CN114499985A - Safety detection method and device based on endogenous safety mechanism - Google Patents

Safety detection method and device based on endogenous safety mechanism Download PDF

Info

Publication number
CN114499985A
CN114499985A CN202111641755.6A CN202111641755A CN114499985A CN 114499985 A CN114499985 A CN 114499985A CN 202111641755 A CN202111641755 A CN 202111641755A CN 114499985 A CN114499985 A CN 114499985A
Authority
CN
China
Prior art keywords
detection
cloud server
snapshot data
server
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111641755.6A
Other languages
Chinese (zh)
Inventor
鲍坤夫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd, Secworld Information Technology Beijing Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN202111641755.6A priority Critical patent/CN114499985A/en
Publication of CN114499985A publication Critical patent/CN114499985A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a safety detection method and a device based on an endogenous safety mechanism, wherein the method comprises the following steps: acquiring a cloud server list; creating target snapshot data for at least one cloud server in the cloud server list; sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server; receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server. According to the safety detection method and device based on the endogenous safety mechanism, the target snapshot data are mounted on the detection server, the detection server carries out safety detection on the target snapshot data of each cloud server, and the agent does not need to be installed in the cloud server, so that the safety detection of each cloud server can be realized, and the coverage rate of the safety detection is improved.

Description

Safety detection method and device based on endogenous safety mechanism
Technical Field
The invention relates to the technical field of data detection, in particular to a safety detection method and device based on an endogenous safety mechanism.
Background
With the development of mobile internet technology, a terminal user usually accesses resources of a cloud server through the internet, the cloud server provides remote service storage and processing services for the terminal user, and personal information and service data of the terminal user can be stored in a service system of the cloud server. Therefore, considering endogenous security mechanisms, it is very important to detect the security of the cloud server.
In the related art, an agent is usually installed in a cloud server, and malicious codes, bugs, baselines and the like in the cloud server are detected through the agent.
However, in the related art, it is necessary to install an agent in each cloud server, and if the agent is not installed, security detection cannot be performed; and the business data of the user is changed at any time, so the cloud server can create data or delete data at any time, and the installation of the agent may not be reached, thereby reducing the installation coverage rate of the agent.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a security detection method and a security detection device based on an endogenous security mechanism.
The invention provides a security detection method based on an endogenous security mechanism, which is applied to a cloud management platform and comprises the following steps:
acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the acquisition of the cloud server list comprises the following steps:
and acquiring the cloud server list through a first API of the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the target snapshot data is created for at least one cloud server in the cloud server list, and the method comprises the following steps:
creating the target snapshot data for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the sending of the mount request carrying the target snapshot data of at least one cloud server to the detection server comprises the following steps:
grouping all the target snapshot data;
sending the mounting request carrying the target snapshot data of the current group to the detection server;
the receiving the detection result of each cloud server sent by the detection server includes:
and receiving the detection result of each cloud server in the current group sent by the detection server.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, after the receiving the detection result of each cloud server in the current group sent by the detection server, the method further comprises the following steps:
sending the mounting request carrying the next group of target snapshot data to the detection server;
and receiving the detection result of each cloud server in the next group sent by the detection server.
The invention also provides a safety detection method based on an endogenous safety mechanism, which is applied to a detection server and comprises the following steps:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the safety detection of the target snapshot data of each cloud server comprises the following steps:
performing at least one of the following security checks on the target snapshot data of each cloud server: malicious file detection, vulnerability detection, and baseline detection.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the receiving of the mount request which is sent by the cloud management platform and carries the target snapshot data of at least one cloud server comprises the following steps:
receiving the mount request carrying the target snapshot data of the current group sent by the cloud management platform;
the performing security detection on the target snapshot data of each cloud server includes:
performing security detection on the target snapshot data of each cloud server in the current group;
the sending the detection result of each cloud server to the cloud management platform includes:
and sending the detection result of each cloud server in the current group to the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, after the detection result of each cloud server in the current group is sent to the cloud management platform, the method further comprises the following steps:
deleting the target snapshot data of each cloud server in the current group.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, after the target snapshot data of each cloud server in the current group is deleted, the method further comprises the following steps:
receiving the mount request carrying the next group of target snapshot data sent by the cloud management platform;
performing security detection on the target snapshot data of each cloud server in the next group;
and sending the detection result of each cloud server in the next group to the cloud management platform.
The present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method for detecting security based on an endogenous security mechanism according to any one of the above-mentioned embodiments when executing the program.
The invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for endogenous security mechanism based security detection as described in any of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of the method for endogenous security mechanism based security detection as described in any of the above.
According to the safety detection method and device based on the endogenous safety mechanism, when the cloud server list is obtained, target snapshot data are created for at least one cloud server in the cloud server list, a mounting request carrying the target snapshot data of the at least one cloud server is sent to the detection server, the detection server conducts safety detection on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a safety detection method based on an endogenous safety mechanism provided by the present invention;
FIG. 2 is a schematic diagram of creating a snapshot provided by the present invention;
FIG. 3 is a second schematic flow chart of the safety detection method based on the endogenous safety mechanism provided in the present invention;
FIG. 4 is a third schematic flow chart of a security detection method based on an endogenous security mechanism according to the present invention;
FIG. 5 is a fourth schematic flowchart of the safety detection method based on endogenous safety mechanism provided in the present invention;
FIG. 6 is a fifth schematic flow chart of the safety detection method based on endogenous safety mechanism provided in the present invention;
FIG. 7 is a sixth schematic flow chart of the safety detection method based on endogenous safety mechanism provided in the present invention;
FIG. 8 is a seventh schematic flow chart of a safety detection method based on an endogenous safety mechanism provided in the present invention;
FIG. 9 is an interaction diagram of a security detection method based on an endogenous security mechanism provided by the present invention;
FIG. 10 is a schematic structural diagram of a safety detection device based on an endogenous safety mechanism provided by the present invention;
FIG. 11 is a second schematic structural diagram of a safety detection device based on an endogenous safety mechanism provided in the present invention;
fig. 12 is a schematic physical structure diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
The method for security detection based on endogenous security mechanism of the present invention is described below with reference to fig. 1 to 9.
Fig. 1 is a schematic flow diagram of a security detection method based on an endogenous security mechanism provided in the present invention, and is applied to a cloud management platform, as shown in fig. 1, the security detection method based on the endogenous security mechanism includes the following steps:
step 101, a cloud server list is obtained.
Optionally, the cloud server list is obtained through a first Application Programming Interface (API) of the cloud management platform.
The cloud management platform calls a first API associated with a cloud server list when receiving a security detection instruction sent by a user, and obtains the cloud server list through the first API, wherein the cloud server list comprises identification information of each cloud server and corresponding data information, and the data information comprises operating system data and all application program data of the cloud servers.
It should be noted that the cloud management platform may also receive a cloud server list sent by other devices, which is not limited in the present invention.
Step 102, creating target snapshot data for at least one cloud server in the cloud server list.
Optionally, the target snapshot data is created for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
Illustratively, when the cloud server list is obtained, the identification information and the corresponding data information of each cloud server in the cloud server list are obtained, then a second API associated with creating a snapshot is called, and the corresponding data information is copied based on the identification information of each cloud server through the second API, that is, target snapshot data of each cloud server is created, where the target snapshot data refers to copy information of the data information of the cloud server.
Specifically, referring to the snapshot creation process shown in fig. 2, as shown in fig. 2, the CentOS base is a disk image file of the cloud server, creates a plurality of virtual machines, respectively a CentOS01, a CentOS02, and a CentOS03, based on the disk image file, and then creates a plurality of snapshots for each virtual machine; for example, the CentOS01_ sn1, the CentOS01_ sn2, the CentOS01_ sn3 and the CentOS01_ sn4 in fig. 2 are all snapshots of the virtual machine CentOS01, and the CentOS01_ sn1, the CentOS01_ sn2, the CentOS01_ sn3 and the CentOS01_ sn4 collectively store all data of the virtual machine CentOS01, that is, target snapshot data; further, the CentOS02_ sn1 in fig. 2 is a snapshot of the virtual machine CentOS02, and the CentOS03_ sn1 in fig. 2 is a snapshot of the virtual machine CentOS 03.
It should be noted that, the target snapshot data may also be created for a part of the cloud servers in the cloud server list, and specifically may be: acquiring a user selection instruction, wherein the user selection instruction is used for indicating identification information of a cloud server selected by a user; in response to the user selection instruction, the target snapshot data is created for each cloud server indicated in the user selection instruction, which is not limited by the present invention.
103, sending a mount request carrying the target snapshot data of at least one cloud server to a detection server.
Exemplarily, when the target snapshot data of each cloud server is created, the target snapshot data of each cloud server is carried in a mount request, and the mount request is sent to the detection server, that is, the target snapshot data of each cloud server is mounted in the detection server in a remote mount manner; when the detection server receives the mounting request, the mounting request is analyzed to obtain target snapshot data of each cloud server, then the target snapshot data of each cloud server is subjected to security detection, a detection result of each cloud server is finally obtained, and the detection result of each cloud server is sent to the cloud management platform.
And 104, receiving the detection result of each cloud server sent by the detection server.
The detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
According to the safety detection method based on the endogenous safety mechanism, when the cloud server list is obtained, target snapshot data are created for at least one cloud server in the cloud server list, a mounting request carrying the target snapshot data of the at least one cloud server is sent to the detection server, so that the detection server can carry out safety detection on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Optionally, fig. 3 is a second schematic flow chart of the safety detection method based on the endogenous safety mechanism provided in the present invention, as shown in fig. 3, step 103 in fig. 1 may be specifically implemented by the following steps:
and 1031, grouping all the target snapshot data.
Exemplarily, when the target snapshot data of each cloud server is obtained, the target snapshot data of all the servers are grouped; the specific grouping method may be: carrying out average grouping according to the number of the cloud servers, and also carrying out random grouping; for example, when target snapshot data of 9 cloud servers is obtained, the target snapshot data of the 9 cloud servers may be divided into three groups, each group including target snapshot data of 3 cloud servers; or the first group includes target snapshot data of 2 cloud servers, the second group includes target snapshot data of 4 cloud servers, and the third group includes target snapshot data of 3 cloud servers.
Step 1032, sending the mount request carrying the target snapshot data of the current group to the detection server.
For example, after all the target snapshot data are grouped, a mount request carrying a group of target snapshot data is sent to the detection server each time, and the group where the target snapshot data currently sent to the detection server is located is referred to as a current group.
As shown in fig. 3, step 104 in fig. 1 can be specifically implemented by the following steps:
step 1041, receiving the detection result of each cloud server in the current group sent by the detection server.
Illustratively, when receiving a mount request carrying target snapshot data of a current group, a detection server performs security detection on the target snapshot data of each cloud server in the current group, and sends a detection result of each cloud server in the current group to a cloud management platform.
Optionally, fig. 4 is a third schematic flowchart of the safety detection method based on an endogenous safety mechanism provided in the present invention, as shown in fig. 4, after step 1041, the safety detection method based on an endogenous safety mechanism further includes the following steps:
and 105, sending the mount request carrying the next group of target snapshot data to the detection server.
For example, when a detection result of each cloud server in a current group sent by a detection server is received, a mount request carrying target snapshot data of a next group may be sent to the detection server at this time.
And 106, receiving the detection result of each cloud server in the next group, which is sent by the detection server.
Exemplarily, when receiving a mount request carrying target snapshot data of a next group, a detection server performs security detection on the target snapshot data of each cloud server in the next group, and sends a detection result of each cloud server in the next group to a cloud management platform; and (6) repeating the steps 105 and 106 until the target snapshot data of all the servers execute security detection.
According to the safety detection method based on the endogenous safety mechanism, the target snapshot data of all the cloud servers are mounted in the detection servers in batches, so that the data of safety detection performed by the detection servers each time are reduced, and the overload operation of the detection servers is avoided.
Fig. 5 is a fourth schematic flowchart of a security detection method based on an endogenous security mechanism provided in the present invention, and is applied to a detection server, as shown in fig. 5, the security detection method based on an endogenous security mechanism includes the following steps:
step 501, receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform.
In an example, when the detection server receives the mount request, the detection server analyzes the mount request to obtain target snapshot data of each cloud server.
Step 502, performing security detection on the target snapshot data of each cloud server to obtain a detection result.
Exemplarily, when the detection server obtains the target snapshot data of each cloud server, the detection server performs security detection on the target snapshot data of each cloud server to finally obtain a detection result of each cloud server; the method of mounting the target snapshot data of each cloud server on the detection server in a remote mounting manner and performing security detection on the target snapshot data of each cloud server by the detection server is also referred to as a bypass scanning technique.
Step 503, sending the detection result of each cloud server to the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism, when a detection server receives a mounting request which is sent by a cloud management platform and carries target snapshot data of at least one cloud server, safety detection is carried out on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Optionally, step 502 in fig. 5 may be specifically implemented by the following steps:
performing at least one of the following security checks on the target snapshot data of each cloud server: malicious file detection, vulnerability detection, and baseline detection.
In an example, when the detection server acquires target snapshot data of each cloud server, malicious file detection, vulnerability detection and baseline detection are performed on the target snapshot data to determine whether data information of an operating system of the cloud server is dangerous or not; in addition, the specific detection processes of malicious file detection, vulnerability detection and baseline detection can refer to the prior art, and the details of the invention are not repeated herein.
According to the safety detection method based on the endogenous safety mechanism, malicious file detection, vulnerability detection and baseline detection are performed on the target snapshot data of each cloud server to determine whether the data information of the operating system of the cloud server is dangerous or not, so that the safety detection of each cloud server is realized.
Optionally, fig. 6 is a fifth schematic flowchart of the safety detection method based on the endogenous safety mechanism provided in the present invention, as shown in fig. 6, step 501 in fig. 5 may be specifically implemented by the following steps:
step 5011, receiving the mount request carrying the current group of target snapshot data sent by the cloud management platform.
As shown in fig. 6, step 502 in fig. 5 may be specifically implemented by the following steps:
step 5021, performing security detection on the target snapshot data of each cloud server in the current group.
For example, when receiving a mount request carrying target snapshot data of a current group, a detection server performs security detection on the target snapshot data of each cloud server in the current group to obtain a detection result of each cloud server in the current group.
As shown in fig. 6, step 503 in fig. 5 can be specifically implemented by the following steps:
step 5031, sending the detection result of each cloud server in the current group to the cloud management platform.
Optionally, fig. 7 is a sixth schematic flowchart of the safety detection method based on an endogenous safety mechanism provided in the present invention, as shown in fig. 7, after step 5031 in fig. 6, the safety detection method further includes the following steps:
and step 504, deleting the target snapshot data of each cloud server in the current group.
For example, after the detection result of each cloud server in the current group is sent to the cloud management platform, the target snapshot data of each cloud server in the current group mounted on the detection server may be deleted, so as to reduce the occupation of the memory of the detection server.
Optionally, fig. 8 is a seventh schematic flowchart of a safety detection method based on an endogenous safety mechanism provided in the present invention, as shown in fig. 8, after step 504 in fig. 7, the safety detection method further includes the following steps:
and 505, receiving the mount request carrying the next group of target snapshot data sent by the cloud management platform.
And 506, performing security detection on the target snapshot data of each cloud server in the next group.
And 507, sending the detection result of each cloud server in the next group to the cloud management platform.
Exemplarily, when receiving a mount request carrying target snapshot data of a next group, a detection server performs security detection on the target snapshot data of each cloud server in the next group, and sends a detection result of each cloud server in the next group to a cloud management platform; and the steps 505 and 507 are circulated in this way until the target snapshot data of all the servers execute security detection.
According to the safety detection method based on the endogenous safety mechanism, the target snapshot data of all the cloud servers are mounted in the detection servers in batches, so that the data of safety detection performed by the detection servers each time are reduced, and the overload operation of the detection servers is avoided.
Fig. 9 is an interaction diagram of a security detection method based on an endogenous security mechanism provided in the present invention, which is applied to a cloud management platform and a detection server, as shown in fig. 9, the security detection method based on an endogenous security mechanism includes the following steps:
step 901, obtaining the cloud server list through a first API of the cloud management platform.
Step 902, creating the target snapshot data for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
Step 903, sending a mount request carrying the target snapshot data of at least one cloud server to a detection server.
And 904, performing security detection on the target snapshot data of each cloud server to obtain a detection result.
Step 905, sending the detection result of each cloud server to the cloud management platform.
And step 906, deleting the target snapshot data of each cloud server.
It should be noted that, after the step 906 is executed, the above steps 901 to 906 may also be executed in a loop based on a preset period, so as to implement the detection of the duration period of all the cloud servers.
According to the safety detection method based on the endogenous safety mechanism, when a detection server receives a mounting request which is sent by a cloud management platform and carries target snapshot data of at least one cloud server, safety detection is carried out on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. The target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved; in addition, because the agent does not need to be installed in the cloud server, the normal operation of the cloud server service is not influenced, and the influence on service intrusion is reduced; the occupation of the memory of the cloud server, a Central Processing Unit (CPU), a disk and network resources is reduced, and the stability of the service is improved.
The safety detection device based on the endogenous safety mechanism provided by the invention is described below, and the safety detection device based on the endogenous safety mechanism described below and the safety detection method based on the endogenous safety mechanism described above can be referred to correspondingly.
Fig. 10 is a schematic structural diagram of a safety detection apparatus based on an endogenous safety mechanism according to the present invention, which is applied to a cloud management platform, and as shown in fig. 10, the safety detection apparatus based on an endogenous safety mechanism includes an obtaining unit 1001, a creating unit 1002, a first sending unit 1003, and a first receiving unit 1004; wherein:
an obtaining unit 1001 configured to obtain a cloud server list;
a creating unit 1002, configured to create target snapshot data for at least one cloud server in the cloud server list;
a first sending unit 1003, configured to send a mount request carrying the target snapshot data of at least one cloud server to a detection server;
a first receiving unit 1004, configured to receive a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
According to the safety detection device based on the endogenous safety mechanism, when a cloud server list is obtained, target snapshot data are created for at least one cloud server in the cloud server list, a mounting request carrying the target snapshot data of the at least one cloud server is sent to a detection server, so that the detection server can carry out safety detection on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to a cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Based on any of the above embodiments, the obtaining unit 1001 is specifically configured to:
and acquiring the cloud server list through a first API of the cloud management platform.
Based on any of the above embodiments, the creating unit 1002 is specifically configured to:
creating the target snapshot data for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
Based on any of the above embodiments, the first sending unit 1003 is specifically configured to:
grouping all the target snapshot data;
sending the mounting request carrying the target snapshot data of the current group to the detection server;
the first receiving unit 1004 is specifically configured to:
and receiving the detection result of each cloud server in the current group sent by the detection server.
Based on any of the above embodiments, the apparatus further comprises a third transmitting unit and a third receiving unit;
the third sending unit is configured to send the mount request carrying the next group of target snapshot data to the detection server;
the third receiving unit is configured to receive the detection result of each cloud server in the next group sent by the detection server.
Fig. 11 is a second schematic structural diagram of a security detection apparatus based on an endogenous security mechanism according to the second embodiment of the present invention, and is applied to a detection server, as shown in fig. 11, the security detection apparatus based on an endogenous security mechanism includes a second receiving unit 1101, a first detecting unit 1102, and a second sending unit 1103; wherein:
a second receiving unit 1101, configured to receive a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
a first detection unit 1102, configured to perform security detection on the target snapshot data of each cloud server to obtain a detection result;
a second sending unit 1103, configured to send the detection result of each cloud server to the cloud management platform.
According to the safety detection device based on the endogenous safety mechanism, when a detection server receives a mounting request which is sent by a cloud management platform and carries target snapshot data of at least one cloud server, safety detection is carried out on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Based on any of the above embodiments, the first detecting unit 1102 is specifically configured to:
performing at least one of the following security checks on the target snapshot data of each cloud server: malicious file detection, vulnerability detection, and baseline detection.
Based on any of the above embodiments, the second receiving unit 1101 is specifically configured to:
receiving the mount request carrying the target snapshot data of the current group sent by the cloud management platform;
the first detection unit 1102 is specifically configured to:
performing security detection on target snapshot data of each cloud server in the current group;
the second sending unit 1103 is specifically configured to:
and sending the detection result of each cloud server in the current group to the cloud management platform.
According to any of the above embodiments, the apparatus further comprises a deleting unit;
the deleting unit is configured to delete the target snapshot data of each cloud server in the current group.
Based on any of the above embodiments, the apparatus further includes a fourth receiving unit, a second detecting unit, and a fourth transmitting unit;
the fourth receiving unit is configured to receive the mount request carrying the next set of target snapshot data sent by the cloud management platform;
the second detection unit is configured to perform security detection on target snapshot data of each cloud server in the next group;
the fourth sending unit is configured to send the detection result of each cloud server in the next group to the cloud management platform.
Fig. 12 is a schematic physical structure diagram of an electronic device provided in the present invention, and as shown in fig. 12, the electronic device may include: a processor (processor)1210, a communication Interface (Communications Interface)1220, a memory (memory)1230, and a communication bus 1240, wherein the processor 1210, the communication Interface 1220, and the memory 1230 communicate with each other via the communication bus 1240. Processor 1210 may invoke logic instructions in memory 1230 to perform a method of security detection based on an endogenous security mechanism, the method comprising: acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server;
alternatively, processor 1210 may call logic instructions in memory 1230 to perform a security detection method comprising:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
In addition, the logic instructions in the memory 1230 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product including a computer program, the computer program being stored on a non-transitory computer-readable storage medium, wherein when the computer program is executed by a processor, the computer is capable of executing the endogenous security mechanism-based security detection method provided by the above methods, the method including: acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server;
alternatively, when the program instructions are executed by a computer, the computer can implement the following method:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, the computer program being implemented by a processor to perform the endogenous security mechanism-based security detection method provided by the above methods, the method comprising: acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server;
alternatively, the computer program when executed by a processor implements the method of:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (15)

1. A safety detection method based on an endogenous safety mechanism is applied to a cloud management platform and comprises the following steps:
acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
2. The endogenous security mechanism-based security detection method of claim 1, wherein the obtaining a cloud server list comprises:
and acquiring the cloud server list through a first API of the cloud management platform.
3. The endogenous security mechanism-based security detection method of claim 1, wherein the creating target snapshot data for at least one cloud server in the cloud server list comprises:
creating the target snapshot data for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
4. An endogenous security mechanism based security detection method according to any one of claims 1 to 3, wherein the sending a mount request carrying the target snapshot data of at least one of the cloud servers to a detection server comprises:
grouping all the target snapshot data;
sending the mounting request carrying the target snapshot data of the current group to the detection server;
the receiving the detection result of each cloud server sent by the detection server includes:
and receiving the detection result of each cloud server in the current group sent by the detection server.
5. The endogenous security mechanism-based security detection method of claim 4, wherein after said receiving the detection results of each of the cloud servers in the current group sent by the detection server, the method further comprises:
sending the mounting request carrying the next group of target snapshot data to the detection server;
and receiving the detection result of each cloud server in the next group sent by the detection server.
6. A safety detection method based on an endogenous safety mechanism is applied to a detection server and comprises the following steps:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
7. The endogenous security mechanism-based security detection method according to claim 6, wherein the performing security detection on the target snapshot data of each cloud server comprises:
performing at least one of the following security checks on the target snapshot data of each cloud server: malicious file detection, vulnerability detection, and baseline detection.
8. The endogenous security mechanism-based security detection method according to claim 6 or 7, wherein the receiving of the mount request carrying the target snapshot data of at least one cloud server sent by the cloud management platform includes:
receiving the mount request carrying the target snapshot data of the current group sent by the cloud management platform;
the performing security detection on the target snapshot data of each cloud server includes:
performing security detection on target snapshot data of each cloud server in the current group;
the sending the detection result of each cloud server to the cloud management platform includes:
and sending the detection result of each cloud server in the current group to the cloud management platform.
9. The endogenous security mechanism-based security detection method of claim 8, wherein after the sending the detection results of each of the cloud servers in the current group to the cloud management platform, the method further comprises:
deleting the target snapshot data of each cloud server in the current group.
10. The endogenous security mechanism-based security detection method of claim 9, wherein after the deleting the target snapshot data of each of the cloud servers in the current group, the method further comprises:
receiving the mount request carrying the next group of target snapshot data sent by the cloud management platform;
performing security detection on target snapshot data of each cloud server in the next group;
and sending the detection result of each cloud server in the next group to the cloud management platform.
11. A security detection apparatus based on an endogenous security mechanism, comprising:
the acquisition unit is used for acquiring a cloud server list;
a creating unit, configured to create target snapshot data for at least one cloud server in the cloud server list;
the first sending unit is used for sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
a first receiving unit, configured to receive a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
12. A security detection apparatus based on an endogenous security mechanism, comprising:
the second receiving unit is used for receiving a mount request which is sent by the cloud management platform and carries target snapshot data of at least one cloud server;
the first detection unit is used for carrying out security detection on the target snapshot data of each cloud server to obtain a detection result;
and the second sending unit is used for sending the detection result of each cloud server to the cloud management platform.
13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the endogenous security mechanism based security detection method according to any of claims 1 to 5 or the steps of the endogenous security mechanism based security detection method according to any of claims 6 to 10.
14. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the method for intrinsic safety mechanism based security detection of any one of claims 1 to 5 or the steps of the method for intrinsic safety mechanism based security detection of any one of claims 6 to 10.
15. A computer program product comprising a computer program, wherein the computer program when executed by a processor implements the steps of the endogenous security mechanism based security detection method according to any of claims 1 to 5 or the steps of the endogenous security mechanism based security detection method according to any of claims 6 to 10.
CN202111641755.6A 2021-12-29 2021-12-29 Safety detection method and device based on endogenous safety mechanism Pending CN114499985A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111641755.6A CN114499985A (en) 2021-12-29 2021-12-29 Safety detection method and device based on endogenous safety mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111641755.6A CN114499985A (en) 2021-12-29 2021-12-29 Safety detection method and device based on endogenous safety mechanism

Publications (1)

Publication Number Publication Date
CN114499985A true CN114499985A (en) 2022-05-13

Family

ID=81507780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111641755.6A Pending CN114499985A (en) 2021-12-29 2021-12-29 Safety detection method and device based on endogenous safety mechanism

Country Status (1)

Country Link
CN (1) CN114499985A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105844162A (en) * 2016-04-08 2016-08-10 北京北信源软件股份有限公司 Method for scanning bugs of windows virtual machines under virtualized platform
US20180196825A1 (en) * 2017-01-06 2018-07-12 Oracle International Corporation Low-latency direct cloud access with file system hierarchies and semantics
CN109032840A (en) * 2018-07-02 2018-12-18 国网山东省电力公司信息通信公司 A kind of data managing method and device
US20190213104A1 (en) * 2018-01-08 2019-07-11 Microsoft Technology Licensing, Llc Cloud validation as a service
CN110611591A (en) * 2019-09-18 2019-12-24 重庆特斯联智慧科技股份有限公司 Network topology establishing method and device
CN110677321A (en) * 2019-09-25 2020-01-10 广州通导信息技术服务有限公司 Elastically-telescopic cloud pressure measuring method, device, equipment and storage medium
CN111294386A (en) * 2020-01-13 2020-06-16 北京淳中科技股份有限公司 Server communication method and device and electronic equipment
CN112433899A (en) * 2020-11-27 2021-03-02 中国建设银行股份有限公司 Cloud server batch detection method, device, equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105844162A (en) * 2016-04-08 2016-08-10 北京北信源软件股份有限公司 Method for scanning bugs of windows virtual machines under virtualized platform
US20180196825A1 (en) * 2017-01-06 2018-07-12 Oracle International Corporation Low-latency direct cloud access with file system hierarchies and semantics
US20190213104A1 (en) * 2018-01-08 2019-07-11 Microsoft Technology Licensing, Llc Cloud validation as a service
CN109032840A (en) * 2018-07-02 2018-12-18 国网山东省电力公司信息通信公司 A kind of data managing method and device
CN110611591A (en) * 2019-09-18 2019-12-24 重庆特斯联智慧科技股份有限公司 Network topology establishing method and device
CN110677321A (en) * 2019-09-25 2020-01-10 广州通导信息技术服务有限公司 Elastically-telescopic cloud pressure measuring method, device, equipment and storage medium
CN111294386A (en) * 2020-01-13 2020-06-16 北京淳中科技股份有限公司 Server communication method and device and electronic equipment
CN112433899A (en) * 2020-11-27 2021-03-02 中国建设银行股份有限公司 Cloud server batch detection method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107612895B (en) Internet anti-attack method and authentication server
EP2839406B1 (en) Detection and prevention of installation of malicious mobile applications
CN102932370B (en) A kind of security sweep method, equipment and system
CN109922062B (en) Source code leakage monitoring method and related equipment
US9973513B2 (en) Method and apparatus for communication number update
CN106254528B (en) Resource downloading method and caching device
CN112948835A (en) Applet risk detection method and device
EP2806672A1 (en) Application processing method and mobile terminal
CN112199151B (en) Application program running method and device
CN113423120A (en) Data distribution processing method and device based on private network terminal and electronic equipment
CN113010238A (en) Permission determination method, device and system for micro application call interface
CN114499985A (en) Safety detection method and device based on endogenous safety mechanism
US11636198B1 (en) System and method for cybersecurity analyzer update and concurrent management system
CN115174192A (en) Application security protection method and device, electronic equipment and storage medium
CN114020513A (en) Method and device for processing log information
CN108897639B (en) File processing method and device
CN108133154B (en) Method and device for storing file
CN114270309A (en) Resource acquisition method and device and electronic equipment
CN106162609B (en) Data pushing method and device
CN108256320B (en) Dynamic detection method, device, equipment and storage medium for differential domain
CN111274554B (en) API calling method, device, equipment and medium of applet
CN114254313A (en) Protection method and device for Java malicious command execution
CN115795471A (en) Method, device, equipment and storage medium for acquiring application program update information
CN115168839A (en) Safety control method, device, equipment and storage medium for application program APP
CN117857209A (en) Mail security detection method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination