying out second image acquisition processing to obtain a second image and obtain a second image identification result; obtaining a second code; turning off the visible light generator, but keeping the on state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays; carrying out third image acquisition processing to obtain a third image and a third image identification result; carrying out third coding processing to obtain a third code; integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method; judging whether the similarity value is larger than a preset similarity threshold value or not; and if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining. Therefore, the defect that the traditional reliability verification scheme for computer evidence obtaining is not suitable for the hidden computer viruses is overcome, and the reliability verification for the evidence obtaining of the hidden computer viruses is realized.
Referring to fig. 3, an embodiment of the present invention further provides a computer device, where the computer device may be a server, and an internal structure of the computer device may be as shown in the figure. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer designed processor is used to provide computational and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The memory provides an environment for the operation of the operating system and the computer program in the non-volatile storage medium. The database of the computer device is used for storing data used by the reliability verification method for computer forensics. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of authenticity verification for computer forensics.
The processor executes the reliability verification method for computer forensics, wherein the steps included in the method correspond to the steps of executing the reliability verification method for computer forensics in the embodiment one to one, and are not described herein again.
It will be understood by those skilled in the art that the structures shown in the drawings are only block diagrams of some of the structures associated with the embodiments of the present application and do not constitute a limitation on the computer apparatus to which the embodiments of the present application may be applied.
The computer equipment acquires the hidden computer virus, the image identification model and the coding rule obtained by computer forensics; starting a preset visible light generator to enable visible light to irradiate on a real picture frame in a real space; carrying out first image acquisition processing to obtain a first image and obtain a first image identification result; carrying out first coding processing to obtain a first code; under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light are irradiated on the real picture frame at the same time; carrying out second image acquisition processing to obtain a second image and obtain a second image identification result; obtaining a second code; turning off the visible light generator, but keeping the on state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays; carrying out third image acquisition processing to obtain a third image and a third image identification result; carrying out third coding processing to obtain a third code; integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method; judging whether the similarity value is larger than a preset similarity threshold value or not; and if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining. Therefore, the defect that the traditional reliability verification scheme for computer evidence obtaining is not suitable for the hidden computer viruses is overcome, and the reliability verification for the evidence obtaining of the hidden computer viruses is realized.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored thereon, and when the computer program is executed by a processor, the method for verifying reliability of computer forensics is implemented, where steps included in the method correspond to steps of the method for verifying reliability of computer forensics in the foregoing embodiment one to one, and are not described herein again.
The computer-readable storage medium of the application acquires a hidden computer virus, an image identification model and a coding rule obtained by computer forensics; starting a preset visible light generator to enable visible light to irradiate on a real picture frame in a real space; carrying out first image acquisition processing to obtain a first image and obtain a first image identification result; carrying out first coding processing to obtain a first code; under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light are irradiated on the real picture frame at the same time; carrying out second image acquisition processing to obtain a second image and obtain a second image identification result; obtaining a second code; turning off the visible light generator, but keeping the on state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays; carrying out third image acquisition processing to obtain a third image and a third image identification result; carrying out third coding processing to obtain a third code; integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method; judging whether the similarity value is larger than a preset similarity threshold value or not; and if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining. Therefore, the defect that the traditional reliability verification scheme for computer evidence obtaining is not suitable for the hidden computer viruses is overcome, and the reliability verification for the evidence obtaining of the hidden computer viruses is realized.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware associated with a computer program or instructions, the computer program can be stored in a non-volatile computer-readable storage medium, and the computer program can include the processes of the embodiments of the methods described above when executed. Any reference to memory, storage, database, or other medium provided herein and used in the examples may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double-rate SDRAM (SSRSDRAM), Enhanced SDRAM (ESDRAM), synchronous link (Synchlink) DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and bus dynamic RAM (RDRAM).
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.

Claims (9)

1. A reliability verification method based on computer forensics is characterized in that the computer forensics are forensics of hidden computer viruses, and the method comprises the following steps:
s1, acquiring hidden computer viruses, image recognition models and coding rules obtained by computer forensics;
s2, starting a preset visible light generator to enable visible light to irradiate on a real picture frame in the real space; wherein the real picture frame has a real picture therein; the real image is composed of a first image layer and a second image layer, the thickness of the first image layer is smaller than that of the second image layer, and the first image layer covers the second image layer; the first image layer is formed by drawing a first coating, and the second image layer is formed by drawing a second coating; the color of the first coating can be acquired by a visible light camera under visible light, but cannot be acquired by the visible light camera under ultraviolet light; the color of the second coating can be acquired by a visible light camera under both visible light and ultraviolet light, but the color presented under the visible light is different from the color presented under the ultraviolet light;
s3, carrying out first image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first image, and carrying out first image identification processing on the first image by adopting the image identification model to obtain a first image identification result;
s4, carrying out first coding processing on the first image recognition result according to the coding rule, thereby obtaining a first code;
s5, under the condition that the visible light generator is not closed, a preset ultraviolet generator is opened, so that ultraviolet rays and visible light can be irradiated on the real picture frame at the same time;
s6, carrying out second image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second image, and carrying out second image identification processing on the second image by adopting the image identification model to obtain a second image identification result;
s7, carrying out second coding processing on the second image recognition result according to the coding rule, thereby obtaining a second code;
s8, turning off the visible light generator, but keeping the opening state of the ultraviolet generator, so that the real picture frame is only irradiated by ultraviolet rays;
s9, carrying out third-time image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a third image, and carrying out third-time image recognition processing on the first image by adopting the image recognition model to obtain a third image recognition result;
s10, carrying out third encoding processing on the third image identification result according to the encoding rule, thereby obtaining a third code;
s11, integrating the first code, the second code and the third code into a total code, and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method;
s12, judging whether the similarity value is larger than a preset similarity threshold value;
and S13, if the similarity value is larger than a preset similarity threshold value, judging that the computer is reliable in evidence obtaining.
2. The computer-evidence-based reliability verification method according to claim 1, wherein the first image at least comprises a plurality of animal figures, the image recognition model outputs a first image recognition result as a plurality of parallel object image recognition results, and the plurality of parallel object image recognition results at least comprise a plurality of animal recognition results; the step S4 of performing a first encoding process on the first image recognition result according to the encoding rule to obtain a first code includes:
s401, respectively mapping a plurality of parallel object image recognition results in the first image recognition result into a code 1 and a code 0 according to the mode that the recognition result is corresponding to the code 1 and the recognition result is not corresponding to the code 0;
s402, according to the sequence of the first image recognition result, connecting the code 1 and the code 0 obtained by mapping to obtain a binary coding group;
and S403, recording the binary code group as a first code.
3. The computer-evidence-based reliability verification method according to claim 1, wherein the step S6 of performing a second image capturing process on the real picture frame by using a preset visible light camera to obtain a second image comprises:
s601, performing cooperative parameter adjustment on the visible light generator and the ultraviolet generator according to a preset first parameter group, and performing image acquisition processing on the real picture frame by using a preset visible light camera to obtain a first temporary image;
s602, performing collaborative parameter adjustment on the visible light generator and the ultraviolet generator according to a preset second parameter group, and performing image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second temporary image; wherein the power ratio of the ultraviolet generator to the visible light generator in the second parameter set is greater than the power ratio of the ultraviolet generator to the visible light generator in the first parameter set;
s603, determining whether the visible light emitted by the second layer of the real image, which absorbs the ultraviolet light, in the first temporary image passes through the first layer based on the comparison between the first image and the second image, and determining whether the visible light emitted by the second layer of the real image, which absorbs the ultraviolet light, in the second temporary image passes through the first layer;
s604, if the second layer of the real image absorbs the ultraviolet light and the emitted visible light does not pass through the first layer in the first temporary image, and if the second layer of the real image absorbs the ultraviolet light and the emitted visible light passes through the first layer in the second temporary image, recording the second temporary image as a second image.
4. The computer-forensics-based reliability verification method of claim 3, wherein a ratio of the power ratio of the ultraviolet light generator to the visible light generator in the second parameter set to the power ratio of the ultraviolet light generator to the visible light generator in the first parameter set is equal to 2: 1.
5. the computer-forensics-based reliability verification method according to claim 1, wherein the step S12 of judging whether the similarity value is greater than a preset similarity threshold value comprises:
s121, if the similarity value is not larger than a preset similarity threshold, performing reverse coding processing on the total code to obtain a reverse code; wherein, the reverse encoding process refers to changing binary code 0 into 1 and binary code 1 into 0;
s122, calculating a similarity value between the reverse code and the hidden computer virus according to a preset similarity calculation method;
s123, judging whether the similarity value between the reverse code and the hidden computer virus is larger than a preset similarity threshold value or not;
and S124, if the similarity value between the reverse code and the hidden computer virus is larger than a preset similarity threshold value, judging that the computer evidence collection is reliable.
6. A computer-based evidence based reliability verification apparatus, wherein the computer evidence is evidence of a hidden computer virus, comprising:
the hidden computer virus acquisition unit is used for acquiring hidden computer viruses, image identification models and coding rules obtained by computer forensics;
a visible light irradiation unit for turning on a preset visible light generator to irradiate the visible light on a real picture frame existing in a real space; wherein the real picture frame has a real picture therein; the real image is composed of a first image layer and a second image layer, the thickness of the first image layer is smaller than that of the second image layer, and the first image layer covers the second image layer; the first image layer is formed by drawing a first coating, and the second image layer is formed by drawing a second coating; the color of the first coating can be acquired by a visible light camera under visible light, but cannot be acquired by the visible light camera under ultraviolet light; the color of the second coating can be acquired by a visible light camera under both visible light and ultraviolet light, but the color presented under the visible light is different from the color presented under the ultraviolet light;
the first image acquisition unit is used for carrying out first image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a first image, and carrying out first image identification processing on the first image by adopting the image identification model to obtain a first image identification result;
a first code obtaining unit, configured to perform first coding processing on the first image recognition result according to the coding rule, so as to obtain a first code;
the simultaneous irradiation unit is used for opening a preset ultraviolet generator under the condition that the visible light generator is not closed so as to enable ultraviolet rays and visible light to irradiate on the real picture frame simultaneously;
the second image acquisition unit is used for carrying out second image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a second image, and carrying out second image identification processing on the second image by adopting the image identification model to obtain a second image identification result;
a second code obtaining unit, configured to perform a second encoding process on the second image recognition result according to the encoding rule, so as to obtain a second code;
an ultraviolet irradiation unit for turning off the visible light generator but maintaining an on state of the ultraviolet generator so that the real frame is irradiated only by ultraviolet rays;
the third image acquisition unit is used for carrying out third image acquisition processing on the real picture frame by adopting a preset visible light camera to obtain a third image, and carrying out third image recognition processing on the first image by adopting the image recognition model to obtain a third image recognition result;
a third code obtaining unit, configured to perform third coding processing on the third image identification result according to the coding rule, so as to obtain a third code;
a similarity value calculation unit for integrating the first code, the second code and the third code into a total code and calculating a similarity value between the total code and the hidden computer virus according to a preset similarity calculation method;
the similarity value judging unit is used for judging whether the similarity value is larger than a preset similarity threshold value or not;
and the computer evidence obtaining judging unit is used for judging that the computer evidence obtaining is reliable if the similarity value is greater than a preset similarity threshold value.
7. A computer-based forensic reliability verification system comprising a computer terminal for performing the steps of the method of any of claims 1 to 5.
8. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 5 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5.
CN202011593430.0A 2020-12-29 2020-12-29 Reliability verification method, device and system based on computer forensics Active CN112668649B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011593430.0A CN112668649B (en) 2020-12-29 2020-12-29 Reliability verification method, device and system based on computer forensics

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011593430.0A CN112668649B (en) 2020-12-29 2020-12-29 Reliability verification method, device and system based on computer forensics

Publications (2)

Publication Number Publication Date
CN112668649A true CN112668649A (en) 2021-04-16
CN112668649B CN112668649B (en) 2022-04-22

Family

ID=75411893

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011593430.0A Active CN112668649B (en) 2020-12-29 2020-12-29 Reliability verification method, device and system based on computer forensics

Country Status (1)

Country Link
CN (1) CN112668649B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117635A (en) * 2018-09-06 2019-01-01 腾讯科技(深圳)有限公司 Method for detecting virus, device, computer equipment and the storage medium of application program
CN111027065A (en) * 2019-10-28 2020-04-17 哈尔滨安天科技集团股份有限公司 Lesovirus identification method and device, electronic equipment and storage medium
CN111199193A (en) * 2019-12-23 2020-05-26 平安国际智慧城市科技股份有限公司 Image classification method and device based on digital slicing and computer equipment
CN111783776A (en) * 2020-06-30 2020-10-16 平安国际智慧城市科技股份有限公司 Character recognition method and device based on real plate and computer equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117635A (en) * 2018-09-06 2019-01-01 腾讯科技(深圳)有限公司 Method for detecting virus, device, computer equipment and the storage medium of application program
CN111027065A (en) * 2019-10-28 2020-04-17 哈尔滨安天科技集团股份有限公司 Lesovirus identification method and device, electronic equipment and storage medium
CN111199193A (en) * 2019-12-23 2020-05-26 平安国际智慧城市科技股份有限公司 Image classification method and device based on digital slicing and computer equipment
CN111783776A (en) * 2020-06-30 2020-10-16 平安国际智慧城市科技股份有限公司 Character recognition method and device based on real plate and computer equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
苗得雨等: "基于4 级受信机制的可疑终端的恶意代码取证与分析", 《电信科学》 *
项彬彬: "基于图像特征深度学习的恶意代码识别", 《中国优秀硕士学位论文全文数据库》 *

Also Published As

Publication number Publication date
CN112668649B (en) 2022-04-22

Similar Documents

Publication Publication Date Title
CN110569341B (en) Method and device for configuring chat robot, computer equipment and storage medium
WO2018166116A1 (en) Car damage recognition method, electronic apparatus and computer-readable storage medium
CN110443254B (en) Method, device, equipment and storage medium for detecting metal area in image
CN112686255A (en) Seal identification method, device, equipment and storage medium based on Hough transform
CN112668649B (en) Reliability verification method, device and system based on computer forensics
CN116030018A (en) Incoming material qualification inspection system and method for door processing
CN114220097A (en) Anti-attack-based image semantic information sensitive pixel domain screening method and application method and system
CN115880826A (en) Park access method and system based on access data
CN111783776B (en) Character recognition method and device based on real plate and computer equipment
CN111583159B (en) Image complement method and device and electronic equipment
Vaishak et al. Currency and fake currency detection using machine learning and image processing–an application for blind people using android studio
CN110287706B (en) Security detection system and method for mimicry defense system
CN111790251B (en) Light-based garbage deodorization control method and related product
CN112883420A (en) Information protection method, system and platform based on cloud computing and block chain service
CN116978096A (en) Face challenge attack method based on generation challenge network
CN112487428B (en) Dormant combined computer virus discovery method based on block chain
KR102615510B1 (en) Device for detecting the localization of object, method for detecting the localization of object and computer program stored in a recording medium to execute the method
CN111814539B (en) Character recognition method and device based on infrared light and ultraviolet light and computer equipment
CN113220859A (en) Image-based question and answer method and device, computer equipment and storage medium
CN112465037A (en) Target detection method and device, computer equipment and storage medium
CN112463162A (en) Code naming recommendation method, system, storage medium and equipment
Dang et al. Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications: 8th International Conference, FDSE 2021, Virtual Event, November 24–26, 2021, Proceedings
CN112528287B (en) Computer virus searching and killing method with participation of multiple terminals
CN113836920B (en) Address information identification method and device, computer equipment and storage medium
KR101395284B1 (en) Method for removing watermark using cross-channel correlation of color image

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 510000 No.11 Kexiang Road, Science City, Huangpu District, Guangzhou City, Guangdong Province

Patentee after: CHINA SOUTHERN POWER GRID Co.,Ltd.

Country or region after: China

Patentee after: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Address before: 510000 No.11 Kexiang Road, Science City, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: CHINA SOUTHERN POWER GRID Co.,Ltd.

Country or region before: China

Patentee before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240326

Address after: 510000 No. 11 Kexiang Road, Science City, Luogang District, Guangzhou City, Guangdong Province

Patentee after: CHINA SOUTHERN POWER GRID Co.,Ltd.

Country or region after: China

Patentee after: China Southern Power Grid Digital Power Grid Group Information Communication Technology Co.,Ltd.

Address before: 510000 No.11 Kexiang Road, Science City, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: CHINA SOUTHERN POWER GRID Co.,Ltd.

Country or region before: China

Patentee before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.