CN113127941A - Equipment safety protection method and device - Google Patents
Equipment safety protection method and device Download PDFInfo
- Publication number
- CN113127941A CN113127941A CN201911403639.3A CN201911403639A CN113127941A CN 113127941 A CN113127941 A CN 113127941A CN 201911403639 A CN201911403639 A CN 201911403639A CN 113127941 A CN113127941 A CN 113127941A
- Authority
- CN
- China
- Prior art keywords
- keyboard
- terminal
- equipment
- external equipment
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000001514 detection method Methods 0.000 claims abstract description 76
- 230000006399 behavior Effects 0.000 claims description 21
- 238000012544 monitoring process Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002618 waking effect Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Input From Keyboards Or The Like (AREA)
Abstract
The invention discloses a device safety protection method and device, relates to the technical field of safety, and can solve the problem that a terminal is in danger due to the fact that BadUSB attack cannot be identified in the prior art. The method mainly comprises the following steps: when detecting that an external device is accessed to the terminal, identifying whether the external device is a keyboard; if the external equipment is a keyboard, carrying out risk detection on the keyboard; and if the keyboard is determined to have risks, carrying out safety protection on the terminal. The method is mainly suitable for a scene of carrying out safety protection aiming at the BadUSB attack.
Description
Technical Field
The invention relates to the technical field of safety, in particular to a method and a device for protecting equipment safety.
Background
With the rapid development of computer networks, the manner of network attack is more and more, including not only software attack but also hardware attack. Among them, the BadUSB attack is a hardware attack using hardware bug settings. When an attacker customizes the attack device, an attack chip is arranged in the USB device, and the attack chip is a very small single chip microcomputer system with complete functions. A keyboard can be simulated by the attack chip. When you insert the custom USB device, the computer will be identified as a keyboard, and the microprocessor, memory space and attack code in the device are used to send control command to the host, thereby completely controlling the host. However, at present, antivirus software on a computer cannot access an area in the firmware of the USB device, so the BadUSB which achieves the purpose of rewriting the firmware of the USB device by placing an attack chip cannot use the existing antivirus software to perform comprehensive checking and killing, thereby causing the terminal to face danger.
Disclosure of Invention
In view of this, the device security protection method and apparatus provided by the present invention are intended to solve the problem that the prior art cannot identify the BadUSB attack, which causes the terminal to face danger.
The purpose of the invention is realized by adopting the following technical scheme:
in a first aspect, the present invention provides a method for waking up a smart device, where the method includes:
when detecting that an external device is accessed to the terminal, identifying whether the external device is a keyboard;
if the external equipment is a keyboard, carrying out risk detection on the keyboard;
and if the keyboard is determined to have risks, carrying out safety protection on the terminal.
Optionally, the security protection of the terminal includes any one or a combination of:
outputting risk prompt information of risk existing in the access equipment;
outputting prompt information for popping up external equipment;
outputting prompt information for setting an interface connected with the external equipment to be in a forbidden state;
and monitoring whether the terminal has malicious behaviors or not, and if so, intercepting the malicious behaviors.
Optionally, before performing risk detection on the keyboard, the method further includes:
identifying whether the keyboard is in an equipment library of the terminal, wherein the equipment library is established when the terminal is in a safe state and contains equipment information of all external equipment connected with the terminal;
performing risk detection on the keyboard comprises:
and if the keyboard is not in the equipment library, carrying out risk detection on the keyboard.
Optionally, the performing risk detection on the keyboard includes:
according to the attacked record and/or the device blacklist of the terminal, carrying out risk detection on the keyboard;
or sending the device information of the keyboard to a cloud end, and receiving a result of risk detection of the keyboard by the cloud end according to the attacked record and/or the device blacklist.
Optionally, performing risk detection on the keyboard according to the attacked record and/or the device blacklist of the terminal includes:
and when the number of times of attacks on the terminal due to the fact that the terminal is accessed to the external equipment is larger than a preset number threshold and/or the keyboard belongs to a malicious keyboard in the equipment blacklist, determining that the keyboard has risks.
Optionally, before performing risk detection on the keyboard, the method further includes:
detecting whether the terminal is in a dangerous state at present;
and if the terminal is in a dangerous state at present, setting an interface connected with the external equipment to be in a forbidden state.
In a second aspect, the present invention provides an apparatus for waking up a smart device, the apparatus comprising:
the identification unit is used for identifying whether the external equipment is a keyboard or not when the external equipment is detected to be accessed into the terminal;
the detection unit is used for carrying out risk detection on the keyboard when the external equipment is the keyboard;
and the protection unit is used for carrying out safety protection on the terminal when the keyboard is determined to have risks.
Optionally, the protection unit includes: any one or combination of a plurality of first output modules, second output modules, third output modules and interception modules;
the first output module is used for outputting risk prompt information of risk existing in the access equipment;
the second output module is used for outputting prompt information for popping up external equipment;
the third output module is used for outputting prompt information for setting an interface connected with the external equipment to be in a forbidden state;
the interception module is used for monitoring whether the terminal has malicious behaviors or not, and intercepting the malicious behaviors if the terminal has the malicious behaviors.
Optionally, the identifying unit is configured to identify whether the keyboard is in a device library of the terminal before performing risk detection on the keyboard, where the device library is established when the terminal is in a secure state and includes device information of all external devices connected to the terminal;
the detection unit is used for carrying out risk detection on the keyboard when the keyboard is not in the equipment library.
Optionally, the detecting unit includes: the first detection module is used for carrying out risk detection on the keyboard according to the attacked record and/or the equipment blacklist of the terminal;
alternatively, the detection unit includes: the sending module is used for sending the equipment information of the keyboard to a cloud end; and the receiving module is used for receiving the result of the risk detection of the keyboard by the cloud according to the attacked record and/or the equipment blacklist.
Optionally, the first detection module is configured to determine that the keyboard has a risk when the number of times that the terminal is attacked by accessing to the external device is greater than a preset number threshold and/or the keyboard belongs to a malicious keyboard in the device blacklist.
Optionally, the detecting unit is further configured to detect whether the terminal is currently in a dangerous state before performing risk detection on the keyboard;
the device further comprises:
and the setting unit is used for setting an interface connected with the external equipment to be in a forbidden state when the terminal is in a dangerous state at present.
In a third aspect, the present invention provides a storage medium, where the storage medium includes a stored program, and when the program runs, a device in which the storage medium is located is controlled to execute the device security protection method according to the first aspect.
In a fourth aspect, the present invention provides an apparatus for safety protection of a device, the apparatus comprising a storage medium; and one or more processors, the storage medium coupled with the processors, the processors configured to execute program instructions stored in the storage medium; the program instructions, when executed, perform the method for device security protection of the first aspect.
By means of the technical scheme, compared with the prior art that safety detection is carried out on external equipment only from a software layer, the equipment safety protection method and the equipment safety protection device provided by the invention can start from hardware, can identify whether the external equipment is a keyboard or not when the external equipment is detected to be accessed into the terminal, carry out risk detection on the keyboard when the external equipment is determined to be the keyboard, and carry out safety protection on the terminal when the keyboard is determined to have risks, so that the keyboard can be prevented from generating malicious attack on the terminal in time.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating a method for securing equipment according to an embodiment of the present invention;
FIG. 2 is a flow chart of another method for securing equipment according to an embodiment of the present invention;
FIG. 3 illustrates an example diagram of a device risk reminder provided by an embodiment of the present invention;
FIG. 4 is a block diagram illustrating components of an apparatus safety guard provided in an embodiment of the present invention;
fig. 5 is a block diagram illustrating another safety protection apparatus for a device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In order to prevent a BadUSB attack, an embodiment of the present invention provides an apparatus security protection method, as shown in fig. 1, where the method includes:
101. and when detecting that an external device is accessed into the terminal, identifying whether the external device is a keyboard.
In practical application, in order to manage the devices, a unique identifier is set for each device when the device leaves a factory. For example, the USB protocol provides that all USB devices have VID (Vendor ID) and PID (Product ID). VID is applied by the supplier to USB-IF (Implementers Forum, applications Forum), and PID is decided by the supplier. Therefore, the terminal can recognize whether the accessed external device is a keypad or not through unique identification (VID and PID).
102. And if the external equipment is a keyboard, carrying out risk detection on the keyboard.
When the external device is determined to be a keyboard, the external device is likely to be a BadUSB simulated keyboard, so for terminal security, risk detection needs to be performed on the keyboard first, when the keyboard is determined to be free of risk, information is allowed to be input by using the keyboard, and when the keyboard is determined to be free of risk, security measures need to be taken for the terminal in time to prevent the terminal from being maliciously attacked by the keyboard.
103. And if the keyboard is determined to have risks, carrying out safety protection on the terminal.
If the keyboard is determined to have risks, the terminal can be safely protected by taking measures of safety reminding of the user, forbidding of the interface and the like.
Compared with the prior art that the security detection is carried out on the external equipment only from a software layer, the equipment security protection method provided by the embodiment of the invention can start from hardware, can identify whether the external equipment is a keyboard or not when the external equipment is detected to be accessed into the terminal, carries out risk detection on the keyboard when the external equipment is determined to be the keyboard, and carries out security protection on the terminal when the keyboard is determined to have risks, so that the keyboard can be prevented from generating malicious attack on the terminal in time.
Further, according to the method shown in fig. 1, another embodiment of the present invention further provides an apparatus security protection method, as shown in fig. 2, the method mainly includes:
201. and when detecting that an external device is accessed into the terminal, identifying whether the external device is a keyboard.
202. And if the external equipment is a keyboard, identifying whether the keyboard is in an equipment library of the terminal.
When the accessed external device is a keyboard, if the keyboard is a real keyboard which is frequently used and trusted by a user, the user does not need to spend time on risk detection of the keyboard, and the keyboard can be directly allowed to be used. In order to avoid resource waste, in the case that the external device is determined to be a keyboard, it may be first identified whether the keyboard is in a device library of the terminal, and if the keyboard is in the device library, it indicates that the keyboard is a keyboard trusted to be used by the user, and if the keyboard is not in the device library, it indicates that the keyboard is accessed to the terminal for the first time.
The device library is established when the terminal is in a safe state and contains device information of all external devices connected with the terminal.
When the terminal is a desktop computer, the safety state of the terminal can be the state when a user confirms that the host computer is only connected with a keyboard and a mouse which are purchased in a matched manner with the desktop computer; when the terminal is a notebook, the security state can be the state when the user confirms that the host is only connected with the mouse purchased in cooperation with the notebook.
203. And if the keyboard is not in the equipment library, carrying out risk detection on the keyboard.
If the keyboard is not in the device library, the keyboard is accessed to the terminal for the first time, and in order to avoid the terminal being attacked, risk detection can be performed on the keyboard first.
In practical application, risk detection of the keyboard can be realized locally at the terminal, and equipment information of the keyboard can be sent to the cloud end, so that the cloud end can carry out risk detection on the keyboard. Specifically, risk detection may be performed on the keyboard according to an attacked record and/or an equipment blacklist of the terminal; or sending the device information of the keyboard to a cloud end, and receiving a result of risk detection of the keyboard by the cloud end according to the attacked record and/or the device blacklist.
The specific implementation manner of performing risk detection on the keyboard according to the attacked record and/or the device blacklist of the terminal may be: and when the number of times of attacks on the terminal due to the fact that the terminal is accessed to the external equipment is larger than a preset number threshold and/or the keyboard belongs to a malicious keyboard in the equipment blacklist, determining that the keyboard has risks.
The device blacklist includes hardware information (such as device identifiers) reported by the cloud according to the attacked user and hardware information of malicious hardware automatically detected by the cloud.
When the number of times of attacks on the terminal due to the fact that the terminal is accessed to the external device is large, the terminal is a device which is easy to be attacked by the external device, when the keyboard accessed at this time is not in the device blacklist, the keyboard is possibly a new malicious keyboard, and for the safety of the terminal, the keyboard can be determined to have risks.
In addition, when the terminal is currently in a dangerous state, the capability of the terminal itself for bearing the attack is greatly reduced compared with that in a normal state, so that in order to prevent the terminal from being attacked, before the risk detection is carried out on the keyboard, whether the terminal is currently in the dangerous state or not can be detected; and if the terminal is in a dangerous state at present, setting an interface connected with the external equipment into a forbidden state, disconnecting the keyboard from the terminal, and preventing the keyboard from attacking the terminal. Wherein the dangerous state comprises that the system has a bug and/or the system is being attacked by a malicious attack.
When it is determined that the keyboard is not at risk, the device information of the keyboard may be added to the device library so that the security of the keyboard is determined next time directly from the device library.
204. And if the keyboard is determined to have risks, carrying out safety protection on the terminal.
The method for carrying out safety protection on the terminal comprises any one or more of the following steps:
(1) outputting risk prompt information of risk existing in the access equipment;
(2) outputting prompt information for popping up external equipment;
(3) outputting prompt information for setting an interface connected with the external equipment to be in a forbidden state;
the prompt message can be displayed in a pop-up window form or other forms. The prompt message can also be sent to a designated mailbox or sent to a designated mobile terminal in a short message form.
(4) And monitoring whether the terminal has malicious behaviors or not, and if so, intercepting the malicious behaviors. That is, the terminal runs the program and executes the command, so that the terminal can be protected by monitoring the running behavior of the terminal.
For example, as shown in fig. 3, when it is determined that the keyboard is at risk, a prompt message "the access device is a malicious keyboard, and please determine whether to pop up" to prevent the computer from being attacked may be output, so that the user may select whether to pop up the external device.
Compared with the prior art that the external equipment is only detected from a software layer, the equipment safety protection device provided by the embodiment of the invention can start from hardware, firstly identify whether the external equipment is a keyboard in an equipment library or not when the external equipment is detected to be accessed into the terminal, carry out risk detection on the keyboard when the external equipment is determined not to be the keyboard in the equipment library, and carry out safety protection on the terminal when the keyboard is determined to have risk, so that the equipment safety protection device not only can prevent the keyboard from generating malicious attack on the terminal in time, but also can save the risk detection operation of trusting the keyboard and prevent resource waste.
Further, according to the above method embodiment, another embodiment of the present invention further provides an apparatus safety protection device, as shown in fig. 4, the apparatus includes:
the identification unit 31 is configured to identify whether an external device is a keyboard when it is detected that the external device accesses the terminal;
a detection unit 32, configured to perform risk detection on the keyboard when the external device is the keyboard;
and the protection unit 33 is used for performing security protection on the terminal when the keyboard is determined to have risk.
Optionally, as shown in fig. 5, the protection unit 33 includes: any one or a combination of several of the first output module 331, the second output module 332, the third output module 333, and the interception module 334;
the first output module 331 is configured to output risk prompt information;
the second output module 332 is configured to output prompt information for popping up an external device;
the third output module 333, configured to set an interface to which the external device is connected to a disabled state;
the intercepting module 334 is configured to monitor whether a malicious behavior exists in the terminal, and intercept the malicious behavior if the malicious behavior exists.
Optionally, the identifying unit 31 is configured to identify, before performing risk detection on the keyboard, whether the keyboard is in a device library of the terminal, where the device library is established when the terminal is in a secure state and includes device information of all external devices connected to the terminal;
the detection unit 32 is configured to perform risk detection on the keyboard when the keyboard is not in the device library.
Optionally, as shown in fig. 5, the detecting unit 32 includes: a first detection module 321, configured to perform risk detection on the keyboard according to an attacked record and/or a device blacklist of the terminal;
alternatively, the detection unit 32 includes: a sending module 322, configured to send the device information of the keyboard to a cloud; a receiving module 323, configured to receive a result of risk detection performed by the cloud on the keyboard according to the attacked record and/or the device blacklist.
Optionally, the first detecting module 321 is configured to determine that the keyboard is at risk when the number of times that the terminal is attacked by accessing to the external device is greater than a preset number threshold and/or the keyboard belongs to a malicious keyboard in the device blacklist.
Optionally, the detecting unit 32 is further configured to detect whether the terminal is currently in a dangerous state before performing risk detection on the keyboard;
as shown in fig. 5, the apparatus further includes:
a setting unit 34, configured to set an interface for connecting the external device to a disabled state when the terminal is currently in a dangerous state.
Compared with the prior art that the external equipment is only detected from a software layer, the equipment safety protection device provided by the embodiment of the invention can start from hardware, can firstly identify whether the external equipment is a keyboard or not when the external equipment is detected to be accessed into the terminal, can detect the risk of the keyboard when the external equipment is determined to be the keyboard, and can perform safety protection on the terminal when the risk of the keyboard is determined, so that the keyboard can be prevented from generating malicious attack on the terminal in time.
Further, according to the above embodiment, another embodiment of the present invention further provides a storage medium, where the storage medium includes a stored program, and when the program runs, a device on which the storage medium is located is controlled to execute the device security protection method described above.
The storage medium may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
Compared with the prior art that the external equipment is only detected from a software layer, the program stored in the storage medium provided by the embodiment of the invention can start with the hardware, can identify whether the external equipment is a keyboard or not when the external equipment is detected to be accessed into the terminal, can detect the risk of the keyboard when the external equipment is determined to be the keyboard, and can perform safety protection on the terminal when the risk of the keyboard is determined, so that the terminal can be prevented from being attacked maliciously by the keyboard in time.
Further, according to the above embodiment, another embodiment of the present invention provides an apparatus for safety protection of a device, the apparatus including a storage medium; and one or more processors, the storage medium coupled with the processors, the processors configured to execute program instructions stored in the storage medium; the program instructions when executed perform the device safeguarding method as described above.
Compared with the prior art that the external equipment is only detected from a software layer, the equipment safety protection device provided by the embodiment of the invention can start from hardware, can firstly identify whether the external equipment is a keyboard or not when the external equipment is detected to be accessed into the terminal, can detect the risk of the keyboard when the external equipment is determined to be the keyboard, and can perform safety protection on the terminal when the risk of the keyboard is determined, so that the keyboard can be prevented from generating malicious attack on the terminal in time.
Embodiments of the present disclosure also provide a computer program product adapted to perform program code for initializing the following method steps when executed on a terminal:
when detecting that an external device is accessed to the terminal, identifying whether the external device is a keyboard;
if the external equipment is a keyboard, carrying out risk detection on the keyboard;
and if the keyboard is determined to have risks, carrying out safety protection on the terminal.
A1, an equipment safety protection method, the method comprises:
when detecting that an external device is accessed to the terminal, identifying whether the external device is a keyboard;
if the external equipment is a keyboard, carrying out risk detection on the keyboard;
and if the keyboard is determined to have risks, carrying out safety protection on the terminal.
A2, according to the method of A1, the security protection of the terminal includes any one or more of the following combinations:
outputting risk prompt information of risk existing in the access equipment;
outputting prompt information for popping up external equipment;
outputting prompt information for setting an interface connected with the external equipment to be in a forbidden state;
and monitoring whether the terminal has malicious behaviors or not, and if so, intercepting the malicious behaviors.
A3, the method of A1, further comprising, prior to risk detecting the keyboard:
identifying whether the keyboard is in an equipment library of the terminal, wherein the equipment library is established when the terminal is in a safe state and contains equipment information of all external equipment connected with the terminal;
performing risk detection on the keyboard comprises:
and if the keyboard is not in the equipment library, carrying out risk detection on the keyboard.
A4, according to the method of A1, the risk detection of the keyboard comprising:
according to the attacked record and/or the device blacklist of the terminal, carrying out risk detection on the keyboard;
or sending the device information of the keyboard to a cloud end, and receiving a result of risk detection of the keyboard by the cloud end according to the attacked record and/or the device blacklist.
A5, according to the method of A4, the risk detection of the keyboard according to the attacked record and/or the device blacklist of the terminal includes:
and when the number of times of attacks on the terminal due to the fact that the terminal is accessed to the external equipment is larger than a preset number threshold and/or the keyboard belongs to a malicious keyboard in the equipment blacklist, determining that the keyboard has risks.
A6, the method of any one of A1-A5, further comprising, prior to risk detecting the keyboard:
detecting whether the terminal is in a dangerous state at present;
and if the terminal is in a dangerous state at present, setting an interface connected with the external equipment to be in a forbidden state.
B7, an equipment safety protection device, the device comprises:
the identification unit is used for identifying whether the external equipment is a keyboard or not when the external equipment is detected to be accessed into the terminal;
the detection unit is used for carrying out risk detection on the keyboard when the external equipment is the keyboard;
and the protection unit is used for carrying out safety protection on the terminal when the keyboard is determined to have risks.
B8, the device according to B7, the guard unit comprising: any one or combination of a plurality of first output modules, second output modules, third output modules and interception modules;
the first output module is used for outputting risk prompt information of risk existing in the access equipment;
the second output module is used for outputting prompt information for popping up external equipment;
the third output module is used for outputting prompt information for setting an interface connected with the external equipment to be in a forbidden state;
the interception module is used for monitoring whether the terminal has malicious behaviors or not, and intercepting the malicious behaviors if the terminal has the malicious behaviors.
B9, the apparatus according to B7, the identifying unit configured to identify whether the keyboard is in a device library of the terminal, the device library being established in a secure state of the terminal and containing device information of all external devices connected to the terminal, before risk detection is performed on the keyboard;
the detection unit is used for carrying out risk detection on the keyboard when the keyboard is not in the equipment library.
B10, the apparatus according to B7, the detection unit comprising: the first detection module is used for carrying out risk detection on the keyboard according to the attacked record and/or the equipment blacklist of the terminal;
alternatively, the detection unit includes: the sending module is used for sending the equipment information of the keyboard to a cloud end; and the receiving module is used for receiving the result of the risk detection of the keyboard by the cloud according to the attacked record and/or the equipment blacklist.
B11, the apparatus according to B10, the first detecting module is configured to determine that the keyboard is at risk when the number of times the terminal is attacked by accessing an external device is greater than a preset number threshold and/or the keyboard belongs to a malicious keyboard in the device blacklist.
B12, the device according to any one of B7-B11, the detecting unit is further used for detecting whether the terminal is in a dangerous state or not before risk detection is carried out on the keyboard;
the device further comprises:
and the setting unit is used for setting an interface connected with the external equipment to be in a forbidden state when the terminal is in a dangerous state at present.
C13, a storage medium comprising a stored program, wherein the program controls a device on which the storage medium is located to execute the device security protection method of any one of A1 to A6 when running.
D14, an equipment safety guard, the device comprising a storage medium; and one or more processors, the storage medium coupled with the processors, the processors configured to execute program instructions stored in the storage medium; the program instructions when executed perform the device security method of any one of a1-a 6.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of the device safeguarding method and apparatus in accordance with embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (10)
1. A method of device security, the method comprising:
when detecting that an external device is accessed to the terminal, identifying whether the external device is a keyboard;
if the external equipment is a keyboard, carrying out risk detection on the keyboard;
and if the keyboard is determined to have risks, carrying out safety protection on the terminal.
2. The method of claim 1, wherein securing the terminal comprises any one or a combination of:
outputting risk prompt information of risk existing in the access equipment;
outputting prompt information for popping up external equipment;
outputting prompt information for setting an interface connected with the external equipment to be in a forbidden state;
and monitoring whether the terminal has malicious behaviors or not, and if so, intercepting the malicious behaviors.
3. The method of claim 1, wherein prior to risk detecting the keyboard, the method further comprises:
identifying whether the keyboard is in an equipment library of the terminal, wherein the equipment library is established when the terminal is in a safe state and contains equipment information of all external equipment connected with the terminal;
performing risk detection on the keyboard comprises:
and if the keyboard is not in the equipment library, carrying out risk detection on the keyboard.
4. The method of claim 1, wherein performing risk detection on the keyboard comprises:
according to the attacked record and/or the device blacklist of the terminal, carrying out risk detection on the keyboard;
or sending the device information of the keyboard to a cloud end, and receiving a result of risk detection of the keyboard by the cloud end according to the attacked record and/or the device blacklist.
5. The method of claim 4, wherein performing risk detection on the keyboard according to an attack record and/or a device blacklist of the terminal comprises:
and when the number of times of attacks on the terminal due to the fact that the terminal is accessed to the external equipment is larger than a preset number threshold and/or the keyboard belongs to a malicious keyboard in the equipment blacklist, determining that the keyboard has risks.
6. The method of any of claims 1-5, wherein prior to risk detecting the keyboard, the method further comprises:
detecting whether the terminal is in a dangerous state at present;
and if the terminal is in a dangerous state at present, setting an interface connected with the external equipment to be in a forbidden state.
7. An equipment safety shield apparatus, comprising:
the identification unit is used for identifying whether the external equipment is a keyboard or not when the external equipment is detected to be accessed into the terminal;
the detection unit is used for carrying out risk detection on the keyboard when the external equipment is the keyboard;
and the protection unit is used for carrying out safety protection on the terminal when the keyboard is determined to have risks.
8. The apparatus of claim 7, wherein the guard unit comprises: any one or combination of a plurality of first output modules, second output modules, third output modules and interception modules;
the first output module is used for outputting risk prompt information of risk existing in the access equipment;
the second output module is used for outputting prompt information for popping up external equipment;
the third output module is used for outputting prompt information for setting an interface connected with the external equipment to be in a forbidden state;
the interception module is used for monitoring whether the terminal has malicious behaviors or not, and intercepting the malicious behaviors if the terminal has the malicious behaviors.
9. A storage medium, comprising a stored program, wherein the program, when executed, controls an apparatus in which the storage medium is located to perform the apparatus security method according to any one of claims 1 to 6.
10. An equipment safety shield apparatus, comprising a storage medium; and one or more processors, the storage medium coupled with the processors, the processors configured to execute program instructions stored in the storage medium; the program instructions when executed perform the device security method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911403639.3A CN113127941A (en) | 2019-12-31 | 2019-12-31 | Equipment safety protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911403639.3A CN113127941A (en) | 2019-12-31 | 2019-12-31 | Equipment safety protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113127941A true CN113127941A (en) | 2021-07-16 |
Family
ID=76768896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911403639.3A Pending CN113127941A (en) | 2019-12-31 | 2019-12-31 | Equipment safety protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113127941A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113836601A (en) * | 2021-08-26 | 2021-12-24 | 青岛中科英泰商用系统股份有限公司 | Special USB keyboard and control method, system and equipment thereof |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105450619A (en) * | 2014-09-28 | 2016-03-30 | 腾讯科技(深圳)有限公司 | Method, device and system of protection of hostile attacks |
| CN105718825A (en) * | 2015-11-16 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Method and device for detecting malicious USB equipment |
| CN105718824A (en) * | 2015-10-22 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | System and method for preventing malicious USB equipment |
| CN106951779A (en) * | 2017-03-28 | 2017-07-14 | 武汉大学 | A kind of USB security protection systems for selecting to analyze with equipment behavior based on user |
| US20170364677A1 (en) * | 2016-06-20 | 2017-12-21 | Vmware, Inc. | Usb stack isolation for enhanced security |
| US20180324179A1 (en) * | 2017-05-02 | 2018-11-08 | Hao-Hsun Hou | Method for preventing badusb attack |
-
2019
- 2019-12-31 CN CN201911403639.3A patent/CN113127941A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105450619A (en) * | 2014-09-28 | 2016-03-30 | 腾讯科技(深圳)有限公司 | Method, device and system of protection of hostile attacks |
| CN105718824A (en) * | 2015-10-22 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | System and method for preventing malicious USB equipment |
| CN105718825A (en) * | 2015-11-16 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Method and device for detecting malicious USB equipment |
| US20170364677A1 (en) * | 2016-06-20 | 2017-12-21 | Vmware, Inc. | Usb stack isolation for enhanced security |
| CN106951779A (en) * | 2017-03-28 | 2017-07-14 | 武汉大学 | A kind of USB security protection systems for selecting to analyze with equipment behavior based on user |
| US20180324179A1 (en) * | 2017-05-02 | 2018-11-08 | Hao-Hsun Hou | Method for preventing badusb attack |
Non-Patent Citations (1)
| Title |
|---|
| 360安全: ""BadUSB"恶灵退散",360国内首家推出"变形虫防护"", pages 1 - 4, Retrieved from the Internet <URL:https://www.freebuf.com/fevents/217645.html> * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113836601A (en) * | 2021-08-26 | 2021-12-24 | 青岛中科英泰商用系统股份有限公司 | Special USB keyboard and control method, system and equipment thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101265173B1 (en) | Apparatus and method for inspecting non-portable executable files | |
| US8272059B2 (en) | System and method for identification and blocking of malicious code for web browser script engines | |
| KR101122646B1 (en) | Method and device against intelligent bots by masquerading virtual machine information | |
| CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
| US20140215637A1 (en) | Security arrangements for extended usb protocol stack of a usb host system | |
| CN105718825B (en) | Malicious USB device detection method and device | |
| EP3422238B1 (en) | Detecting a malware process | |
| AU2011283389A1 (en) | Hacker virus security-integrated control device | |
| US20170289178A1 (en) | Systems and methods for detecting security threats | |
| WO2016019893A1 (en) | Application installation method and apparatus | |
| CN107944292B (en) | Privacy data protection method and system | |
| US7472288B1 (en) | Protection of processes running in a computer system | |
| CN108334404B (en) | Application program running method and device | |
| EP3482335B1 (en) | Mitigation of malicious actions associated with graphical user interface elements | |
| CN113127941A (en) | Equipment safety protection method and device | |
| CN107070878B (en) | System and method for virus isolation of monitored application | |
| CN106161373A (en) | A kind of security protection information cuing method, safety monitoring device and system | |
| CN105791221B (en) | Rule issuing method and device | |
| US10116688B1 (en) | Systems and methods for detecting potentially malicious files | |
| CN113886826A (en) | Threat defense method and system based on anti-sandbox characteristics of malicious software | |
| US10579795B1 (en) | Systems and methods for terminating a computer process blocking user access to a computing device | |
| US20150302211A1 (en) | Removable storage medium security system and method thereof | |
| US20230396646A1 (en) | Identifying computer systems for malware infection mitigation | |
| US9092306B1 (en) | Lightweight data leakage detection for mobile computing devices | |
| Teufl et al. | Android-On-device detection of SMS catchers and sniffers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |