CN113127869B - Identification environment tracking method and system - Google Patents
Identification environment tracking method and system Download PDFInfo
- Publication number
- CN113127869B CN113127869B CN201911424736.0A CN201911424736A CN113127869B CN 113127869 B CN113127869 B CN 113127869B CN 201911424736 A CN201911424736 A CN 201911424736A CN 113127869 B CN113127869 B CN 113127869B
- Authority
- CN
- China
- Prior art keywords
- authentication
- sample
- environment
- identification
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000013507 mapping Methods 0.000 claims abstract description 16
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 description 15
- 206010000117 Abnormal behaviour Diseases 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 230000003068 static effect Effects 0.000 description 6
- 241000700605 Viruses Species 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000011900 installation process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000026676 system process Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides an identification environment tracking method, which comprises the following steps: acquiring a sample uploaded by a user, and establishing an identification task corresponding to the sample according to the sample; configuring an identification environment corresponding to the sample according to the identification task to generate an identification code and login information of the identification environment, and establishing a mapping relation between the identification code and the login information; assigning an authentication task to an authentication environment, and controlling the authentication environment to perform an authentication operation on the sample; sending the identification code to the user so as to determine the login information according to the identification code and the mapping relation; and receiving login information input by the user, so that the user logs in the authentication environment according to the login information to track the authentication environment. According to the embodiment of the invention, the identification environment, the identification code of the identification environment and the login information can be dynamically configured according to the sample, and the identification code is sent to the user, so that the user can log in the identification environment to track the identification environment, and the safety of the identification environment is further improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to an identification environment tracking method and system.
Background
In the fields of network and information security, a virtual operating system is created to run suspicious samples, and the suspicious samples are isolated from an actual operating system; when the suspicious sample is provided with a virus or Trojan program, the action triggered in the virtual operating system is not destroyed to the actual operating system, and the virtual operating system is called an authentication environment.
The conventional authentication environment authenticates samples based on static scheduling, and when the authentication environment of the samples needs to be tracked, the samples are usually put into the authentication environment which is in static continuous operation for authentication. The method for tracking the authentication environment based on the static scheduling is a mode of statically allocating resources, so that the authentication environment needs to be continuously operated even when the sample does not need to be authenticated.
In the prior art, aiming at the defect of static scheduling, the method can overcome the defects by manually and dynamically starting and stopping the identification environment, but under the condition of manually and dynamically starting and stopping the identification environment, a user cannot know the identification environment corresponding to the sample, so that the identification environment cannot be tracked, and the safety of the identification environment cannot be ensured.
Therefore, the invention aims to solve the problem that the identification environment cannot be tracked.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, a system, a computer device, and a computer readable storage medium for tracking an authentication environment, which can dynamically configure a corresponding authentication environment according to a sample, and allow a user to log into the authentication environment, so as to track the authentication environment, thereby improving the security of the authentication environment.
The embodiment of the invention solves the technical problems through the following technical scheme:
an authentication environment tracking method, comprising:
acquiring a sample uploaded by a user, and establishing an identification task corresponding to the sample according to the sample;
configuring an identification environment of the sample according to the identification task to generate an identification code and login information of the identification environment, and establishing a mapping relation between the identification code and the login information;
assigning the authentication task to the authentication environment and controlling the authentication environment to perform an authentication operation on the sample;
transmitting the identification code to the user so as to determine the login information according to the identification code and the mapping relation;
and receiving the login information input by the user, so that the user logs in the authentication environment according to the login information to track the authentication environment.
Further, the obtaining the sample uploaded by the user, and establishing an authentication task corresponding to the sample according to the sample, further includes:
and acquiring the authentication parameters uploaded by the user, and establishing an authentication task corresponding to the sample according to the sample and the authentication parameters.
Further, the identification parameters include an identification duration and a trigger mode of the sample.
Further, the configuring the authentication environment of the sample according to the authentication task includes:
acquiring attributes of the sample, wherein the attributes comprise the memory size occupied by the sample and the type of an operating system for executing the authentication operation on the sample;
computing computer resources required by the sample according to the attribute of the sample and the identification parameter, wherein the computer resources comprise a hard disk, a memory and a central processing unit;
and configuring the authentication environment according to the computer resource.
Further, after the assigning the authentication task to the authentication environment, the method further includes:
and sending the login information to a preset authentication environment management center so as to register the authentication environment to the authentication environment management center.
To achieve the above object, an embodiment of the present invention further provides an authentication environment tracking system, including:
the acquisition module is used for acquiring a sample uploaded by a user and establishing an identification task corresponding to the sample according to the sample;
the configuration module is used for configuring an identification environment corresponding to the sample according to the identification task so as to generate an identification code and login information of the identification environment, and establishing a mapping relation between the identification code and the login information;
the allocation module is used for allocating the authentication task to the authentication environment and controlling the authentication environment to perform authentication operation on the sample;
the sending module is used for sending the identification code to the user so as to determine the login information according to the identification code and the mapping relation;
and the receiving module is used for receiving the login information input by the user so that the user logs in the authentication environment according to the login information to track the authentication environment.
Further, the configuration module is further configured to:
and acquiring the authentication parameters uploaded by the user, and establishing an authentication task corresponding to the sample according to the sample and the authentication parameters.
Further, the identification parameters include an identification duration and a trigger mode of the sample.
Further, the configuration module is further configured to:
acquiring attributes of the sample, wherein the attributes comprise the memory size occupied by the sample and the type of an operating system for executing the authentication operation on the sample;
computing computer resources required by the sample according to the attribute of the sample and the identification parameter, wherein the computer resources comprise a hard disk, a memory and a central processing unit;
and configuring the authentication environment according to the computer resource.
Further, the allocation module is further configured to:
and sending the login information to a preset authentication environment management center so as to register the authentication environment to the authentication environment management center.
To achieve the above object, an embodiment of the present invention further provides a computer apparatus including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the authentication environment tracking method as described above when executing the computer program.
To achieve the above object, an embodiment of the present invention also provides a computer-readable storage medium having stored therein a computer program executable by at least one processor to cause the at least one processor to perform the steps of the authentication environment tracking method as described above.
According to the identification environment tracking method, the identification environment tracking system, the computer equipment and the computer readable storage medium, the identification environment corresponding to the sample is configured dynamically, the identification code of the identification environment and the login information corresponding to the identification code are generated, and when the identification environment performs identification operation on the sample, the identification code is sent to a user, so that the user can log in the identification environment to track the identification environment, and the safety of the identification environment is greatly improved.
The invention will now be described in more detail with reference to the drawings and specific examples, which are not intended to limit the invention thereto.
Drawings
FIG. 1 is a diagram showing an application environment of an authentication environment tracking method according to a first embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for tracking an authentication environment according to a first embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a program module of an authentication environment tracking system according to a second embodiment of the present invention;
fig. 4 is a schematic hardware structure of a computer device according to a third embodiment of the invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The technical solutions between the embodiments may be combined with each other, but it is necessary to base the implementation on the basis of those skilled in the art that when the combination of technical solutions contradicts or cannot be implemented, it should be considered that the combination of technical solutions does not exist and is not within the scope of protection claimed by the present invention.
Referring to fig. 1, an application environment diagram of an authentication environment tracking method according to a first embodiment of the present invention is shown.
When a user delivers a sample to a task management module, the task management module creates an identification task according to the sample, then the deployment management module calculates the requirement of dynamic deployment according to the requirement of the identification task, allocates resources for the required identification environment to initialize, and creates the environment number, the user name and the password of the identification environment. After the authentication environment is initialized, the deployment management module registers the environment number, the user name and the password to an authentication environment management center. Next, the authentication environment obtains an authentication task from the task management module and performs an authentication operation. When the user gets the authentication task and starts the authentication work, the environment number can be obtained from the task management module, then the corresponding user name and password are obtained in the authentication environment management center according to the environment number, and the user name and password are logged in the authentication environment to track the authentication environment.
Example 1
Referring to fig. 2, a flowchart illustrating steps of an authentication environment tracking method according to a first embodiment of the present invention is shown.
It will be appreciated that the flow charts in the method embodiments are not intended to limit the order in which the steps are performed. The following description is exemplary with a computer device as an execution subject, and specifically follows:
step S100, obtaining a sample uploaded by a user, and establishing an identification task corresponding to the sample according to the sample.
Specifically, common examples are files, executables, and uniform resource locators (uniform resource locator, URL). The user can deliver the sample, the computer equipment receives the sample and distributes the sample to the authentication environment for scanning and analyzing, and further authentication of the sample is achieved. In an exemplary embodiment, the user may also set and upload authentication parameters for the sample at the time of delivery of the sample. The computer equipment acquires the identification parameters and establishes an identification task corresponding to the sample according to the identification parameters and the sample. The authentication parameters may be a scan duration and a trigger mode, where the trigger mode may be a manual trigger or an automatic trigger. In this embodiment, after the corresponding authentication task is established through the authentication parameter and the sample, the authentication mode of the sample can be determined according to the established authentication task.
In a preferred embodiment, the authentication parameter may also be a priority level of the sample, that is, when the user delivers the samples in batches, the timing of sample authentication may be determined by setting the priority level, so that the authentication environment scans the samples according to the level of the priority level.
Illustratively, when the user delivers one hundred samples at a time, the hundred samples include an audio-video file, an executable program, and a URL; the storage space occupied by the audio and video files and the executable program is larger, and the required scanning time is longer; the URL occupies a smaller memory space and requires a shorter scanning time. The user may set URL samples to a higher priority level and audio video file samples and executable program samples to a lower priority level. For example: the priority level of the URL sample is set to be A, the priority level of the executable program sample is set to be B, and the priority level of the audio and video file sample is set to be C, so that a priority level queue is formed. According to the set priority levels, the order of the sample priority levels is as follows: and A > B > C, the identification environment scans the URL sample preferentially, then scans the executable program sample, and finally scans the audio and video file sample. After receiving the sample and the authentication parameters delivered by the user, the computer equipment creates an authentication task corresponding to the sample in a preset task management center, wherein the task management center manages the authentication process of the sample, and data generated by the sample in an authentication environment can be synchronized to the task management center.
Step S102, configuring an identification environment corresponding to the sample according to the identification task to generate an identification code and login information of the identification environment, and establishing a mapping relation between the identification code and the login information. In a specific embodiment of the present invention, the identification code of the authentication environment refers to an authentication environment number of the authentication environment, and the login information includes a user name and a password.
Specifically, after the task management center creates the authentication task, the computer device calculates required computer resources from the samples in the authentication task, thereby configuring an authentication environment corresponding to the authentication task. When the authentication environment is configured, an authentication environment number and login information of the authentication environment are also configured, wherein the login information comprises a user name and a password of the authentication environment. And then establishing a mapping relation among the identification environment number, the user name and the password, and corresponding the identification environment number, the user name and the password one by one.
Illustratively, when the user delivers an audio/video file, the computer device calculates a corresponding required hardware size according to the size of the file, thereby configuring a corresponding authentication environment. Meanwhile, the computer equipment generates a random identification environment number, a user name and a password for the identification environment, wherein the identification environment number can be in the form of adding five-bit random characters to the identification environment name, and can be in the form of adding other character combinations such as five-bit random characters to a sample type code. Each time a user delivers a sample, an identification environment number, a user name and a password of an identification environment are randomly generated, and the identification environment stops running after the sample identification is completed; when the user delivers the sample again, a new authentication environment is configured and a new authentication environment number, user name, and password are generated.
In a preferred embodiment, when configuring an authentication environment corresponding to the sample according to the authentication task, by acquiring the attribute of the sample, calculating computer resources required for the sample according to the attribute of the sample and the authentication parameter, and then configuring the authentication environment according to the computer resources. The attributes include the memory size occupied by the sample and the type of operating system for performing the authentication operation on the sample, and the computer resources include a hard disk, a memory and a central processing unit. Through the attribute and the identification parameter of the sample, the identification environment corresponding to the memory size and the operation system type can be configured according to the memory size occupied by the sample and the operation system type for executing the identification operation on the sample, so that the utilization rate of computer resources and the matching rate of the sample and the operation system of the identification environment are greatly improved.
Specifically, different samples occupy different storage spaces, and corresponding operating systems are different. Some samples need to be scanned in a Windows XP system, and a Windows XP operating system needs to be simulated in an authentication environment to scan the samples; some samples need to be scanned in the WIN7 system, then a WIN7 operating system needs to be simulated in the authentication environment to scan the samples; the simulated Windows XP operating system and WIN7 operating system have different memory, the Windows XP occupies smaller memory, and the WIN7 occupies larger memory. Therefore, it is necessary to acquire the attributes of the sample, that is, the size of the memory occupied by the sample and the type of the operating system, and then calculate the sizes of the memory, the hard disk, and the CPU required for configuring the authentication environment according to the attributes, thereby creating a corresponding authentication environment.
In a preferred embodiment, the authentication environment may also be configured according to authentication parameters set by the user when creating the authentication environment.
Illustratively, the user sets the authentication parameter at the time of delivering the sample to: the scanning time length is 15 minutes, and the triggering mode is automatic triggering, so that the computer equipment can increase the memory, the hard disk and the CPU of the authentication environment according to the scanning time length, so that the hardware resource of the computer can meet the requirement of long-time scanning of the authentication environment.
Step S104, the authentication task is distributed to the authentication environment, and the authentication environment is controlled to perform authentication operation on the sample.
Specifically, after creating the authentication environments, the computer device sequentially assigns authentication tasks to different authentication environments according to the priority level of the authentication samples, and controls the authentication environments to scan the samples. And then analyzing according to the scanning result of the sample to judge whether the sample has abnormal behaviors in the identification environment.
Illustratively, after an executable program is assigned to an authentication environment, an automation script in the authentication environment automatically installs the executable program and runs the program. During the process, the authentication environment records a log generated when the program runs, and then the computer equipment judges whether the program has abnormal behaviors or not by extracting information in the log. For example, if the record for modifying the registry of the program system exists in the modification registry information in the extracted log, judging that the sample has abnormal behavior, and marking the sample as a suspected virus sample by the computer equipment; if the process information in the extracted log has a record that the system process is closed by the sample, judging that the sample has abnormal behavior, and marking the sample as a suspected virus sample by the computer equipment.
In another preferred embodiment, after the authentication task is assigned to the authentication environment, the login information is further transmitted to a preset authentication environment management center to register the authentication environment with the authentication environment management center. After registering the authentication environment in an environment management center, the authentication environment management center can acquire login information of the authentication environment.
And step S106, the identification code is sent to the user, so that the login information is determined according to the identification code and the mapping relation.
Specifically, after the sample is scanned by the authentication environment, the computer device transmits an authentication environment number of the authentication environment to the user. Then, based on the authentication environment number, the user can acquire the user name and password of the authentication environment.
Step S108, receiving the login information input by the user, so that the user logs in the authentication environment according to the login information to track the authentication environment.
Illustratively, after the user obtains the user name and password, the user may log into the authentication environment according to the user name and password. After the user logs in, the scanning process of the sample can be observed in the authentication environment, and it can be understood that the scanning process of the sample observed in the authentication environment refers to that the simulation operating system of the authentication environment runs the sample, the running process is displayed on the display device, and the user can see the scanning process of the sample through the display device.
In a preferred embodiment, the sample may be triggered to perform a certain action after the user logs into the authentication environment. For example, the automation script of the authentication environment performs an installation operation on an executable program, and during the installation process, a dialog box is popped up and prompt information, a "next" button and a "cancel" button are displayed, at which time if the automation script cannot perform a clicking operation of the "next" button, the user may manually click the "next" button, so that the executable program continues to be installed into the authentication environment. After the executable program is installed, the authentication environment performs an authentication operation on the sample.
According to the embodiment of the invention, the corresponding identification environment is configured dynamically according to the sample, the identification code of the identification environment and the login information corresponding to the identification code are generated, and when the identification environment carries out identification operation on the sample, the identification code is sent to the user, so that the user can log in the identification environment to track the identification environment, and the safety of the identification environment is greatly improved.
Example two
Referring to fig. 3, a program module diagram of an authentication environment tracking system according to a second embodiment of the invention is shown. It will be appreciated that the flow charts in the method embodiments are not intended to limit the order in which the steps are performed. In this embodiment, the authentication environment tracking system 20 may include or be divided into one or more program modules, which are stored in a storage medium and executed by one or more processors to accomplish the present invention and to implement the authentication environment tracking method described above. Program modules depicted in the embodiments of the present invention are directed to a series of computer program instruction segments capable of performing particular functions, and are more suitable than the program itself for describing the execution of the authentication environment tracking system 20 in a storage medium. The following description will specifically describe functions of each program module of the present embodiment:
and the acquisition module 200 is used for acquiring the sample uploaded by the user and establishing an identification task corresponding to the sample according to the sample.
Specifically, common examples are files, web page content, and uniform resource locators (uniform resource locator, URL). The user can deliver the sample through the acquisition module 200, and the acquisition module 200 receives the sample and distributes the sample to the authentication environment for scanning and analysis, so that the authentication of the sample is realized. In an exemplary embodiment, the user may also set and upload authentication parameters for the sample at the time of delivery of the sample. The obtaining module 200 obtains the authentication parameters, and establishes an authentication task corresponding to the sample according to the authentication parameters and the sample. The authentication parameters may be a scan duration and a trigger mode, where the trigger mode may be a manual trigger or an automatic trigger. In this embodiment, after the corresponding authentication task is established through the authentication parameter and the sample, the authentication mode of the sample can be determined according to the established authentication task.
In a preferred embodiment, the authentication parameter may also be a priority level of the sample, that is, when the user delivers the samples in batches, the timing of sample authentication may be determined by setting the priority level, so that the authentication environment scans the samples according to the level of the priority level.
Illustratively, when a user delivers one hundred samples at a time in the acquisition module 200, the hundred samples include an audio-video file, an executable program, and a URL; the storage space occupied by the audio and video files and the executable program is larger, and the required scanning time is longer; the URL occupies a smaller memory space and requires a shorter scanning time. The user may set the URL to a higher priority level and the audio-video file and executable program to a lower priority level. For example: the acquisition module 200 sets the priority level of the URL to a, the priority level of the executable program to B, and the priority level of the audio/video file to C, thereby forming a priority level queue. According to the set priority levels, the order of the sample priority levels is as follows: and A > B > C, the identification environment scans the URL sample preferentially, then scans the executable program sample, and finally scans the audio and video file sample. After receiving the sample and the authentication parameter delivered by the user, the obtaining module 200 creates an authentication task corresponding to the sample in a preset task management center, where the task management center manages the authentication process of the sample, and data generated by the sample in the authentication environment is saved in the task management center.
And the configuration module 202 is configured to configure an authentication environment corresponding to the sample according to the authentication task, so as to generate an identification code and login information of the authentication environment, and establish a mapping relationship between the identification code and the login information, wherein the login information comprises a user name and a password.
Specifically, after the task management center creates the certification task, the configuration module 202 calculates the required computer resources from the samples in the certification task, thereby configuring the certification environment corresponding to the certification task. In configuring the authentication environment, the configuration module 202 further configures an authentication environment number and login information of the authentication environment, where the login information includes a user name and a password of the authentication environment. And then establishing a mapping relation among the identification environment number, the user name and the password, and corresponding the identification environment number, the user name and the password one by one.
For example, when a user delivers an audio/video file, the configuration module 202 calculates a corresponding required hardware size according to the size of the file, thereby configuring a corresponding authentication environment. Meanwhile, the configuration module 202 generates a random identification environment number, a user name and a password for the identification environment, wherein the identification environment number can be in the form of adding five-bit random characters to the identification environment name, and can be in the form of adding other character combinations such as five-bit random characters to the sample type code. Each time a user delivers a sample, an identification environment number, a user name and a password of an identification environment are randomly generated, and the identification environment stops running after the sample identification is completed; when the user delivers the sample again, the configuration module 202 configures the new authentication environment and generates a new authentication environment number, user name, and password.
In a preferred embodiment, when configuring an authentication environment corresponding to the sample according to the authentication task, by acquiring the attribute of the sample, calculating computer resources required for the sample according to the attribute of the sample and the authentication parameter, and then configuring the authentication environment according to the computer resources. Wherein the attributes may include a memory size occupied by the sample and an operating system type for performing the authentication operation on the sample, and the computer resources may include a hard disk, a memory, and a central processing unit. Through the attribute and the identification parameter of the sample, the identification environment corresponding to the memory size and the operation system type can be configured according to the memory size occupied by the sample and the operation system type for executing the identification operation on the sample, so that the utilization rate of computer resources and the matching rate of the sample and the operation system of the identification environment are greatly improved.
Specifically, different samples occupy different storage spaces, and corresponding operating systems are different. Some samples need to be scanned in a Windows XP system, and a Windows XP operating system needs to be simulated in an authentication environment to scan the samples; some samples need to be scanned in the WIN7 system, then a WIN7 operating system needs to be simulated in the authentication environment to scan the samples; the simulated Windows XP operating system and WIN7 operating system have different memory, the Windows XP occupies smaller memory, and the WIN7 occupies larger memory. Therefore, it is necessary to acquire the attributes of the sample, that is, the size of the memory occupied by the sample and the type of the operating system, and then calculate the sizes of the memory, the hard disk, and the CPU required for configuring the authentication environment according to the attributes, thereby creating a corresponding authentication environment.
In a preferred embodiment, the configuration module 202 may also configure the authentication environment based on authentication parameters set by the user when creating the authentication environment.
Illustratively, the user sets the authentication parameter at the time of delivering the sample to: the scanning time length is 15 minutes, the triggering mode is automatic triggering, and the memory, the hard disk and the CPU of the authentication environment are increased according to the scanning time length, so that the hardware resource of the computer can meet the requirement of long-time scanning of the authentication environment.
An allocation module 204, configured to allocate the authentication task to the authentication environment, and control the authentication environment to perform an authentication operation on the sample.
Specifically, after creating the authentication environments, the allocation module 204 allocates the authentication tasks to different authentication environments according to the priority of the authentication samples, and controls the authentication environments to scan the samples. And then analyzing according to the scanning result of the sample to judge whether the sample has abnormal behaviors in the identification environment.
Illustratively, after an executable program is assigned to a certification environment, an automation script in the certification environment automatically installs the executable program and runs the program, during which the certification environment records a log generated during the running of the program, and the assignment module 204 determines whether the program has abnormal behavior by extracting information from the log. For example, if the record for modifying the registry exists in the information of the modification registry in the extracted log, determining that the sample has abnormal behavior, and marking the sample as a suspected virus sample by the allocation module 204; if the process information in the extracted log has a record that the system process is closed by the sample, the sample is judged to have abnormal behavior, and the distribution module 204 marks the sample as a suspected virus sample.
In another preferred embodiment, after the authentication task is assigned to the authentication environment, the login information is further transmitted to a preset authentication environment management center to register the authentication environment with the authentication environment management center. After registering the authentication environment in an environment management center, the authentication environment management center can acquire login information of the authentication environment.
And a sending module 206, configured to send the identification code to the user, so as to determine the login information according to the identification code and the mapping relationship.
Specifically, after the sample is scanned by the authentication environment, the transmitting module 206 transmits the authentication environment number of the authentication environment to the user. Then, based on the authentication environment number, the user can acquire the user name and password of the authentication environment.
And a receiving module 208, configured to receive the login information input by the user, so that the user logs in the authentication environment according to the login information to track the authentication environment.
Illustratively, after the user obtains the user name and password, the user may log into the authentication environment according to the user name and password. After the user logs in, the scanning process of the sample can be observed in the authentication environment, and it can be understood that the scanning process of the sample observed in the authentication environment refers to that the simulation operating system of the authentication environment runs the sample, the running process is displayed on the display device, and the user can see the scanning process of the sample through the display device.
In a preferred embodiment, the sample may be triggered to perform a certain action after the user logs into the authentication environment. For example, the automation script of the authentication environment performs an installation operation on an executable program, and during the installation process, a dialog box is popped up and prompt information, a "next" button and a "cancel" button are displayed, at which time if the automation script cannot perform a clicking operation of the "next" button, the user may manually click the "next" button, so that the executable program continues to be installed into the authentication environment. After the executable program is installed, the authentication environment performs an authentication operation on the sample.
According to the embodiment of the invention, the corresponding identification environment is configured dynamically according to the sample, the identification code of the identification environment and the login information corresponding to the identification code are generated, and when the identification environment carries out identification operation on the sample, the identification code is sent to the user, so that the user can log in the identification environment to track the identification environment, and the safety of the identification environment is greatly improved.
Example III
Referring to fig. 4, a hardware architecture diagram of a computer device according to a third embodiment of the present invention is shown. In this embodiment, the computer device 2 is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction. The computer device 2 may be a rack server, a blade server, a tower server, or a rack server (including a stand-alone server, or a server cluster made up of multiple servers), or the like. As shown in fig. 4, the computer device 2 may include, but is not limited to, a memory 21, a processor 22, a network interface 23, and an authentication environment tracking system 20 communicatively coupled to each other via a system bus. Wherein:
in this embodiment, the memory 21 may include one type of computer-readable storage medium including flash memory, a hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the memory 21 may be an internal storage unit of the computer device 2, such as a hard disk or a memory of the computer device 2. In other embodiments, the memory 21 may also be an external storage device of the computer device 2, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the computer device 2. Of course, the memory 21 may also include both internal storage units of the computer device 2 and external storage devices. In this embodiment, the memory 21 is typically used to store an operating system and various types of application software installed on the computer device 2, such as program codes of the authentication environment tracking system 20 of the second embodiment. Further, the memory 21 may be used to temporarily store various types of data that have been output or are to be output.
The processor 22 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 22 is typically used to control the overall operation of the computer device 2. In this embodiment, the processor 22 is configured to execute the program code or process data stored in the memory 21, for example, to execute the authentication environment tracking system 20, so as to implement the authentication environment tracking method of the first embodiment.
The network interface 23 may comprise a wireless network interface or a wired network interface, which network interface 23 is typically used for establishing a communication connection between the computer apparatus 2 and other electronic devices. For example, the network interface 23 is used to connect the computer device 2 to an external terminal through a network, establish a data transmission channel and a communication connection between the computer device 2 and the external terminal, and the like. The network may be an Intranet (Intranet), the Internet (Internet), a global system for mobile communications (Global System ofMobile communication, GSM), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), a 4G network, a 5G network, bluetooth (Bluetooth), wi-Fi, or other wireless or wired network.
It is noted that fig. 4 only shows a computer device 2 having components 20-23, but it is understood that not all of the illustrated components are required to be implemented, and that more or fewer components may alternatively be implemented.
In this embodiment, the authentication environment tracking system 20 stored in the memory 21 may be further divided into one or more program modules, which are stored in the memory 21 and executed by one or more processors (the processor 22 in this embodiment) to complete the present invention.
For example, fig. 3 shows a schematic program module diagram of the authentication environment tracking system 20, in which embodiment the authentication environment tracking system 20 may be divided into authentication environment tracks. Program modules in the present invention are understood to mean a series of computer program instruction segments capable of performing a specific function, more suitable than a program, for describing the execution of the authentication environment tracking system 20 in the computer device 2. The specific functions of the program modules 200-208 are described in detail in the second embodiment, and are not described herein.
Example IV
The present embodiment also provides a computer-readable storage medium such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application store, etc., on which a computer program is stored, which when executed by a processor, performs the corresponding functions. The computer readable storage medium of the present embodiment is used for storing the authentication environment tracking system 20, and when executed by a processor, implements the authentication environment tracking method of the first embodiment.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (8)
1. A method of authentication environment tracking, comprising:
acquiring a sample uploaded by a user, and establishing an identification task corresponding to the sample according to the sample;
configuring an identification environment of the sample according to the identification task to generate an identification code and login information of the identification environment, and establishing a mapping relation between the identification code and the login information;
assigning the authentication task to the authentication environment and controlling the authentication environment to perform an authentication operation on the sample;
transmitting the identification code to the user so as to determine the login information according to the identification code and the mapping relation;
receiving the login information input by the user, so that the user logs in the authentication environment according to the login information to track the authentication environment;
wherein configuring an authentication environment of the sample according to the authentication task comprises:
acquiring attributes of the sample, wherein the attributes comprise the memory size occupied by the sample and the type of an operating system for executing the authentication operation on the sample;
computing computer resources required by the sample according to the attribute and the identification parameter of the sample, wherein the computer resources comprise a hard disk, a memory and a central processing unit;
and configuring the authentication environment according to the computer resource.
2. The method for tracking authentication environment according to claim 1, wherein the steps of obtaining a sample uploaded by a user and establishing an authentication task corresponding to the sample according to the sample, further comprise:
and acquiring the authentication parameters uploaded by the user, and establishing an authentication task corresponding to the sample according to the sample and the authentication parameters.
3. The method of claim 2, wherein the identification parameters include an identification duration and a trigger pattern of the sample.
4. The authentication environment tracking method according to claim 1, characterized by further comprising, after the assigning of the authentication task to the authentication environment:
and sending the login information to a preset authentication environment management center so as to register the authentication environment to the authentication environment management center.
5. An authentication environment tracking system, comprising:
the acquisition module is used for acquiring a sample uploaded by a user and establishing an identification task corresponding to the sample according to the sample;
the configuration module is used for configuring an identification environment corresponding to the sample according to the identification task so as to generate an identification code and login information of the identification environment, and establishing a mapping relation between the identification code and the login information;
the allocation module is used for allocating the authentication task to the authentication environment and controlling the authentication environment to perform authentication operation on the sample;
the sending module is used for sending the identification code to the user so as to determine the login information according to the identification code and the mapping relation;
the receiving module is used for receiving the login information input by the user so that the user logs in the authentication environment according to the login information to track the authentication environment;
wherein the configuration module is further configured to:
acquiring attributes of the sample, wherein the attributes comprise the memory size occupied by the sample and the type of an operating system for executing the authentication operation on the sample;
computing computer resources required by the sample according to the attribute and the identification parameter of the sample, wherein the computer resources comprise a hard disk, a memory and a central processing unit;
and configuring the authentication environment according to the computer resource.
6. The authentication environment tracking system of claim 5, wherein the configuration module is further configured to obtain authentication parameters uploaded by the user and establish an authentication task corresponding to the sample based on the sample and the authentication parameters.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the authentication environment tracking method of any of claims 1 to 4 when the computer program is executed by the processor.
8. A computer-readable storage medium, in which a computer program is stored, the computer program being executable by at least one processor to cause the at least one processor to perform the steps of the authentication environment tracking method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911424736.0A CN113127869B (en) | 2019-12-31 | 2019-12-31 | Identification environment tracking method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911424736.0A CN113127869B (en) | 2019-12-31 | 2019-12-31 | Identification environment tracking method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113127869A CN113127869A (en) | 2021-07-16 |
| CN113127869B true CN113127869B (en) | 2024-02-13 |
Family
ID=76770751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911424736.0A Active CN113127869B (en) | 2019-12-31 | 2019-12-31 | Identification environment tracking method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113127869B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106650427A (en) * | 2016-12-28 | 2017-05-10 | 北京奇虎科技有限公司 | Sandbox operation environment detection method and device |
| CN107659540A (en) * | 2016-07-25 | 2018-02-02 | 中兴通讯股份有限公司 | Dynamic behaviour analysis method, device, system and equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5904616B2 (en) * | 2011-12-16 | 2016-04-13 | インテル・コーポレーション | Secure user authentication and certification against remote servers |
-
2019
- 2019-12-31 CN CN201911424736.0A patent/CN113127869B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107659540A (en) * | 2016-07-25 | 2018-02-02 | 中兴通讯股份有限公司 | Dynamic behaviour analysis method, device, system and equipment |
| CN106650427A (en) * | 2016-12-28 | 2017-05-10 | 北京奇虎科技有限公司 | Sandbox operation environment detection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113127869A (en) | 2021-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9830434B2 (en) | System and method for security using one-time execution code | |
| CN105704178B (en) | Task platform access method and device | |
| CN111191226B (en) | Method, device, equipment and storage medium for determining program by utilizing right-raising loopholes | |
| CN108256118B (en) | Data processing method, device, system, computing equipment and storage medium | |
| CN110674440A (en) | Buried point data processing method, system, computer device and readable storage medium | |
| US10284561B2 (en) | Method and server for providing image captcha | |
| CN110691085B (en) | Login method, login device, password management system and computer readable medium | |
| CN109361660B (en) | Abnormal behavior analysis method, system, server and storage medium | |
| CN109547426B (en) | Service response method and server | |
| CN112954040B (en) | Method, system, device and storage medium for embedding application release server | |
| CN112039900A (en) | Network security risk detection method, system, computer device and storage medium | |
| CN108427639B (en) | Automated testing method, application server and computer readable storage medium | |
| CN113672441A (en) | Method and device for testing intelligent equipment | |
| CN109818972B (en) | Information security management method and device for industrial control system and electronic equipment | |
| CN111984520A (en) | Buried point testing method, computer device and computer-readable storage medium | |
| US8613097B2 (en) | Methods and systems for detecting an access attack | |
| CN113127869B (en) | Identification environment tracking method and system | |
| CN114915565B (en) | Network debugging method and system | |
| CN112817816B (en) | Embedded point processing method and device, computer equipment and storage medium | |
| CN115658221A (en) | State detection method, service virtual machine, equipment and medium | |
| CN109714371B (en) | Industrial control network safety detection system | |
| CN113961162A (en) | Screen projection control method, screen projection sending end, screen projection receiving end and screen projection system | |
| CN113378180A (en) | Vulnerability detection method and device, computer equipment and readable storage medium | |
| CN112973129A (en) | Game deployment method and device, electronic equipment and computer-readable storage medium | |
| CN110875900B (en) | Enterprise security management method and device and security management server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: QAX Technology Group Inc. Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant before: QAX Technology Group Inc. Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |