CN113360909A - Lesovirus defense method, Lesovirus defense apparatus, and readable storage medium - Google Patents
Lesovirus defense method, Lesovirus defense apparatus, and readable storage medium Download PDFInfo
- Publication number
- CN113360909A CN113360909A CN202110682600.0A CN202110682600A CN113360909A CN 113360909 A CN113360909 A CN 113360909A CN 202110682600 A CN202110682600 A CN 202110682600A CN 113360909 A CN113360909 A CN 113360909A
- Authority
- CN
- China
- Prior art keywords
- sentinel
- file
- defense
- virus
- backup
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a Lesovirus defense method, Lesovirus defense equipment and a readable storage medium, which are applied to the field of Internet, wherein the Lesovirus defense method comprises the following steps: receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction; arranging sentinel files in the storage positions corresponding to the layers to be arranged; periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result; and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold. Therefore, the invasion condition of the Lesox virus can be rapidly screened and determined, the Lesox virus defense process is timely executed, and the loss caused by Lesox virus invasion is reduced.
Description
Technical Field
The invention relates to the field of internet, in particular to a Lesovirus defense method, Lesovirus defense equipment and a readable storage medium.
Background
In the prior art, with the rapid development of the internet communication technology, a plurality of Leso viruses appear, in the existing internet field, Leso viruses become one of the key threats of the current internet security, the detection of Leso viruses is difficult at present, the realization difficulty is high, the possibility of mistakenly killing normal processes exists, the update of virus libraries lags, the situation of false alarm and missed report is caused, the complexity of a user service scene is difficult to achieve by adopting a honeypot deployment mode to defend Leso viruses, and the user experience is poor.
Disclosure of Invention
The invention mainly aims to provide a Lesovirus defense method, and aims to solve the technical problem that the Lesovirus in the prior art is difficult to detect and prevent.
In order to achieve the above object, the present invention provides a Lesovirus defense method, including the following steps:
receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction;
arranging sentinel files in the storage positions corresponding to the layers to be arranged;
periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result;
and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold.
Wherein, the step of arranging the sentinel document in the storage position corresponding to the hierarchy to be arranged comprises the following steps:
acquiring attribute information of the common file in the storage position corresponding to the to-be-arranged hierarchy;
and correspondingly generating the sentinel file based on the attribute information, and storing the sentinel file in the storage position.
Wherein, after the step of arranging the sentinel documents in the storage positions corresponding to the to-be-arranged hierarchy, the method further comprises the following steps of:
acquiring the storage position and the file name of the sentinel file;
the steps of periodically carrying out on-guard detection on the sentinel documents and determining the number of abnormal sentinel documents according to the detection result comprise:
and periodically carrying out on-guard detection on the sentinel documents based on the storage position and the document name, and determining the number of abnormal sentinel documents according to a detection result.
Wherein, after the step of arranging the sentinel document in the storage position corresponding to the hierarchy to be arranged, the method further comprises the following steps of:
when receiving a sentinel file updating instruction, deleting the sentinel file;
determining an updated to-be-arranged level according to the sentinel file updating instruction, and arranging the updated sentinel file at a storage position corresponding to the updated to-be-arranged level;
and updating the sentinel registration form according to the updated storage position and file name of the sentinel file.
Wherein the Lesovirus defense process comprises at least one of:
outputting a Lesox virus alarm prompt;
carrying out emergency backup according to a preset backup proportion, and generating an emergency backup file according to the preset backup proportion;
a resource consuming process is executed.
The emergency backup is carried out according to a preset backup proportion, and the step of generating an emergency backup file according to the preset backup proportion comprises the following steps:
carrying out emergency backup on the common file at a local designated storage position and/or a cloud server according to a preset backup proportion to generate an emergency backup file;
and writing the file backup path and the backup file name of the emergency backup file in a backup record table.
Wherein, when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold, after the execution of the Lesoxovirus defense process step, the method further comprises the following steps:
receiving a Lesox virus clearing notice, recovering the encrypted file according to the emergency backup file, and deleting the repeated emergency backup file generated according to a preset proportion;
and deleting the backup record of the deleted emergency backup file in the backup record table.
Wherein, the executing the resource consumption process occupies processor and/or memory resources, and the reducing the Lesox virus intrusion speed comprises:
acquiring the number of abnormal sentinel files, and determining that the number of the abnormal sentinel files is greater than or equal to a severe virus intrusion threshold;
receiving a resource consumption instruction, calling a resource consumption process to execute an intensive infinite loop algorithm, and occupying processor and/or memory resources.
Further, to achieve the above object, the present invention also provides a Lesovirus defense apparatus including: a memory, a processor and a Lesovirus defense program stored on the memory and operable on the processor, the Lesovirus defense program when executed by the processor implementing the steps of the Lesovirus defense method as described above.
The invention also provides a readable storage medium on which a lemonavirus defense program is stored, which when executed by a processor implements the steps of the lemonavirus defense method as described above.
According to the Lesox virus defense method provided by the embodiment of the invention, a sentinel file arrangement instruction is received, and a layer to be arranged is determined according to the sentinel file arrangement instruction; arranging sentinel files in the storage positions corresponding to the layers to be arranged; periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result; and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold. The intelligent terminal can effectively detect and position the invasion path of the Leso virus, and can drag the damage speed of the Leso virus to the system when the Leso virus maliciously encrypts the terminal file, thereby effectively defending the invasion of the Leso virus.
Drawings
FIG. 1 is a schematic structural diagram of a Lesox virus defense device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart illustrating a Lesovirus defense method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart illustrating another embodiment of the Lesovirus defense method of the present invention;
FIG. 4 is a schematic flow chart illustrating a Lesovirus defense method according to another embodiment of the present invention;
FIG. 5 is a flow chart of another embodiment of the Lesovirus defense method of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction; arranging sentinel files in the storage positions corresponding to the layers to be arranged; periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result; and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold.
In the prior art, along with the rapid development of the internet communication technology, a plurality of Leso viruses appear, in the existing internet field, Leso viruses become one of the key threats of the current internet security, China is one of the most seriously threatened countries by Leso viruses, the detection of Leso viruses is difficult at present, the realization difficulty is high, the possibility of mistakenly killing normal processes exists, the update of virus libraries lags, the condition of misinformation and missing report occurs, the adoption of a honeypot deployment mode for defending Leso viruses cannot achieve the complexity of user service scenes, and the user experience is poor.
The invention provides a solution, which is characterized in that a sentinel file arrangement instruction is received, and a layer to be arranged is determined according to the sentinel file arrangement instruction; arranging sentinel files in the storage positions corresponding to the layers to be arranged; periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result; and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold. The intelligent terminal can effectively detect and position the invasion path of the Leso virus, and can drag the damage speed of the Leso virus to the system when the Leso virus maliciously encrypts the terminal file, thereby effectively defending the invasion of the Leso virus.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a Lesojous virus defense device of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the Lesovirus defense apparatus may include: a processor 1001, such as a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein the communication bus 1002 is used for realizing connection communication among the components, the user interface 1003 can comprise a Display screen (Display) and an input unit, and the network interface 1004 can optionally comprise a standard wired interface and a wireless interface (such as a WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
It will be appreciated by those skilled in the art that the hardware configuration of the Leonavirus defense apparatus shown in FIG. 1 does not constitute a limitation of the Leonavirus defense apparatus, and may include more or less components than shown in FIG. 1, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer-readable storage medium, may include therein an operating system, a network communication module, a user interface module, and a computer program. The operating system is a program for managing and controlling the Lesovirus defense device application program and supports the running of the Lesovirus defense device application program.
In the hardware configuration of the lemonavirus defense apparatus shown in fig. 1, the network interface 1004 is mainly used for accessing a network; the user interface 1003 is mainly used for receiving related operation instructions sent by a user, and the processor 1001 may be configured to invoke a lemonavirus defense program stored in the memory 1005, and perform the following operations:
receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction;
arranging sentinel files in the storage positions corresponding to the layers to be arranged;
periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result;
and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
acquiring attribute information of the common file in the storage position corresponding to the to-be-arranged hierarchy;
and correspondingly generating the sentinel file based on the attribute information, and storing the sentinel file in the storage position.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
acquiring the storage position and the file name of the sentinel file;
the steps of periodically carrying out on-guard detection on the sentinel documents and determining the number of abnormal sentinel documents according to the detection result comprise:
and periodically carrying out on-guard detection on the sentinel documents based on the storage position and the document name, and determining the number of abnormal sentinel documents according to a detection result.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
when receiving a sentinel file updating instruction, deleting the sentinel file;
determining an updated to-be-arranged level according to the sentinel file updating instruction, and arranging the updated sentinel file at a storage position corresponding to the updated to-be-arranged level;
and updating the sentinel registration form according to the updated storage position and file name of the sentinel file.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
carrying out emergency backup on the common file at a local designated storage position and/or a cloud server according to a preset backup proportion to generate an emergency backup file;
and writing the file backup path and the backup file name of the emergency backup file in a backup record table.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
receiving a Lesox virus clearing notice, recovering the encrypted file according to the emergency backup file, and deleting the repeated emergency backup file generated according to a preset proportion;
and deleting the backup record of the deleted emergency backup file in the backup record table.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
acquiring the number of abnormal sentinel files, and determining that the number of the abnormal sentinel files is greater than or equal to a severe virus intrusion threshold;
receiving a resource consumption instruction, calling a resource consumption process to execute an intensive infinite loop algorithm, and occupying processor and/or memory resources.
Based on the hardware structure of the aforementioned Leonavirus defense device, various embodiments of the Leonavirus defense method of the present invention are presented.
Referring to fig. 2, fig. 2 is a flow chart illustrating a Lesovirus defense method according to an embodiment of the present invention.
In this embodiment, the lemonavirus defense method includes:
step S101: receiving a sentinel file arrangement instruction, determining a to-be-arranged layer according to the sentinel file arrangement instruction, and arranging sentinel files in a storage position corresponding to the to-be-arranged layer;
in this embodiment, the lasso virus defense device may be an intelligent terminal loaded with a lasso virus defense program, and the intelligent terminal includes a mobile terminal or a cloud server. Specifically, after the Lesox virus defense device is powered on and started, a sentinel file arrangement instruction sent by a security operation and maintenance worker through a human-computer interaction interface is received, a to-be-arranged layer carried in the sentinel file arrangement instruction is read, a storage position pointed by the to-be-arranged layer is determined, attribute information of a common file stored in the storage position is read, at least one sentinel file similar to or partially identical to the attribute information of the common file is generated based on the attribute information, and the sentinel file is stored in the storage position. The attribute information of the common file includes at least one or more items of file name, file type, file size, and the like. The sentinel file is a readable file which is similar to or identical to any one or more of the file name, the file type and the file size of the common file in the specified file path and is used for detecting the Lesox virus. And the hierarchy to be arranged is the hierarchical relation of the storage positions in the storage of the sentinel file arranged and designated by the security operation and maintenance personnel. In a specific embodiment, the storage location pointed by the to-be-arranged hierarchy carried in the sentinel file arrangement instruction is a C disk-folder a-subfolder B, and after receiving the sentinel file arrangement instruction, the lemonavirus defense device arranges sentinel files at the storage location corresponding to the corresponding to-be-arranged hierarchy, that is, the sentinel files are arranged in the C disk, the folder a and the subfolder B.
Optionally, the sentinel file is used to intermix with the normal file to detect the presence of a lemonavirus intrusion. Optionally, the number of the sentinel documents and the configured storage positions of the layers to be arranged can be flexibly configured by the security operation and maintenance personnel according to the actual scene requirements, wherein the more the sentinel documents are, the higher the security is.
Specifically, the lasso virus defense device is further provided with a sentinel registry in advance, the sentinel registry is a readable and writable file for recording the name of the sentinel file and the storage location corresponding to the sentinel file, and optionally, in a specific embodiment, the sentinel registry is a database file. After sentinel files are arranged at the storage positions corresponding to the specified layers to be arranged according to sentinel file arrangement instructions sent by the security operation and maintenance personnel, the names of the sentinel files which are arranged completely and the storage positions where the sentinel files are arranged are registered in a sentinel registry so as to update the sentinel file information stored in the sentinel registry. Alternatively, the sentinel registry may be located in the Lesovirus defense device or other intelligent terminal.
Arrangement S201: periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result;
and after the sentinel virus defense device finishes arranging the sentinel files at the storage position corresponding to the arrangement level, starting an on-guard detection process of the sentinel files, reading the storage position and the file name of the sentinel files in the sentinel registry, periodically carrying out on-guard detection on the arranged sentinel files based on the storage position and the file name of the sentinel files, and determining whether the sentinel files can be normally accessed. Specifically, after the Lesox virus defense device is powered on and started, a scanning period of the sentinel file in the sentry detection process is preset, and the Lesox virus defense device periodically scans the sentinel file in the background according to the preset scanning period to obtain an access result of the sentinel file. If the background can normally start the sentinel file, the sentinel file is determined to be a normal sentinel file, if the background starts the sentinel file, the sentinel file is encrypted and cannot be accessed, or the sentinel file under the preset file directory is tampered/deleted, and the sentinel file is marked to be an abnormal sentinel file. And the Lesoxus virus defense equipment determines the number of abnormal sentinel files according to the detection result of the on-duty detection process. Optionally, in a specific embodiment, the scanning period preset by the lasso virus defense device is 5 minutes, the lasso virus defense device performs background scanning access to the sentinel files recorded in the sentinel registry every 5 minutes, determines the on-guard condition of the sentinel files, and determines whether abnormal sentinel files exist, where the abnormal sentinel files include sentinel files that cannot be accessed in any abnormal condition of being encrypted, being tampered, or being deleted.
Step S301: and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold.
In this embodiment, the lemonavirus defense device presets at least one preset virus intrusion threshold, and sets different virus intrusion thresholds according to different lemonavirus intrusion levels. Wherein, the virus intrusion threshold is an abnormal sentinel file quantity threshold corresponding to a certain Lesovirus alarm level. The more abnormal sentinel files corresponding to the virus intrusion threshold, the higher the Lesox virus intrusion level.
Specifically, the Lesox virus defense device periodically detects the arranged sentinel documents on the spot, acquires the number of abnormal sentinel documents, determines the virus intrusion threshold corresponding to the number of abnormal sentinel documents in the period, thereby determining the corresponding Lesox virus intrusion level, and executes the corresponding Lesox virus defense process according to the Lesox virus intrusion level.
Optionally, the preset virus intrusion threshold includes a suspected virus intrusion threshold, a general virus intrusion threshold, and a severe virus intrusion threshold.
Optionally, the lemonavirus defense process includes outputting a lemonavirus alarm prompt; and carrying out emergency backup according to a preset backup proportion, and generating an emergency backup file and executing at least one defense measure in a resource consumption process according to the preset backup proportion.
Optionally, the preset suspected virus intrusion threshold is that an abnormal sentinel file exists, when the strangle virus defense device detects that the quantity of the abnormal sentinel files is greater than or equal to one and does not exceed the next preset virus intrusion threshold, the virus intrusion threshold corresponding to the quantity of the abnormal sentinel files is determined as the suspected virus intrusion threshold, the corresponding strangle virus intrusion level is determined as the suspected strangle virus intrusion level, and a suspected strangle virus alarm corresponding to the suspected strangle virus intrusion level is sent to the security operation and maintenance personnel. Optionally, in a specific embodiment, the number of access failures corresponding to the suspected alarm reporting threshold is 1, and the suspected leson virus alarm is to send a leson virus alarm mail to the specified mailbox or send leson virus alarm information to the specified mailbox. The designated terminal and the designated mailbox are an intelligent terminal and an electronic mailbox associated with the safety operation and maintenance personnel.
Optionally, the preset general virus intrusion threshold is that 3 abnormal sentinel files exist, when the luxo virus defense device detects that the number of the abnormal sentinel files is greater than or equal to the general virus intrusion threshold and does not exceed the next preset virus intrusion threshold, the corresponding luxo virus intrusion level is determined to be the general luxo virus intrusion level, a general luxo virus alarm is sent to the security operation and maintenance personnel, a luxo virus defense process corresponding to the general luxo virus intrusion is executed, and a file emergency backup process is executed. Optionally, the general lemonavirus alarm includes sending lemonavirus alarm mail to a designated mailbox, sending lemonavirus alarm information to a designated terminal, and sending an audible and visual alarm in a large screen of the situation awareness system. Alternatively, in another embodiment, the general virus intrusion threshold may be 30% of the number of abnormal sentinel documents in the total number of sentinel documents.
Optionally, the preset severe virus intrusion threshold is that 5 abnormal sentinel files exist, when the strangle virus defense device detects that the abnormal sentinel file is greater than or equal to the preset severe virus intrusion threshold, it is determined that the corresponding strangle virus intrusion level is the severe strangle virus intrusion level, a severe strangle virus alarm is sent to the security operation and maintenance personnel, a strangle virus defense process corresponding to the severe strangle virus intrusion is executed, a file emergency backup operation is executed, a resource consumption process is started, and the slow strangle virus intrusion speed is dragged. First, in another embodiment, the severe virus intrusion threshold may also be 50% of the number of abnormal sentinel documents compared to the total number of sentinel documents.
Optionally, each virus intrusion threshold corresponding to the abnormal sentinel file can be set by the security operation and maintenance personnel according to actual requirements, optionally, the number of the abnormal sentinel files can be set, and each virus intrusion threshold can be correspondingly set according to the percentage of the number of the abnormal sentinel files in the whole sentinel file.
Optionally, when receiving a general or severe lasso virus alarm, the security operation and maintenance personnel send a security mode switching instruction to the lasso virus defense device, control the lasso virus defense device to switch to the security mode, and confirm the lasso virus in the security mode and perform a lasso virus removal operation.
In the embodiment, the Lesoxus virus defense device arranges the sentinel documents at the storage position corresponding to the layer to be arranged, and periodically perform on-duty detection on the sentinel documents to determine whether the device is subject to Lesog virus intrusion, when the abnormal sentinel files which cannot be accessed are detected to exist in the current period, determining whether the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold, determining the Lesox virus intrusion level, selecting corresponding lasso virus alarm modes according to different lasso virus invasion levels and executing corresponding lasso virus defense processes to perform lasso virus defense, therefore, the intrusion storage position of the Lessovirus is effectively detected and positioned, and the damage speed of the Lessovirus to the system can be dragged when the Lessovirus maliciously encrypts the terminal file, so that the intrusion of the Lessovirus is effectively prevented, and the damage degree of the Lessovirus intrusion is reduced.
Referring to fig. 3, fig. 3 is a schematic flow chart of another embodiment of the Lesovirus defense method of the present invention.
Based on the aforementioned lemonavirus defense method, in this embodiment, the lemonavirus defense method further includes:
step S311: backing up a local appointed file directory and/or a cloud server according to a preset backup proportion, and generating an emergency backup file according to the preset backup proportion;
step S312: and writing the file backup path and the backup file name of the emergency backup file in a backup record table.
As shown in fig. 3, in this embodiment, when detecting that the number of abnormal sentinel files is greater than or equal to the preset general virus intrusion threshold, the lasso virus defense device starts a file emergency backup process and performs a file emergency backup operation.
Optionally, after the Legonaire virus defense device is started up at power-on, a file emergency backup ratio is preset for reducing the risk of Legonaire viruses, specifically, when the Legonaire virus defense device is invaded by Legonaire viruses, the Legonaire virus defense device backs up files according to the preset file emergency backup ratio, so that even if part of files or emergency backup files obtained by emergency backup are tampered or encrypted and locked by Legonaire viruses, emergency backup files which are not encrypted and locked may exist, which is convenient for subsequent recovery, thereby reducing the harm of Legonaire viruses.
Optionally, the file emergency backup includes a local emergency backup and a cloud emergency backup. Optionally, when detecting that the number of abnormal sentinel files is greater than or equal to the common virus intrusion threshold, the Lesoxhlet virus defense device performs local emergency backup at the storage location where the sentinel files are located, performs emergency backup on the files at the storage location according to a preset file emergency backup proportion, and generates a plurality of emergency backup files. Optionally, the lemonavirus defense device may further preset a designated emergency backup storage location, and store the emergency backup file in the emergency backup storage location.
Optionally, in another embodiment, when detecting that the number of abnormal sentinel files is greater than or equal to the general virus intrusion threshold, the lemonavirus defense device sends a cloud emergency backup instruction to a designated cloud server, where the cloud emergency backup instruction carries a file to be backed up and an instruction of a preset file emergency backup ratio, and when receiving the cloud emergency backup instruction, the motion server copies the corresponding file according to the preset file emergency backup ratio to generate an emergency backup file.
Optionally, the emergency backup ratio may be 1: and N (N is more than or equal to 1), wherein the N can be self-defined and configured by safety operation and maintenance personnel according to the requirements of the actual application scene.
Specifically, the Legonaire virus defense device is further provided with a backup record table, and after the Legonaire virus carries out emergency backup on the file, the backup path of the file and the backup file name of the emergency backup file are stored in the backup record table.
Optionally, after the safe operation and maintenance personnel clear the lasso virus, a lasso virus clearing notification is sent to the lasso virus defense device, and after receiving the lasso virus clearing notification, the lasso virus defense device calls the emergency backup file to restore the encrypted file encrypted by the lasso virus, deletes the repeated emergency backup file generated according to the preset emergency backup proportion, and deletes the backup record of the repeated emergency backup file in the backup record table.
Optionally, when the safety operation and maintenance personnel confirm that the lasso virus defense device has the lasso virus false alarm condition, an emergency backup file deletion instruction is sent to the lasso virus, the lasso virus defense device is controlled to delete the repeated emergency backup files generated according to the preset emergency backup proportion, and the backup records of the deleted emergency backup files are deleted in the backup record table.
In this embodiment, when detecting the invasion of the lemonavirus, the lemonavirus defense device performs emergency backup on the file according to a preset emergency backup ratio to generate at least one emergency backup file, and after the lemonavirus is removed, restores the file through the emergency backup file, thereby reducing the invasion risk of the lemonavirus.
Referring to fig. 4, fig. 4 is a schematic flow chart of another embodiment of the Lesovirus defense method of the present invention.
Based on the aforementioned lemonavirus defense method, in this embodiment, the lemonavirus defense method further includes:
step S321: acquiring the number of abnormal sentinel files, and determining that the number of the abnormal sentinel files is greater than or equal to a severe virus intrusion threshold;
step S322: receiving a resource consumption instruction, calling a resource consumption process to execute an intensive infinite loop algorithm, and occupying processor and/or memory resources.
As shown in fig. 4, in this embodiment, when detecting that the number of abnormal sentinel files is greater than or equal to the serious virus intrusion threshold, the lasso virus defense device issues a serious lasso virus alarm and starts a resource consumption process.
Specifically, the lemonavirus defense device presets a resource consumption process for lemonavirus intrusion, and the resource consumption process comprises at least one intensive infinite loop calculation algorithm, so that the process can occupy a large amount of resources of a processor and a memory during execution, the invasion speed of the lemonavirus is reduced, and security personnel can have enough time to clear the lemonavirus.
Specifically, when detecting that the number of abnormal sentinel files is greater than or equal to a serious virus intrusion threshold, the Lessovirus defense device determines that the corresponding Lessovirus intrusion level is the serious Lessovirus intrusion level, sends a serious Lessovirus alarm to the security operation and maintenance personnel, receives a resource consumption process starting instruction sent by the security operation and maintenance personnel when receiving the serious Lessovirus alarm, and after receiving the resource consumption process starting instruction, the Lessovirus defense device starts the resource consumption process and executes intensive infinite loop calculation in the resource consumption process, so that terminal resources of the Lessovirus defense device are occupied, slow Lessovirus encryption is locked, and damage caused by Lessovirus intrusion is reduced.
Optionally, the security operation and maintenance personnel may also set that the resource consumption process is automatically started when the lasso virus defense device detects a serious lasso virus alarm level, so as to timely defend the lasso virus intrusion.
Specifically, after the resource consumption process is started, a security mode switching instruction sent by the security operation and maintenance personnel is received, the lasso virus defense device is controlled to be switched to the security mode, and an operation instruction of the security operation and maintenance personnel is received in the security mode, so that the operation of removing the lasso virus is executed.
In this embodiment, the lemonavirus defense device generates a resource consumption process, and when it is detected that the number of access failures of the sentinel file is greater than or equal to the critical alarm reporting threshold, the resource consumption process is run, so that the terminal resources of the lemonavirus defense device are consumed, the intrusion encryption speed of the lentivirus on the lemonavirus defense device is slowed, the security mode is entered, and the lemonavirus is deleted in the security mode, so that the lemonavirus is effectively defended, and the harm of the lemonavirus intrusion is reduced.
Referring to fig. 5, fig. 5 is a schematic flow chart of another embodiment of the Lesovirus defense method of the present invention.
Based on the above embodiment, in this embodiment, the lemonavirus defense method further includes:
step S401, when a sentinel file updating instruction is received, deleting the sentinel file;
step S402: determining an updated to-be-arranged level according to the sentinel file updating instruction, and arranging the updated sentinel file at a storage position corresponding to the updated to-be-arranged level;
step S403: and updating the sentinel registration form according to the updated storage position and file name of the sentinel file.
As shown in fig. 5, in this embodiment, in order to prevent a soldier file from being penetrated by a lemonade virus and thus breaking the arrangement rule of the sentinel file, the lemonade virus defense device receives a sentinel file update instruction sent by a security operation and maintenance worker, deletes the sentinel file that has exceeded a preset on-guard time, rearranges at least one accessible sentinel file at a storage location corresponding to a to-be-distributed level specified in the sentinel file update instruction again to be mixed with a normal file, and detects whether the sentinel virus or other bad programs invade the sentinel file by detecting the state of the sentinel file. Optionally, the preset on duty time can be set by safety operation and maintenance personnel according to actual requirements in a self-defined manner.
Optionally, after deleting the sentinel document with the on-guard time greater than or equal to the preset on-guard time and generating a new sentinel document, the storage location of the updated sentinel document and the corresponding updated sentinel document name are entered into the emptied sentinel registry.
In this embodiment, the lasso virus defense device deletes the sentinel documents that are greater than or equal to the preset sentry time, regenerates new sentinel documents, and updates the generated sentinel document information to the sentinel registry for query, thereby avoiding the rule that the lasso virus permeates the sentinel documents and effectively detecting the intrusion of the lasso virus.
Further optionally, in order to achieve the above object, the present invention further provides a computer-readable storage medium, where a lemonavirus defense program is stored on the readable storage medium provided in this embodiment, and the stored lemonavirus defense program can be read, interpreted, and executed by a processor, so as to implement any step of the lemonavirus defense method in any of the lemonavirus defense method embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for causing a terminal device to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A Lesovirus defense method, characterized in that the Lesovirus defense method comprises the steps of:
receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction;
arranging sentinel files in the storage positions corresponding to the layers to be arranged;
periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result;
and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold.
2. The Lexovirus defense method of claim 1, wherein said step of arranging sentinel files in storage locations corresponding to said hierarchy to be arranged comprises:
acquiring attribute information of the common file in the storage position corresponding to the to-be-arranged hierarchy;
and correspondingly generating the sentinel file based on the attribute information, and storing the sentinel file in the storage position.
3. The Lexovirus defense method of claim 1, further comprising, after the step of arranging sentinel files in storage locations corresponding to the hierarchy to be arranged:
acquiring the storage position and the file name of the sentinel file;
the steps of periodically carrying out on-guard detection on the sentinel documents and determining the number of abnormal sentinel documents according to the detection result comprise:
and periodically carrying out on-guard detection on the sentinel documents based on the storage position and the document name, and determining the number of abnormal sentinel documents according to a detection result.
4. The Lexovirus defense method of claim 3, further comprising, after the step of arranging sentinel files in storage locations corresponding to the hierarchy to be arranged:
when receiving a sentinel file updating instruction, deleting the sentinel file;
determining an updated to-be-arranged level according to the sentinel file updating instruction, and arranging the updated sentinel file at a storage position corresponding to the updated to-be-arranged level;
and updating the sentinel registration form according to the updated storage position and file name of the sentinel file.
5. The Lexovirus defense method of claim 1, wherein the Lexovirus defense process includes at least one of:
outputting a Lesox virus alarm prompt;
carrying out emergency backup according to a preset backup proportion, and generating an emergency backup file according to the preset backup proportion;
a resource consuming process is executed.
6. The Leso virus defense method as claimed in claim 5, wherein the emergency backup is performed according to a preset backup ratio, and the step of generating an emergency backup file according to the preset backup ratio comprises:
carrying out emergency backup on the common file at a local designated storage position and/or a cloud server according to a preset backup proportion to generate an emergency backup file;
and writing the file backup path and the backup file name of the emergency backup file in a backup record table.
7. The Lessovirus defense method according to claim 6, wherein said step of performing a Lessovirus defense process when the number of said exception sentinel files is greater than or equal to a predetermined virus intrusion threshold, further comprises:
receiving a Lesox virus clearing notice, recovering the encrypted file according to the emergency backup file, and deleting the repeated emergency backup file generated according to a preset proportion;
and deleting the backup record of the deleted emergency backup file in the backup record table.
8. The Lessovirus defense method according to claim 5, wherein said executing a resource consuming process occupying processor and/or memory resources, said reducing said Lessovirus intrusion rate step comprises:
acquiring the number of abnormal sentinel files, and determining that the number of the abnormal sentinel files is greater than or equal to a severe virus intrusion threshold;
receiving a resource consumption instruction, calling a resource consumption process to execute an intensive infinite loop algorithm, and occupying processor and/or memory resources.
9. A lemonavirus defense apparatus, characterized in that the lemonavirus defense apparatus comprises a memory, a processor and a lemonavirus defense program stored on the memory and executable on the processor, the processor implementing the steps of the lemonavirus defense method according to any one of claims 1 to 8 when executing the lemonavirus defense program.
10. A readable storage medium, characterized in that the computer readable storage medium has stored thereon a lemonavirus defense program which, when executed by a processor, implements the steps of the lemonavirus defense method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110682600.0A CN113360909B (en) | 2021-06-17 | 2021-06-17 | Lesovirus defense method, lesovirus defense apparatus, and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110682600.0A CN113360909B (en) | 2021-06-17 | 2021-06-17 | Lesovirus defense method, lesovirus defense apparatus, and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113360909A true CN113360909A (en) | 2021-09-07 |
| CN113360909B CN113360909B (en) | 2022-10-28 |
Family
ID=77535189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110682600.0A Active CN113360909B (en) | 2021-06-17 | 2021-06-17 | Lesovirus defense method, lesovirus defense apparatus, and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113360909B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023124041A1 (en) * | 2021-12-31 | 2023-07-06 | 华为云计算技术有限公司 | Ransomware detection method and related system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100238942A1 (en) * | 2009-03-19 | 2010-09-23 | Cristian Estan | Lookup engine with programmable memory topology |
| CN106484570A (en) * | 2016-10-28 | 2017-03-08 | 福建平实科技有限公司 | A kind of backpu protecting method and system extorting software document data for defence |
| US20170223031A1 (en) * | 2016-02-01 | 2017-08-03 | Symantec Corporation | Systems and methods for modifying file backups in response to detecting potential ransomware |
| US20180248896A1 (en) * | 2017-02-24 | 2018-08-30 | Zitovault Software, Inc. | System and method to prevent, detect, thwart, and recover automatically from ransomware cyber attacks, using behavioral analysis and machine learning |
| CN109472139A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | It is a kind of to defend to extort virus to the method and system of the secondary encryption of host document |
| CN110851833A (en) * | 2019-11-18 | 2020-02-28 | 深信服科技股份有限公司 | Lesovirus detection method, device and related equipment |
-
2021
- 2021-06-17 CN CN202110682600.0A patent/CN113360909B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100238942A1 (en) * | 2009-03-19 | 2010-09-23 | Cristian Estan | Lookup engine with programmable memory topology |
| US20170223031A1 (en) * | 2016-02-01 | 2017-08-03 | Symantec Corporation | Systems and methods for modifying file backups in response to detecting potential ransomware |
| CN106484570A (en) * | 2016-10-28 | 2017-03-08 | 福建平实科技有限公司 | A kind of backpu protecting method and system extorting software document data for defence |
| US20180248896A1 (en) * | 2017-02-24 | 2018-08-30 | Zitovault Software, Inc. | System and method to prevent, detect, thwart, and recover automatically from ransomware cyber attacks, using behavioral analysis and machine learning |
| CN109472139A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | It is a kind of to defend to extort virus to the method and system of the secondary encryption of host document |
| CN110851833A (en) * | 2019-11-18 | 2020-02-28 | 深信服科技股份有限公司 | Lesovirus detection method, device and related equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023124041A1 (en) * | 2021-12-31 | 2023-07-06 | 华为云计算技术有限公司 | Ransomware detection method and related system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113360909B (en) | 2022-10-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7673324B2 (en) | Method and system for tracking an operating performed on an information asset with metadata associated therewith | |
| CN113515433B (en) | Alarm log processing method, device, equipment and storage medium | |
| JP5586660B2 (en) | Method, system and apparatus for locking information | |
| US7478250B2 (en) | System and method for real-time detection of computer system files intrusion | |
| CN105743730B (en) | The method and its system of real time monitoring are provided for the web service of mobile terminal | |
| CN101888311B (en) | Equipment, method and system for preventing network contents from being tampered | |
| US8719942B2 (en) | System and method for prioritizing computers based on anti-malware events | |
| RU2693188C1 (en) | Control method and unit for portable storage devices and storage medium | |
| CN108920690B (en) | Visual network security audit method and system | |
| CN102890641B (en) | Process behavior control method and device | |
| CN105528543A (en) | Remote antivirus method, client, console and system | |
| CN106503551A (en) | A kind of for the processing method and system of extorting software | |
| CN111090857B (en) | Method for defending file from malicious software attack, computer system and recording medium | |
| CN113360909B (en) | Lesovirus defense method, lesovirus defense apparatus, and readable storage medium | |
| JP3904534B2 (en) | Terminal status monitoring system and method | |
| CN109639726A (en) | Intrusion detection method, device, system, equipment and storage medium | |
| US20240256658A1 (en) | Protecting data against malware attacks using cyber vault and automated airgap control | |
| CN115292740A (en) | Method and device for managing clipboard and nonvolatile storage medium | |
| CN116185785A (en) | Early warning method and device for file abnormal change | |
| US11971989B2 (en) | Computer recovery system | |
| CN116204876A (en) | Abnormality detection method, apparatus, and storage medium | |
| KR102182397B1 (en) | Web Service Protection and Automatic Recovery Method and System Thereof | |
| CN104679562B (en) | A kind of method and system of strength uninstall | |
| US20180330082A1 (en) | Preserving system integrity using file manifests | |
| CN113608828B (en) | Protection method and related equipment thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |