CN113360909B - Lesovirus defense method, lesovirus defense apparatus, and readable storage medium - Google Patents
Lesovirus defense method, lesovirus defense apparatus, and readable storage medium Download PDFInfo
- Publication number
- CN113360909B CN113360909B CN202110682600.0A CN202110682600A CN113360909B CN 113360909 B CN113360909 B CN 113360909B CN 202110682600 A CN202110682600 A CN 202110682600A CN 113360909 B CN113360909 B CN 113360909B
- Authority
- CN
- China
- Prior art keywords
- sentinel
- file
- virus
- defense
- backup
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a Lesovirus defense method, lesovirus defense equipment and a readable storage medium, which are applied to the field of Internet, wherein the Lesovirus defense method comprises the following steps: receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction; arranging sentinel files in the storage positions corresponding to the layers to be arranged; periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result; and when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold, executing a Lesox virus defense process. Therefore, the invasion condition of the Lesox virus can be rapidly screened and determined, the Lesox virus defense process is timely executed, and the loss caused by Lesox virus invasion is reduced.
Description
Technical Field
The invention relates to the field of internet, in particular to a Lesovirus defense method, lesovirus defense equipment and a readable storage medium.
Background
In the prior art, with the rapid development of the internet communication technology, a plurality of Leso viruses appear, in the existing internet field, leso viruses become one of the key threats of the current internet security, the detection of Leso viruses is difficult at present, the realization difficulty is high, the possibility of mistakenly killing normal processes exists, the update of virus libraries lags, the situation of false alarm and missed report is caused, the complexity of a user service scene is difficult to achieve by adopting a honeypot deployment mode to defend Leso viruses, and the user experience is poor.
Disclosure of Invention
The invention mainly aims to provide a Lesovirus defense method, and aims to solve the technical problem that Lesovirus in the prior art is difficult to detect and prevent.
In order to achieve the above object, the present invention provides a Lesovirus defense method, including the following steps:
receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction;
arranging sentinel files in the storage positions corresponding to the layers to be arranged;
periodically carrying out on-duty detection on the sentinel files, and determining the number of abnormal sentinel files according to the detection result;
and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold.
Wherein, the step of arranging the sentinel document in the storage position corresponding to the hierarchy to be arranged comprises the following steps:
acquiring attribute information of the common file in the storage position corresponding to the to-be-arranged hierarchy;
and correspondingly generating the sentinel file based on the attribute information, and storing the sentinel file in the storage position.
Wherein, after the step of arranging the sentinel documents in the storage positions corresponding to the to-be-arranged hierarchy, the method further comprises the following steps of:
acquiring the storage position and the file name of the sentinel file;
the steps of periodically carrying out on-guard detection on the sentinel documents and determining the number of abnormal sentinel documents according to the detection result comprise:
and periodically carrying out on-guard detection on the sentinel documents based on the storage position and the document name, and determining the number of abnormal sentinel documents according to a detection result.
Wherein, after the step of arranging the sentinel document in the storage position corresponding to the hierarchy to be arranged, the method further comprises the following steps of:
when receiving a sentinel file updating instruction, deleting the sentinel file;
determining an updated to-be-arranged level according to the sentinel file updating instruction, and arranging the updated sentinel file at a storage position corresponding to the updated to-be-arranged level;
and updating the sentinel registration form according to the updated storage position and file name of the sentinel file.
Wherein the Lesovirus defense process comprises at least one of:
outputting a Lesox virus alarm prompt;
carrying out emergency backup according to a preset backup proportion, and generating an emergency backup file according to the preset backup proportion;
a resource consuming process is executed.
The emergency backup is carried out according to a preset backup proportion, and the step of generating an emergency backup file according to the preset backup proportion comprises the following steps:
carrying out emergency backup on the common file at a local designated storage position and/or a cloud server according to a preset backup proportion to generate an emergency backup file;
and writing the file backup path and the backup file name of the emergency backup file in a backup record table.
Wherein, when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold, after the execution of the Lesoxovirus defense process step, the method further comprises the following steps:
receiving a notice of removing the Lesox virus, recovering the encrypted file according to the emergency backup file, and deleting the repeated emergency backup file generated according to a preset proportion;
and deleting the backup record of the deleted emergency backup file in the backup record table.
Wherein, the executing the resource consumption process occupies processor and/or memory resources, and the reducing the Lesox virus intrusion speed comprises:
acquiring the number of abnormal sentinel files, and determining that the number of the abnormal sentinel files is greater than or equal to a severe virus intrusion threshold;
receiving a resource consumption instruction, calling a resource consumption process to execute an intensive infinite loop algorithm, and occupying processor and/or memory resources.
Further, to achieve the above object, the present invention also provides a Lesovirus defense apparatus including: a memory, a processor and a Lesovirus defense program stored on the memory and operable on the processor, the Lesovirus defense program when executed by the processor implementing the steps of the Lesovirus defense method as described above.
The invention also provides a readable storage medium on which a lemonavirus defense program is stored, which when executed by a processor implements the steps of the lemonavirus defense method as described above.
According to the Lesox virus defense method provided by the embodiment of the invention, a sentinel file arrangement instruction is received, and a layer to be arranged is determined according to the sentinel file arrangement instruction; arranging sentinel files in the storage positions corresponding to the layers to be arranged; periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result; and when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold, executing a Lesox virus defense process. The intelligent terminal can effectively detect and position the invasion path of the Leso virus, and can drag the damage speed of the slow Leso virus to the system when the Leso virus maliciously encrypts the terminal file, thereby effectively defending the invasion of the Leso virus.
Drawings
FIG. 1 is a schematic structural diagram of a Lesox virus defense device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart illustrating a Lesovirus defense method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another embodiment of the Lexovirus defense method of the present invention;
FIG. 4 is a schematic flow chart diagram illustrating a Lexus virus defense method according to another embodiment of the present invention;
FIG. 5 is a flow chart of another embodiment of the Lesovirus defense method of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction; arranging sentinel files in the storage positions corresponding to the layers to be arranged; periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result; and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold.
In the prior art, along with the rapid development of the internet communication technology, a plurality of Leso viruses appear, in the existing internet field, leso viruses become one of the key threats of the current internet security, china is one of the most seriously threatened countries by Leso viruses, the detection of Leso viruses is difficult at present, the realization difficulty is high, the possibility of mistakenly killing normal processes exists, the update of virus libraries lags, the condition of misinformation and missing report occurs, the adoption of a honeypot deployment mode for defending Leso viruses cannot achieve the complexity of user service scenes, and the user experience is poor.
The invention provides a solution, which is characterized in that a sentinel file arrangement instruction is received, and a layer to be arranged is determined according to the sentinel file arrangement instruction; arranging sentinel files in the storage positions corresponding to the layers to be arranged; periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result; and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold. The intelligent terminal can effectively detect and position the invasion path of the Leso virus, and can drag the damage speed of the Leso virus to the system when the Leso virus maliciously encrypts the terminal file, thereby effectively defending the invasion of the Leso virus.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a Lesojous virus defense device of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the lasso virus defense device may include: a processor 1001, such as a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein, the communication bus 1002 is used for realizing the connection communication between these components, the user interface 1003 may include a Display screen (Display) and an input unit, and the network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory such as a disk memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
It will be appreciated by those skilled in the art that the hardware configuration of the Leonavirus defense apparatus shown in FIG. 1 does not constitute a limitation of the Leonavirus defense apparatus, and may include more or less components than shown in FIG. 1, or some components in combination, or a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a computer program may be included in the memory 1005, which is one of computer-readable storage media. The operating system is a program for managing and controlling the Lesovirus defense device application program and supports the running of the Lesovirus defense device application program.
In the hardware configuration of the lemonavirus defense apparatus shown in fig. 1, the network interface 1004 is mainly used for accessing a network; the user interface 1003 is mainly used for receiving related operation instructions sent by a user, and the processor 1001 may be configured to invoke a lemonavirus defense program stored in the memory 1005, and perform the following operations:
receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction;
arranging sentinel files in the storage positions corresponding to the layers to be arranged;
periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result;
and when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold, executing a Lesox virus defense process.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
acquiring attribute information of the common file in the storage position corresponding to the to-be-arranged hierarchy;
and correspondingly generating the sentinel file based on the attribute information, and storing the sentinel file in the storage position.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
acquiring the storage position and the file name of the sentinel file;
the steps of periodically carrying out on-guard detection on the sentinel documents and determining the number of abnormal sentinel documents according to the detection result comprise:
and periodically carrying out on-guard detection on the sentinel documents based on the storage position and the document name, and determining the number of abnormal sentinel documents according to a detection result.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
when receiving a sentinel file updating instruction, deleting the sentinel file;
determining an updated to-be-arranged level according to the sentinel file updating instruction, and arranging the updated sentinel file at a storage position corresponding to the updated to-be-arranged level;
and updating the sentinel registration form according to the updated storage position and file name of the sentinel file.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
carrying out emergency backup on the common file at a local designated storage position and/or a cloud server according to a preset backup proportion to generate an emergency backup file;
and writing the file backup path and the backup file name of the emergency backup file in a backup record table.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
receiving a Lesox virus clearing notice, recovering the encrypted file according to the emergency backup file, and deleting the repeated emergency backup file generated according to a preset proportion;
and deleting the backup record of the deleted emergency backup file in the backup record table.
Further, processor 1001 may call a Lesovirus defense routine in memory 1005, and also perform the following operations:
acquiring the number of abnormal sentinel files, and determining that the number of the abnormal sentinel files is greater than or equal to a severe virus intrusion threshold;
receiving a resource consumption instruction, calling a resource consumption process to execute an intensive infinite loop algorithm, and occupying processor and/or memory resources.
Based on the hardware structure of the aforementioned Leonavirus defense device, various embodiments of the Leonavirus defense method of the present invention are presented.
Referring to fig. 2, fig. 2 is a flow chart illustrating a Lesovirus defense method according to an embodiment of the present invention.
In this embodiment, the lemonavirus defense method includes:
step S101: receiving a sentinel file arrangement instruction, determining a to-be-arranged layer according to the sentinel file arrangement instruction, and arranging sentinel files in a storage position corresponding to the to-be-arranged layer;
in this embodiment, the lasso virus defense device may be an intelligent terminal loaded with a lasso virus defense program, and the intelligent terminal includes a mobile terminal or a cloud server. Specifically, after the Lesox virus defense device is powered on and started, a sentinel file arrangement instruction sent by a security operation and maintenance worker through a human-computer interaction interface is received, a to-be-arranged layer carried in the sentinel file arrangement instruction is read, a storage position pointed by the to-be-arranged layer is determined, attribute information of a common file stored in the storage position is read, at least one sentinel file similar to or partially identical to the attribute information of the common file is generated based on the attribute information, and the sentinel file is stored in the storage position. The attribute information of the common file includes at least one or more items of file name, file type, file size, and the like. The sentinel file is a readable file which is similar to or identical to any one or more of the file name, the file type and the file size of the common file in the specified file path and is used for detecting the Lesox virus. And the hierarchy to be arranged is the hierarchical relation of the storage positions in the storage of the sentinel file arranged and designated by the security operation and maintenance personnel. In a specific embodiment, the storage location pointed by the to-be-arranged hierarchy carried in the sentinel file arrangement instruction is a C disk-folder a-subfolder B, and after receiving the sentinel file arrangement instruction, the lemonavirus defense device arranges sentinel files at the storage location corresponding to the corresponding to-be-arranged hierarchy, that is, the sentinel files are arranged in the C disk, the folder a and the subfolder B.
Optionally, the sentinel file is used to intermix with the normal file to detect the presence of a lemonavirus intrusion. Optionally, the number of the sentinel documents and the configured storage positions of the layers to be arranged can be flexibly configured by the security operation and maintenance personnel according to the actual scene requirements, wherein the more the sentinel documents are, the higher the security is.
Specifically, the lemonade virus defense device is further provided with a sentinel registry in advance, the sentinel registry is a readable and writable file recording the name of the sentinel file and the storage location corresponding to the sentinel file, and optionally, in a specific embodiment, the sentinel registry is a database file. After sentinel files are arranged at the storage positions corresponding to the specified layers to be arranged according to sentinel file arrangement instructions sent by the security operation and maintenance personnel, the names of the sentinel files which are arranged completely and the storage positions where the sentinel files are arranged are registered in a sentinel registry so as to update the sentinel file information stored in the sentinel registry. Alternatively, the sentinel registry may be located in the Lesovirus defense device or other intelligent terminal.
Arrangement S201: periodically carrying out on-guard detection on the sentinel documents, and determining the number of abnormal sentinel documents according to the detection result;
and after the sentinel virus defense device finishes arranging the sentinel files at the storage position corresponding to the arrangement level, starting an on-guard detection process of the sentinel files, reading the storage position and the file name of the sentinel files in the sentinel registry, periodically carrying out on-guard detection on the arranged sentinel files based on the storage position and the file name of the sentinel files, and determining whether the sentinel files can be normally accessed. Specifically, after the Lesox virus defense device is powered on and started, a scanning period of the sentinel file in the sentry detection process is preset, and the Lesox virus defense device periodically scans the sentinel file in the background according to the preset scanning period to obtain an access result of the sentinel file. If the background can normally start the sentinel file, the sentinel file is determined to be a normal sentinel file, if the background starts the sentinel file, the sentinel file is encrypted and cannot be accessed, or the sentinel file under the preset file directory is tampered/deleted, and the sentinel file is marked to be an abnormal sentinel file. And the Lesox virus defense equipment determines the number of abnormal sentinel files according to the detection result of the on-duty detection process. Optionally, in a specific embodiment, the scanning period preset by the lasso virus defense device is 5 minutes, the lasso virus defense device performs background scanning access to the sentinel files recorded in the sentinel registry every 5 minutes, determines the on-guard condition of the sentinel files, and determines whether abnormal sentinel files exist, where the abnormal sentinel files include sentinel files that cannot be accessed in any abnormal condition of being encrypted, being tampered, or being deleted.
Step S301: and executing a Lesoxhlet virus defense process when the number of the abnormal sentinel files is greater than or equal to a preset virus intrusion threshold.
In this embodiment, the lemonavirus defense device presets at least one preset virus intrusion threshold, and sets different virus intrusion thresholds according to different lemonavirus intrusion levels. Wherein, the virus intrusion threshold is an abnormal sentinel file quantity threshold corresponding to a certain Lesovirus alarm level. The more abnormal sentinel files corresponding to the virus intrusion threshold, the higher the Lesox virus intrusion level.
Specifically, the Lesox virus defense device periodically detects the arranged sentinel documents on the spot, acquires the number of abnormal sentinel documents, determines the virus intrusion threshold corresponding to the number of abnormal sentinel documents in the period, thereby determining the corresponding Lesox virus intrusion level, and executes the corresponding Lesox virus defense process according to the Lesox virus intrusion level.
Optionally, the preset virus intrusion threshold includes a suspected virus intrusion threshold, a general virus intrusion threshold, and a severe virus intrusion threshold.
Optionally, the lemonavirus defense process includes outputting a lemonavirus alarm prompt; and carrying out emergency backup according to a preset backup proportion, and generating an emergency backup file and executing at least one defense measure in a resource consumption process according to the preset backup proportion.
Optionally, the preset suspected virus intrusion threshold is that an abnormal sentinel file exists, when the strangle virus defense device detects that the quantity of the abnormal sentinel files is greater than or equal to one and does not exceed the next preset virus intrusion threshold, the virus intrusion threshold corresponding to the quantity of the abnormal sentinel files is determined as the suspected virus intrusion threshold, the corresponding strangle virus intrusion level is determined as the suspected strangle virus intrusion level, and a suspected strangle virus alarm corresponding to the suspected strangle virus intrusion level is sent to the security operation and maintenance personnel. Optionally, in a specific embodiment, the number of access failures corresponding to the suspected alarm reporting threshold is 1, and the suspected leson virus alarm is to send a leson virus alarm mail to the specified mailbox or send leson virus alarm information to the specified mailbox. The designated terminal and the designated mailbox are an intelligent terminal and an electronic mailbox associated with the safety operation and maintenance personnel.
Optionally, the preset general virus intrusion threshold is that 3 abnormal sentinel files exist, when the luxo virus defense device detects that the number of the abnormal sentinel files is greater than or equal to the general virus intrusion threshold and does not exceed the next preset virus intrusion threshold, the corresponding luxo virus intrusion level is determined to be the general luxo virus intrusion level, a general luxo virus alarm is sent to the security operation and maintenance personnel, a luxo virus defense process corresponding to the general luxo virus intrusion is executed, and a file emergency backup process is executed. Optionally, the general lemonavirus alarm includes sending lemonavirus alarm mail to a designated mailbox, sending lemonavirus alarm information to a designated terminal, and sending an audible and visual alarm in a large screen of the situation awareness system. Alternatively, in another embodiment, the general virus intrusion threshold may be 30% of the number of abnormal sentinel files in the total sentinel files.
Optionally, the preset severe virus intrusion threshold is that 5 abnormal sentinel files exist, when the sentinel virus defense device detects that the abnormal sentinel file is greater than or equal to the preset severe virus intrusion threshold, the corresponding sentinel virus intrusion level is determined to be the severe sentinel virus intrusion level, a severe sentinel virus alarm is sent to the security operation and maintenance personnel, a sentinel virus defense process corresponding to the severe sentinel virus intrusion is executed, a file emergency backup operation is executed, a resource consumption process is started, and the invasion speed of the lentivirus is dragged. First, in another embodiment, the severe virus intrusion threshold may also be 50% of the number of abnormal sentinel documents compared to the total number of sentinel documents.
Optionally, each virus intrusion threshold corresponding to the abnormal sentinel file can be set by the security operation and maintenance personnel according to actual requirements, optionally, the number of the abnormal sentinel files can be set, and each virus intrusion threshold can be correspondingly set according to the percentage of the number of the abnormal sentinel files in the whole sentinel file.
Optionally, when receiving a general or severe lasso virus alarm, the security operation and maintenance personnel send a security mode switching instruction to the lasso virus defense device, control the lasso virus defense device to switch to the security mode, and confirm the lasso virus in the security mode and perform a lasso virus removal operation.
In the embodiment, the Lesox virus defense device arranges the sentinel files at the storage position corresponding to the layer to be arranged and periodically performs on-duty detection on the sentinel files to determine whether the device is invaded by Lesox viruses, determines whether the number of the abnormal sentinel files is greater than or equal to a preset virus invasion threshold when the abnormal sentinel files which cannot be accessed are detected in the current period, determines the Lesox virus invasion level, selects a corresponding Lesox virus alarm mode according to the difference of the Lesox virus invasion level and executes a corresponding Lesox virus defense process to perform Lesox virus defense, thereby effectively detecting and positioning the invasion storage position of the Lesox viruses, and can drag the damage speed of the Lesox viruses to the system when the Lesox viruses maliciously encrypt the terminal files, thereby effectively defending the invasion of the Lesox viruses and reducing the damage degree of the Lesox virus invasion.
Referring to fig. 3, fig. 3 is a flow chart of another embodiment of the method for protecting against a lemonavirus according to the present invention.
Based on the aforementioned lemonavirus defense method, in this embodiment, the lemonavirus defense method further includes:
step S311: backing up a local appointed file directory and/or a cloud server according to a preset backup proportion, and generating an emergency backup file according to the preset backup proportion;
step S312: and writing the file backup path and the backup file name of the emergency backup file in a backup record table.
As shown in fig. 3, in this embodiment, when detecting that the number of abnormal sentinel files is greater than or equal to the preset general virus intrusion threshold, the lasso virus defense device starts a file emergency backup process and performs a file emergency backup operation.
Optionally, after the Legonaire virus defense device is started up at power-on, a file emergency backup ratio is preset for reducing the risk of Legonaire viruses, specifically, when the Legonaire virus defense device is invaded by Legonaire viruses, the Legonaire virus defense device backs up files according to the preset file emergency backup ratio, so that even if part of files or emergency backup files obtained by emergency backup are tampered or encrypted and locked by Legonaire viruses, emergency backup files which are not encrypted and locked may exist, which is convenient for subsequent recovery, thereby reducing the harm of Legonaire viruses.
Optionally, the file emergency backup includes a local emergency backup and a cloud emergency backup. Optionally, when detecting that the number of abnormal sentinel files is greater than or equal to the common virus intrusion threshold, the Lesoxhlet virus defense device performs local emergency backup at the storage location where the sentinel files are located, performs emergency backup on the files at the storage location according to a preset file emergency backup proportion, and generates a plurality of emergency backup files. Optionally, the lemonavirus defense device may further preset a designated emergency backup storage location, and store the emergency backup file in the emergency backup storage location.
Optionally, in another embodiment, when detecting that the number of abnormal sentinel files is greater than or equal to the general virus intrusion threshold, the lemonavirus defense device sends a cloud emergency backup instruction to a designated cloud server, where the cloud emergency backup instruction carries a file to be backed up and an instruction of a preset file emergency backup ratio, and when receiving the cloud emergency backup instruction, the motion server copies the corresponding file according to the preset file emergency backup ratio to generate an emergency backup file.
Optionally, the emergency backup ratio may be 1: and N (N is more than or equal to 1), wherein the N can be self-defined and configured by safety operation and maintenance personnel according to the requirements of the actual application scene.
Specifically, the lemonade virus defense device is further provided with a backup record table, and after the lemonade virus carries out file emergency backup on the files, the file backup path and the backup file names of the emergency backup files are stored in the backup record table.
Optionally, after the safe operation and maintenance personnel clear the lasso virus, a lasso virus clearing notification is sent to the lasso virus defense device, and after receiving the lasso virus clearing notification, the lasso virus defense device calls the emergency backup file to restore the encrypted file encrypted by the lasso virus, deletes the repeated emergency backup file generated according to the preset emergency backup proportion, and deletes the backup record of the repeated emergency backup file in the backup record table.
Optionally, when the safety operation and maintenance personnel confirm that the lasso virus defense device has the lasso virus false alarm condition, an emergency backup file deletion instruction is sent to the lasso virus, the lasso virus defense device is controlled to delete the repeated emergency backup files generated according to the preset emergency backup proportion, and the backup records of the deleted emergency backup files are deleted in the backup record table.
In this embodiment, when detecting the invasion of the lemonavirus, the lemonavirus defense device performs emergency backup on the file according to a preset emergency backup ratio to generate at least one emergency backup file, and after the lemonavirus is removed, restores the file through the emergency backup file, thereby reducing the invasion risk of the lemonavirus.
Referring to fig. 4, fig. 4 is a schematic flow chart of another embodiment of the Lesovirus defense method of the present invention.
Based on the aforementioned lemonavirus defense method, in this embodiment, the lemonavirus defense method further includes:
step S321: acquiring the number of abnormal sentinel files, and determining that the number of the abnormal sentinel files is greater than or equal to a severe virus intrusion threshold;
step S322: and receiving a resource consumption instruction, calling a resource consumption process to execute an intensive infinite loop algorithm, and occupying processor and/or memory resources.
As shown in fig. 4, in this embodiment, when detecting that the number of abnormal sentinel files is greater than or equal to the serious virus intrusion threshold, the lasso virus defense device issues a serious lasso virus alarm and starts a resource consumption process.
Specifically, the lemonavirus defense device presets a resource consumption process for lemonavirus intrusion, and the resource consumption process comprises at least one intensive infinite loop calculation algorithm, so that the process can occupy a large amount of resources of a processor and a memory during execution, the invasion speed of the lemonavirus is reduced, and security personnel can have enough time to clear the lemonavirus.
Specifically, when detecting that the number of abnormal sentinel files is greater than or equal to a serious virus intrusion threshold, the Lessovirus defense device determines that the corresponding Lessovirus intrusion level is the serious Lessovirus intrusion level, sends a serious Lessovirus alarm to the security operation and maintenance personnel, receives a resource consumption process starting instruction sent by the security operation and maintenance personnel when receiving the serious Lessovirus alarm, and after receiving the resource consumption process starting instruction, the Lessovirus defense device starts the resource consumption process and executes intensive infinite loop calculation in the resource consumption process, so that terminal resources of the Lessovirus defense device are occupied, slow Lessovirus encryption is locked, and damage caused by Lessovirus intrusion is reduced.
Optionally, the security operation and maintenance personnel may also set that the resource consumption process is automatically started when the lasso virus defense device detects a serious lasso virus alarm level, so as to timely defend the lasso virus intrusion.
Specifically, after the resource consumption process is started, a security mode switching instruction sent by the security operation and maintenance personnel is received, the lasso virus defense device is controlled to be switched to the security mode, and an operation instruction of the security operation and maintenance personnel is received in the security mode, so that the operation of removing the lasso virus is executed.
In this embodiment, the lemonavirus defense device generates a resource consumption process, and when it is detected that the number of access failures of the sentinel file is greater than or equal to the critical alarm reporting threshold, the resource consumption process is run, so that the terminal resources of the lemonavirus defense device are consumed, the intrusion encryption speed of the lentivirus on the lemonavirus defense device is slowed, the security mode is entered, and the lemonavirus is deleted in the security mode, so that the lemonavirus is effectively defended, and the harm of the lemonavirus intrusion is reduced.
Referring to fig. 5, fig. 5 is a schematic flow chart of another embodiment of the method for protecting against a Lexovirus according to the present invention.
Based on the above embodiment, in this embodiment, the lemonavirus defense method further includes:
step S401, when a sentinel file updating instruction is received, deleting the sentinel file;
step S402: determining an updated to-be-arranged level according to the sentinel file updating instruction, and arranging the updated sentinel file at a storage position corresponding to the updated to-be-arranged level;
step S403: and updating the sentinel registration form according to the updated storage position and file name of the sentinel file.
As shown in fig. 5, in this embodiment, in order to prevent a soldier file from being penetrated by a lemonade virus and thus breaking the arrangement rule of the sentinel file, the lemonade virus defense device receives a sentinel file update instruction sent by a security operation and maintenance worker, deletes the sentinel file that has exceeded a preset on-guard time, rearranges at least one accessible sentinel file at a storage location corresponding to a to-be-distributed level specified in the sentinel file update instruction again to be mixed with a normal file, and detects whether the sentinel virus or other bad programs invade the sentinel file by detecting the state of the sentinel file. Optionally, the preset on duty time can be set by safety operation and maintenance personnel according to actual requirements in a self-defined manner.
Optionally, after deleting the sentinel document with the on-guard time greater than or equal to the preset on-guard time and generating a new sentinel document, the storage location of the updated sentinel document and the corresponding updated sentinel document name are entered into the emptied sentinel registry.
In this embodiment, the lasso virus defense device deletes the sentinel documents that are greater than or equal to the preset sentry time, regenerates new sentinel documents, and updates the generated sentinel document information to the sentinel registry for query, thereby avoiding the rule that the lasso virus permeates the sentinel documents and effectively detecting the intrusion of the lasso virus.
Further optionally, in order to achieve the above object, the present invention further provides a computer-readable storage medium, where a lemonavirus defense program is stored on the readable storage medium provided in this embodiment, and the stored lemonavirus defense program can be read, interpreted, and executed by a processor, so as to implement any step of the lemonavirus defense method in any of the lemonavirus defense method embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, pharmaceutical, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for causing a terminal device to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present invention or directly or indirectly applied to other related technical fields are also included in the scope of the present invention.
Claims (8)
1. A method of protecting against a lemonavirus, the method comprising the steps of:
receiving a sentinel file arrangement instruction, and determining a layer to be arranged according to the sentinel file arrangement instruction;
acquiring attribute information of the common file in the storage position corresponding to the to-be-arranged hierarchy;
correspondingly generating a sentinel file based on the attribute information, and storing the sentinel file in the storage position;
recording the file name of the sentinel file and the corresponding storage position in a sentinel registry;
periodically carrying out on-guard detection on the sentinel documents according to the sentinel registration form, and determining the number of abnormal sentinel documents according to a detection result; the periodic on-guard detection of the sentinel document comprises periodic access to the sentinel document, the detection result comprises an access result of the sentinel document, and the abnormal sentinel document is a sentinel document which is encrypted and cannot be accessed, tampered or deleted;
when the number of the abnormal sentinel files is larger than or equal to a preset virus intrusion threshold, executing a Lesoxhlet virus defense process;
wherein the executing of the Lesovirus defense process comprises:
when the number of the abnormal sentinel files is more than or equal to one and less than three, outputting a Lesox virus alarm prompt;
when the number of the abnormal sentinel files is more than or equal to three and less than five, controlling the Lesojous virus defense equipment to switch to a safety mode, outputting the Lesojous virus alarm prompt, carrying out emergency backup according to a preset backup proportion, and generating an emergency backup file according to the preset backup proportion;
and when the number of the abnormal sentinel files is more than or equal to five, controlling the Lesoxhlet virus defense equipment to switch to the safety mode, outputting a Lesoxhlet virus alarm prompt, carrying out emergency backup according to a preset backup proportion, generating an emergency backup file according to the preset backup proportion and executing a resource consumption process.
2. The Lexovirus defense method of claim 1, wherein said step of correspondingly generating a sentinel file based on said attribute information and saving said sentinel file in said storage location further comprises:
acquiring the storage position and the file name of the sentinel file;
the steps of periodically carrying out on-guard detection on the sentinel documents and determining the number of abnormal sentinel documents according to the detection result comprise:
and periodically carrying out on-duty detection on the sentinel files based on the storage position and the file name, and determining the number of abnormal sentinel files according to a detection result.
3. The Lexovirus defense method of claim 2, wherein said step of correspondingly generating a sentinel file based on said attribute information and saving said sentinel file in said storage location further comprises:
when receiving a sentinel file updating instruction, deleting the sentinel file;
determining an updated to-be-arranged level according to the sentinel file updating instruction, and arranging the updated sentinel file at a storage position corresponding to the updated to-be-arranged level;
and updating the sentinel registration form according to the storage position and the file name of the updated sentinel file.
4. The Leso virus defense method as claimed in claim 1, wherein the emergency backup is performed according to a preset backup ratio, and the step of generating an emergency backup file according to the preset backup ratio comprises:
carrying out emergency backup on the common file at a local designated storage position and/or a cloud server according to a preset backup proportion to generate an emergency backup file;
and writing the file backup path and the backup file name of the emergency backup file in a backup record table.
5. The Lessovirus defense method according to claim 4, wherein said step of performing a Lessovirus defense process when the number of said exception sentinel files is greater than or equal to a predetermined virus intrusion threshold, further comprises:
receiving a Lesox virus clearing notice, recovering the encrypted file according to the emergency backup file, and deleting the repeated emergency backup file generated according to a preset proportion;
and deleting the backup record of the deleted emergency backup file in the backup record table.
6. The Lexus virus defense method of claim 1, wherein the performing a resource consuming process step comprises:
acquiring the number of abnormal sentinel files, and determining that the number of the abnormal sentinel files is greater than or equal to a severe virus intrusion threshold;
receiving a resource consumption instruction, calling a resource consumption process to execute an intensive infinite loop algorithm, and occupying processor and/or memory resources.
7. A lemonavirus defense apparatus, characterized in that the lemonavirus defense apparatus comprises a memory, a processor and a lemonavirus defense program stored on the memory and executable on the processor, the processor implementing the steps of the lemonavirus defense method according to any one of claims 1 to 6 when executing the lemonavirus defense program.
8. A readable storage medium, having stored thereon a lemonavirus defense program which, when executed by a processor, implements the steps of the lemonavirus defense method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110682600.0A CN113360909B (en) | 2021-06-17 | 2021-06-17 | Lesovirus defense method, lesovirus defense apparatus, and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110682600.0A CN113360909B (en) | 2021-06-17 | 2021-06-17 | Lesovirus defense method, lesovirus defense apparatus, and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113360909A CN113360909A (en) | 2021-09-07 |
| CN113360909B true CN113360909B (en) | 2022-10-28 |
Family
ID=77535189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110682600.0A Active CN113360909B (en) | 2021-06-17 | 2021-06-17 | Lesovirus defense method, lesovirus defense apparatus, and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113360909B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116415240A (en) * | 2021-12-31 | 2023-07-11 | 华为云计算技术有限公司 | Lexovirus detection method and related system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106484570A (en) * | 2016-10-28 | 2017-03-08 | 福建平实科技有限公司 | A kind of backpu protecting method and system extorting software document data for defence |
| CN110851833A (en) * | 2019-11-18 | 2020-02-28 | 深信服科技股份有限公司 | Lesovirus detection method, device and related equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7940755B2 (en) * | 2009-03-19 | 2011-05-10 | Wisconsin Alumni Research Foundation | Lookup engine with programmable memory topology |
| US10742665B2 (en) * | 2016-02-01 | 2020-08-11 | NortonLifeLock Inc. | Systems and methods for modifying file backups in response to detecting potential ransomware |
| US20180248896A1 (en) * | 2017-02-24 | 2018-08-30 | Zitovault Software, Inc. | System and method to prevent, detect, thwart, and recover automatically from ransomware cyber attacks, using behavioral analysis and machine learning |
| CN109472139B (en) * | 2017-12-25 | 2022-04-19 | 北京安天网络安全技术有限公司 | Method and system for preventing Lesox virus from secondarily encrypting host document |
-
2021
- 2021-06-17 CN CN202110682600.0A patent/CN113360909B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106484570A (en) * | 2016-10-28 | 2017-03-08 | 福建平实科技有限公司 | A kind of backpu protecting method and system extorting software document data for defence |
| CN110851833A (en) * | 2019-11-18 | 2020-02-28 | 深信服科技股份有限公司 | Lesovirus detection method, device and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113360909A (en) | 2021-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7673324B2 (en) | Method and system for tracking an operating performed on an information asset with metadata associated therewith | |
| CN113515433B (en) | Alarm log processing method, device, equipment and storage medium | |
| US7478250B2 (en) | System and method for real-time detection of computer system files intrusion | |
| RU2693188C1 (en) | Control method and unit for portable storage devices and storage medium | |
| CN101888311B (en) | Equipment, method and system for preventing network contents from being tampered | |
| US20110197277A1 (en) | System and method for prioritizing computers based on anti-malware events | |
| CN109815700B (en) | Application program processing method and device, storage medium and computer equipment | |
| CN106503551A (en) | A kind of for the processing method and system of extorting software | |
| CN111597382A (en) | Network security auditing method and system | |
| CN105528543A (en) | Remote antivirus method, client, console and system | |
| CN113360909B (en) | Lesovirus defense method, lesovirus defense apparatus, and readable storage medium | |
| US7424742B1 (en) | Dynamic security events and event channels in a network security system | |
| JP2001142764A (en) | Log file protecting system | |
| CN109639726A (en) | Intrusion detection method, device, system, equipment and storage medium | |
| CN111090857B (en) | Method for defending file from malicious software attack, computer system and recording medium | |
| KR100458550B1 (en) | Data delete detecting and recovering system and methode thereof | |
| CN115292740A (en) | Method and device for managing clipboard and nonvolatile storage medium | |
| US11971989B2 (en) | Computer recovery system | |
| CN116185785A (en) | Early warning method and device for file abnormal change | |
| CN116204876A (en) | Abnormality detection method, apparatus, and storage medium | |
| US20060242707A1 (en) | System and method for protecting a computer system | |
| KR102182397B1 (en) | Web Service Protection and Automatic Recovery Method and System Thereof | |
| US20180330082A1 (en) | Preserving system integrity using file manifests | |
| US20240256658A1 (en) | Protecting data against malware attacks using cyber vault and automated airgap control | |
| CN114640529B (en) | Attack protection method, apparatus, device, storage medium and computer program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |