CN114900326A - Method, system and storage medium for monitoring and protecting terminal instruction operation - Google Patents
Method, system and storage medium for monitoring and protecting terminal instruction operation Download PDFInfo
- Publication number
- CN114900326A CN114900326A CN202210332213.9A CN202210332213A CN114900326A CN 114900326 A CN114900326 A CN 114900326A CN 202210332213 A CN202210332213 A CN 202210332213A CN 114900326 A CN114900326 A CN 114900326A
- Authority
- CN
- China
- Prior art keywords
- terminal
- instruction
- operation instruction
- monitoring
- blacklist
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000012544 monitoring process Methods 0.000 title claims abstract description 71
- 244000035744 Hura crepitans Species 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 12
- 230000000694 effects Effects 0.000 claims 1
- 238000012795 verification Methods 0.000 abstract description 10
- 238000012216 screening Methods 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000011022 operating instruction Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a system and a storage medium for monitoring and protecting terminal instruction operation, wherein the method comprises the following steps: receiving an initial blacklist sent by a cloud server, wherein the initial blacklist is generated by the cloud server according to identity information of terminal equipment; responding and executing the operation instruction, determining the danger level of the operation instruction according to the operation result, and sending the operation information and the danger level of the operation instruction to the cloud server; and when the cloud server determines to add the operation instruction into the blacklist, receiving the updated blacklist sent by the cloud server. According to the monitoring and protecting method, the resource advantages of the cloud server can be utilized, the terminal operation instruction is monitored and protected through data screening and verification in the blacklist, the dangerous operation instruction can be prevented in advance, and the terminal equipment is guaranteed to be safer.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a monitoring and protecting method for terminal instruction operation, a computer-readable storage medium, a terminal device, a cloud server and a monitoring and protecting system for terminal instruction operation.
Background
With the rapid development of the Internet of things, the Internet of things is integrated with the existing industry, and the terminal has huge market potential. The terminal of the internet of things is a device which is connected with a sensing network layer and a transmission network layer in the internet of things and used for acquiring data and sending the data to the network layer, and mainly has multiple functions of data acquisition, preliminary processing, encryption, transmission and the like. The rapid popularization of the internet of things terminal also has a huge safety risk, so that higher requirements are put forward on the instruction operation of the terminal.
The current monitoring of terminal instruction operation only records and uploads to a cloud platform aiming at dangerous operation commands, and cannot be stopped when similar dangerous instructions are encountered next time, so that the terminal still can be trapped into the same safety risk due to the same operation, and meanwhile, if data leaks and other problems, serious economic loss can be caused to a user.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art. Therefore, a first object of the present invention is to provide a method for monitoring and protecting terminal instruction operation, which can monitor and protect a terminal operation instruction by screening and verifying data in a blacklist by using resource advantages of a cloud server, can prevent a dangerous operation instruction in advance, and provide a safer guarantee for a terminal device.
The second objective of the present invention is to provide a method for monitoring and protecting terminal command operation.
A third object of the invention is to propose a computer-readable storage medium.
A fourth object of the present invention is to provide a terminal device.
The fifth objective of the present invention is to provide a cloud server.
A sixth object of the present invention is to provide a monitoring and protection system for terminal command operation.
In order to achieve the above object, an embodiment of a first aspect of the present invention provides a method for monitoring and protecting terminal instruction operations, including: receiving an initial blacklist sent by a cloud server, wherein the initial blacklist is generated by the cloud server according to identity information of terminal equipment; responding and executing the operation instruction, determining the danger level of the operation instruction according to the operation result, and sending the operation information and the danger level of the operation instruction to the cloud server; and when the cloud server determines to add the operation instruction into the blacklist, receiving the updated blacklist sent by the cloud server.
According to the monitoring and protection method of the terminal instruction operation, an initial blacklist sent by a cloud server is received, the initial blacklist is generated by the cloud server according to identity information of terminal equipment, then an operation instruction is responded and executed, the danger level of the operation instruction is determined according to an operation result, the operation information and the danger level of the operation instruction are sent to the cloud server, and finally when the cloud server determines that the operation instruction is added into the blacklist, an updated blacklist sent by the cloud server is received. Therefore, the method can monitor and protect the terminal operation instruction by utilizing the resource advantages of the cloud server and through data screening and verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for the terminal equipment.
In addition, the monitoring and protection method for terminal instruction operation according to the above embodiment of the present invention may further have the following additional technical features:
according to one embodiment of the invention, the operation result is determined according to the influence of the execution operation instruction on the terminal equipment.
According to one embodiment of the invention, the operation result is determined according to the influence of the operation instruction on the terminal equipment, and the operation result comprises the following steps: generating garbage data, redundant logs, redundant services or processes in the terminal equipment without influencing the operation of a terminal system, and determining an operation result as a first result; when the application program cannot be normally used in the terminal equipment, determining that the operation result is a second result; and when the terminal equipment cannot be normally used, determining that the operation result is a third result.
According to one embodiment of the invention, when the operation result is a first result, determining the danger level of the operation instruction as a first danger level; when the operation result is a second result, determining that the danger level of the operation instruction is a second danger level, wherein the danger coefficient of the first danger level is smaller than that of the second danger level; and when the operation result is a third result, determining that the danger level of the operation instruction is a third danger level, wherein the danger coefficient of the second danger level is smaller than that of the third danger level.
In order to achieve the above object, an embodiment of a second aspect of the present invention provides a method for monitoring and protecting terminal instruction operations, including: receiving identity information of a plurality of terminal devices; generating an initial blacklist according to the identity information, and sending the initial blacklist to corresponding terminal equipment; receiving danger levels of operation instructions and operation instruction information sent by a plurality of terminal devices; and updating the initial blacklists corresponding to the plurality of terminal devices when the operation instruction is determined to be added into the blacklist according to the danger level of the operation instruction and the operation instruction information, and sending the updated blacklists to the corresponding terminal devices.
According to the monitoring and protecting method for the terminal instruction operation, firstly, identity information of a plurality of terminal devices is received, then an initial blacklist is generated according to the identity information, the initial blacklist is sent to corresponding terminal devices, then danger levels and operation instruction information of operation instructions sent by the plurality of terminal devices are received, finally, when the operation instructions are determined to be added into the blacklist according to the danger levels and the operation instruction information of the operation instructions, the initial blacklist corresponding to the plurality of terminal devices is updated, and the updated blacklist is sent to the corresponding terminal devices. Therefore, the method can monitor and protect the terminal operation instruction by utilizing the resource advantages of the cloud server through data screening and verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for the terminal equipment.
In addition, the monitoring and protection method for terminal instruction operation according to the above embodiment of the present invention may further have the following additional technical features:
according to one embodiment of the invention, when any one of the following conditions is met, the operation instruction is determined to be added into a blacklist, and the danger level of the operation instruction is a second danger level or a third danger level; the danger level of the operation instruction is a first danger level, and the execution frequency of the operation instruction is greater than a first set threshold; the danger level of the operation instruction is the first danger level, and the number of the terminal devices executing the operation instruction is larger than a second set threshold value.
According to an embodiment of the present invention, before adding the operation instruction to the blacklist, the method further includes: verifying the operation instruction in a sandbox environment, wherein the sandbox environment is similar to the identity information of the terminal equipment corresponding to the operation instruction; and when the operation instruction is verified to be a dangerous operation instruction, updating the current blacklist of the corresponding terminal equipment.
According to an embodiment of the present invention, the method for monitoring and protecting the terminal instruction operation further includes: and updating the current blacklists of all terminal devices with similar identity information with the terminal device when the operation instruction is determined to be added into the blacklist.
In order to achieve the above object, a computer-readable storage medium is provided in an embodiment of a third aspect of the present invention, on which a monitoring and protection program of a terminal instruction operation is stored, and the monitoring and protection program of the terminal instruction operation implements the above monitoring and protection method of the terminal instruction operation when executed by a processor.
By executing the monitoring and protecting method of the terminal instruction operation, the computer-readable storage medium of the embodiment of the invention can prevent dangerous operation instructions in advance and provide safer guarantee for terminal equipment.
In order to achieve the above object, a terminal device according to a fourth aspect of the present invention includes: the monitoring and protection method for the terminal instruction operation is realized when the processor executes the monitoring and protection program for the terminal instruction operation.
By executing the monitoring and protecting method of the terminal instruction operation of the embodiment of the first aspect, the terminal device of the embodiment of the invention can prevent dangerous operation instructions in advance and provide safer guarantee for the terminal device.
In order to achieve the above object, an embodiment of a fifth aspect of the present invention provides a cloud server, including: the monitoring and protection method for the terminal instruction operation is realized when the processor executes the monitoring and protection program for the terminal instruction operation.
According to the cloud server provided by the embodiment of the invention, by executing the monitoring and protection method for the terminal instruction operation in the embodiment of the second aspect, dangerous operation instructions can be prevented in advance, and the terminal equipment is ensured to be safer.
In order to achieve the above object, a sixth aspect of the present invention provides a monitoring and protecting system for terminal instruction operation, including the above terminal device and cloud server.
According to the monitoring and protecting system for the terminal instruction operation, the dangerous operation instruction can be prevented in advance through the terminal equipment and the cloud server, and the terminal equipment is guaranteed to be safer.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a flowchart of a monitoring and protection method for terminal command operation according to an embodiment of the present invention;
fig. 2 is an interaction diagram of a method for monitoring and protecting a terminal operating instruction according to an embodiment of the present invention;
FIG. 3 is a flow chart of a method for monitoring and safeguarding the operation of terminal commands in accordance with another embodiment of the present invention;
fig. 4 is a block diagram of a terminal device according to an embodiment of the present invention;
fig. 5 is a schematic block diagram of a cloud server according to an embodiment of the present invention;
fig. 6 is a block diagram of a monitoring and protection system for terminal command operation according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The following describes a monitoring and protection method for terminal instruction operation, a computer-readable storage medium, a terminal device, a cloud server, and a monitoring and protection system for terminal instruction operation, which are provided by the embodiments of the present invention, with reference to the accompanying drawings.
In embodiments of the present invention, the terminal device may be a Personal Computer (PC), a smart mobile device (e.g., a smart phone), a microprocessor-based system, a set-top box, or the like. The number of the terminal devices can be 1 or more, the terminal devices are connected with the cloud server, each user can correspond to one terminal device, and the cloud server can be connected with the plurality of terminal devices. The cloud server is used as a cloud computing processing system, and is a decision-making system for performing data communication, analysis and statistics on multiple users established on a basic level of internet technology network equipment according to a specific rule. The terminal device and the cloud server can run windows, unix, linux and other operating systems and operating instructions corresponding to the operating systems.
Fig. 1 is a flowchart of a monitoring and protection method for terminal command operation according to an embodiment of the present invention.
As shown in fig. 1, the method for monitoring and protecting terminal command operation according to the embodiment of the present invention may include the following steps:
and S1, receiving an initial blacklist sent by the cloud server, wherein the initial blacklist is generated by the cloud server according to the identity information of the terminal equipment.
Specifically, referring to fig. 2, the terminal device is first communicatively connected to the cloud server, for example, through Wi-Fi (wireless fidelity). After the connection is successful, the terminal device uploads the identity information of the terminal device to a cloud server, wherein the identity information can comprise the unique number of the terminal device, the system version, the hardware module, the installation container, the application and other related information, the cloud server can generate danger instructions according to the identity information of the terminal device, store the danger instructions into a blacklist corresponding to the terminal device, and send the blacklist to the terminal device according to the unique code of the terminal device. When the terminal equipment receives the operation instruction, the operation instruction is executed, the instruction operation monitoring software pre-installed in the terminal equipment determines whether the current operation instruction is in the blacklist or not according to the received blacklist, whether the instruction is dangerous or not is rapidly judged, and a user is reminded of whether the next operation is carried out or not so as to guarantee the safety of the terminal equipment.
And S2, responding to and executing the operation instruction, determining the danger level of the operation instruction according to the operation result, and sending the operation information and the danger level of the operation instruction to the cloud server.
According to one embodiment of the invention, the operation result is determined according to the influence of the execution operation instruction on the terminal equipment.
That is to say, when the operation instruction is determined not to be in the initial blacklist, the operation instruction is started to be executed, in the process of executing the operation instruction, the influence of executing the operation instruction on the terminal device is obtained, and then the danger level is determined according to the generated influence. For example, when executing the operation instruction may generate garbage data, redundant logs, redundant services or processes without affecting the operation of the terminal system, the danger level is considered to be low; when some configurations of the terminal equipment can be changed by executing the operation instruction, and the use of part of application programs is influenced, the danger level is considered to be medium; when the operation instruction is executed, the terminal device cannot normally operate, and if the operating system configuration of the terminal device is changed, the danger level is considered to be higher.
According to one embodiment of the invention, the operation result is determined according to the influence of the operation instruction on the terminal equipment, and the operation result comprises the following steps: generating junk data, redundant logs, redundant services or processes in the terminal equipment without influencing the operation of a terminal system, and determining an operation result as a first result; when the application program cannot be normally used in the terminal equipment, determining that the operation result is a second result; and when the terminal equipment cannot be normally used, determining that the operation result is a third result.
According to one embodiment of the invention, when the operation result is a first result, determining the danger level of the operation instruction as a first danger level; when the operation result is a second result, determining that the danger level of the operation instruction is a second danger level, wherein the danger coefficient of the first danger level is smaller than that of the second danger level; and when the operation result is a third result, determining that the danger level of the operation instruction is a third danger level, wherein the danger coefficient of the second danger level is smaller than that of the third danger level.
Specifically, when the instruction operation monitoring software determines that the operation instruction is not in the initial blacklist, the terminal device starts to execute the operation instruction sent by the user, the instruction operation monitoring software records the operation instruction, the execution user of the instruction, the execution time of the instruction and other operation instruction information, and the danger level of the operation instruction is drawn up according to the operation result of the instruction. For example, when the terminal device generates the garbage data through the operation of the user, for example, after the user upgrades the terminal device system, some original functions are updated and optimized, part of the related information such as the registry and the like is not removed in time to generate the garbage data, or some redundant logs, redundant services or processes generated during the operation of the terminal device are generated, and the garbage data, the logs, the services or the processes do not affect the normal operation of the terminal system or the normal operation of the service application (for example, the power terminal has some important service applications related to transaction and power supply), the danger level of the operation instruction can be set to be the first danger level. When the application program cannot be normally used in the terminal device, if a virus exists in a website accessed by a user through a start iexpploore. When the terminal device cannot be used normally, for example, the device cannot be started normally due to the fact that the System configuration is changed and the original System is incompatible, or the device cannot be used normally due to the fact that the System32, the System files and the like are deleted through the del command, the danger level of the operation command can be set to be the third danger level. And the danger coefficient of the first danger level, the danger coefficient of the second danger level and the danger coefficient of the third danger level are sequentially increased. If the instruction data volume recorded by the terminal equipment is large, a large amount of storage space is occupied, the operation instruction information and the danger level stored by the terminal equipment can be uploaded to the cloud server, or a fixed uploading period can be set, and the instruction operation information and the danger level stored by the terminal equipment are automatically uploaded to the cloud server. In addition, after the operation instruction information stored by the terminal equipment is uploaded to the cloud server, the operation instruction information stored by the terminal equipment can be deleted, so that the storage space is saved.
And S3, when the cloud server determines to add the operation instruction into the blacklist, receiving the updated blacklist sent by the cloud server.
Specifically, referring to fig. 2, after collecting and summarizing instruction operation information reported by a plurality of terminal devices, the cloud server screens an operation instruction according to factors such as a risk level of the instruction, the number of terminal devices involved in the instruction, and an operation frequency of the instruction, and determines whether the execution of the instruction causes damage to system software of the terminal device and affects a service function of the terminal device. For example, when the risk level of the operation instruction is a second risk level or a third risk level, it is preliminarily determined that the system software of the terminal device is damaged, in order to further verify whether the operation instruction is a dangerous operation instruction, the cloud server also performs virtual execution and verification on the operation instruction in a sandbox environment similar to that of the reported terminal device, if it is found that the operation instruction causes system crash, and the important application cannot run and the like in the virtual environment, it is determined that the operation instruction is a dangerous operation instruction, and the operation instruction is added to the blacklist. Or when the danger level of the operation instruction is the first danger level and the execution frequency of the operation instruction is high, preliminarily judging that frequent operations can generate a lot of junk data to damage system software of the terminal device, in order to further verify whether the operation instruction is a dangerous operation instruction, the cloud server further performs virtual execution and verification on the operation instruction in a sandbox environment similar to that of the reported terminal device, and when the operation instruction is verified to be a dangerous operation instruction, the operation instruction is added into a blacklist. Or when the danger level of the operation instruction is the first danger level and the number of the terminal devices executing the operation instruction is large, preliminarily judging that the operation instruction can cause harm to system software of the terminal devices, in order to further verify whether the operation instruction is the dangerous operation instruction, the cloud server also carries out virtual execution and verification on the operation instruction in a sandbox environment similar to that of the reported terminal device, and when the operation instruction is verified to be the dangerous operation instruction, the operation instruction is added into a blacklist.
After the operation instruction is verified to be a dangerous operation instruction, the cloud server will list the operation instruction in the blacklist of the corresponding terminal device, and send the updated blacklist to all terminal devices of the same type (for example, the terminal devices with similar identity information are the terminal devices of the same type), and the terminal device receives the updated blacklist sent by the cloud server and updates the current blacklist of the corresponding terminal device. When the terminal device executes the same command (the operation instruction) again, the instruction operation monitoring software can prevent the instruction from being executed and upload alarm information to the cloud server. Therefore, through the continuous updating of the dangerous operation instructions in the blacklist, the novel dangerous command can be responded instead of the dangerous command which can only be protected and initially set, and the terminal is guaranteed to be safer.
It should be noted that the sandbox environment is equivalent to a security mechanism, and provides an isolated environment for the running program. Often, the process is used as a source of uncertainty, damage, or failure to determine the intent of the process. In a sandbox environment, the resources that a program can access are typically tightly controlled, e.g., the sandbox may provide disk and memory space that is reclaimed. In a sandbox environment, network access, access to a real system, and reading of an input device are usually prohibited or strictly limited, so that the terminal device is not damaged, and normal use of the terminal device can be ensured.
In addition, the cloud server collects the operation information of the terminal device executing the operation instruction, and at this time, the identity information of the terminal device is the same or different, so that when the operation instruction is verified in the sandbox environment, the operation instruction may be verified once or multiple times.
In summary, in the monitoring and protecting method for terminal instruction operation according to the embodiments of the present invention, first, identity information of a plurality of terminal devices is received, then an initial blacklist is generated according to the identity information, the initial blacklist is sent to a corresponding terminal device, then danger levels and operation instruction information of operation instructions sent by the plurality of terminal devices are received, and finally, when it is determined that the operation instructions are added to the blacklist according to the danger levels and the operation instruction information of the operation instructions, the initial blacklist corresponding to the plurality of terminal devices is updated, and the updated blacklist is sent to the corresponding terminal device. Therefore, the method can monitor and protect the terminal operation instruction by utilizing the resource advantages of the cloud server and through data screening and verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for the terminal equipment.
Corresponding to the embodiment, the invention further provides a monitoring and protecting method for terminal instruction operation.
As shown in fig. 3, the method for monitoring and protecting terminal command operation according to the embodiment of the present invention includes the following steps:
s101, receiving identity information of a plurality of terminal devices. The identity information may include: unique terminal number, system version, hardware module, installation container and application, etc.
And S102, generating an initial blacklist according to the identity information, and sending the initial blacklist to the corresponding terminal equipment.
Specifically, referring to fig. 2, the cloud server may be communicatively connected to a plurality of terminal devices, for example, may be connected through Wi-Fi (wireless fidelity). After successful connection, the identity information sent by each terminal device is received, and different terminal devices have different identity information, for example, the unique numbers of different terminal devices are different, the system versions installed by different terminal devices are different, the hardware modules and installation containers installed by different terminal devices are different from the applications, and the like. And the cloud server determines a corresponding blacklist according to the identity information, the blacklist comprises a dangerous operation instruction obtained according to the identity information and serves as an initial blacklist, and the initial blacklist is sent to the corresponding terminal equipment according to the unique number of the terminal equipment. When the terminal equipment receives the operation instruction, the instruction operation monitoring software monitors whether the operation instruction is in the blacklist in real time, and whether the instruction has danger or not is judged quickly. When the operation instruction is in the blacklist, the instruction is stopped, warning information is uploaded to the cloud server, and dangers such as data leakage or Trojan virus attack caused by the instruction operated by a user are prevented.
S103, receiving danger levels of the operation instructions and operation instruction information sent by the plurality of terminal devices.
And S104, updating the initial blacklists corresponding to the plurality of terminal devices when the operation instruction is determined to be added into the blacklist according to the danger level of the operation instruction and the operation instruction information, and sending the updated blacklists to the corresponding terminal devices.
According to one embodiment of the invention, when any one of the following conditions is met, the operation instruction is determined to be added into a blacklist, and the danger level of the operation instruction is a second danger level or a third danger level; the danger level of the operation instruction is a first danger level, and the execution frequency of the operation instruction is greater than a first set threshold; the danger level of the operation instruction is the first danger level, and the number of the terminal devices executing the operation instruction is larger than a second set threshold value. The first set threshold and the second set threshold may be determined according to actual conditions, for example, the first set threshold may be 3 times.
According to an embodiment of the present invention, before adding the operation instruction to the blacklist, the method further includes: verifying the operation instruction in a sandbox environment, wherein the sandbox environment is similar to the identity information of the terminal equipment corresponding to the operation instruction; and when the operation instruction is verified to be a dangerous operation instruction, updating the current blacklist of the corresponding terminal equipment.
According to an embodiment of the present invention, the method for monitoring and protecting the terminal instruction operation further includes: and when the operation instruction is determined to be added into the blacklist, updating the current blacklists of all the terminal devices with the same identity information as the terminal devices.
Specifically, when the instruction operation monitoring software determines that the operation instruction is not in the initial blacklist, the terminal device starts to execute the operation instruction sent by the user, the instruction operation monitoring software records the operation instruction, the execution user of the instruction, the execution time of the instruction and other operation instruction information, and the danger level of the operation instruction is drawn up according to the operation result. For example, when the terminal device with the unique number a1 generates junk data through user operation, for example, after the terminal device system is upgraded, some original functions are updated and optimized, and some related information such as the registry is removed in time, so that the junk data is generated, or some redundant logs, redundant services or processes generated during the operation of the terminal device are generated, and these junk data, logs, services or processes do not affect the normal operation of the terminal system, or do not affect the normal operation of the service application (for example, some important service applications of the power terminal related to transaction and power supply), the risk level of the operation instruction may be set to the first risk level. For another example, when an application program cannot be used normally in the terminal device with the unique number a2, if a virus exists in a website accessed by a user through a start iexpolore. For another example, when the terminal device with the unique number a3 cannot be used normally, for example, the device cannot be started normally due to the fact that the System configuration is changed to be incompatible with the original System, or the terminal device cannot be started or cannot be used normally due to the fact that the System32, the System files and the like are deleted through the del instruction, the risk level of the operation instruction can be set to the third risk level. The danger level and the operation instruction information of the operation instruction are sent to the cloud server by the terminal devices, wherein a fixed uploading period can be set, the instruction operation information and the danger level stored by the terminal devices are automatically uploaded to the cloud server, or a large amount of storage space is occupied when the instruction data volume recorded by a certain terminal device is large, and the instruction operation information and the danger level stored by the terminal devices can be uploaded to the cloud server according to the unique number. In addition, after the cloud server receives the danger levels and the operation instruction information of the operation instructions sent by the plurality of terminal devices, the operation instruction information stored by the corresponding terminal devices can be deleted, so that the storage space is saved.
Continuing to refer to fig. 2, after the cloud server collects and summarizes the instruction operation information reported by the plurality of terminals, the operation instruction is screened according to the risk level of the instruction, the number of the terminal devices involved in the instruction, the operation frequency of the instruction and other factors, and whether the execution of the instruction causes damage to the system software of the terminal device or not is judged, so that the service function of the terminal device is affected. For example, when the risk level of the operation instruction is a second risk level or a third risk level, it is preliminarily determined that the system software of the terminal device is damaged, in order to further verify whether the operation instruction is a dangerous operation instruction, the cloud server further performs virtual execution and verification on the operation instruction in a sandbox environment similar to the report terminal, if it is found that the operation instruction causes system crash, and the important application cannot run, and the like, it is determined that the verified operation instruction is a dangerous operation instruction, and the operation instruction is added to the blacklist. Or, when the risk level of the operation instruction is the first risk level and the execution frequency of the operation instruction is high (the execution frequency is greater than a first set threshold), preliminarily judging that frequent operations can generate a lot of garbage data, a lot of redundant logs, a lot of services or processes, and damage is caused to system software of the terminal device. Or when the danger level of the operation instruction is a first danger level and a plurality of terminal devices (the number of the terminal devices is greater than a second set threshold) execute the operation instruction amount, preliminarily judging that the operation instruction can cause harm to system software of the terminal devices, in order to further verify whether the operation instruction is a dangerous operation instruction, the cloud server also performs virtual execution and verification on the operation instruction in a sandbox environment similar to that of the reported terminal device, and when the operation instruction is verified to be the dangerous operation instruction, the operation instruction is added into a blacklist.
After the operation instruction is verified to be a dangerous operation instruction, the cloud server can list the operation instruction in the blacklist of the corresponding terminal device, and send the updated blacklist to all terminal devices of the same type (for example, the terminal devices with similar identity information are the terminal devices of the same type), and the plurality of terminal devices receive the updated blacklist sent by the cloud server and update the current blacklist of the corresponding terminal device according to the unique number. For example, the terminal device with the unique number a1 and the terminal device with the unique number a2 have similar identity information, when some operation instructions are judged to be dangerous in the terminal device with the unique number a1, the instructions are added to the blacklist, the current blacklist is updated, and the same dangerous instructions are also applicable to the update of the blacklist of the terminal device with the unique number a 2. And sending the updated blacklist to the corresponding terminal equipment, when the terminal equipment executes the instruction again, traversing all instructions in the blacklist by the instruction operation monitoring software, and if the instructions in the blacklist are the same as the instructions executed by the current user on the terminal equipment, preventing the instructions from being executed and uploading alarm information to the cloud server. Therefore, the instruction operation monitoring software can deal with new dangerous instructions instead of only protecting the initially set dangerous instructions through the continuous updating of the dangerous operation instructions in the blacklist, and provides safer guarantee for the terminal equipment.
In addition, the cloud server collects the operation information of the terminal device executing the operation instruction, and at this time, the identity information of the terminal device is the same or different, so that when the operation instruction is verified in the sandbox environment, the operation instruction may be verified once or multiple times.
In summary, in the monitoring and protecting method for terminal instruction operation according to the embodiments of the present invention, first, identity information of a plurality of terminal devices is received, then an initial blacklist is generated according to the identity information, the initial blacklist is sent to a corresponding terminal device, then danger levels and operation instruction information of operation instructions sent by the plurality of terminal devices are received, and finally, when it is determined that the operation instructions are added to the blacklist according to the danger levels and the operation instruction information of the operation instructions, the initial blacklist corresponding to the plurality of terminal devices is updated, and the updated blacklist is sent to the corresponding terminal device. Therefore, the method can monitor and protect the terminal operation instruction by utilizing the resource advantages of the cloud server and through data screening and verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for the terminal equipment.
The invention further provides a computer readable storage medium corresponding to the above embodiment.
The computer readable storage medium of the present invention stores thereon a monitoring and protection program of terminal instruction operation, which when executed by a processor implements the above-described monitoring and protection method of terminal instruction operation.
The computer readable storage medium of the invention can prevent dangerous operation instructions in advance by executing the monitoring and protecting method of the terminal instruction operation, and provides safer guarantee for the terminal equipment.
The invention further provides a terminal device corresponding to the embodiment.
As shown in fig. 4, the terminal device 200 of the present invention may include: memory 210, processor 220.
The memory 210 is used for storing a monitoring and protection program for a terminal instruction operation and transmitting the program code to the processor 220. In other words, the processor 220 may call and execute the monitoring and protection program operated by the terminal instruction from the memory 210 to implement the method in the embodiment of the present application.
As shown in fig. 4, the terminal device 200 of the present invention may further include: a transceiver 230, the transceiver 230 being connectable to the memory 210 or the processor 220.
The processor 220 may control the transceiver 230 to communicate with other devices, and specifically, may transmit information or data to the other devices or receive information or data transmitted by the other devices. The transceiver 230 may include a transmitter and a receiver.
It should be understood that the various components in the terminal device are connected by a bus system, wherein the bus system includes a power bus, a control bus and a status signal bus in addition to a data bus.
According to the terminal equipment, by executing the monitoring and protecting method of the terminal instruction operation, dangerous operation instructions can be prevented in advance, and the terminal equipment is guaranteed to be safer.
Corresponding to the embodiment, the invention further provides a cloud server.
As shown in fig. 5, the cloud server 300 of the present invention may include: memory 310, processor 320.
The memory 310 is used for storing a monitoring and protection program for a terminal instruction operation and transmitting the program code to the processor 320. In other words, the processor 320 may call and execute the monitoring and protection program operated by the terminal instruction from the memory 310 to implement the method in the embodiment of the present application.
For example, the processor 320 may be configured to perform the above-described method embodiments according to instructions in a monitoring and protection program of the terminal instruction operation.
As shown in fig. 5, the cloud server may further include: a transceiver 330, the transceiver 330 being connectable to the memory 310 or the processor 320.
The processor 320 may control the transceiver 330 to communicate with other devices, and specifically, may transmit information or data to the other devices or receive information or data transmitted by the other devices. The transceiver 330 may include a transmitter and a receiver.
It should be understood that the various components in the cloud server are connected by a bus system, wherein the bus system includes a power bus, a control bus, and a status signal bus in addition to a data bus.
According to the cloud server, by executing the monitoring and protecting method of the terminal instruction operation, dangerous operation instructions can be prevented in advance, and the terminal equipment is guaranteed to be safer.
Corresponding to the embodiment, the invention further provides a monitoring and protecting system for terminal instruction operation.
As shown in fig. 6, the monitoring and protection system 400 for terminal command operation according to the present invention may include a terminal device 200 and a cloud server 300.
According to the monitoring and protecting system for the terminal instruction operation, the dangerous operation instruction can be prevented in advance through the terminal equipment and the cloud server, and the terminal equipment is guaranteed to be safer.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless explicitly specified otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (12)
1. A monitoring and protection method for terminal instruction operation is characterized by comprising the following steps:
receiving an initial blacklist sent by a cloud server, wherein the initial blacklist is generated by the cloud server according to identity information of terminal equipment;
responding and executing an operation instruction, determining the danger level of the operation instruction according to an operation result, and sending the operation information and the danger level of the operation instruction to the cloud server;
and when the cloud server determines to add the operation instruction into the blacklist, receiving the updated blacklist sent by the cloud server.
2. The method for monitoring and safeguarding the operation of a terminal command as claimed in claim 1, characterized in that the operation result is determined in dependence on the influence of the execution of the operation command on the terminal device.
3. The method for monitoring and protecting command operation of a terminal according to claim 2, wherein determining the operation result according to the effect of the operation command on the terminal device comprises:
generating garbage data, redundant logs, redundant services or processes in the terminal equipment without influencing the operation of a terminal system, and determining the operation result as a first result;
when the application program cannot be normally used in the terminal equipment, determining that the operation result is a second result;
and when the terminal equipment cannot be used normally, determining that the operation result is a third result.
4. The method for monitoring and protecting operation of a terminal command according to claim 3, wherein determining the risk level of the operation command according to the operation result comprises:
when the operation result is the first result, determining that the danger level of the operation instruction is a first danger level;
when the operation result is the second result, determining that the danger level of the operation instruction is a second danger level, wherein the danger coefficient of the first danger level is smaller than that of the second danger level;
and when the operation result is the third result, determining that the danger level of the operation instruction is a third danger level, wherein the danger coefficient of the second danger level is smaller than that of the third danger level.
5. A monitoring and protection method for terminal instruction operation is characterized by comprising the following steps:
receiving identity information of a plurality of terminal devices;
generating an initial blacklist according to the identity information, and sending the initial blacklist to the corresponding terminal equipment;
receiving danger levels and operation instruction information of operation instructions sent by a plurality of terminal devices;
and updating the initial blacklists corresponding to the plurality of terminal devices when determining to add the operation instruction into the blacklist according to the danger level of the operation instruction and the operation instruction information, and sending the updated blacklist to the corresponding terminal device.
6. The method for monitoring and guarding against operation of terminal commands according to claim 5, characterized in that it is determined to add the operation command to a blacklist when any one of the following conditions is satisfied,
the danger level of the operation instruction is a second danger level or a third danger level;
the danger level of the operation instruction is a first danger level, and the execution frequency of the operation instruction is greater than a first set threshold;
the danger level of the operation instruction is a first danger level, and the number of terminal devices executing the operation instruction is larger than a second set threshold value.
7. The method of claim 6, wherein prior to adding the operation instruction to the blacklist, the method further comprises:
verifying the operation instruction in a sandbox environment, wherein the sandbox environment is similar to the identity information of the terminal equipment corresponding to the operation instruction;
and updating the current blacklist of the corresponding terminal equipment when the operation instruction is verified to be a dangerous operation instruction.
8. The method for monitoring and safeguarding the operation of a terminal command as claimed in claim 5, further comprising:
and updating the current blacklists of all the terminal devices with similar identity information with the terminal device when the operation instruction is determined to be added into the blacklist.
9. A computer-readable storage medium, having stored thereon a monitoring and protection program of terminal instruction operation, which when executed by a processor implements a method of monitoring and protection of terminal instruction operation according to any one of claims 1-8.
10. A terminal device, comprising a memory, a processor and a monitoring and protection program of terminal instruction operation stored on the memory and executable on the processor, wherein the processor implements the monitoring and protection method of terminal instruction operation according to any one of claims 1 to 4 when executing the monitoring and protection program of terminal instruction operation.
11. A cloud server, comprising a memory, a processor, and a monitoring and protection program of a terminal instruction operation stored in the memory and executable on the processor, wherein when the processor executes the monitoring and protection program of the terminal instruction operation, the monitoring and protection method of the terminal instruction operation according to any one of claims 5 to 8 is implemented.
12. A monitoring and protection system for terminal instruction operation is characterized by comprising: the terminal device of claim 10 and the cloud server of claim 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210332213.9A CN114900326A (en) | 2022-03-30 | 2022-03-30 | Method, system and storage medium for monitoring and protecting terminal instruction operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210332213.9A CN114900326A (en) | 2022-03-30 | 2022-03-30 | Method, system and storage medium for monitoring and protecting terminal instruction operation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114900326A true CN114900326A (en) | 2022-08-12 |
Family
ID=82715018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210332213.9A Pending CN114900326A (en) | 2022-03-30 | 2022-03-30 | Method, system and storage medium for monitoring and protecting terminal instruction operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114900326A (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009152933A (en) * | 2007-12-21 | 2009-07-09 | Duaxes Corp | Communication monitoring device |
| CN102902919A (en) * | 2012-08-30 | 2013-01-30 | 北京奇虎科技有限公司 | Method, device and system for identifying and processing suspicious practices |
| CN103679031A (en) * | 2013-12-12 | 2014-03-26 | 北京奇虎科技有限公司 | File virus immunizing method and device |
| CN104038504A (en) * | 2014-06-25 | 2014-09-10 | 深圳市鸿宇顺科技有限公司 | System and method for preventing Internet payment information from being stolen |
| CN105323261A (en) * | 2015-12-15 | 2016-02-10 | 北京奇虎科技有限公司 | Data detection method and device |
| CN106027462A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Operation request control method and device |
| CN107145782A (en) * | 2017-04-28 | 2017-09-08 | 维沃移动通信有限公司 | A kind of recognition methods, mobile terminal and the server of abnormal application program |
| CN107634931A (en) * | 2016-07-18 | 2018-01-26 | 深圳市深信服电子科技有限公司 | Processing method, cloud server, gateway and the terminal of abnormal data |
| CN108011880A (en) * | 2017-12-04 | 2018-05-08 | 郑州云海信息技术有限公司 | The management method and computer-readable recording medium monitored in cloud data system |
| CN108092795A (en) * | 2017-11-09 | 2018-05-29 | 深圳市金立通信设备有限公司 | A kind of reminding method, terminal device and computer-readable medium |
| CN108234486A (en) * | 2017-12-29 | 2018-06-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of network monitoring method and monitoring server |
| KR101975681B1 (en) * | 2017-12-28 | 2019-05-07 | 호남대학교 산학협력단 | Environment monitoring system of internet of things in cloud computing environment |
| CN109756368A (en) * | 2018-12-24 | 2019-05-14 | 广州市百果园网络科技有限公司 | Detection method, device, computer readable storage medium and the terminal of unit exception change |
| CN111159690A (en) * | 2019-12-13 | 2020-05-15 | 深圳市科陆电子科技股份有限公司 | Remote monitoring method, system and storage medium based on embedded Linux system |
| CN112087423A (en) * | 2020-07-29 | 2020-12-15 | 深圳市国电科技通信有限公司 | Method, device and system for cloud-side cooperative management of terminal equipment |
| CN112799925A (en) * | 2021-01-25 | 2021-05-14 | 北京嘀嘀无限科技发展有限公司 | Data acquisition method and device, electronic equipment and readable storage medium |
| US20210192044A1 (en) * | 2020-06-28 | 2021-06-24 | Beijing Baidu Netcom Science Technology Co., Ltd. | Method and apparatus for defending against attacks, device and storage medium |
-
2022
- 2022-03-30 CN CN202210332213.9A patent/CN114900326A/en active Pending
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009152933A (en) * | 2007-12-21 | 2009-07-09 | Duaxes Corp | Communication monitoring device |
| CN102902919A (en) * | 2012-08-30 | 2013-01-30 | 北京奇虎科技有限公司 | Method, device and system for identifying and processing suspicious practices |
| CN103679031A (en) * | 2013-12-12 | 2014-03-26 | 北京奇虎科技有限公司 | File virus immunizing method and device |
| CN104038504A (en) * | 2014-06-25 | 2014-09-10 | 深圳市鸿宇顺科技有限公司 | System and method for preventing Internet payment information from being stolen |
| CN105323261A (en) * | 2015-12-15 | 2016-02-10 | 北京奇虎科技有限公司 | Data detection method and device |
| CN106027462A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Operation request control method and device |
| CN107634931A (en) * | 2016-07-18 | 2018-01-26 | 深圳市深信服电子科技有限公司 | Processing method, cloud server, gateway and the terminal of abnormal data |
| CN107145782A (en) * | 2017-04-28 | 2017-09-08 | 维沃移动通信有限公司 | A kind of recognition methods, mobile terminal and the server of abnormal application program |
| CN108092795A (en) * | 2017-11-09 | 2018-05-29 | 深圳市金立通信设备有限公司 | A kind of reminding method, terminal device and computer-readable medium |
| CN108011880A (en) * | 2017-12-04 | 2018-05-08 | 郑州云海信息技术有限公司 | The management method and computer-readable recording medium monitored in cloud data system |
| KR101975681B1 (en) * | 2017-12-28 | 2019-05-07 | 호남대학교 산학협력단 | Environment monitoring system of internet of things in cloud computing environment |
| CN108234486A (en) * | 2017-12-29 | 2018-06-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of network monitoring method and monitoring server |
| CN109756368A (en) * | 2018-12-24 | 2019-05-14 | 广州市百果园网络科技有限公司 | Detection method, device, computer readable storage medium and the terminal of unit exception change |
| CN111159690A (en) * | 2019-12-13 | 2020-05-15 | 深圳市科陆电子科技股份有限公司 | Remote monitoring method, system and storage medium based on embedded Linux system |
| US20210192044A1 (en) * | 2020-06-28 | 2021-06-24 | Beijing Baidu Netcom Science Technology Co., Ltd. | Method and apparatus for defending against attacks, device and storage medium |
| CN112087423A (en) * | 2020-07-29 | 2020-12-15 | 深圳市国电科技通信有限公司 | Method, device and system for cloud-side cooperative management of terminal equipment |
| CN112799925A (en) * | 2021-01-25 | 2021-05-14 | 北京嘀嘀无限科技发展有限公司 | Data acquisition method and device, electronic equipment and readable storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 徐涛,孟祥和,何向真: "《云计算安全技术》", vol. 1, 电子科技大学出版社, pages: 32 * |
| 戴纯兴, 刘刚, 韩春超, 等: "KVM环境下基于异常行为的恶意软件检测技术研究", 《信息安全研》, vol. 6, no. 6, 4 June 2020 (2020-06-04), pages 32 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104662517A (en) | Techniques for detecting a security vulnerability | |
| CN104917779A (en) | Protection method of CC attack based on cloud, device thereof and system thereof | |
| CN112906008A (en) | Kernel vulnerability repairing method, device, server and system | |
| CN109241730B (en) | Container risk defense method, device, equipment and readable storage medium | |
| CN110874231A (en) | Method, device and storage medium for updating terminal version | |
| CN110688653A (en) | Client security protection method and device and terminal equipment | |
| KR102213460B1 (en) | System and method for generating software whistlist using machine run | |
| US8819655B1 (en) | Systems and methods for computer program update protection | |
| CN104767876A (en) | Safety software processing method and user terminal | |
| CN112788023B (en) | Honeypot management method based on secure network and related device | |
| CN114900326A (en) | Method, system and storage medium for monitoring and protecting terminal instruction operation | |
| CN113031997A (en) | Upgrade package generation and management method and device, computer equipment and storage medium | |
| CN108334788A (en) | File tamper resistant method and device | |
| KR20200113836A (en) | Apparatus and method for security control | |
| CN109582454A (en) | Permission releasing control method, device and equipment in a kind of distributed storage cluster | |
| CN111083089A (en) | Safety ferry system and method | |
| CN114021123A (en) | Construction method, security check method, device and medium of behavior baseline library | |
| CN113596600A (en) | Security management method, device, equipment and storage medium for live broadcast embedded program | |
| CN105678167A (en) | Safety protection method and apparatus | |
| CN107678928B (en) | Application program processing method and server | |
| CN111240708B (en) | Industrial control system host, industrial control system and industrial control system host software upgrading method | |
| CN113032351B (en) | Recovery method and device of network file system | |
| CN114610402B (en) | Operation authority control method and operation authority configuration method | |
| CN114978737B (en) | Comprehensive management system for Doppler weather radar data | |
| CN115080966B (en) | Dynamic white list driving method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |