CN115001754B - Network security system capable of monitoring sensitive digital information transmission in real time - Google Patents
Network security system capable of monitoring sensitive digital information transmission in real time Download PDFInfo
- Publication number
- CN115001754B CN115001754B CN202210522828.8A CN202210522828A CN115001754B CN 115001754 B CN115001754 B CN 115001754B CN 202210522828 A CN202210522828 A CN 202210522828A CN 115001754 B CN115001754 B CN 115001754B
- Authority
- CN
- China
- Prior art keywords
- file
- unit
- suspected
- files
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a network security system, in particular to a network security system capable of monitoring sensitive digital information transmission in real time. It includes file discernment module, file monitoring module, file test module, state acquisition module and file processing module, wherein: the file identification module sensitively identifies files in the computer and files being transmitted to the computer to obtain sensitive information files, virus files and suspected files; the file monitoring module monitors a sensitive information file; the file testing module isolates the suspected file from the computer and tests the suspected file; in the network security system capable of monitoring the transmission of the sensitive digital information in real time, the suspected file is tested and isolated by starting the suspected file, and then the operation condition of the virtual machine after the file is started is detected to judge the suspected file, so that the suspected file can obtain an accurate structure without influencing the operation of a computer.
Description
Technical Field
The invention relates to a network security system, in particular to a network security system capable of monitoring sensitive digital information transmission in real time.
Background
The sensitive information comprises personal data information and virus files, and when the virus files invade the computer, the virus files can acquire the personal data information in the computer, so that the information is leaked. For this reason, a network security system is provided, which is a security system established to prevent and avoid attacks and intrusions to secure information on the network.
However, in the current virus file detection method, the comparison is performed through keywords, and when the similarity reaches a specified threshold, the file is identified as a virus file, but whether the file is a virus file cannot be accurately judged through the similarity method, and keywords of some normal files are easily similar to the virus file, so that the normal files are also identified as virus files, and the transmission of the normal files is affected.
Disclosure of Invention
The present invention is directed to a network security system capable of monitoring sensitive digital information transmission in real time, so as to solve the problems in the background art.
In order to achieve the above object, a network security system capable of real-time monitoring sensitive digital information transmission is provided, which comprises a file identification module, a file monitoring module, a file testing module, a state acquisition module and a file processing module, wherein:
the file identification module carries out sensitive identification on files in the computer and files being transmitted to the computer to obtain sensitive information files, virus files and suspected files;
the file monitoring module monitors the sensitive information file;
the file testing module isolates the suspected file from the computer and tests the suspected file;
the state acquisition module acquires the test state of the suspected file and operates the suspected file according to the acquisition result;
and the file processing module isolates the sensitive information file from the computer when the computer is attacked by the virus file.
As a further improvement of the present technical solution, the document identification module includes a keyword retrieval unit, a content identification unit, and a document deletion unit;
the keyword retrieval unit retrieves files in the computer and files being transmitted to the computer to obtain sensitive information files, virus files and suspected files;
the content identification unit identifies an image file in the computer to obtain a sensitive information file;
and the file deleting unit deletes the virus file.
As a further improvement of the technical scheme, the file monitoring module comprises a file storage unit and a state acquisition unit;
the file storage unit stores the sensitive information file;
and the state acquisition unit monitors the stored sensitive information file in real time.
As a further improvement of the technical scheme, the content for monitoring the stored sensitive information file in real time comprises file modification, file addition and file new creation.
As a further improvement of the technical scheme, the file testing module comprises a virtual machine unit and a file starting unit,
the virtual machine unit isolates the suspected file from the computer;
and the file starting unit starts the suspected file in the virtual machine unit.
As a further improvement of the technical solution, the state acquisition module includes a network speed acquisition unit, a processor acquisition unit, a disk acquisition unit, an analysis unit, and an execution unit, wherein:
the network speed acquisition unit acquires the access speed of a network in the virtual machine unit;
the processor acquisition unit acquires the processor occupancy rate in the virtual machine unit;
the disk acquisition unit acquires the disk space occupancy rate in the virtual machine unit;
the analysis unit analyzes the suspected file according to the acquisition results of the network speed acquisition unit, the processor acquisition unit and the disk acquisition unit; the execution unit executes corresponding operation according to the analysis result, and when the analysis result is a virus file, the execution unit gives an alarm and deletes the virus file; and when the analysis result is a normal file, the execution unit transfers the correction normal file into the computer.
As a further improvement of the technical solution, the analysis unit analyzes the suspected file by using a compare algorithm, and an algorithm formula of the compare algorithm is as follows:
in the formula (I), the compound is shown in the specification,a threshold value for determining a suspected file as a virus; />Is->The subscript of (1) is used for distinguishing the occupied threshold values of the suspected files on the network speed, the processor and the disk; />The working state of the suspected file is obtained; />Indicating an operative status of a suspect file>Threshold value>(ii) a 0 signifies the operative status of a suspect file>Threshold value->。
As a further improvement of the technical proposal, the file processing module comprises a file transfer unit,
and the file transfer unit transfers the sensitive information file stored in the computer to the virtual machine unit.
As a further improvement of the technical proposal, the file processing module also comprises a transfer recording unit, a file comparison unit and a file covering unit,
the transfer recording unit records the normal file transferred by the execution unit to obtain file information;
the file comparison unit compares the sensitive information file transferred by the file transfer unit according to the file information to obtain new sensitive information and old sensitive information; and the file covering unit covers the old sensitive information through the new sensitive information.
As a further improvement of the present technical solution, the file comparison unit compares by time.
Compared with the prior art, the invention has the following beneficial effects:
1. in the network security system capable of monitoring the transmission of the sensitive digital information in real time, the suspected file is tested and isolated by starting the suspected file, and then the operation condition of the virtual machine after the file is started is detected to judge the suspected file, so that the suspected file can obtain an accurate structure without influencing the operation of a computer.
2. In the network security system capable of monitoring the transmission of the sensitive digital information in real time, by utilizing the characteristic of isolating the virtual machine from the computer, when the computer is attacked by viruses, the sensitive information file can be transferred into the virtual machine, so that the secondary utilization of the virtual machine is realized, and the sensitive information file is protected conveniently.
3. In the network security system capable of monitoring the transmission of the sensitive digital information in real time, the sensitive information is repeatedly checked and covered through the transfer record of the virtual machine, so that the repetition rate of the sensitive information is reduced, and the occupancy rate of a disk is reduced.
Drawings
FIG. 1 is a schematic diagram of the overall module workflow of the present invention;
FIG. 2 is a schematic diagram of the workflow of the document testing module according to the present invention;
FIG. 3 is a schematic diagram of a work flow of a document processing module according to the present invention.
The various reference numbers in the figures mean:
100. a document discrimination module; 110. a keyword search unit; 120. a content identification unit; 130. a file deletion unit;
200. a file monitoring module; 210. a file storage unit; 220. a state acquisition unit;
300. a file testing module; 310. a virtual machine unit; 320. a file starting unit;
400. a state acquisition module; 410. a network speed acquisition unit; 420. a processor acquisition unit; 430. a disk acquisition unit; 440. an analysis unit; 450. an execution unit;
500. a file processing module; 510. a file transfer unit; 520. a transfer recording unit; 530. a file comparison unit; 540. and a file covering unit.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", and the like, indicate orientations and positional relationships based on those shown in the drawings, and are used only for convenience of description and simplicity of description, and do not indicate or imply that the equipment or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be considered as limiting the present invention.
A first embodiment, please refer to fig. 1-3, which provides a network security system capable of real-time monitoring sensitive digital information transmission, comprising a document identification module 100, a document monitoring module 200, a document testing module 300, a status acquiring module 400, and a document processing module 500, wherein:
the file identification module 100 sensitively identifies files in the computer and files being transmitted to the computer to obtain sensitive information files, virus files and suspected files;
the file monitoring module 200 monitors the sensitive information file;
the file testing module 300 isolates the suspected file from the computer and tests the suspected file;
the state acquisition module 400 acquires the test state of the suspected file and operates the suspected file according to the acquisition result;
the file processing module 500 isolates the sensitive information file from the computer when the computer is attacked by the virus file.
Further, the document discrimination module 100 includes a keyword retrieval unit 110, a content identification unit 120, and a document deletion unit 130;
the keyword search unit 110 searches the files in the computer and the files being transmitted to the computer to obtain sensitive information files, virus files and suspected files;
the content identification unit 120 identifies image files in the computer to obtain sensitive information files, and by performing keyword retrieval and content identification on the files, sensitive information (such as login passwords, identification card numbers, identification card photos, mobile phone numbers and the like of each software) and viruses (which can influence the abnormal work of the computer and steal the sensitive information in the computer) of people can be identified;
the file deleting unit 130 deletes the virus file to prevent the virus from stealing the privacy of the individual or damaging the computer.
Further, the file monitoring module 200 includes a file storage unit 210 and a state acquisition unit 220;
the file storage unit 210 stores the sensitive information file, so that the sensitive information can be stored in a centralized manner and stored in a classified manner with other files in the computer, and the operation on the sensitive information is facilitated;
the state acquisition unit 220 monitors the stored sensitive information file in real time, and considering that there are various propagation ways of computer viruses, when a U disk carrying viruses is connected with a computer, the viruses still can enter the computer, and therefore, through monitoring the sensitive information file, after the sensitive information file changes, the state acquisition unit 220 starts to alarm.
Furthermore, the content of monitoring the stored sensitive information file in real time comprises file modification, file addition and file new creation, and considering that the sensitive information file is more important, the monitoring of the file modification, the file addition and the new creation is carried out comprehensively, so that the monitoring precision of the sensitive information file is improved.
Specifically, the file testing module 300 includes a virtual machine unit 310 and a file starting unit 320, where the virtual machine unit 310 isolates a suspected file from the computer;
the file starting unit 320 starts the suspected file in the virtual machine unit 310, considering that the suspected file still has a certain risk, if the start test is performed in the computer, the computer is still easily damaged, and therefore, by creating the virtual machine in the computer and moving the suspected file into the virtual machine for the start test, even if the suspected file is a virus, the suspected file cannot enter the computer through the virtual machine.
In addition, the state acquiring module 400 includes a network speed acquiring unit 410, a processor acquiring unit 420, a disk acquiring unit 430, an analyzing unit 440, and an executing unit 450, wherein:
the network speed acquisition unit 410 acquires the access speed of the network in the virtual machine unit 310;
the processor acquisition unit 420 acquires the processor occupancy rate in the virtual machine unit 310;
the disk acquisition unit 430 acquires the disk space occupancy rate in the virtual machine unit 310;
the analysis unit 440 analyzes the suspected file according to the acquisition results of the network speed acquisition unit 410, the processor acquisition unit 420 and the disk acquisition unit 430; it is known that computer viruses are characterized by being destructive, which manifests as occupying processing time and memory overhead, thereby causing process congestion; destroying data or files; disturbing the display of the screen, etc. Therefore, by collecting and analyzing the access speed, the processor occupancy rate and the disk space occupancy rate of the network in the virtual machine, after a suspected file is started, if one of the access speed, the processor occupancy rate and the disk space occupancy rate of the network in the virtual machine is rapidly increased, the file can be regarded as a virus file.
The execution unit 450 executes corresponding operations according to the analysis result, and when the analysis result is a virus file, the execution unit 450 alarms and deletes the virus file; when the analysis result is a normal file, the execution unit 450 transfers the correction normal file to the computer.
Further, the analysis unit 440 analyzes the suspected file by using a compare algorithm, which has the following formula:
in the formula (I), the compound is shown in the specification,a threshold value for determining a suspected file as a virus; />Is->The subscript of (1) is used for distinguishing the occupied threshold values of the suspected files on the network speed, the processor and the disk; />The working state of the suspected file is obtained; />Indicating an operative status of a suspect file>Threshold value>(ii) a That is to say when +>When the working state of the suspected file is smaller than the threshold value, the suspected file belongs to a normal file; 0 denotes the operating status of a suspect file>Threshold value->That is to say when +>And if so, the working state of the suspected file is greater than or equal to the threshold value and belongs to the virus file.
Still further, the file processing module 500 includes a file transfer unit 510, where the file transfer unit 510 transfers the sensitive information file stored in the computer to the virtual machine unit 310, as mentioned above, there are various propagation ways of computer viruses, and after the usb disk carrying viruses is connected to the computer, the viruses still can enter the computer, and in order to prevent the viruses from acquiring the sensitive information file, the sensitive information file is transferred to the virtual machine unit 310, and the viruses in the computer cannot enter the virtual machine, that is, the sensitive information file cannot be acquired.
A second embodiment, which is implemented on the basis of the first embodiment, in consideration of that the service time of the computer is longer, the number of sensitive information files in the computer is gradually increased, but some sensitive information data may be changed, such as a mobile phone number, a login password, a newly-taken id card photo, and the like, and the sensitive information only needs to be stored in one piece, but after the change is completed, the old sensitive information is still stored in the computer, which causes the disk occupancy rate of the computer to be increased, and if the old sensitive information is covered, the scanning of the sensitive information is slower due to more data in the computer, for this reason, the file processing module 500 further includes a transfer recording unit 520, a file comparison unit 530 and a file covering unit 540, and the transfer recording unit 520 records the normal file transferred by the execution unit 450, so as to obtain the file information;
the file comparison unit 530 compares the sensitive information file transferred by the file transfer unit 510 according to the file information to obtain new sensitive information and old sensitive information, and the file comparison unit 530 compares the new sensitive information and the old sensitive information by time; when information enters the virtual machine unit 310 through a network and is tested without abnormality, the information is recorded and transferred, then only information records exist in the virtual machine unit 310, when files in the computer are transferred into the virtual machine unit 310, sensitive information files are checked for duplication through the information records, then the time of the duplicated sensitive information files is compared through the file comparison unit 530, the files with the operation time closer to the local time are new sensitive information, otherwise, the files are old sensitive information, and the file covering unit 540 covers the old sensitive information through the new sensitive information, so that the sensitive information is updated, and meanwhile, the space occupation of the sensitive information is reduced, namely, the virtual machine unit 310 can achieve the effects of testing suspected files, isolating the sensitive information files from the computer, covering the duplicated sensitive information files and the like.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and the preferred embodiments of the present invention are described in the above embodiments and the description, and are not intended to limit the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (8)
1. A network security system for monitoring sensitive digital information transmissions in real time, comprising: the file identification module (100), the file monitoring module (200), the file testing module (300), the state acquisition module (400) and the file processing module (500) are included, wherein:
the file identification module (100) sensitively identifies files in the computer and files being transmitted to the computer to obtain sensitive information files, virus files and suspected files;
the file monitoring module (200) monitors the sensitive information file;
the file testing module (300) isolates the suspected file from the computer and tests the suspected file;
the state acquisition module (400) acquires the test state of the suspected file and operates the suspected file according to the acquisition result;
the file processing module (500) isolates the sensitive information file from the computer when the computer is attacked by the virus file;
the file testing module (300) comprises a virtual machine unit (310) and a file starting unit (320);
the virtual machine unit (310) isolates the suspected file from the computer;
the file starting unit (320) starts a suspected file in the virtual machine unit (310);
the state acquisition module (400) comprises a network speed acquisition unit (410), a processor acquisition unit (420), a disk acquisition unit (430), an analysis unit (440) and an execution unit (450), wherein:
the network speed acquisition unit (410) acquires the access speed of a network in the virtual machine unit (310);
the processor acquisition unit (420) acquires the processor occupancy rate in the virtual machine unit (310);
the disk acquisition unit (430) acquires the disk space occupancy rate in the virtual machine unit (310);
the analysis unit (440) analyzes the suspected file according to the acquisition results of the network speed acquisition unit (410), the processor acquisition unit (420) and the disk acquisition unit (430); the execution unit (450) executes corresponding operation according to the analysis result, and when the analysis result is a virus file, the execution unit (450) gives an alarm and deletes the virus file; when the analysis result is a normal file, the execution unit (450) transfers the correction normal file into the computer.
2. A network security system that can monitor sensitive digital information transmissions in real time as recited in claim 1, wherein: the document discrimination module (100) includes a keyword retrieval unit (110), a content recognition unit (120), and a document deletion unit (130);
the keyword retrieval unit (110) retrieves the files in the computer and the files being transmitted to the computer to obtain sensitive information files, virus files and suspected files;
the content identification unit (120) identifies the image file in the computer to obtain a sensitive information file;
the file deleting unit (130) deletes the virus file.
3. A network security system that can monitor sensitive digital information transmissions in real time as recited in claim 2, wherein: the file monitoring module (200) comprises a file storage unit (210) and a state acquisition unit (220);
the file storage unit (210) stores sensitive information files;
and the state acquisition unit (220) monitors the stored sensitive information file in real time.
4. A network security system that can monitor sensitive digital information transmissions in real time as recited in claim 3, wherein: the content for monitoring the stored sensitive information file in real time comprises modification of the file, addition of the file and new establishment of the file.
5. A network security system that can monitor sensitive digital information transmissions in real time as recited in claim 1, wherein: the analysis unit (440) analyzes the suspected file by adopting a compare algorithm, wherein the algorithm formula is as follows:
in the formula (I), the compound is shown in the specification,a threshold value for determining a suspected file as a virus; />Is->The subscript of (1) is used for distinguishing the occupied threshold values of the suspected files on the network speed, the processor and the disk; />The working state of the suspected file is obtained; />Indicating an operative status of a suspect file>Threshold value->(ii) a 0 signifies the operative status of a suspect file>Threshold value->。
6. A network security system that can monitor sensitive digital information transmissions in real time as recited in claim 1, wherein: the file handling module (500) comprises a file transfer unit (510),
the file transfer unit (510) transfers the sensitive information file stored in the computer to the virtual machine unit (310).
7. A network security system that can monitor sensitive digital information transmissions in real time as recited in claim 6, wherein: the file processing module (500) further comprises a transfer recording unit (520), a file comparison unit (530) and a file covering unit (540);
the transfer recording unit (520) records the normal file transferred by the execution unit (450) to obtain file information;
the file comparison unit (530) compares the sensitive information file transferred by the file transfer unit (510) according to the file information to obtain new sensitive information and old sensitive information; the file overwriting unit (540) overwrites old sensitive information with new sensitive information.
8. A network security system that can monitor sensitive digital information transmissions in real time as recited in claim 7, wherein: the file comparison unit (530) compares by time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210522828.8A CN115001754B (en) | 2022-05-13 | 2022-05-13 | Network security system capable of monitoring sensitive digital information transmission in real time |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210522828.8A CN115001754B (en) | 2022-05-13 | 2022-05-13 | Network security system capable of monitoring sensitive digital information transmission in real time |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115001754A CN115001754A (en) | 2022-09-02 |
CN115001754B true CN115001754B (en) | 2023-04-07 |
Family
ID=83027880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210522828.8A Active CN115001754B (en) | 2022-05-13 | 2022-05-13 | Network security system capable of monitoring sensitive digital information transmission in real time |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115001754B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012064208A (en) * | 2010-09-15 | 2012-03-29 | Chunghwa Telecom Co Ltd | Network virus prevention method and system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9681304B2 (en) * | 2013-02-22 | 2017-06-13 | Websense, Inc. | Network and data security testing with mobile devices |
CN104601568B (en) * | 2015-01-13 | 2019-05-21 | 深信服科技股份有限公司 | Virtualization security isolation method and device |
CN107896215A (en) * | 2017-11-24 | 2018-04-10 | 北京国网富达科技发展有限责任公司 | A kind of dispositions method and device of the intruding detection system based on virtual machine |
CN107864153A (en) * | 2017-12-11 | 2018-03-30 | 江苏恒信和安电子科技有限公司 | A kind of internet worm method for early warning based on network security sensor |
CN110881049B (en) * | 2019-12-16 | 2022-02-15 | 淮安信息职业技术学院 | Computer network safety intelligent control system |
CN111737696A (en) * | 2020-06-28 | 2020-10-02 | 杭州安恒信息技术股份有限公司 | Method, system and equipment for detecting malicious file and readable storage medium |
-
2022
- 2022-05-13 CN CN202210522828.8A patent/CN115001754B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012064208A (en) * | 2010-09-15 | 2012-03-29 | Chunghwa Telecom Co Ltd | Network virus prevention method and system |
Also Published As
Publication number | Publication date |
---|---|
CN115001754A (en) | 2022-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101751535B (en) | Data loss protection through application data access classification | |
EP3721365B1 (en) | Methods, systems and apparatus to mitigate steganography-based malware attacks | |
CN110912884A (en) | Detection method, detection equipment and computer storage medium | |
KR101132197B1 (en) | Apparatus and Method for Automatically Discriminating Malicious Code | |
US9984234B2 (en) | Secure document importation via portable media | |
WO2014103115A1 (en) | Illicit intrusion sensing device, illicit intrusion sensing method, illicit intrusion sensing program, and recording medium | |
US10482240B2 (en) | Anti-malware device, anti-malware system, anti-malware method, and recording medium in which anti-malware program is stored | |
US11698962B2 (en) | Method for detecting intrusions in an audit log | |
CN111581621A (en) | Data security processing method, device, system and storage medium | |
CN109800569A (en) | Program identification method and device | |
KR102263111B1 (en) | Method for data security management and recording medium recording program for performing the method | |
CN115001754B (en) | Network security system capable of monitoring sensitive digital information transmission in real time | |
JP4843546B2 (en) | Information leakage monitoring system and information leakage monitoring method | |
KR20160133927A (en) | Apparatus and method for detecting rooting from terminal based on android system | |
Ramadhan et al. | Forensic malware identification using naive bayes method | |
US20230315855A1 (en) | Exact restoration of a computing system to the state prior to infection | |
CN111125701B (en) | File detection method, equipment, storage medium and device | |
CN114091609A (en) | Computer network information security event processing method | |
CN114707144A (en) | Virtual machine escape behavior detection method and device | |
CN113572776A (en) | Illegal intrusion detection device and method | |
WO2021144978A1 (en) | Attack estimation device, attack estimation method, and attack estimation program | |
CN114186278A (en) | Database abnormal operation identification method and device and electronic equipment | |
CN113395268A (en) | Online and offline fusion-based web crawler interception method | |
CN115238324B (en) | Computer protection system and method based on management use audit safety | |
CN117744055A (en) | Intelligent device file data leakage prevention method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |