CN114091017A - Computer software defense method and device, computer equipment and storage medium - Google Patents
Computer software defense method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114091017A CN114091017A CN202111384688.4A CN202111384688A CN114091017A CN 114091017 A CN114091017 A CN 114091017A CN 202111384688 A CN202111384688 A CN 202111384688A CN 114091017 A CN114091017 A CN 114091017A
- Authority
- CN
- China
- Prior art keywords
- file
- target
- target file
- stored
- preset storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a computer software defense method, a computer software defense device, computer equipment and a storage medium, relates to the technical field of computational security, and is used for ensuring that software can recover normal operation when being maliciously modified by the outside and improving the computer software defense effect. The method mainly comprises the following steps: acquiring a target file stored in a target position in software to be defended according to a preset time interval; generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position; determining whether a file feature identifier corresponding to the target file is stored in a preset storage position; if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position; and if the preset storage position stores the file characteristic identification corresponding to the target file, determining that the content in the target file is not tampered.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a computer software defense method, an apparatus, a computer device, and a storage medium.
Background
The existing computer software rarely considers the safety problem of the existing computer software at the beginning of design, the protection scheme and the technical means are few, the safety of the existing computer software cannot be actively detected depending on a safety mechanism provided by an external environment, such as a special machine, and the like, when the existing computer software runs in an environment with missing external protection, the safety of the existing computer software cannot be guaranteed, the risk of file replacement and the like is met, the software is cracked slightly to cause property loss of developers, and serious safety accidents are generated seriously to influence the life safety of people and the national defense construction of the country.
Disclosure of Invention
The embodiment of the application provides a computer software defense method, a computer software defense device, computer equipment and a storage medium, which are used for ensuring that the software can be recovered to normally run when being modified by external malicious modification, and improving the computer software defense effect.
The embodiment of the invention provides a computer software defense method, which comprises the following steps:
acquiring a target file stored in a target position in software to be defended according to a preset time interval;
generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position;
determining whether a file feature identifier corresponding to the target file is stored in a preset storage position;
if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position;
and if the preset storage position stores a file characteristic identifier corresponding to the target file, determining that the content in the target file is not tampered.
The embodiment of the invention provides a computer software defense device, which comprises:
the acquisition module is used for acquiring a target file stored in a target position in the software to be defended according to a preset time interval;
the generating module is used for generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position;
the determining module is used for determining whether a file feature identifier corresponding to the target file is stored in a preset storage position;
the determining module is further configured to determine that the content in the target file is tampered if the preset storage location does not store the file feature identifier corresponding to the target file;
the recovery module is used for recovering the target file stored in the target position according to the backup target file stored in the preset storage position;
the determining module is further configured to determine that the content in the target file is not tampered if the preset storage location stores a file feature identifier corresponding to the target file.
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the computer software defense method when executing the computer program.
A computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, carries out the computer software defense method as described above.
A computer program product comprising a computer program which, when executed by a processor, implements the computer software defense method described above.
The invention provides a computer software defense method, a computer software defense device, computer equipment and a storage medium, wherein a target file stored in a target position in software to be defended is obtained according to a preset time interval; generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position; determining whether a file feature identifier corresponding to the target file is stored in a preset storage position; if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position; and if the preset storage position stores the file characteristic identification corresponding to the target file, determining that the content in the target file is not tampered. The method for checking the file characteristics is used for comparing whether the target file is maliciously tampered, and a mechanism of local backup or cloud storage of the source file is added, so that the normal operation of the software can be recovered when the software is maliciously modified by the outside, and the defense effect of the computer software is further improved.
Drawings
FIG. 1 is a flow chart of a computer software defense method provided by the present application;
FIG. 2 is a flow chart of another computer software defense method provided by the present application;
fig. 3 is a schematic structural diagram of a computer software defense apparatus provided in the present application.
Fig. 4 is a schematic diagram of a computer device provided in the present application.
Detailed Description
In order to better understand the technical solutions described above, the technical solutions of the embodiments of the present application are described in detail below with reference to the drawings and the specific embodiments, and it should be understood that the specific features of the embodiments and the embodiments of the present application are detailed descriptions of the technical solutions of the embodiments of the present application, and are not limitations of the technical solutions of the present application, and the technical features of the embodiments and the embodiments of the present application may be combined with each other without conflict.
Referring to fig. 1, a computer software defense method according to an embodiment of the present invention includes steps S101 to S105:
step S101, acquiring a target file stored in a target position in software to be defended according to a preset time interval.
The preset time interval may be set according to actual requirements, for example, the preset time interval may be set to 1 hour, 5 hours, or 10 hours, and the embodiment is not particularly limited. Furthermore, the preset time interval can be set according to the activity of the software to be defended, and the higher the activity is, the shorter the preset time interval can be set; conversely, the lower the activity, the longer the preset time interval can be set.
In this embodiment, the software to be defended may be any application program or application software, and specifically may be social software, video software, entertainment software, learning software, and the like.
In an optional embodiment provided by the invention, before acquiring the target file stored in the target location in the software to be protected according to the preset time interval, the method further includes:
and S1011, acquiring software defense strategy information.
The software defense strategy information comprises software to be defended and a target file stored in a target position in the software to be defended, wherein the target file is software needing defense.
S1012, generating a file feature identifier corresponding to the target file according to the file content of the target file.
In this embodiment, the file feature identifier corresponding to the target file may be generated through a Message Digest Algorithm (MD 5) or a cryptographic hash Algorithm SM3, and the specific manner of generating the file feature identifier is not limited in this embodiment.
And S1013, storing the target file and the file characteristic identifier in a preset storage position in a corresponding backup manner.
The preset storage location may be a local storage location, a cloud storage location, or another storage location.
In this embodiment, after the software defense policy information is acquired, the file feature identifier corresponding to the target file is generated according to the file content of the target file in the software defense policy information, and then the file feature identifier corresponding to the target file is generated from the file content of the target file, so that whether the target file is tampered or not is determined in the subsequent steps according to the backed-up file feature identifier, and the tampered target file is restored according to the backed-up template file, so that the software to be defended can be rapidly restored to normal operation when being maliciously modified by the outside.
And step S102, generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position.
Note that the file feature identifier corresponding to the target file generated in step S102 is identical to the file feature identifier generated in step S1012. That is, after receiving the software defense policy information, if the file content of the target file is calculated by using the MD5 algorithm to obtain the file feature identifier corresponding to the target file, when monitoring the software to be defended, the file content of the target file stored in the target location needs to be calculated by using the MD5 algorithm to obtain the file feature identifier corresponding to the target file, so as to compare the two file feature identifiers, and determine whether the target file is tampered based on the comparison result.
Step S103, determining whether a file feature identifier corresponding to the target file is stored in the preset storage position.
And step S104, if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and restoring the target file stored in the target position according to the backed-up target file stored in the preset storage position.
Step S105, if the preset storage position stores the file feature identification corresponding to the target file, determining that the content in the target file is not tampered.
For example, the software to be defended is a piece of video software, a target file A stored in a target position in the software needs to be monitored, the target file A is obtained according to a preset time interval, then a file feature identifier is generated based on the content of the currently obtained target file A, then whether the file feature identifier is stored in a preset storage position is inquired, and if the file feature identifier is stored in the preset storage position, the target file A is not tampered; if the file feature identifier is not stored in the preset storage position, it is indicated that the content in the target file a has been tampered, so that the file feature identifier generated according to the content of the target file a does not correspond to the file feature identifier stored in the preset storage position, and at this time, the target file stored in the target position needs to be restored according to the backup target file stored in the preset storage position, thereby ensuring that the software can be restored to normal operation when being modified by external malicious intent.
Furthermore, the embodiment can also record the running state of the software to be defended, operation records and other information, and can also perform statistical analysis and the like on the data of the module while facilitating the system administrator to maintain the system.
The embodiment of the invention provides a computer software defense method, which comprises the steps of acquiring a target file stored in a target position in software to be defended according to a preset time interval; generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position; determining whether a file feature identifier corresponding to the target file is stored in a preset storage position; if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position; and if the preset storage position stores the file characteristic identification corresponding to the target file, determining that the content in the target file is not tampered. The method for checking the file characteristics is used for comparing whether the target file is maliciously tampered, and a mechanism of local backup or cloud storage of the source file is added, so that the normal operation of the software can be recovered when the software is maliciously modified by the outside, and the defense effect of the computer software is further improved.
Referring to fig. 2, another computer software defense method according to an embodiment of the present invention includes steps S201 to S209:
in step S201, a file name of a target file stored in a target location is acquired.
In this embodiment, the file name of the target file further includes file type information. For example, the file name of the target file may be: file 1.doc, file 1.pdf, file 2.jpg, file 3.jpg, etc.
Step S202, whether the file name of the target file is stored in the preset storage position is determined.
The preset storage position is correspondingly stored with a file characteristic identification, a file name and a backed-up target file.
In step S203, if the file name of the target file is not stored in the preset storage location, it is determined that the file name of the target file is tampered.
For example, the preset storage location stores therein a target file: file 1, doc, file 2, jpg, and file feature identifier and file name corresponding to the above files respectively. If the file name of the target file stored in the target position is the file 2.doc, the file name of the preset storage position is inquired, the fact that the file name of the preset storage position is not stored as the file 2.doc can be determined, and at the moment, the fact that the file name of the target file is tampered can be determined.
Step S204, generating a file characteristic mark according to the file content in the tampered target file.
Step S205, determining whether the preset storage location stores the generated file feature identifier.
In step S206, if the generated file feature identifier is stored in the preset storage location, the file name of the target file is recovered according to the file name corresponding to the file feature identifier in the preset storage location.
For the embodiment of the present invention, after it is determined that the file name of the target file is tampered with, it is further determined whether the file content in the target file is tampered with. Specifically, a file feature identifier is generated according to file content in a target file with a tampered file name, then whether a preset storage position stores the file name corresponding to the generated file feature identifier or not is determined, if the preset storage position stores the generated file feature identifier, it is stated that the file content in the target file with the tampered file name is not tampered, and at this time, the file name of the target file needs to be restored according to the file name corresponding to the file feature identifier in the preset storage position.
Step S207, if the generated file feature identifier is not stored in the preset storage location, calculating the file similarity between the tampered target file of the file name and each backed-up target file in the preset storage location.
Further, if the generated file feature identifier is not stored in the preset storage location, the file name and the file content of the target file are tampered, and at this time, the file similarity needs to be calculated to determine the source file corresponding to the tampered file, so that the tampered target file can be restored according to the source file.
Specifically, in this embodiment, the source file corresponding to the tampered file in the preset storage location is determined by calculating the file similarity between the tampered target file and each backed-up target file in the preset storage location.
And S208, restoring the target file stored in the target position according to the backup target file with the highest file similarity and the file similarity exceeding the preset numerical value in the preset storage position.
The preset value can be set according to requirements, for example, the preset value is set to 80%, 90%, or 95%. In this embodiment, if a backup target file with a file similarity exceeding a preset value exists in the preset storage location, it is described that the preset storage location includes a source file of a tampered file, and at this time, the target file stored in the target location needs to be restored according to the backup target file with the highest file similarity; if the backup target file with the file similarity exceeding the preset value does not exist in the preset storage position, inquiring the file name of each backup target file in the preset storage position and the file name of each target file in the target position, and restoring the file corresponding to the target position through the target file of which the storage position is not preset by the file name in the target position.
For example, the target location includes a file name: file 1.doc, file 2.pdf, file 4. jpg; the preset storage location includes file names: and if the files 1, doc, 2, pdf and 3, jpg are not corresponding to the file name in the preset storage position after the files 4, jpg in the target position are inquired, the files 4, jpg in the target position can be replaced by the files 3, jpg in the preset storage position, so that the recovery of the corresponding files in the target position is achieved.
Step S209, if the file name of the target file is stored in the preset storage location, generating a file feature identifier corresponding to the target file according to the file content in the target file stored in the target location.
For this embodiment, if the file name of the target file is stored in the preset storage location, generating a file feature identifier corresponding to the target file according to the file content in the target file stored in the target location, and then determining whether the preset storage location stores the file feature identifier corresponding to the target file; if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position; and if the preset storage position stores the file characteristic identification corresponding to the target file, determining that the content in the target file is not tampered.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In one embodiment, a computer software defense device is provided, which corresponds to the computer software defense method in the above embodiments one to one. As shown in fig. 3, the functional modules of the computer software defense device are described in detail as follows:
the acquiring module 31 is configured to acquire a target file stored in a target location in software to be protected according to a preset time interval;
a generating module 32, configured to generate a file feature identifier corresponding to the target file according to file content in the target file stored in the target location;
a determining module 33, configured to determine whether a file feature identifier corresponding to the target file is stored in a preset storage location;
the determining module 33 is further configured to determine that the content in the target file is tampered if the preset storage location does not store the file feature identifier corresponding to the target file;
a restoring module 34, configured to restore the target file stored in the target location according to the backed-up target file stored in the preset storage location;
the determining module 33 is further configured to determine that the content in the target file is not tampered if the preset storage location stores the file feature identifier corresponding to the target file.
In an optional embodiment, the apparatus further comprises: a backup module 35;
the acquiring module 31 is further configured to acquire software defense policy information, where the software defense policy information includes software to be defended and a target file stored in a target location in the software to be defended;
the generating module 32 is further configured to generate a file feature identifier corresponding to the target file according to the file content of the target file;
the backup module 35 is configured to store the target file and the file feature identifier in a preset storage location in a corresponding backup manner.
In an optional embodiment, the obtaining module 31 is further configured to obtain a file name of a target file stored in the target location;
the determining module 33 is further configured to determine whether a file name of the target file is stored in the preset storage location;
the determining module 33 is further configured to determine that the file name of the target file is tampered if the file name of the target file is not stored in the preset storage location.
In an optional embodiment, the generating module 32 is further configured to generate a file feature identifier according to file contents in the target file with a tampered file name;
the determining module 33 is further configured to determine whether the preset storage location stores a file name corresponding to the generated file feature identifier;
the restoring module 34 is further configured to restore the file name of the target file according to the file name corresponding to the generated file feature identifier if the preset storage location stores the file name corresponding to the generated file feature identifier, where the preset storage location stores the file feature identifier, the file name, and the backed-up target file.
In an optional embodiment, the apparatus further comprises: a calculation module 36;
the calculating module 36 is configured to calculate a file similarity between the tampered target file and each backup target file in the preset storage location if the preset storage location does not store a file name corresponding to the generated file feature identifier;
the restoring module 34 is further configured to restore the target file stored in the target location according to the backed-up target file with the highest file similarity and the file similarity exceeding a preset numerical value in the preset storage location.
In an optional embodiment, the generating module 32 is specifically configured to, if the file name of the target file is stored in the preset storage location, generate a file feature identifier corresponding to the target file according to file content in the target file stored in the target location.
For specific limitations of the computer software defense device, reference may be made to the above limitations of the computer software defense method, which are not described herein again. The various modules in the above-described apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a computer software defense method.
In one embodiment, there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
acquiring a target file stored in a target position in software to be defended according to a preset time interval;
generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position;
determining whether a file feature identifier corresponding to the target file is stored in a preset storage position;
if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position;
and if the preset storage position stores a file characteristic identifier corresponding to the target file, determining that the content in the target file is not tampered.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring a target file stored in a target position in software to be defended according to a preset time interval;
generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position;
determining whether a file feature identifier corresponding to the target file is stored in a preset storage position;
if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position;
and if the preset storage position stores a file characteristic identifier corresponding to the target file, determining that the content in the target file is not tampered.
In one embodiment, a computer program product is provided, the computer program product comprising a computer program executed by a processor to perform the steps of:
acquiring a target file stored in a target position in software to be defended according to a preset time interval;
generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position;
determining whether a file feature identifier corresponding to the target file is stored in a preset storage position;
if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position;
and if the preset storage position stores a file characteristic identifier corresponding to the target file, determining that the content in the target file is not tampered.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), Rambus (Rambus) direct RAM (RDRAM), direct bused dynamic RAM (DRDRAM), and bused dynamic RAM (RDRAM).
It should be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional units and modules is only used for illustration, and in practical applications, the above function distribution may be performed by different functional units and modules as needed, that is, the internal structure of the apparatus may be divided into different functional units or modules to perform all or part of the above described functions.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A computer software defense method, the method comprising:
acquiring a target file stored in a target position in software to be defended according to a preset time interval;
generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position;
determining whether a file feature identifier corresponding to the target file is stored in a preset storage position;
if the preset storage position does not store the file characteristic identification corresponding to the target file, determining that the content in the target file is tampered, and recovering the target file stored in the target position according to the backup target file stored in the preset storage position;
and if the preset storage position stores a file characteristic identifier corresponding to the target file, determining that the content in the target file is not tampered.
2. The method of claim 1, wherein before obtaining the target file stored in the target location in the software to be protected at the preset time interval, the method further comprises:
acquiring software defense strategy information, wherein the software defense strategy information comprises software to be defended and a target file stored in a target position in the software to be defended;
generating a file characteristic identifier corresponding to the target file according to the file content of the target file;
and storing the target file and the file characteristic identifier in a preset storage position in a corresponding backup way.
3. The method of claim 1, wherein before generating the file feature identifier corresponding to the target file according to the file content in the target file stored in the target location, the method further comprises:
acquiring the file name of a target file stored in the target position;
determining whether a file name of the target file is stored in the preset storage position;
and if the file name of the target file is not stored in the preset storage position, determining that the file name of the target file is tampered.
4. The method of claim 3, wherein after determining that the filename of the target file has been tampered with, the method further comprises:
generating a file characteristic identifier according to the file content in the tampered target file of the file name;
determining whether the preset storage position stores the generated file characteristic identification or not;
if the preset storage position stores the generated file characteristic identification, restoring the file name of the target file according to the file name corresponding to the corresponding file characteristic identification in the preset storage position, wherein the preset storage position correspondingly stores the file characteristic identification, the file name and the backed-up target file.
5. The method of claim 4, wherein after determining whether the preset storage location stores the generated file feature identifier, the method further comprises:
if the generated file characteristic identification is not stored in the preset storage position, calculating the file similarity between the tampered target file with the file name and each backed-up target file in the preset storage position;
and restoring the target file stored in the target position according to the backup target file with the highest file similarity and the file similarity exceeding a preset numerical value in the preset storage position.
6. The method according to claim 3, wherein the generating a file feature identifier corresponding to the target file according to the file content in the target file stored in the target location comprises:
and if the preset storage position stores the file name of the target file, generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position.
7. A computer software defense apparatus, the apparatus comprising:
the acquisition module is used for acquiring a target file stored in a target position in the software to be defended according to a preset time interval;
the generating module is used for generating a file characteristic identifier corresponding to the target file according to the file content in the target file stored in the target position;
the determining module is used for determining whether a file feature identifier corresponding to the target file is stored in a preset storage position;
the determining module is further configured to determine that the content in the target file is tampered if the preset storage location does not store the file feature identifier corresponding to the target file;
the recovery module is used for recovering the target file stored in the target position according to the backup target file stored in the preset storage position;
the determining module is further configured to determine that the content in the target file is not tampered if the preset storage location stores a file feature identifier corresponding to the target file.
8. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the computer software defense method as claimed in any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out a computer software defense method as claimed in any one of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the computer software defense method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111384688.4A CN114091017A (en) | 2021-11-19 | 2021-11-19 | Computer software defense method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111384688.4A CN114091017A (en) | 2021-11-19 | 2021-11-19 | Computer software defense method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114091017A true CN114091017A (en) | 2022-02-25 |
Family
ID=80302611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111384688.4A Pending CN114091017A (en) | 2021-11-19 | 2021-11-19 | Computer software defense method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114091017A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114611101A (en) * | 2022-03-17 | 2022-06-10 | 杭州云深科技有限公司 | Data processing system for acquiring application software trend |
-
2021
- 2021-11-19 CN CN202111384688.4A patent/CN114091017A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114611101A (en) * | 2022-03-17 | 2022-06-10 | 杭州云深科技有限公司 | Data processing system for acquiring application software trend |
| CN114611101B (en) * | 2022-03-17 | 2024-04-26 | 杭州云深科技有限公司 | Data processing system for acquiring trend of application software |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111723056B (en) | Small file processing method, device, equipment and storage medium | |
| CN110781028B (en) | Data backup method, data recovery method, data backup device, data recovery device and computing equipment | |
| US20200089576A1 (en) | Method of Detecting Source Change for File Level Incremental Backup | |
| CN110647329A (en) | Code obfuscation method, apparatus, computer device and storage medium | |
| CN110727698A (en) | Database access method and device, computer equipment and storage medium | |
| CN105260639A (en) | Face recognition system data update method and device | |
| CN114091017A (en) | Computer software defense method and device, computer equipment and storage medium | |
| CN110674500B (en) | Storage medium virus searching and killing method and device, computer equipment and storage medium | |
| CN109462661B (en) | Data synchronization method and device, computer equipment and storage medium | |
| CN104572891A (en) | File updating method for separately storing network information | |
| CN114722387A (en) | Database abnormal tampering detection method, device, equipment and storage medium | |
| CN116560914B (en) | Incremental backup method, system and storage medium under virtual machine CBT failure | |
| CN111382012B (en) | Backup method and device for MySQL cloud database, computer equipment and storage medium | |
| CN115277677B (en) | Batch file hanging method and device, computer equipment and storage medium | |
| CN109753384B (en) | Cloud host snapshot backup method and device, computer equipment and storage medium | |
| CN112070585A (en) | Order state unified management method and device, computer equipment and storage medium | |
| CN113849859A (en) | Linux kernel modification method, terminal device and storage medium | |
| CN109271281B (en) | Data backup method and system for preventing data from being tampered | |
| CN116150711A (en) | Software processing method and device, electronic equipment and storage medium | |
| WO2022001689A1 (en) | User data recovery method and apparatus, terminal and computer storage medium | |
| CN113342579A (en) | Data restoration method and device | |
| CN108959486B (en) | Audit field information acquisition method and device, computer equipment and storage medium | |
| CN111859468A (en) | Container webpage tamper-proofing method, device, equipment and medium | |
| CN110851300A (en) | Program process monitoring method and device, computer equipment and readable storage medium | |
| CN113312309A (en) | Management method and device of snapshot chain and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |