CN114499985A - Safety detection method and device based on endogenous safety mechanism - Google Patents
Safety detection method and device based on endogenous safety mechanism Download PDFInfo
- Publication number
- CN114499985A CN114499985A CN202111641755.6A CN202111641755A CN114499985A CN 114499985 A CN114499985 A CN 114499985A CN 202111641755 A CN202111641755 A CN 202111641755A CN 114499985 A CN114499985 A CN 114499985A
- Authority
- CN
- China
- Prior art keywords
- detection
- cloud server
- snapshot data
- server
- cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 359
- 230000007246 mechanism Effects 0.000 title claims abstract description 80
- 238000000034 method Methods 0.000 claims abstract description 29
- 238000004590 computer program Methods 0.000 claims description 18
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 5
- 238000009434 installation Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a safety detection method and a device based on an endogenous safety mechanism, wherein the method comprises the following steps: acquiring a cloud server list; creating target snapshot data for at least one cloud server in the cloud server list; sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server; receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server. According to the safety detection method and device based on the endogenous safety mechanism, the target snapshot data are mounted on the detection server, the detection server carries out safety detection on the target snapshot data of each cloud server, and the agent does not need to be installed in the cloud server, so that the safety detection of each cloud server can be realized, and the coverage rate of the safety detection is improved.
Description
Technical Field
The invention relates to the technical field of data detection, in particular to a safety detection method and device based on an endogenous safety mechanism.
Background
With the development of mobile internet technology, a terminal user usually accesses resources of a cloud server through the internet, the cloud server provides remote service storage and processing services for the terminal user, and personal information and service data of the terminal user can be stored in a service system of the cloud server. Therefore, considering endogenous security mechanisms, it is very important to detect the security of the cloud server.
In the related art, an agent is usually installed in a cloud server, and malicious codes, bugs, baselines and the like in the cloud server are detected through the agent.
However, in the related art, it is necessary to install an agent in each cloud server, and if the agent is not installed, security detection cannot be performed; and the business data of the user is changed at any time, so the cloud server can create data or delete data at any time, and the installation of the agent may not be reached, thereby reducing the installation coverage rate of the agent.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a security detection method and a security detection device based on an endogenous security mechanism.
The invention provides a security detection method based on an endogenous security mechanism, which is applied to a cloud management platform and comprises the following steps:
acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the acquisition of the cloud server list comprises the following steps:
and acquiring the cloud server list through a first API of the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the target snapshot data is created for at least one cloud server in the cloud server list, and the method comprises the following steps:
creating the target snapshot data for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the sending of the mount request carrying the target snapshot data of at least one cloud server to the detection server comprises the following steps:
grouping all the target snapshot data;
sending the mounting request carrying the target snapshot data of the current group to the detection server;
the receiving the detection result of each cloud server sent by the detection server includes:
and receiving the detection result of each cloud server in the current group sent by the detection server.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, after the receiving the detection result of each cloud server in the current group sent by the detection server, the method further comprises the following steps:
sending the mounting request carrying the next group of target snapshot data to the detection server;
and receiving the detection result of each cloud server in the next group sent by the detection server.
The invention also provides a safety detection method based on an endogenous safety mechanism, which is applied to a detection server and comprises the following steps:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the safety detection of the target snapshot data of each cloud server comprises the following steps:
performing at least one of the following security checks on the target snapshot data of each cloud server: malicious file detection, vulnerability detection, and baseline detection.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, the receiving of the mount request which is sent by the cloud management platform and carries the target snapshot data of at least one cloud server comprises the following steps:
receiving the mount request carrying the target snapshot data of the current group sent by the cloud management platform;
the performing security detection on the target snapshot data of each cloud server includes:
performing security detection on the target snapshot data of each cloud server in the current group;
the sending the detection result of each cloud server to the cloud management platform includes:
and sending the detection result of each cloud server in the current group to the cloud management platform.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, after the detection result of each cloud server in the current group is sent to the cloud management platform, the method further comprises the following steps:
deleting the target snapshot data of each cloud server in the current group.
According to the safety detection method based on the endogenous safety mechanism provided by the invention, after the target snapshot data of each cloud server in the current group is deleted, the method further comprises the following steps:
receiving the mount request carrying the next group of target snapshot data sent by the cloud management platform;
performing security detection on the target snapshot data of each cloud server in the next group;
and sending the detection result of each cloud server in the next group to the cloud management platform.
The present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method for detecting security based on an endogenous security mechanism according to any one of the above-mentioned embodiments when executing the program.
The invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for endogenous security mechanism based security detection as described in any of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of the method for endogenous security mechanism based security detection as described in any of the above.
According to the safety detection method and device based on the endogenous safety mechanism, when the cloud server list is obtained, target snapshot data are created for at least one cloud server in the cloud server list, a mounting request carrying the target snapshot data of the at least one cloud server is sent to the detection server, the detection server conducts safety detection on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a safety detection method based on an endogenous safety mechanism provided by the present invention;
FIG. 2 is a schematic diagram of creating a snapshot provided by the present invention;
FIG. 3 is a second schematic flow chart of the safety detection method based on the endogenous safety mechanism provided in the present invention;
FIG. 4 is a third schematic flow chart of a security detection method based on an endogenous security mechanism according to the present invention;
FIG. 5 is a fourth schematic flowchart of the safety detection method based on endogenous safety mechanism provided in the present invention;
FIG. 6 is a fifth schematic flow chart of the safety detection method based on endogenous safety mechanism provided in the present invention;
FIG. 7 is a sixth schematic flow chart of the safety detection method based on endogenous safety mechanism provided in the present invention;
FIG. 8 is a seventh schematic flow chart of a safety detection method based on an endogenous safety mechanism provided in the present invention;
FIG. 9 is an interaction diagram of a security detection method based on an endogenous security mechanism provided by the present invention;
FIG. 10 is a schematic structural diagram of a safety detection device based on an endogenous safety mechanism provided by the present invention;
FIG. 11 is a second schematic structural diagram of a safety detection device based on an endogenous safety mechanism provided in the present invention;
fig. 12 is a schematic physical structure diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
The method for security detection based on endogenous security mechanism of the present invention is described below with reference to fig. 1 to 9.
Fig. 1 is a schematic flow diagram of a security detection method based on an endogenous security mechanism provided in the present invention, and is applied to a cloud management platform, as shown in fig. 1, the security detection method based on the endogenous security mechanism includes the following steps:
Optionally, the cloud server list is obtained through a first Application Programming Interface (API) of the cloud management platform.
The cloud management platform calls a first API associated with a cloud server list when receiving a security detection instruction sent by a user, and obtains the cloud server list through the first API, wherein the cloud server list comprises identification information of each cloud server and corresponding data information, and the data information comprises operating system data and all application program data of the cloud servers.
It should be noted that the cloud management platform may also receive a cloud server list sent by other devices, which is not limited in the present invention.
Optionally, the target snapshot data is created for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
Illustratively, when the cloud server list is obtained, the identification information and the corresponding data information of each cloud server in the cloud server list are obtained, then a second API associated with creating a snapshot is called, and the corresponding data information is copied based on the identification information of each cloud server through the second API, that is, target snapshot data of each cloud server is created, where the target snapshot data refers to copy information of the data information of the cloud server.
Specifically, referring to the snapshot creation process shown in fig. 2, as shown in fig. 2, the CentOS base is a disk image file of the cloud server, creates a plurality of virtual machines, respectively a CentOS01, a CentOS02, and a CentOS03, based on the disk image file, and then creates a plurality of snapshots for each virtual machine; for example, the CentOS01_ sn1, the CentOS01_ sn2, the CentOS01_ sn3 and the CentOS01_ sn4 in fig. 2 are all snapshots of the virtual machine CentOS01, and the CentOS01_ sn1, the CentOS01_ sn2, the CentOS01_ sn3 and the CentOS01_ sn4 collectively store all data of the virtual machine CentOS01, that is, target snapshot data; further, the CentOS02_ sn1 in fig. 2 is a snapshot of the virtual machine CentOS02, and the CentOS03_ sn1 in fig. 2 is a snapshot of the virtual machine CentOS 03.
It should be noted that, the target snapshot data may also be created for a part of the cloud servers in the cloud server list, and specifically may be: acquiring a user selection instruction, wherein the user selection instruction is used for indicating identification information of a cloud server selected by a user; in response to the user selection instruction, the target snapshot data is created for each cloud server indicated in the user selection instruction, which is not limited by the present invention.
103, sending a mount request carrying the target snapshot data of at least one cloud server to a detection server.
Exemplarily, when the target snapshot data of each cloud server is created, the target snapshot data of each cloud server is carried in a mount request, and the mount request is sent to the detection server, that is, the target snapshot data of each cloud server is mounted in the detection server in a remote mount manner; when the detection server receives the mounting request, the mounting request is analyzed to obtain target snapshot data of each cloud server, then the target snapshot data of each cloud server is subjected to security detection, a detection result of each cloud server is finally obtained, and the detection result of each cloud server is sent to the cloud management platform.
And 104, receiving the detection result of each cloud server sent by the detection server.
The detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
According to the safety detection method based on the endogenous safety mechanism, when the cloud server list is obtained, target snapshot data are created for at least one cloud server in the cloud server list, a mounting request carrying the target snapshot data of the at least one cloud server is sent to the detection server, so that the detection server can carry out safety detection on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Optionally, fig. 3 is a second schematic flow chart of the safety detection method based on the endogenous safety mechanism provided in the present invention, as shown in fig. 3, step 103 in fig. 1 may be specifically implemented by the following steps:
and 1031, grouping all the target snapshot data.
Exemplarily, when the target snapshot data of each cloud server is obtained, the target snapshot data of all the servers are grouped; the specific grouping method may be: carrying out average grouping according to the number of the cloud servers, and also carrying out random grouping; for example, when target snapshot data of 9 cloud servers is obtained, the target snapshot data of the 9 cloud servers may be divided into three groups, each group including target snapshot data of 3 cloud servers; or the first group includes target snapshot data of 2 cloud servers, the second group includes target snapshot data of 4 cloud servers, and the third group includes target snapshot data of 3 cloud servers.
Step 1032, sending the mount request carrying the target snapshot data of the current group to the detection server.
For example, after all the target snapshot data are grouped, a mount request carrying a group of target snapshot data is sent to the detection server each time, and the group where the target snapshot data currently sent to the detection server is located is referred to as a current group.
As shown in fig. 3, step 104 in fig. 1 can be specifically implemented by the following steps:
step 1041, receiving the detection result of each cloud server in the current group sent by the detection server.
Illustratively, when receiving a mount request carrying target snapshot data of a current group, a detection server performs security detection on the target snapshot data of each cloud server in the current group, and sends a detection result of each cloud server in the current group to a cloud management platform.
Optionally, fig. 4 is a third schematic flowchart of the safety detection method based on an endogenous safety mechanism provided in the present invention, as shown in fig. 4, after step 1041, the safety detection method based on an endogenous safety mechanism further includes the following steps:
and 105, sending the mount request carrying the next group of target snapshot data to the detection server.
For example, when a detection result of each cloud server in a current group sent by a detection server is received, a mount request carrying target snapshot data of a next group may be sent to the detection server at this time.
And 106, receiving the detection result of each cloud server in the next group, which is sent by the detection server.
Exemplarily, when receiving a mount request carrying target snapshot data of a next group, a detection server performs security detection on the target snapshot data of each cloud server in the next group, and sends a detection result of each cloud server in the next group to a cloud management platform; and (6) repeating the steps 105 and 106 until the target snapshot data of all the servers execute security detection.
According to the safety detection method based on the endogenous safety mechanism, the target snapshot data of all the cloud servers are mounted in the detection servers in batches, so that the data of safety detection performed by the detection servers each time are reduced, and the overload operation of the detection servers is avoided.
Fig. 5 is a fourth schematic flowchart of a security detection method based on an endogenous security mechanism provided in the present invention, and is applied to a detection server, as shown in fig. 5, the security detection method based on an endogenous security mechanism includes the following steps:
In an example, when the detection server receives the mount request, the detection server analyzes the mount request to obtain target snapshot data of each cloud server.
Exemplarily, when the detection server obtains the target snapshot data of each cloud server, the detection server performs security detection on the target snapshot data of each cloud server to finally obtain a detection result of each cloud server; the method of mounting the target snapshot data of each cloud server on the detection server in a remote mounting manner and performing security detection on the target snapshot data of each cloud server by the detection server is also referred to as a bypass scanning technique.
According to the safety detection method based on the endogenous safety mechanism, when a detection server receives a mounting request which is sent by a cloud management platform and carries target snapshot data of at least one cloud server, safety detection is carried out on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Optionally, step 502 in fig. 5 may be specifically implemented by the following steps:
performing at least one of the following security checks on the target snapshot data of each cloud server: malicious file detection, vulnerability detection, and baseline detection.
In an example, when the detection server acquires target snapshot data of each cloud server, malicious file detection, vulnerability detection and baseline detection are performed on the target snapshot data to determine whether data information of an operating system of the cloud server is dangerous or not; in addition, the specific detection processes of malicious file detection, vulnerability detection and baseline detection can refer to the prior art, and the details of the invention are not repeated herein.
According to the safety detection method based on the endogenous safety mechanism, malicious file detection, vulnerability detection and baseline detection are performed on the target snapshot data of each cloud server to determine whether the data information of the operating system of the cloud server is dangerous or not, so that the safety detection of each cloud server is realized.
Optionally, fig. 6 is a fifth schematic flowchart of the safety detection method based on the endogenous safety mechanism provided in the present invention, as shown in fig. 6, step 501 in fig. 5 may be specifically implemented by the following steps:
As shown in fig. 6, step 502 in fig. 5 may be specifically implemented by the following steps:
For example, when receiving a mount request carrying target snapshot data of a current group, a detection server performs security detection on the target snapshot data of each cloud server in the current group to obtain a detection result of each cloud server in the current group.
As shown in fig. 6, step 503 in fig. 5 can be specifically implemented by the following steps:
Optionally, fig. 7 is a sixth schematic flowchart of the safety detection method based on an endogenous safety mechanism provided in the present invention, as shown in fig. 7, after step 5031 in fig. 6, the safety detection method further includes the following steps:
and step 504, deleting the target snapshot data of each cloud server in the current group.
For example, after the detection result of each cloud server in the current group is sent to the cloud management platform, the target snapshot data of each cloud server in the current group mounted on the detection server may be deleted, so as to reduce the occupation of the memory of the detection server.
Optionally, fig. 8 is a seventh schematic flowchart of a safety detection method based on an endogenous safety mechanism provided in the present invention, as shown in fig. 8, after step 504 in fig. 7, the safety detection method further includes the following steps:
and 505, receiving the mount request carrying the next group of target snapshot data sent by the cloud management platform.
And 506, performing security detection on the target snapshot data of each cloud server in the next group.
And 507, sending the detection result of each cloud server in the next group to the cloud management platform.
Exemplarily, when receiving a mount request carrying target snapshot data of a next group, a detection server performs security detection on the target snapshot data of each cloud server in the next group, and sends a detection result of each cloud server in the next group to a cloud management platform; and the steps 505 and 507 are circulated in this way until the target snapshot data of all the servers execute security detection.
According to the safety detection method based on the endogenous safety mechanism, the target snapshot data of all the cloud servers are mounted in the detection servers in batches, so that the data of safety detection performed by the detection servers each time are reduced, and the overload operation of the detection servers is avoided.
Fig. 9 is an interaction diagram of a security detection method based on an endogenous security mechanism provided in the present invention, which is applied to a cloud management platform and a detection server, as shown in fig. 9, the security detection method based on an endogenous security mechanism includes the following steps:
And 904, performing security detection on the target snapshot data of each cloud server to obtain a detection result.
And step 906, deleting the target snapshot data of each cloud server.
It should be noted that, after the step 906 is executed, the above steps 901 to 906 may also be executed in a loop based on a preset period, so as to implement the detection of the duration period of all the cloud servers.
According to the safety detection method based on the endogenous safety mechanism, when a detection server receives a mounting request which is sent by a cloud management platform and carries target snapshot data of at least one cloud server, safety detection is carried out on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. The target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved; in addition, because the agent does not need to be installed in the cloud server, the normal operation of the cloud server service is not influenced, and the influence on service intrusion is reduced; the occupation of the memory of the cloud server, a Central Processing Unit (CPU), a disk and network resources is reduced, and the stability of the service is improved.
The safety detection device based on the endogenous safety mechanism provided by the invention is described below, and the safety detection device based on the endogenous safety mechanism described below and the safety detection method based on the endogenous safety mechanism described above can be referred to correspondingly.
Fig. 10 is a schematic structural diagram of a safety detection apparatus based on an endogenous safety mechanism according to the present invention, which is applied to a cloud management platform, and as shown in fig. 10, the safety detection apparatus based on an endogenous safety mechanism includes an obtaining unit 1001, a creating unit 1002, a first sending unit 1003, and a first receiving unit 1004; wherein:
an obtaining unit 1001 configured to obtain a cloud server list;
a creating unit 1002, configured to create target snapshot data for at least one cloud server in the cloud server list;
a first sending unit 1003, configured to send a mount request carrying the target snapshot data of at least one cloud server to a detection server;
a first receiving unit 1004, configured to receive a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
According to the safety detection device based on the endogenous safety mechanism, when a cloud server list is obtained, target snapshot data are created for at least one cloud server in the cloud server list, a mounting request carrying the target snapshot data of the at least one cloud server is sent to a detection server, so that the detection server can carry out safety detection on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to a cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Based on any of the above embodiments, the obtaining unit 1001 is specifically configured to:
and acquiring the cloud server list through a first API of the cloud management platform.
Based on any of the above embodiments, the creating unit 1002 is specifically configured to:
creating the target snapshot data for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
Based on any of the above embodiments, the first sending unit 1003 is specifically configured to:
grouping all the target snapshot data;
sending the mounting request carrying the target snapshot data of the current group to the detection server;
the first receiving unit 1004 is specifically configured to:
and receiving the detection result of each cloud server in the current group sent by the detection server.
Based on any of the above embodiments, the apparatus further comprises a third transmitting unit and a third receiving unit;
the third sending unit is configured to send the mount request carrying the next group of target snapshot data to the detection server;
the third receiving unit is configured to receive the detection result of each cloud server in the next group sent by the detection server.
Fig. 11 is a second schematic structural diagram of a security detection apparatus based on an endogenous security mechanism according to the second embodiment of the present invention, and is applied to a detection server, as shown in fig. 11, the security detection apparatus based on an endogenous security mechanism includes a second receiving unit 1101, a first detecting unit 1102, and a second sending unit 1103; wherein:
a second receiving unit 1101, configured to receive a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
a first detection unit 1102, configured to perform security detection on the target snapshot data of each cloud server to obtain a detection result;
a second sending unit 1103, configured to send the detection result of each cloud server to the cloud management platform.
According to the safety detection device based on the endogenous safety mechanism, when a detection server receives a mounting request which is sent by a cloud management platform and carries target snapshot data of at least one cloud server, safety detection is carried out on the target snapshot data of each cloud server, and a detection result of each cloud server is sent to the cloud management platform. Therefore, the target snapshot data are mounted on the detection server, the detection server carries out security detection on the target snapshot data of each cloud server, and agent agents do not need to be installed in the cloud servers, so that the security detection of each cloud server can be realized, and the coverage rate of the security detection is improved.
Based on any of the above embodiments, the first detecting unit 1102 is specifically configured to:
performing at least one of the following security checks on the target snapshot data of each cloud server: malicious file detection, vulnerability detection, and baseline detection.
Based on any of the above embodiments, the second receiving unit 1101 is specifically configured to:
receiving the mount request carrying the target snapshot data of the current group sent by the cloud management platform;
the first detection unit 1102 is specifically configured to:
performing security detection on target snapshot data of each cloud server in the current group;
the second sending unit 1103 is specifically configured to:
and sending the detection result of each cloud server in the current group to the cloud management platform.
According to any of the above embodiments, the apparatus further comprises a deleting unit;
the deleting unit is configured to delete the target snapshot data of each cloud server in the current group.
Based on any of the above embodiments, the apparatus further includes a fourth receiving unit, a second detecting unit, and a fourth transmitting unit;
the fourth receiving unit is configured to receive the mount request carrying the next set of target snapshot data sent by the cloud management platform;
the second detection unit is configured to perform security detection on target snapshot data of each cloud server in the next group;
the fourth sending unit is configured to send the detection result of each cloud server in the next group to the cloud management platform.
Fig. 12 is a schematic physical structure diagram of an electronic device provided in the present invention, and as shown in fig. 12, the electronic device may include: a processor (processor)1210, a communication Interface (Communications Interface)1220, a memory (memory)1230, and a communication bus 1240, wherein the processor 1210, the communication Interface 1220, and the memory 1230 communicate with each other via the communication bus 1240. Processor 1210 may invoke logic instructions in memory 1230 to perform a method of security detection based on an endogenous security mechanism, the method comprising: acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server;
alternatively, processor 1210 may call logic instructions in memory 1230 to perform a security detection method comprising:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
In addition, the logic instructions in the memory 1230 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product including a computer program, the computer program being stored on a non-transitory computer-readable storage medium, wherein when the computer program is executed by a processor, the computer is capable of executing the endogenous security mechanism-based security detection method provided by the above methods, the method including: acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server;
alternatively, when the program instructions are executed by a computer, the computer can implement the following method:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, the computer program being implemented by a processor to perform the endogenous security mechanism-based security detection method provided by the above methods, the method comprising: acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server;
alternatively, the computer program when executed by a processor implements the method of:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (15)
1. A safety detection method based on an endogenous safety mechanism is applied to a cloud management platform and comprises the following steps:
acquiring a cloud server list;
creating target snapshot data for at least one cloud server in the cloud server list;
sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
receiving a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
2. The endogenous security mechanism-based security detection method of claim 1, wherein the obtaining a cloud server list comprises:
and acquiring the cloud server list through a first API of the cloud management platform.
3. The endogenous security mechanism-based security detection method of claim 1, wherein the creating target snapshot data for at least one cloud server in the cloud server list comprises:
creating the target snapshot data for at least one of the cloud servers in the cloud server list through a second API of the cloud management platform.
4. An endogenous security mechanism based security detection method according to any one of claims 1 to 3, wherein the sending a mount request carrying the target snapshot data of at least one of the cloud servers to a detection server comprises:
grouping all the target snapshot data;
sending the mounting request carrying the target snapshot data of the current group to the detection server;
the receiving the detection result of each cloud server sent by the detection server includes:
and receiving the detection result of each cloud server in the current group sent by the detection server.
5. The endogenous security mechanism-based security detection method of claim 4, wherein after said receiving the detection results of each of the cloud servers in the current group sent by the detection server, the method further comprises:
sending the mounting request carrying the next group of target snapshot data to the detection server;
and receiving the detection result of each cloud server in the next group sent by the detection server.
6. A safety detection method based on an endogenous safety mechanism is applied to a detection server and comprises the following steps:
receiving a mount request carrying target snapshot data of at least one cloud server sent by a cloud management platform;
performing security detection on the target snapshot data of each cloud server to obtain a detection result;
and sending the detection result of each cloud server to the cloud management platform.
7. The endogenous security mechanism-based security detection method according to claim 6, wherein the performing security detection on the target snapshot data of each cloud server comprises:
performing at least one of the following security checks on the target snapshot data of each cloud server: malicious file detection, vulnerability detection, and baseline detection.
8. The endogenous security mechanism-based security detection method according to claim 6 or 7, wherein the receiving of the mount request carrying the target snapshot data of at least one cloud server sent by the cloud management platform includes:
receiving the mount request carrying the target snapshot data of the current group sent by the cloud management platform;
the performing security detection on the target snapshot data of each cloud server includes:
performing security detection on target snapshot data of each cloud server in the current group;
the sending the detection result of each cloud server to the cloud management platform includes:
and sending the detection result of each cloud server in the current group to the cloud management platform.
9. The endogenous security mechanism-based security detection method of claim 8, wherein after the sending the detection results of each of the cloud servers in the current group to the cloud management platform, the method further comprises:
deleting the target snapshot data of each cloud server in the current group.
10. The endogenous security mechanism-based security detection method of claim 9, wherein after the deleting the target snapshot data of each of the cloud servers in the current group, the method further comprises:
receiving the mount request carrying the next group of target snapshot data sent by the cloud management platform;
performing security detection on target snapshot data of each cloud server in the next group;
and sending the detection result of each cloud server in the next group to the cloud management platform.
11. A security detection apparatus based on an endogenous security mechanism, comprising:
the acquisition unit is used for acquiring a cloud server list;
a creating unit, configured to create target snapshot data for at least one cloud server in the cloud server list;
the first sending unit is used for sending a mounting request carrying the target snapshot data of at least one cloud server to a detection server;
a first receiving unit, configured to receive a detection result of each cloud server sent by the detection server; the detection result is obtained by the detection server performing security detection on the target snapshot data of the cloud server.
12. A security detection apparatus based on an endogenous security mechanism, comprising:
the second receiving unit is used for receiving a mount request which is sent by the cloud management platform and carries target snapshot data of at least one cloud server;
the first detection unit is used for carrying out security detection on the target snapshot data of each cloud server to obtain a detection result;
and the second sending unit is used for sending the detection result of each cloud server to the cloud management platform.
13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the endogenous security mechanism based security detection method according to any of claims 1 to 5 or the steps of the endogenous security mechanism based security detection method according to any of claims 6 to 10.
14. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the method for intrinsic safety mechanism based security detection of any one of claims 1 to 5 or the steps of the method for intrinsic safety mechanism based security detection of any one of claims 6 to 10.
15. A computer program product comprising a computer program, wherein the computer program when executed by a processor implements the steps of the endogenous security mechanism based security detection method according to any of claims 1 to 5 or the steps of the endogenous security mechanism based security detection method according to any of claims 6 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111641755.6A CN114499985A (en) | 2021-12-29 | 2021-12-29 | Safety detection method and device based on endogenous safety mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111641755.6A CN114499985A (en) | 2021-12-29 | 2021-12-29 | Safety detection method and device based on endogenous safety mechanism |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114499985A true CN114499985A (en) | 2022-05-13 |
Family
ID=81507780
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111641755.6A Pending CN114499985A (en) | 2021-12-29 | 2021-12-29 | Safety detection method and device based on endogenous safety mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114499985A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844162A (en) * | 2016-04-08 | 2016-08-10 | 北京北信源软件股份有限公司 | Method for scanning bugs of windows virtual machines under virtualized platform |
| US20180196825A1 (en) * | 2017-01-06 | 2018-07-12 | Oracle International Corporation | Low-latency direct cloud access with file system hierarchies and semantics |
| CN109032840A (en) * | 2018-07-02 | 2018-12-18 | 国网山东省电力公司信息通信公司 | A kind of data managing method and device |
| US20190213104A1 (en) * | 2018-01-08 | 2019-07-11 | Microsoft Technology Licensing, Llc | Cloud validation as a service |
| CN110611591A (en) * | 2019-09-18 | 2019-12-24 | 重庆特斯联智慧科技股份有限公司 | Network topology establishing method and device |
| CN110677321A (en) * | 2019-09-25 | 2020-01-10 | 广州通导信息技术服务有限公司 | Elastically-telescopic cloud pressure measuring method, device, equipment and storage medium |
| CN111294386A (en) * | 2020-01-13 | 2020-06-16 | 北京淳中科技股份有限公司 | Server communication method and device and electronic equipment |
| CN112433899A (en) * | 2020-11-27 | 2021-03-02 | 中国建设银行股份有限公司 | Cloud server batch detection method, device, equipment and storage medium |
-
2021
- 2021-12-29 CN CN202111641755.6A patent/CN114499985A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844162A (en) * | 2016-04-08 | 2016-08-10 | 北京北信源软件股份有限公司 | Method for scanning bugs of windows virtual machines under virtualized platform |
| US20180196825A1 (en) * | 2017-01-06 | 2018-07-12 | Oracle International Corporation | Low-latency direct cloud access with file system hierarchies and semantics |
| US20190213104A1 (en) * | 2018-01-08 | 2019-07-11 | Microsoft Technology Licensing, Llc | Cloud validation as a service |
| CN109032840A (en) * | 2018-07-02 | 2018-12-18 | 国网山东省电力公司信息通信公司 | A kind of data managing method and device |
| CN110611591A (en) * | 2019-09-18 | 2019-12-24 | 重庆特斯联智慧科技股份有限公司 | Network topology establishing method and device |
| CN110677321A (en) * | 2019-09-25 | 2020-01-10 | 广州通导信息技术服务有限公司 | Elastically-telescopic cloud pressure measuring method, device, equipment and storage medium |
| CN111294386A (en) * | 2020-01-13 | 2020-06-16 | 北京淳中科技股份有限公司 | Server communication method and device and electronic equipment |
| CN112433899A (en) * | 2020-11-27 | 2021-03-02 | 中国建设银行股份有限公司 | Cloud server batch detection method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107612895B (en) | Internet anti-attack method and authentication server | |
| CN102932370B (en) | A kind of security sweep method, equipment and system | |
| CN109922062B (en) | Source code leakage monitoring method and related equipment | |
| US9973513B2 (en) | Method and apparatus for communication number update | |
| KR20130066901A (en) | Apparatus and method for analyzing malware in data analysis system | |
| CN112948835A (en) | Applet risk detection method and device | |
| EP2806672A1 (en) | Application processing method and mobile terminal | |
| CN112199151B (en) | Application program running method and device | |
| CN113423120A (en) | Data distribution processing method and device based on private network terminal and electronic equipment | |
| WO2023207175A1 (en) | Scanning detection method, apparatus and system in hybrid cloud environment, and device and medium | |
| CN114499985A (en) | Safety detection method and device based on endogenous safety mechanism | |
| CN116821896A (en) | Malicious sample file acquisition system, malicious sample file reporting method and device | |
| CN116108435A (en) | On-demand opening method and device for safety cut surface of mobile terminal | |
| US11636198B1 (en) | System and method for cybersecurity analyzer update and concurrent management system | |
| CN115174192A (en) | Application security protection method and device, electronic equipment and storage medium | |
| CN114020513A (en) | Method and device for processing log information | |
| CN108897639B (en) | File processing method and device | |
| CN108133154B (en) | Method and device for storing file | |
| CN112948831A (en) | Application program risk identification method and device | |
| CN114270309A (en) | Resource acquisition method and device and electronic equipment | |
| CN113127853A (en) | Method and device for safely processing virtual machine file | |
| CN106162609B (en) | Data pushing method and device | |
| CN116975850B (en) | Contract operation method, contract operation device, electronic equipment and storage medium | |
| CN108256320B (en) | Dynamic detection method, device, equipment and storage medium for differential domain | |
| CN114254313A (en) | Protection method and device for Java malicious command execution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |