CN114640571A - Terminal security analysis method, system, computer equipment and storage medium - Google Patents

Terminal security analysis method, system, computer equipment and storage medium Download PDF

Info

Publication number
CN114640571A
CN114640571A CN202210337885.9A CN202210337885A CN114640571A CN 114640571 A CN114640571 A CN 114640571A CN 202210337885 A CN202210337885 A CN 202210337885A CN 114640571 A CN114640571 A CN 114640571A
Authority
CN
China
Prior art keywords
server
query
user terminal
terminal
virtual table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210337885.9A
Other languages
Chinese (zh)
Inventor
秦峰
王明博
卢肖
应强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongan Information Technology Service Co Ltd
Original Assignee
Shanghai Zhongzhi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Zhongzhi Technology Co ltd filed Critical Shanghai Zhongzhi Technology Co ltd
Priority to CN202210337885.9A priority Critical patent/CN114640571A/en
Publication of CN114640571A publication Critical patent/CN114640571A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9017Indexing; Data structures therefor; Storage structures using directory or table look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention relates to a terminal security analysis method, a system, computer equipment and a storage medium, wherein the method comprises the following steps: installing terminal agent software on a user terminal, acquiring a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the adapted virtual table; the server side sends a structured query statement to the terminal agent software, and the terminal agent software executes query operation on the adaptive virtual table after receiving the structured query statement; acquiring a query result, and transmitting the query result to a database or a preset position of a server; and the server executes monitoring operation and acquires monitoring information from the database. By adopting the method, the safety analysis of the user terminals of different platforms does not need to use a special safety analysis tool any more, and the virtual table can be inquired by issuing a structured inquiry statement through the server management software, so that the universality of the safety analysis tool is improved.

Description

Terminal security analysis method, system, computer equipment and storage medium
Technical Field
The present invention relates to the field of security analysis, and in particular, to a method, a system, a computer device, and a storage medium for terminal security analysis.
Background
Traditional terminal safety analysis work needs safety engineer to use the safety tool who restricts the platform at different platforms to carry out safety monitoring, and the technical threshold is higher, and the analysis result of different platforms is difficult to unified management and maintenance.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a terminal security analysis method, a system, a computer device, and a storage medium, which can implement security analysis of user terminals of different platforms by using server management software in a unified manner.
In one aspect, a terminal security analysis method is provided, where the method includes:
installing terminal agent software on a user terminal, acquiring a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the adapted virtual table;
the server sends a structured query statement to the terminal agent software, and the terminal agent software executes query operation on the adapted virtual table after receiving the structured query statement;
acquiring a query result, and transmitting the query result to a database or a preset position of the server;
and the server executes monitoring operation and acquires monitoring information from the database.
In one embodiment, the installing terminal agent software on the user terminal, obtaining a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the virtual table specifically includes:
acquiring a virtual table matched with the user terminal and a processing function corresponding to the matched virtual table;
installing terminal agent software on a user terminal;
and the terminal agent software establishes a mapping relation between the system information of the user terminal and the adapted virtual table through the processing function.
In one embodiment, the server includes server management software and server monitoring software, and before the server sends a structured query statement to the terminal agent software, the method further includes:
and receiving information configuration executed by the operation and maintenance personnel through the server management software and the server monitoring software.
In one embodiment, the query operation of the adapted virtual table specifically includes:
acquiring task configuration;
acquiring a timing query task list from the task configuration;
executing the query tasks of the state table and the event table according to the timing query task list;
the virtual table comprises the state table and the event table, the state table is a virtual table without set query time, and the event table is a virtual table with set query time.
In one embodiment, a communication interface is arranged on the server, and query results related to monitoring information in the query results are all returned to the server through the communication interface and stored in the database.
In one embodiment, the monitoring operation specifically includes:
the server receives a monitoring instruction;
the server side pulls monitoring information from the database;
and judging whether to execute alarm or not according to the monitoring information.
In one embodiment, the communication interface specifically includes:
an active detection interface for detecting whether the user terminal is in an active state;
a task obtaining interface, configured to enable the user terminal to obtain a query task from the server;
the temporary query interface is used for the server side to issue a temporary structured query statement to the user terminal;
and the result returning interface is used for returning the query result to the server by the user terminal.
In another aspect, a terminal security analysis system is provided, the system including:
the server module is used for issuing a structured query statement to the user terminal module and storing a query result;
the user terminal module is used for executing the structured query statement to complete query operation and outputting a query result;
and the virtual table module is used for acquiring the system information of the user terminal module through the mapping relation.
In another aspect, a computer device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program to implement the following steps:
installing terminal agent software on a user terminal, acquiring a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the adapted virtual table;
the server sends a structured query statement to the terminal agent software, and the terminal agent software executes query operation on the adapted virtual table after receiving the structured query statement;
acquiring a query result, and transmitting the query result to a database or a preset position of the server;
and the server executes monitoring operation and acquires monitoring information from the database.
In yet another aspect, a computer-readable storage medium is provided, which stores a program that, when executed by a processor, causes the processor to perform the steps of:
installing terminal agent software on a user terminal, acquiring a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the adapted virtual table;
the server sends a structured query statement to the terminal agent software, and the terminal agent software executes query operation on the adapted virtual table after receiving the structured query statement;
acquiring a query result, and transmitting the query result to a database or a preset position of the server;
and the server executes monitoring operation and acquires monitoring information from the database.
Compared with the prior art, the technical scheme of the invention has the following advantages:
the terminal security analysis method, the system, the computer equipment and the storage medium establish the virtual tables suitable for the user terminals of different platforms, and when the inquiry operation is executed, the terminal agent software acquires the virtual table adapted to the user terminal; the server side sends a structured query statement to the terminal agent software and executes query operation on the adaptive virtual table; acquiring a query result, and transmitting the query result to a database or a preset position of a server; the server executes monitoring operation and acquires monitoring information from the database, and due to the existence of the virtual table, the safety analysis of the user terminals of different platforms does not need to use a special safety analysis tool any more, and the server management software issues a structured query statement to query the virtual table, so that the universality of the safety analysis tool is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a first method flow diagram of a terminal security analysis method of the present invention;
FIG. 2 is a second method flow diagram of the terminal security analysis method of the present invention;
FIG. 3 is a system configuration diagram of the terminal security analysis system of the present invention;
fig. 4 is a device configuration diagram of the computer device of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The first embodiment is as follows:
referring to fig. 1 to 2, a terminal security analysis method according to this embodiment is shown, where fig. 1 is a flowchart of a first method for terminal security analysis according to the present invention; fig. 2 is a flowchart of a second method of the terminal security analysis method of the present invention.
The method comprises the following steps:
installing terminal agent software on a user terminal, acquiring a virtual table suitable for the user terminal through the terminal agent software, and mapping system information of the user terminal to the suitable virtual table;
in the security analysis in the prior art, each platform (such as a Windows platform, a macOS platform, and a Linux platform) needs to use a dedicated security analysis tool to perform the related system information query work. The invention realizes the unified use of the server management software to obtain the query results of different platforms by establishing the virtual table, thereby carrying out security analysis and improving the universality of the security analysis tool. The method comprises the steps of firstly, obtaining a virtual table adaptive to a user terminal on the user terminal, installing terminal agent software, mapping system information of the user terminal to the virtual table adaptive to the user terminal through the terminal agent software, and reading information on the virtual table only by issuing a query instruction or configuring a timing query task through server management software when a server needs to obtain the system information of the user terminal. And the user terminals of different platforms are adapted to different virtual tables. The system information to be acquired, that is, the information on the virtual table, includes basic information related to the system, such as an operating system, hardware information, disk information, and the like; running state information such as a process list, a port list, a network connection list, and the like; operation log information such as a file operation log, etc. The user may also create additional virtual tables according to specific needs.
The server sends a structured query statement to the terminal agent software, and the terminal agent software executes the query operation of the adapted virtual table after receiving the structured query statement;
after the adapted virtual table is obtained on the user terminal, the terminal agent software is installed, and the mapping relation between the adapted virtual table and the system information of the user terminal is established, the server can query the virtual table through a structured query statement or query through configuring a timing query task to obtain the system information in the virtual table, namely the system information of the user terminal, the system information, namely the information related to the user terminal, which is to be queried by the server. The interactive relation between the server and the user terminal is established through the virtual table, and the acquisition of system information of different platforms can be realized only through unified structured query statements or configuration of timing query tasks on the server management software. The structured query statement adopts an SQL-like query statement.
Acquiring a query result, and transmitting the query result to a database or a preset position of the server;
after the query operation is executed, the query result can be obtained, the user terminal transmits the query result to a database of the server through a communication interface of the server, and the query result is stored, so that the system information can be safely analyzed, and the monitoring information can be further obtained from the system information. Or outputting the query result to a preset position, wherein the preset position comprises a local position, an interface return position, an elastic search-search engine and the like.
And the server executes monitoring operation and acquires monitoring information from the database.
When the server executes the monitoring operation, the server monitoring software can directly acquire the monitoring information from the database so as to perform security analysis through the monitoring information.
The server side is provided with server side management software and server side monitoring software, and the server side is provided with a system firewall so as to allow the server side to open a communication interface to the outside, so that a user terminal can perform information interaction with the user terminal through the communication interface. The server management software can configure content such as timing query, monitoring conditions, alarm and the like. The server side monitoring software can configure monitoring logs, alarm triggering conditions and other contents, and can be automatically connected with the database. When the server side installs the server side management software and the server side monitoring software, the method comprises the following steps: initializing a service-side environment and a database environment, and installing the dependency; allowing the server side to open a communication interface to the outside in a firewall of the server side system; deploying and operating a server management software source code; the server management software automatically connects the database and opens a communication interface to wait for the connection of the user terminal; configuring related contents on a server management software interface; deploying and operating a monitoring software source code of a server; the server side monitoring software is automatically connected with the database, and relevant contents, such as monitoring log storage contents, alarm conditions and the like, are configured on a server side monitoring software interface.
In one embodiment, the installing terminal agent software on the user terminal, obtaining a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the virtual table specifically includes:
acquiring a virtual table matched with the user terminal and a processing function corresponding to the matched virtual table;
to realize the security analysis of different platforms through the unified server management software, a virtual table adapted to the user terminal and a processing function corresponding to the virtual table adapted to the user terminal are obtained on the user terminal, so as to establish a mapping relationship between the virtual table adapted to the user terminal and system information of the user terminal.
Installing terminal agent software on a user terminal;
and installing terminal agent software, so as to conveniently realize the mapping between the virtual table and the system information of the user terminal. And the terminal agent software is provided with a communication interface of the server so as to realize information interaction with the server.
The terminal agent software can also automatically acquire the query task from the server through the communication interface. The method for installing the terminal agent software comprises the following steps: initializing a user terminal environment and installing the dependency; deploying terminal agent software, and configuring a communication interface address and an output address; running terminal agent software; the terminal agent software can automatically acquire the local task from the server; and after executing the task, the terminal agent software outputs a query log according to the configuration.
And the terminal agent software establishes a mapping relation between the system information of the user terminal and the adapted virtual table through the processing function.
After the terminal agent software is installed on the user terminal, the terminal agent software establishes a mapping relation between the system information of the user terminal and the adapted virtual table through the processing function, so that the system information of the user terminal can be conveniently obtained by inquiring the virtual table through the processing function.
In one embodiment, the server includes server management software and server monitoring software, and before the server sends the structured query statement to the terminal agent software, the method further includes:
receiving information configuration executed by operation and maintenance personnel through the server management software and the server monitoring software;
the server comprises two pieces of software, namely server management software and server monitoring software. The server management software is mainly used for implementing query operation on the user terminal to obtain information such as process information, file modification records and the like of the user terminal, so that the server management software needs to perform relevant information configuration on query information, such as configuring information such as timing query tasks, configuring log output and the like. The server monitoring software is mainly used for realizing monitoring operation of the server so as to obtain monitoring data and a vulnerability monitoring result. Therefore, the monitoring information needs to be configured by the server monitoring software, such as configuring monitoring conditions, configuring alarm modes, and the like. The server management software provides relevant configuration interfaces, such as an information interface for displaying a user terminal connected with the server interface, an interface for displaying operation and maintenance personnel to modify a timing query task, an interface for displaying a manual input query statement and waiting for a query result, an interface for displaying operation and maintenance personnel to configure log monitoring conditions, and an interface for displaying operation and maintenance personnel to configure an alarm person and an alarm mode.
In one embodiment, the query operation of the virtual table specifically includes:
acquiring task configuration;
task configuration, such as ID of query task, query statement, result form, output location, etc. Wherein the result form comprises a full result and a changed result; if the result form configured by a certain query task in the task list is a full result, outputting the full result when the query is finished, namely all the results of the latest query; if the result form of a certain query task configuration in the task list is a changed result, the changed place compared with the last query result, namely the changed result compared with the last query result, is output at the end of the query. The output location, i.e., the preset location, includes a local location, an interface return location, and an ElasticSearch-search engine, etc. The interface return position refers to a result return interface arranged on the server side, and the user terminal can return the query result to the server side through the result interface on the server side. In addition, the task not only is a query task configured locally at the user terminal, but also comprises a query task acquired from the server through the task acquisition interface.
Acquiring a timing query task list from the task configuration;
the task configuration stores a timing query task list, and the timing query list lists query tasks to be executed and configurations of related query tasks, such as task IDs, query statements, result forms, output positions, and the like.
Executing the query tasks of the state table and the event table according to the timing query task list;
and after the timing query task list is obtained, sequentially querying according to the timing query task list, and completing the query task according to task configuration. The query tasks include a query task of a state table and a query task of an event table.
The virtual table comprises the state table and the event table, the state table is a virtual table without set query time, and the event table is a virtual table with set query time.
The state table is a virtual table without set query time, and the query task is executed according to the configuration of the timing task list; the event table is a virtual table for setting query time, the time table sets a time period during query, and system information in the time period can be automatically queried during execution of a query task, namely, a system event of the user terminal is monitored.
In one embodiment, a communication interface is arranged on the server, and query results related to monitoring information in the query results are all returned to the server through the communication interface and stored in the database.
The server side is provided with a communication interface for realizing the information interaction between the user terminal and the server side when executing the query task. In the invention, the server management software and the server monitoring software share one database, and all the information obtained by inquiry is stored in the database. Typically, the output location includes three options, namely, a local location, an interface return location, and an ElasticSearch-search engine. System information except the monitoring information is output according to the output position in the task configuration; but the system information related to the monitoring information is uniformly returned to the server through the communication interface and is stored in the database, so that the monitoring software of the server can directly acquire the monitoring information from the database for security analysis.
The monitoring operation specifically includes:
the server receives a monitoring instruction;
the server receives the monitoring instruction so as to start the monitoring group operation of the server.
The server side pulls monitoring information from the database;
after the server receives the monitoring instruction to start the monitoring operation, the server monitoring software and the server management software share one database, and the server monitoring software directly obtains the monitoring information from the database, so that the use threshold of a safety engineer is reduced. Related monitoring configuration can also be carried out, and the server side monitoring software automatically acquires monitoring information from the database at regular time.
And judging whether to execute alarm or not according to the monitoring information.
And after the server monitoring software acquires the monitoring information, judging whether alarm operation needs to be executed on the monitoring information. The monitoring information comprises two types, one type is conventional information of the user terminal, such as information of a CPU, an internal memory, a magnetic disk and the like; the service side can acquire installation package information of all installation software on the user terminal, compares the installation package information with a vulnerability library, judges whether a vulnerability exists or not, and executes alarm operation to operation and maintenance personnel if the vulnerability exists.
In one embodiment, the communication interface specifically includes:
an active detection interface for detecting whether the user terminal is in an active state;
and the activity detection interface is used for detecting whether the user terminal is in an activity state, namely detecting whether the user terminal can respond to the query task issued by the server, so that the operation and maintenance personnel can process the task in time when the user terminal cannot respond to the server.
A task obtaining interface, configured to enable the user terminal to obtain a query task from the server;
and the task acquisition interface is used for the user terminal to acquire the query task from the server, namely, the query task executed by the user terminal not only is a query task configured in the local part of the user terminal, but also comprises the query task acquired from the server through the task acquisition interface.
The temporary query interface is used for the server side to issue a temporary structured query statement to the user terminal;
and the temporary query interface is used for the server side to issue a temporary structured query statement to the user terminal. The temporary query interface refers to a non-timed query statement at the server. For example, the server side needs to query some data suddenly, but the data is not a timing task but needs to be queried suddenly, at this time, the user terminal detects whether a temporary query task exists in the temporary query interface at regular time, and if yes, executes the temporary query and returns a result.
And the result returning interface is used for returning the query result to the server by the user terminal.
And according to the information configuration, all information needing to be returned to the server is returned to a database of the server through a result return interface, so that the server monitoring software can directly acquire monitoring information from the database for safety analysis. Preferably, according to the information configuration, the information that needs to be returned to the server is added with a mark to be submitted, and if the mark to be submitted exists, the information with the mark to be submitted is returned to the server through the result return interface.
Example two:
referring to fig. 2, fig. 2 is a flowchart illustrating a second method of the terminal security analysis method according to the present invention.
Acquiring a virtual table matched with the user terminal and a processing function corresponding to the matched virtual table;
to realize the security analysis of different platforms through the unified server management software, a virtual table adapted to the user terminal and a processing function corresponding to the virtual table adapted to the user terminal are obtained on the user terminal, so as to establish a mapping relationship between the virtual table adapted to the user terminal and system information of the user terminal.
Installing terminal agent software on a user terminal;
and installing terminal agent software, so as to conveniently realize the mapping between the virtual table and the system information of the user terminal. And the terminal agent software is provided with a communication interface of the server so as to realize information interaction with the server. The terminal agent software can also automatically acquire the query task from the server through the communication interface.
The terminal agent software establishes a mapping relation between the system information of the user terminal and the adapted virtual table through the processing function;
after the terminal agent software is installed on the user terminal, the terminal agent software establishes a mapping relation between the system information of the user terminal and the adapted virtual table through a processing function so as to obtain the system information of the user terminal by inquiring the virtual table.
Receiving information configuration executed by operation and maintenance personnel through the server management software and the server monitoring software;
the server comprises two pieces of software, namely server management software and server monitoring software. The server management software is mainly used for implementing query operation on the user terminal to obtain information such as process information, file modification records and the like of the user terminal, so that the server management software needs to perform relevant information configuration on query information, such as configuring information such as timing query tasks, configuring log output and the like. The server monitoring software is mainly used for realizing monitoring operation of the server so as to obtain monitoring data and a vulnerability monitoring result. Therefore, the monitoring information needs to be configured by the server monitoring software, such as configuring monitoring conditions, configuring alarm modes, and the like.
The server side sends a structured query statement to the terminal agent software;
after the virtual table is established on the user terminal, the terminal agent software is installed, and the mapping relationship between the virtual table and the system information of the user terminal is established, the server can query the virtual table through the structured query statement to obtain the system information in the virtual table, namely the system information of the user terminal, and the system information, namely the information of the user terminal to be queried by the server.
Acquiring task configuration;
task configuration, such as ID of query task, query statement, result form, output location, etc.
Acquiring a timing query task list from the task configuration;
the task configuration stores a timing query task list, and the timing query list lists query tasks to be executed and configurations of related query tasks, such as task IDs, query statements, result forms, output positions, and the like.
Executing the query tasks of the state table and the event table according to the timing query task list;
and after the timing query task list is obtained, sequentially querying according to the timing query task list, and completing the query task according to task configuration. The query tasks include a query task of a state table and an event table.
Acquiring a query result, and transmitting the query result to a database or a preset position of the server;
after the query operation is executed, the query result can be obtained, the user terminal transmits the query result to the database of the server through the communication interface of the server, and the query result is stored, so that the system information can be safely analyzed, and the monitoring information can be further obtained from the system information. Or outputting the query result to a preset position, including a local position, an interface return position, an ElasticSearch-search engine and the like.
And the server executes monitoring operation and acquires monitoring information from the database.
When the server executes the monitoring operation, the server monitoring software can pull the monitoring information from the database so as to perform security analysis through the monitoring information.
It should be understood that although the various steps in the flow charts of fig. 1-2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 1-2 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least some of the sub-steps or stages of other steps.
Example three:
referring to fig. 3, fig. 3 is a system configuration diagram of the terminal security analysis system according to the present invention.
The terminal security analysis system of the embodiment includes:
the server module is used for issuing a structured query statement to the user terminal module and storing a query result;
the server module comprises server management software and server monitoring software, and can uniformly use the server management software to issue a structured query statement to the user terminal module through the server module so as to acquire system information, namely query results, of the user terminals of different platforms, and store the query results to a preset position for safety analysis.
The user terminal module is used for executing the structured query statement to complete the query operation and outputting a query result;
and the user terminal module is used for receiving the structured query statement issued by the user terminal module, then executing the query operation of the virtual table and acquiring the query result.
And the virtual table module is used for acquiring the system information of the user terminal module through the mapping relation.
The virtual table module establishes a bridge between the server module and the user terminal module, and the server module can uniformly use the server management software to structurally query statements under the user terminal module through the bridge so as to acquire system information of user terminals of different platforms.
For specific limitations of the terminal security analysis system, reference may be made to the above limitations of the method, which are not described herein again. All or part of each module in the terminal security analysis system can be realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
Example four:
the embodiment provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and is characterized in that the processor implements the steps of the terminal security analysis method when executing the computer program.
The computer device may be a terminal, and its internal structure diagram may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a terminal security analysis method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the configuration shown in fig. 4 is a block diagram of only a portion of the configuration relevant to the present solution and does not constitute a limitation on the computing device to which the present solution applies, and that a particular computing device may include more or less components than those shown, or combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
installing terminal agent software on a user terminal, acquiring a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the adapted virtual table;
the server sends a structured query statement to the terminal agent software, and the terminal agent software executes query operation on the adapted virtual table after receiving the structured query statement;
acquiring a query result, and transmitting the query result to a database or a preset position of the server;
and the server executes monitoring operation and acquires monitoring information from the database.
In one embodiment, the processor, when executing the computer program, further performs the following steps:
acquiring a virtual table matched with the user terminal and a processing function corresponding to the matched virtual table;
installing terminal agent software on a user terminal;
and the terminal agent software establishes a mapping relation between the system information of the user terminal and the adaptive virtual table through the processing function.
In one embodiment, the processor, when executing the computer program, further performs the following steps:
and receiving information configuration executed by the operation and maintenance personnel through the server management software and the server monitoring software.
In one embodiment, the processor, when executing the computer program, further performs the following steps:
acquiring task configuration;
acquiring a timing query task list from the task configuration;
and executing the query tasks of the state table and the event table according to the timing query task list.
In one embodiment, the processor, when executing the computer program, further performs the following steps:
the server receives a monitoring instruction;
the server side pulls monitoring information from the database;
and judging whether to execute alarm or not according to the monitoring information.
Example five:
the present embodiments provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
installing terminal agent software on a user terminal, acquiring a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the adapted virtual table;
the server sends a structured query statement to the terminal agent software, and the terminal agent software executes query operation on the adapted virtual table after receiving the structured query statement;
acquiring a query result, and transmitting the query result to a database or a preset position of the server;
and the server executes monitoring operation and acquires monitoring information from the database.
In one embodiment, the processor, when executing the computer program, further performs the following steps:
acquiring a virtual table matched with the user terminal and a processing function corresponding to the matched virtual table;
installing terminal agent software on a user terminal;
and the terminal agent software establishes a mapping relation between the system information of the user terminal and the adapted virtual table through the processing function.
In one embodiment, the processor, when executing the computer program, further performs the following steps:
and receiving information configuration executed by the operation and maintenance personnel through the server management software and the server monitoring software.
In one embodiment, the processor, when executing the computer program, further performs the following steps:
acquiring task configuration;
acquiring a timing query task list from the task configuration;
and executing the query tasks of the state table and the event table according to the timing query task list.
In one embodiment, the processor, when executing the computer program, further performs the following steps:
the server receives a monitoring instruction;
the server side pulls monitoring information from the database;
and judging whether to execute alarm or not according to the monitoring information.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A terminal security analysis method is characterized by comprising the following steps:
installing terminal agent software on a user terminal, acquiring a virtual table adapted to the user terminal through the terminal agent software, and mapping system information of the user terminal to the adapted virtual table;
the server sends a structured query statement to the terminal agent software, and the terminal agent software executes query operation on the adapted virtual table after receiving the structured query statement;
acquiring a query result, and transmitting the query result to a database or a preset position of the server;
and the server executes monitoring operation and acquires monitoring information from the database.
2. The method according to claim 1, wherein the installing of the terminal agent software on the user terminal, obtaining of the virtual table adapted to the user terminal through the terminal agent software, and mapping of the system information of the user terminal to the virtual table specifically comprises:
acquiring a virtual table matched with the user terminal and a processing function corresponding to the matched virtual table;
installing terminal agent software on a user terminal;
and the terminal agent software establishes a mapping relation between the system information of the user terminal and the adapted virtual table through the processing function.
3. The terminal security analysis method according to claim 1, wherein the server includes server management software and server monitoring software, and before the server sends the structured query statement to the terminal agent software, the method further includes:
and receiving information configuration executed by the operation and maintenance personnel through the server management software and the server monitoring software.
4. The terminal security analysis method according to claim 1, wherein the query operation of the adapted virtual table specifically includes:
acquiring task configuration;
acquiring a timing query task list from the task configuration;
executing the query tasks of the state table and the event table according to the timing query task list;
the virtual table comprises the state table and the event table, the state table is a virtual table without set query time, and the event table is a virtual table with set query time.
5. The terminal security analysis method according to claim 1, wherein a communication interface is provided on the server, and query results related to monitoring information in the query results are returned to the server through the communication interface and stored in the database.
6. The terminal security analysis method according to claim 1, wherein the monitoring operation specifically includes:
the server receives a monitoring instruction;
the server side pulls monitoring information from the database;
and judging whether to execute alarm or not according to the monitoring information.
7. The terminal security analysis method according to claim 5, wherein the communication interface specifically includes:
an active detection interface for detecting whether the user terminal is in an active state;
a task obtaining interface, configured to enable the user terminal to obtain a query task from the server;
the temporary query interface is used for the server side to issue a temporary structured query statement to the user terminal;
and the result returning interface is used for returning the query result to the server by the user terminal.
8. A terminal security analysis system, the system comprising:
the server module is used for issuing a structured query statement to the user terminal module and storing a query result;
the user terminal module is used for executing the structured query statement to complete the query operation and outputting a query result;
and the virtual table module is used for acquiring the system information of the user terminal module through the mapping relation.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium characterized by: the computer readable storage medium stores a program which, when executed by a processor, causes the processor to perform the steps of the method according to any one of claims 1 to 7.
CN202210337885.9A 2022-03-31 2022-03-31 Terminal security analysis method, system, computer equipment and storage medium Pending CN114640571A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210337885.9A CN114640571A (en) 2022-03-31 2022-03-31 Terminal security analysis method, system, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210337885.9A CN114640571A (en) 2022-03-31 2022-03-31 Terminal security analysis method, system, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114640571A true CN114640571A (en) 2022-06-17

Family

ID=81951418

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210337885.9A Pending CN114640571A (en) 2022-03-31 2022-03-31 Terminal security analysis method, system, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114640571A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6694306B1 (en) * 1999-10-06 2004-02-17 Hitachi, Ltd. System and method for query processing using virtual table interface
US8631034B1 (en) * 2012-08-13 2014-01-14 Aria Solutions Inc. High performance real-time relational database system and methods for using same
US20160103874A1 (en) * 2014-10-08 2016-04-14 Cloudera, Inc. Querying operating system state on multiple machines declaratively
US20160232235A1 (en) * 2015-02-06 2016-08-11 Red Hat, Inc. Data virtualization for workflows
US20180165307A1 (en) * 2016-12-09 2018-06-14 International Business Machines Corporation Executing Queries Referencing Data Stored in a Unified Data Layer

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6694306B1 (en) * 1999-10-06 2004-02-17 Hitachi, Ltd. System and method for query processing using virtual table interface
US8631034B1 (en) * 2012-08-13 2014-01-14 Aria Solutions Inc. High performance real-time relational database system and methods for using same
US20160103874A1 (en) * 2014-10-08 2016-04-14 Cloudera, Inc. Querying operating system state on multiple machines declaratively
US20160232235A1 (en) * 2015-02-06 2016-08-11 Red Hat, Inc. Data virtualization for workflows
US20180165307A1 (en) * 2016-12-09 2018-06-14 International Business Machines Corporation Executing Queries Referencing Data Stored in a Unified Data Layer

Similar Documents

Publication Publication Date Title
US7487494B2 (en) Approach to monitor application states for self-managing systems
US7712084B2 (en) Method for monitoring a program execution using a debug logic
US20080148355A1 (en) Providing Policy-Based Operating System Services in an Operating System on a Computing System
KR20010014839A (en) Data management device, computer system and memory stored with program
CN104737134A (en) System and method for operating system agnostic hardware validation
CN109669724B (en) Multi-command concurrent proxy service method and system based on Linux system
CN110837956A (en) Underground cable inspection task distribution method and device
US5872979A (en) Method and system for removing software involving shared files
CN115167831A (en) Software integration method and device based on AUTOSAR and use method
US20170132330A1 (en) Methods And Systems For Starting Computerized System Modules
US10628280B1 (en) Event logger
CN110231921B (en) Log printing method, device, equipment and computer readable storage medium
CN114640571A (en) Terminal security analysis method, system, computer equipment and storage medium
CN117556413A (en) Operating system application program protection method, device, computer equipment and medium
CN111176986A (en) Thread script debugging method and device, computer equipment and storage medium
US20020170045A1 (en) Method for programmatic representation and enforcement of resource controls
CN116225541A (en) Method and system for communication between in-band CPU and out-of-band management BMC
US20180336086A1 (en) System state information monitoring
CN113296916A (en) Script scheduling method, device, storage medium and computer program product
CN115244516A (en) Service calling information acquisition method and device and service vulnerability testing method
CN116257841B (en) Function processing method and device based on Kubernetes
US20050097345A1 (en) System for selectively enabling operating modes of a device
US9436519B2 (en) Process cooperation method, process cooperation program, and process cooperation system
CN112416762B (en) API test method and device, equipment and computer readable storage medium
CN117632312B (en) Data interaction method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230614

Address after: 518052 Room 201, building A, 1 front Bay Road, Shenzhen Qianhai cooperation zone, Shenzhen, Guangdong

Applicant after: ZHONGAN INFORMATION TECHNOLOGY SERVICE Co.,Ltd.

Address before: 201210 3rd floor, building 1, No.400, Fangchun Road, China (Shanghai) pilot Free Trade Zone, Pudong New Area, Shanghai

Applicant before: Shanghai Zhongzhi Technology Co.,Ltd.