CN115292697B - Memory protection method and device based on intrusion behavior analysis - Google Patents

Memory protection method and device based on intrusion behavior analysis Download PDF

Info

Publication number
CN115292697B
CN115292697B CN202211230823.4A CN202211230823A CN115292697B CN 115292697 B CN115292697 B CN 115292697B CN 202211230823 A CN202211230823 A CN 202211230823A CN 115292697 B CN115292697 B CN 115292697B
Authority
CN
China
Prior art keywords
access
client
server
memory
abnormal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211230823.4A
Other languages
Chinese (zh)
Other versions
CN115292697A (en
Inventor
周磊
姜双林
赵时晴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Andi Technology Co ltd
Original Assignee
Beijing Andi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Andi Technology Co ltd filed Critical Beijing Andi Technology Co ltd
Priority to CN202211230823.4A priority Critical patent/CN115292697B/en
Publication of CN115292697A publication Critical patent/CN115292697A/en
Application granted granted Critical
Publication of CN115292697B publication Critical patent/CN115292697B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a memory protection method and a device based on intrusion behavior analysis, which relate to the technical field of data protection, and the method comprises the following steps: recording an access application record of a client and an access response record of a database memory of a server; obtaining access abnormal information based on the access application record and the corresponding access response record; based on the access abnormal information, protecting the memory access of the client to the server; the access application record comprises access application time, access memory objects, memory processing behaviors and access memory paths; the access response record includes access response time, access memory objects, memory handling behavior, and access memory paths. The intrusion behavior is analyzed based on the comparison condition of the access application record and the access response record, so that targeted memory protection processing is performed according to the access abnormal information.

Description

Memory protection method and device based on intrusion behavior analysis
Technical Field
The present application relates to the field of data protection technologies, and in particular, to a memory protection method and apparatus based on intrusion behavior analysis.
Background
With the rapid development of network information, the traditional working mode gradually migrates to the internet. The informatization brings convenience and brings risks and threats. The development of networks and their applications is seriously hindered by security problems such as illegal intrusion of networks, information stealing and tampering, identity falsification and denial. The traditional information security system mainly comprising firewall, virtual Private Network (VPN), virus prevention technology and the like cannot deal with the increasingly complex network security problem.
The information system consists of three layers of a server, a network and a terminal. The traditional information security guarantee means is often simpler to the control of terminal equipment and protective measures, is difficult to prevent the malicious attack to the terminal equipment, and can not deal with various illegal intrusion behaviors nowadays.
Therefore, in order to meet the data protection requirements at the present stage, a memory protection technology based on intrusion behavior analysis is provided.
Disclosure of Invention
The application provides a memory protection method and device based on intrusion behavior analysis, wherein the intrusion behavior is analyzed based on the comparison condition of an access application record and an access response record, so that targeted memory protection processing is performed according to access abnormal information.
In a first aspect, the present application provides a memory protection method based on intrusion behavior analysis, including the following steps:
recording access application records of a client and access response records of a database memory of a server;
obtaining access abnormal information based on the access application record and the corresponding access response record;
based on the access abnormal information, protecting the memory access of the client to the server; wherein, the first and the second end of the pipe are connected with each other,
the access application record comprises access application time, access memory objects, memory processing behaviors and access memory paths;
the access response record comprises access response time, access memory objects, memory processing behaviors and access memory paths;
the memory access authorization process of the client and the server comprises the following steps:
a client sends an access request to a server;
the server responds to the access request, randomly generates a preset byte seed, encrypts the preset byte seed by combining with the mobile equipment identification code corresponding to the client to obtain an encrypted seed, and sends the encrypted seed to the client;
the server and the client process the encrypted seeds based on a preset encryption algorithm and combined with an identification Key respectively to obtain a corresponding server side Key and a corresponding client side Key respectively;
and the server compares the server side Key with the client side Key, and if the server side Key and the client side Key are compared, the client side is judged to be authorized through memory access.
Specifically, the obtaining access exception information based on the access application record and the corresponding access response record includes the following steps:
comparing the access application time of the access application record of the client with the access response time of the corresponding access response record in the server, and if the comparison fails, acquiring a corresponding access abnormal time point;
based on the access abnormal time point of the client, combining a preset time threshold value to obtain an access abnormal time period corresponding to the access abnormal time point;
and counting the access abnormal time period of the client to obtain corresponding access abnormal information.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
configuring an algorithm key time corresponding table to the server and the client, wherein the algorithm key time corresponding table records preset encryption algorithms and identification keys corresponding to different time periods;
after the client sends an access request to the server and obtains an encryption seed fed back by the server, the server and the client select a preset encryption algorithm and an identification Key respectively based on an algorithm Key time corresponding table and a time point corresponding to the access request, process the encryption seed and respectively obtain a corresponding server side Key and a corresponding client side Key.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
the server compares the server side Key with the client side Key, and if the server side Key and the client side Key are compared, the server sends access question-back information to the mobile terminal corresponding to the client through a short message or an email;
the mobile terminal corresponding to the client feeds back access confirmation information to the server based on the access question-back information;
and the server receives the access confirmation information and judges that the client side passes the memory access authorization.
Specifically, the obtaining access exception information based on the access application record and the corresponding access response record includes the following steps:
comparing the access memory object of the access application record of the client with the access memory object of the access response record corresponding to the server, and if the comparison fails, acquiring a corresponding access abnormal memory object;
acquiring an access abnormal file directory corresponding to the access abnormal time point based on the file directory to which the access abnormal memory object of the client belongs;
and counting the access abnormal file directories of the client to obtain corresponding access abnormal information.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
marking the access abnormal file directory corresponding to the database memory area of the server, and configuring a preset access encryption verification process;
when a client sends an access request to a server and an access object is in the access abnormal file directory range, the server compares a server side Key with a client side Key, and after the server side Key and the client side Key are compared to be consistent, the client and the server execute a preset access encryption verification process, if the process passes, the client is allowed to access and judges that the server side Key and the client side Key pass the comparison, otherwise, the client denies the access and judges that the server side Key and the client side Key do not pass the comparison.
Specifically, the obtaining access exception information based on the access application record and the corresponding access response record includes the following steps:
comparing the access memory path of the access application record of the client with the access memory path of the corresponding access response record in the server, and if the access memory path of the access application record of the client does not pass the access memory path of the access response record of the server, acquiring a corresponding access abnormal path node;
and counting the access abnormal path nodes of the client to obtain corresponding access abnormal information.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
the server generates path avoidance prompt information based on the access abnormal path nodes in the access abnormal information and sends the path avoidance prompt information to the corresponding client;
and the client bypasses the access abnormal path node in the path avoidance prompt information based on the path avoidance prompt information and sends an access request to a server.
Specifically, the obtaining access exception information based on the access application record and the corresponding access response record includes the following steps:
comparing the memory processing behavior recorded by the access application of the client with the memory processing behavior recorded by the corresponding access response in the server, and if the comparison fails, acquiring the corresponding access exception handling behavior;
and counting the memory processing behaviors of the client to obtain corresponding access abnormal information.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
the server adds an access prohibition mark to the mobile terminal corresponding to the client and copies the application program file of the client;
the server sends client updating prompt information to the mobile terminal corresponding to the client;
after the mobile terminal updates the client, the server copies the application program file of the updated client;
and comparing the application program file of the client with the updated application program file of the client, and if the application program file of the client is inconsistent with the updated application program file of the client, canceling the access prohibition mark of the mobile terminal.
In a second aspect, the present application provides a memory protection device based on intrusion behavior analysis, the device includes:
the access recording module is used for recording an access application record of the client and an access response record of a database memory of the server;
the access comparison module is used for acquiring access abnormal information based on the access application record and the corresponding access response record;
the memory protection module is used for protecting the memory access of the client to the server based on the access exception information; wherein, the first and the second end of the pipe are connected with each other,
the access application record comprises access application time, access memory objects, memory processing behaviors and access memory paths;
the access response record comprises access response time, access memory objects, memory processing behaviors and access memory paths;
the memory access authorization process of the client and the server comprises the following steps:
the client sends an access request to the server;
the server responds to the access request, randomly generates a seed with a preset byte, encrypts the seed by combining with the mobile equipment identification code corresponding to the client to obtain an encrypted seed and sends the encrypted seed to the client;
the server and the client process the encrypted seeds based on a preset encryption algorithm and combined with an identification Key respectively to obtain a corresponding server side Key and a corresponding client side Key respectively;
and the server compares the server side Key with the client side Key, and if the server side Key and the client side Key are compared, the client side is judged to be authorized through memory access.
The beneficial effect that technical scheme that this application provided brought includes:
according to the method and the device, the intrusion behavior is analyzed based on the comparison condition of the access application record and the access response record, so that targeted memory protection processing is performed according to the access abnormal information, certain safety and reliability are achieved, and data information can be effectively protected.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating steps of a memory protection method based on intrusion behavior analysis according to an embodiment of the present disclosure;
fig. 2 is a flowchart of an implementation of a memory protection method based on intrusion behavior analysis according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The embodiment of the application provides a memory protection method and device based on intrusion behavior analysis, wherein the intrusion behavior is analyzed based on the comparison condition of an access application record and an access response record, so that targeted memory protection processing is performed according to access abnormal information, certain safety and reliability are achieved, and data information can be effectively protected.
In order to achieve the technical effects, the general idea of the application is as follows:
a memory protection method based on intrusion behavior analysis comprises the following steps:
s1, recording an access application record of a client and an access response record of a database memory of a server;
s2, obtaining access abnormal information based on the access application records and the corresponding access response records;
s3, based on the access abnormal information, protecting the memory access of the client to the server; wherein, the first and the second end of the pipe are connected with each other,
the access application record comprises access application time, access memory objects, memory processing behaviors and access memory paths;
the access response record comprises access response time, access memory objects, memory processing behaviors and access memory paths;
the memory access authorization process of the client and the server comprises the following steps:
q1, the client sends an access request to the server;
q2, the server responds to the access request, randomly generates a preset byte seed, encrypts the preset byte seed by combining with the mobile equipment identification code corresponding to the client to obtain an encrypted seed, and sends the encrypted seed to the client;
q3, the server and the client process the encrypted seeds based on a preset encryption algorithm and combined with an identification Key respectively to obtain a corresponding server side Key and a corresponding client side Key respectively;
and Q4, the server compares the server side Key with the client side Key, and if the server side Key and the client side Key are compared, the client side is judged to be authorized through memory access.
Embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
In a first aspect, referring to fig. 1 to 2, an embodiment of the present application provides a memory protection method based on intrusion behavior analysis, where the method includes the following steps:
s1, recording an access application record of a client and an access response record of a database memory of a server;
s2, obtaining access abnormal information based on the access application records and the corresponding access response records;
s3, based on the access abnormal information, protecting the memory access of the client to the server; wherein the content of the first and second substances,
the access application record comprises access application time, access memory objects, memory processing behaviors and access memory paths;
the access response record comprises access response time, access memory objects, memory processing behaviors and access memory paths;
the memory access authorization process of the client and the server comprises the following steps:
q1, the client sends an access request to the server;
q2, the server responds to the access request, randomly generates a preset byte seed, encrypts the preset byte seed by combining with the mobile equipment identification code corresponding to the client to obtain an encrypted seed, and sends the encrypted seed to the client;
q3, the server and the client process the encrypted seeds based on a preset encryption algorithm and combined with an identification Key respectively to obtain a corresponding server side Key and a corresponding client side Key respectively;
and Q4, the server compares the server side Key with the client side Key, and if the server side Key and the client side Key are compared, the client side is judged to be authorized through memory access.
It should be noted that, steps Q1 to Q4 are memory access authorization flows of the client and the server before the memory protection processing is not performed, that is, memory access authorization flows of original states of the client and the server.
In the embodiment of the application, the method mainly aims at an intrusion mode of carrying out illegal access on the memory information in the database by means of the database of the client-side intrusion server;
step S1 belongs to access monitoring operation, namely, on one hand, a monitoring client initiates an application work record of an access application to a database of a server, on the other hand, the monitoring server receives a response work record of the access application from the client, so that the difference of the work records at two ends is compared at a later period, when the difference exists between the time, an access memory object, a memory processing behavior or an access memory path between a certain access application record and the corresponding access response record, the access work is considered to belong to an illegal intrusion behavior, the difference analysis needs to be carried out aiming at the intrusion behavior, and the memory protection is carried out in a targeted manner;
step S2, specific difference comparison operation is carried out, and the difference between the access application record and the corresponding access response record is obtained, so that the difference between the specific situation of the access application initiated by the client and the specific situation of the access application responded by the server is mastered, and the difference corresponds to the specific embodiment of an illegal intrusion behavior;
step S3 is a specific memory protection operation, and corresponding memory protection processing is adopted according to specific characteristics of an illegal intrusion behavior, that is, specific situations of accessing abnormal information, specifically, a specific link in an original memory access authorization flow between the client and the server may be adjusted to improve security of communication.
According to the embodiment of the application, the intrusion behavior is analyzed based on the comparison condition of the access application record and the access response record, so that targeted memory protection processing is performed according to the access abnormal information, certain safety and reliability are achieved, and data information can be effectively protected.
Specifically, the obtaining access exception information based on the access application record and the corresponding access response record includes the following steps:
comparing the access application time of the access application record of the client with the access response time of the corresponding access response record in the server, and if the comparison fails, acquiring a corresponding access abnormal time point;
acquiring an access abnormal time period corresponding to the access abnormal time point based on the access abnormal time point of the client in combination with a preset time threshold;
and counting the access abnormal time period of the client to obtain corresponding access abnormal information.
The access application time and the corresponding access response time have a tiny time difference due to the time of information transmission, so that when the access application time and the corresponding access response time are compared, if the time difference is smaller than a preset information transmission time threshold value, the comparison is judged to be passed, otherwise, the comparison is not passed, the access application time is used as an access abnormal time point, and the time corresponding to the access abnormal time point is judged to be the time for initiating the illegal intrusion behavior;
furthermore, based on the access abnormal time point, a time value of a first preset time threshold is calculated forwards, and a time value of the first preset time threshold is calculated backwards, so that a time period taking the access abnormal time point as a center is obtained, and the time period is subjected to memory protection, so that the reliability of the memory protection is improved.
It should be noted that the access application time, the access response time, and the access exception time point may be one of multiple preset time periods, for example:
if the time period is one day, namely 24 hours, the access application time, the access response time and the access abnormal time point can be specific points, namely a few minutes and a few seconds;
if the time period is one week, that is, 7 days, the access application time, the access response time and the access abnormal time point may be specific weeks;
generally, in order to guarantee reliability, the access application time, the access response time and the access abnormal time point should be specific times, fractions and seconds;
if the memory access frequency of the client to the server is low when the client normally works, and is usually the access frequency in units of weeks or even months, the access application time, the access response time, and the access abnormal time point may be specific weeks, and of course, even if the access frequency is low, the access application time, the access response time, and the access abnormal time point may be specific points, such as minutes and seconds, in order to ensure reliability.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
a1, configuring an algorithm key time corresponding table to a server and a client, wherein the algorithm key time corresponding table records preset encryption algorithms and identification keys corresponding to different time periods;
and A2, after the client sends an access request to the server and obtains an encryption seed fed back by the server, the server and the client select a preset encryption algorithm and an identification Key respectively based on an algorithm Key time corresponding table and a time point corresponding to the access request, process the encryption seed and respectively obtain a corresponding server side Key and a corresponding client side Key.
The operation is mainly memory protection from the time perspective, namely, the preset encryption algorithm and the identification key are configured into a form of adjustment according to time, and the adjustment mode, the client and the server can know;
therefore, the operation aims to adjust the algorithm and the key at the corresponding time point based on the time habit corresponding to the intrusion behavior, so that the reliability of memory protection is improved, and the difficulty of illegal intrusion is improved.
In addition, in step A1, the specific operation of configuring an algorithm key time correspondence table to the server and the client is as follows:
pre-configuring an algorithm key time corresponding table to the server;
the server responds to the access request and sends a corresponding table verification code to the mobile terminal of the client in a short message, mail or voice message mode;
the client applies for an algorithm key time corresponding table from the server based on the corresponding table verification code; wherein the content of the first and second substances,
and when the client finishes the current memory access operation, namely after finishing the current access work to the memory of the database of the server, automatically deleting the algorithm key time corresponding table.
Specifically, the obtaining access exception information based on the access application record and the corresponding access response record includes the following steps:
comparing the accessed memory object recorded by the access application of the client with the accessed memory object recorded by the corresponding access response in the server, and if the comparison fails, acquiring a corresponding access abnormal memory object;
acquiring an access abnormal file directory corresponding to an access abnormal time point based on a file directory to which an access abnormal memory object of a client belongs;
and counting the access abnormal file directory of the client to obtain corresponding access abnormal information.
The above operations are intended to identify the destination of the intrusion behavior, that is, analyze from the perspective of the access object which data the illegal intrusion aims to obtain, obtain the access abnormal file directory and count, and then effectively protect the corresponding memory file, so as to purposefully prevent the data interested by the intruder from being illegally obtained.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
b1, marking an access abnormal file directory corresponding to a database memory area of the server, and configuring a preset access encryption auditing process;
and B2, when the client sends an access request to the server and the access object is in the access abnormal file directory range, the server compares the server side Key with the client side Key, and after the comparison is consistent, the client and the server execute a preset access encryption verification process, if the process is passed, the access is allowed and the server side Key and the client side Key are judged to pass the comparison, otherwise, the access is denied and the server side Key and the client side Key are judged not to pass the comparison.
The operation mainly includes performing memory protection from the object angle, namely performing key protection on a database memory area interested by the intrusion behavior;
therefore, the operation aims to strengthen protection based on the interest tendency corresponding to the intrusion behavior, so that the reliability of memory protection is improved, and the difficulty of illegal intrusion is improved.
In addition, the preset access encryption auditing process may refer to the existing memory encryption method to perform adaptive adjustment, and of course, the preset access encryption auditing process may further include the following steps:
the server responds to the access request and generates address characteristic information based on the initial address of the access abnormal file directory corresponding to the database memory area of the server;
the server generates access authorization connection based on the address characteristic information and the mobile equipment identification code of the mobile terminal corresponding to the client;
the server sends access authorization connection to the mobile terminal of the client in a short message or mail mode;
the client acquires the authority of accessing the abnormal file directory corresponding to the database memory area of the server based on the access authorization connection; wherein, the first and the second end of the pipe are connected with each other,
when the client finishes the current memory access operation, namely after finishing the current access work to the memory of the database of the server, the access authorization connection is invalid;
that is, each access authorization connection only acts on the corresponding current memory access operation, and can only give the client an access right for the memory access operation.
Specifically, the obtaining access exception information based on the access application record and the corresponding access response record includes the following steps:
comparing the access memory path of the access application record of the client with the access memory path of the corresponding access response record in the server, and if the access memory path does not pass the comparison, acquiring a corresponding access abnormal path node;
and counting access abnormal path nodes of the client to obtain corresponding access abnormal information.
The above operations are intended to identify an intrusion path of an intrusion behavior, that is, from the perspective of the intrusion path, it is determined which nodes are abnormal during the execution of the illegal intrusion, and the abnormal nodes are marked for corresponding processing, so that it is possible to purposefully prevent an intruder from accessing the abnormal path nodes again to perform the intrusion behavior.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
c1, the server generates path avoidance prompt information based on access abnormal path nodes in the access abnormal information and sends the path avoidance prompt information to the corresponding client;
and C2, the client bypasses the access abnormal path node in the path avoidance prompt information based on the path avoidance prompt information and sends an access request to the server.
The above operations are mainly performed when the client cannot directly access the server, that is, when the client needs to access the server through another communication node.
Specifically, the obtaining access exception information based on the access application record and the corresponding access response record includes the following steps:
comparing the memory processing behavior recorded by the access application of the client with the memory processing behavior recorded by the corresponding access response in the server, and if the comparison fails, acquiring the corresponding access exception handling behavior;
and counting the memory processing behaviors of the client to obtain corresponding access exception information.
The above operation is intended to identify the specific operation driving of the intrusion behavior itself, that is, whether the client is controlled illegally is determined from the perspective of the memory processing behavior, so that the corresponding processing work is performed on the corresponding client, and an intruder can be prevented from continuing to perform the illegal intrusion behavior by the illegally controlled client, thereby effectively performing the memory protection.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
d1, adding an access prohibition mark to the mobile terminal corresponding to the client by the server, and copying an application program file of the client;
d2, the server sends client updating prompt information to the mobile terminal corresponding to the client;
d3, after the mobile terminal updates the client, copying an application program file of the updated client by the server;
and D4, comparing the application program file of the client with the updated application program file of the client, and if the application program file of the client is not consistent with the updated application program file of the client, canceling the access prohibition mark of the mobile terminal.
It should be noted that, after the step D4, the original operation steps Q1 to Q4 may be executed, that is, the memory access authorization process is executed.
The operation is mainly to carry out memory protection from the perspective of replacing the client, namely to directly process the client under illegal control;
therefore, the operation aims to update the client under illegal control and strengthen protection, so that the reliability of memory protection is improved, and the difficulty of illegal intrusion is improved.
It should be noted that, the step D1 is intended to record the client under the illegal control, so as to facilitate later comparison, and facilitate later analysis, to know about key information such as the means and source of the illegal control, and to provide data basis for the subsequent memory protection work;
in step D4, if the application program file of the client is consistent with the application program file of the updated client, it represents that the updated client is still an illegally controlled client version, and there is still a large risk of illegal intrusion, so that it is necessary to keep the access prohibition flag on the mobile terminal.
Specifically, the protection processing of the memory access of the client to the server based on the access exception information includes the following steps:
if the server side Key and the client side Key are compared, the server sends access question-backing information to the mobile terminal corresponding to the client side through a short message or a mail;
the mobile terminal corresponding to the client feeds back access confirmation information to the server based on the access question-back information;
and the server receives the access confirmation information and judges that the client side is authorized by the memory access.
It should be noted that the above operations may be referred to as a reverse memory protection process, and may be executed at a corresponding time point after the memory protection process is performed on the time angle, the object angle, the path angle, or the client angle, that is, after the operations in step A2, step B2, step C2, or step D4.
In a second aspect, an embodiment of the present application provides, on the basis of the memory protection method based on intrusion behavior analysis mentioned in the first aspect, a memory protection device based on intrusion behavior analysis, where the device includes:
the access recording module is used for recording an access application record of the client and an access response record of a database memory of the server;
the access comparison module is used for acquiring access abnormal information based on the access application record and the corresponding access response record;
the memory protection module is used for protecting the memory access of the client to the server based on the access exception information; wherein the content of the first and second substances,
the access application record comprises access application time, access memory objects, memory processing behaviors and access memory paths;
the access response record comprises access response time, access memory objects, memory processing behaviors and access memory paths;
the memory access authorization process of the client and the server comprises the following steps:
q1, the client sends an access request to the server;
q2, the server responds to the access request, randomly generates a preset byte seed, encrypts the preset byte seed by combining with the mobile equipment identification code corresponding to the client to obtain an encrypted seed, and sends the encrypted seed to the client;
q3, the server and the client process the encrypted seeds based on a preset encryption algorithm and combined with an identification Key respectively to obtain a corresponding server side Key and a corresponding client side Key respectively;
and Q4, the server compares the server side Key with the client side Key, and if the server side Key and the client side Key are compared, the client side is judged to be authorized through memory access.
In the embodiment of the application, the method mainly aims at an intrusion mode of carrying out illegal access on the memory information in the database by means of the database of the client-side intrusion server;
the access record module is mainly used for executing access monitoring operation, namely, on one hand, a monitoring client initiates an application work record of an access application to a database of a server, on the other hand, the monitoring server receives a response work record of the access application from the client so as to compare the difference of the work records at the two ends at the later period, when the difference exists between the time, the access memory object, the memory processing behavior or the access memory path between a certain access application record and the corresponding access response record, the access work is considered to belong to an illegal intrusion behavior, the difference analysis needs to be carried out aiming at the intrusion behavior, and the memory protection is carried out in a targeted manner;
the access comparison module executes specific difference comparison operation to obtain the difference between the access application record and the corresponding access response record so as to master the difference between the specific situation of the access application initiated by the client and the specific situation of the access application responded by the server, and the difference corresponds to the specific embodiment of one illegal intrusion behavior;
the memory protection module is configured to perform a specific memory protection operation, and adopt a corresponding memory protection process according to specific characteristics of an illegal intrusion behavior, that is, specific situations of accessing abnormal information, specifically, may adjust a specific link in an original memory access authorization flow between the client and the server, so as to improve security of communication.
According to the embodiment of the application, the intrusion behavior is analyzed based on the comparison condition of the access application record and the access response record, so that targeted memory protection processing is performed according to the access abnormal information, certain safety and reliability are achieved, and data information can be effectively protected.
Specifically, the access comparison module comprises a time anomaly comparison sub-module;
the time anomaly comparison submodule is used for comparing the access application time of the access application record of the client with the access response time of the corresponding access response record in the server, and if the comparison is not passed, a corresponding access anomaly time point is obtained;
the time anomaly comparison sub-module is also used for obtaining an access anomaly time period corresponding to the access anomaly time point based on the access anomaly time point of the client and in combination with a preset time threshold;
the time anomaly comparison submodule is also used for counting the access anomaly time periods of the client side and obtaining corresponding access anomaly information.
The method comprises the steps that due to the reason of information transmission time, a small time difference exists between access application time and corresponding access response time, therefore, when the time difference between the access application time and the corresponding access response time is smaller than a preset information transmission time threshold value during comparison, the comparison is judged to be passed, otherwise, the comparison is not passed, the access application time is used as an access abnormal time point, and the time corresponding to the access abnormal time point is judged to be the time for initiating illegal intrusion behaviors;
furthermore, based on the access abnormal time point, a time value of a first preset time threshold is calculated forwards, and a time value of the first preset time threshold is calculated backwards, so that a time period taking the access abnormal time point as a center is obtained, and the time period is subjected to memory protection, so that the reliability of the memory protection is improved.
It should be noted that the access application time, the access response time, and the access exception time point may be one of multiple preset time periods, for example:
if the time period is one day, namely 24 hours, the access application time, the access response time and the access abnormal time point can be specific points, namely a few minutes and a few seconds;
if the time period is one week, that is, 7 days, the access application time, the access response time, and the access abnormal time point may be specific weeks;
in general, in order to guarantee reliability, the access application time, the access response time and the access abnormal time point should be specific points, fractions and seconds;
if the memory access frequency of the client to the server is low when the client normally works, and is usually the access frequency in units of weeks or even months, the access application time, the access response time, and the access abnormal time point may be specific weeks, and of course, even if the access frequency is low, the access application time, the access response time, and the access abnormal time point may be specific points, such as minutes and seconds, in order to ensure reliability.
Specifically, the memory protection module comprises a time angle protection submodule;
the time angle protection submodule is used for configuring an algorithm key time corresponding table to the server and the client, and the algorithm key time corresponding table records preset encryption algorithms and identification keys corresponding to different time periods;
the time angle protection submodule is also used for controlling the server and the client to select a preset encryption algorithm and an identification Key respectively based on the algorithm Key time corresponding table and the time point corresponding to the access request after the client sends the access request to the server and obtains the encryption seed fed back by the server, and processing the encryption seed to respectively obtain the corresponding server side Key and the client side Key.
The operation is mainly memory protection from the time perspective, that is, the preset encryption algorithm and the identification key are configured into a form of adjusting according to time, and the adjusting mode, the client and the server can know;
therefore, the operation aims to adjust the algorithm and the key at the corresponding time point based on the time habit corresponding to the intrusion behavior, so that the reliability of memory protection is improved, and the difficulty of illegal intrusion is improved.
In addition, the specific operation of configuring an algorithm key time correspondence table to the server and the client by the time angle protection submodule is as follows:
pre-configuring an algorithm key time corresponding table to the server;
the server responds to the access request and sends a corresponding table verification code to the mobile terminal of the client in a short message, mail or voice message mode;
the client applies for an algorithm key time corresponding table from the server based on the corresponding table verification code; wherein the content of the first and second substances,
and when the client finishes the current memory access operation, namely after finishing the current access work to the memory of the database of the server, automatically deleting the algorithm key time corresponding table.
Specifically, the access comparison module comprises an object abnormity comparison submodule;
the object exception comparison submodule is used for comparing an access memory object of the access application record of the client with an access memory object of the access response record corresponding to the server, and if the comparison is not passed, obtaining a corresponding access exception memory object;
the object exception comparison submodule is also used for acquiring an access exception file directory corresponding to the access exception time point based on the file directory to which the access exception memory object of the client belongs;
the object exception comparison submodule is also used for counting the access exception file directory of the client to obtain corresponding access exception information.
The above operations are intended to identify the destination of the intrusion behavior, that is, to analyze from the perspective of the access object, what data the illegal intrusion aims to obtain, to obtain the access abnormal file directory and to make statistics, to effectively protect the corresponding memory file, and to purposefully prevent the data interested by the intruder from being illegally acquired.
Specifically, the memory protection module includes an object angle protection submodule:
the object angle protection sub-module is used for marking the access abnormal file directory corresponding to the database memory area of the server and configuring a preset access encryption verification process;
and the object angle protection submodule is used for comparing the server side Key with the client side Key when the client side sends an access request to the server and the access object is in the range of accessing the abnormal file directory, and after the server side Key and the client side Key are compared and are consistent, the client side and the server execute a preset access encryption verification process, if the process passes, the server side Key is allowed to access and the client side Key is judged to pass the comparison, otherwise, the server side Key is refused to access and the client side Key is judged not to pass the comparison.
The operation is mainly to perform memory protection from the object angle, namely to perform key protection on the database memory area interested by the intrusion behavior;
therefore, the operation aims to strengthen protection based on the interest tendency corresponding to the intrusion behavior, so that the reliability of memory protection is improved, and the difficulty of illegal intrusion is improved.
In addition, the preset access encryption auditing process may refer to the existing memory encryption method to perform adaptive adjustment, and of course, the preset access encryption auditing process may further include the following steps:
the server responds to the access request and generates address characteristic information based on the initial address of the access abnormal file directory corresponding to the database memory area of the server;
the server generates access authorization connection based on the address characteristic information and the mobile equipment identification code of the mobile terminal corresponding to the client;
the server sends access authorization connection to the mobile terminal of the client in a short message or mail mode;
the client acquires the authority of accessing the abnormal file directory corresponding to the database memory area of the server based on the access authorization connection; wherein the content of the first and second substances,
when the client finishes the current memory access operation, namely after finishing the current access work to the memory of the database of the server, the access authorization connection is invalid;
that is, each access authorization connection only acts on the corresponding current memory access operation, and can only give the client an access right for the memory access operation.
Specifically, the access comparison module comprises a path anomaly comparison pair sub-module:
the path abnormity comparison submodule is used for comparing an access memory path of the access application record of the client with an access memory path of the corresponding access response record in the server, and if the comparison fails, acquiring a corresponding access abnormity path node;
the path abnormity comparison sub-module is also used for counting access abnormity path nodes of the client and obtaining corresponding access abnormity information.
The above operations are intended to identify an intrusion path of an intrusion behavior, that is, from the perspective of the intrusion path, it is determined which nodes are abnormal in the execution process of the illegal intrusion, and the abnormal nodes are marked so as to be correspondingly processed, so that an intruder can be prevented from accessing the abnormal path nodes again in a targeted manner to perform the intrusion behavior.
Specifically, the memory protection module comprises a path angle protection submodule;
the path angle protection sub-module is used for controlling the server to generate path avoidance prompt information based on the access abnormal path nodes in the access abnormal information and sending the path avoidance prompt information to the corresponding client;
and the path angle protection submodule is used for controlling the client to bypass the access abnormal path node in the path avoidance prompt information and send an access request to the server based on the path avoidance prompt information.
The above operations are mainly performed when the client cannot directly access the server, that is, when the client needs to access the server through another communication node.
Specifically, the access comparison module comprises a client exception comparison submodule;
the client exception comparison submodule is used for comparing the memory processing behavior of the access application record of the client with the memory processing behavior of the corresponding access response record in the server, and if the comparison does not pass, the corresponding access exception processing behavior is obtained;
and the client exception comparison submodule is also used for counting the memory processing behaviors of the client to obtain corresponding access exception information.
The above operation is intended to identify the specific operation driving of the intrusion behavior itself, that is, whether the client is controlled illegally is determined from the perspective of the memory processing behavior, so that the corresponding processing work is performed on the corresponding client, and an intruder can be prevented from continuing to perform the illegal intrusion behavior by the illegally controlled client, thereby effectively performing the memory protection.
Specifically, the memory protection module comprises a client angle protection submodule;
the client angle protection submodule is used for controlling the server to add an access prohibition mark to the mobile terminal corresponding to the client and copy the application program file of the client;
the client angle protection submodule is also used for controlling the server to send client update prompt information to the mobile terminal corresponding to the client;
the client angle protection submodule is also used for controlling the server to copy the updated application program file of the client after the mobile terminal updates the client;
the client angle protection sub-module is further used for comparing the application program file of the client with the updated application program file of the client, and if the application program file of the client is not consistent with the updated application program file of the client, the access prohibition mark of the mobile terminal is cancelled.
The operation mainly includes that memory protection is carried out from the perspective of changing the client, namely, the illegally controlled client is directly processed;
therefore, the operation aims to update the client under illegal control and strengthen protection, thereby improving the reliability of memory protection and increasing the difficulty of illegal invasion.
It should be noted that the above operations are intended to record the client under the illegal control, so as to facilitate later comparison, and facilitate later analysis, to know key information such as illegal control means and source, and to provide data basis for subsequent memory protection work;
in addition, if the application program file of the client is consistent with the application program file of the updated client, the updated client is still an illegally controlled client version, and a large illegal intrusion risk still exists, so that the access prohibition flag needs to be continuously kept on the mobile terminal.
Specifically, the memory protection module further includes a challenge-back confirmation sub-module, which is used for sending access challenge-back information to the mobile terminal corresponding to the client through a short message or a mail when the server-side Key and the client-side Key are compared;
the question-back confirmation submodule is also used for receiving the access confirmation information fed back to the server by the mobile terminal corresponding to the client based on the access question-back information;
the question-back confirmation sub-module is also used for controlling the server to receive the access confirmation information and judging that the client side is authorized by the memory access.
The operation of the challenge-back confirmation sub-module may be referred to as a challenge-back memory protection process, which may be executed at a corresponding time point after performing memory protection processing for a time angle, an object angle, a path angle, or a client angle.
It should be noted that, in the memory protection device based on intrusion behavior analysis in the embodiment of the present application, technical problems, technical fields, technical solutions, and technical effects thereof are similar to the memory protection method based on intrusion behavior analysis in the first aspect in the technical principle, and are not described herein again.
It is noted that, in the present application, relational terms such as "first" and "second", and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present application and are presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A memory protection method based on intrusion behavior analysis is characterized by comprising the following steps:
recording access application records of a client and access response records of a database memory of a server;
obtaining access abnormal information based on the access application record and the corresponding access response record;
based on the access abnormal information, protecting the memory access of the client to the server; wherein, the first and the second end of the pipe are connected with each other,
the access application record comprises access application time, access memory objects, memory processing behaviors and access memory paths;
the access response record comprises access response time, access memory objects, memory processing behaviors and access memory paths;
the memory access authorization process of the client and the server comprises the following steps:
a client sends an access request to a server;
the server responds to the access request, randomly generates a seed with a preset byte, encrypts the seed by combining with the mobile equipment identification code corresponding to the client to obtain an encrypted seed and sends the encrypted seed to the client;
the server and the client process the encrypted seeds based on a preset encryption algorithm and combined with an identification Key respectively to obtain a server side Key and a client side Key respectively;
and the server compares the server side Key with the client side Key, and if the server side Key and the client side Key are compared, the client side is judged to be authorized through memory access.
2. The memory protection method based on intrusion behavior analysis according to claim 1, wherein the step of obtaining access anomaly information based on the access application records and the corresponding access response records comprises the steps of:
comparing the access application time of the access application record of the client with the access response time of the corresponding access response record in the server, and if the comparison fails, acquiring a corresponding access abnormal time point;
based on the access abnormal time point of the client, combining a preset time threshold value to obtain an access abnormal time period corresponding to the access abnormal time point;
and counting the access abnormal time period of the client to obtain corresponding access abnormal information.
3. The memory protection method based on intrusion behavior analysis according to claim 2, wherein the protection processing of the memory access of the client to the server based on the access exception information includes:
configuring an algorithm key time corresponding table to the server and the client, wherein the algorithm key time corresponding table records preset encryption algorithms and identification keys corresponding to different time periods;
after the client sends an access request to the server and obtains an encryption seed fed back by the server, the server and the client select a preset encryption algorithm and an identification Key respectively based on an algorithm Key time corresponding table and a time point corresponding to the access request, process the encryption seed and respectively obtain a corresponding server side Key and a corresponding client side Key.
4. The memory protection method based on intrusion behavior analysis according to claim 2, wherein the step of obtaining access anomaly information based on the access application records and the corresponding access response records comprises the steps of:
comparing the access memory object of the access application record of the client with the access memory object of the access response record corresponding to the server, and if the comparison fails, acquiring a corresponding access abnormal memory object;
acquiring an access abnormal file directory corresponding to the access abnormal time point based on the file directory to which the access abnormal memory object of the client belongs;
and counting the access abnormal file directory of the client to obtain corresponding access abnormal information.
5. The memory protection method based on intrusion behavior analysis according to claim 4, wherein the protection processing of the memory access of the client to the server based on the access exception information comprises the following steps:
marking the access abnormal file directory corresponding to a database memory area of the server, and configuring a preset access encryption verification flow;
when a client sends an access request to a server and an access object is in the access abnormal file directory range, the server compares a server side Key with a client side Key, and after the server side Key and the client side Key are compared to be consistent, the client and the server execute a preset access encryption verification process, if the process passes, the client is allowed to access and judges that the server side Key and the client side Key pass the comparison, otherwise, the client denies the access and judges that the server side Key and the client side Key do not pass the comparison.
6. The memory protection method based on intrusion behavior analysis according to claim 1, wherein the step of obtaining access anomaly information based on the access application records and the corresponding access response records comprises the steps of:
comparing the access memory path of the access application record of the client with the access memory path of the corresponding access response record in the server, and if the comparison fails, acquiring a corresponding access abnormal path node;
and counting the access abnormal path nodes of the client to obtain corresponding access abnormal information.
7. The memory protection method based on intrusion behavior analysis according to claim 6, wherein the protection processing of the memory access of the client to the server based on the access exception information comprises the following steps:
the server generates path avoidance prompt information based on the access abnormal path nodes in the access abnormal information and sends the path avoidance prompt information to the corresponding client;
and the client bypasses the access abnormal path node in the path avoidance prompt information based on the path avoidance prompt information and sends an access request to a server.
8. The memory protection method based on intrusion behavior analysis according to claim 1, wherein the step of obtaining access anomaly information based on the access application records and the corresponding access response records comprises the steps of:
comparing the memory processing behavior recorded by the access application of the client with the memory processing behavior recorded by the corresponding access response in the server, and if the comparison fails, acquiring the corresponding access exception handling behavior;
and counting the memory processing behaviors of the client to obtain corresponding access abnormal information.
9. The memory protection method based on intrusion behavior analysis according to claim 8, wherein the protection processing of the memory access of the client to the server based on the access exception information comprises the following steps:
the server adds an access prohibition mark to the mobile terminal corresponding to the client and copies the application program file of the client;
the server sends client updating prompt information to the mobile terminal corresponding to the client;
after the mobile terminal updates the client, the server copies the application program file of the updated client;
and comparing the application program file of the client with the updated application program file of the client, and if the application program file of the client is not consistent with the updated application program file of the client, canceling the access prohibition mark of the mobile terminal.
10. A memory protection device based on intrusion behavior analysis, the device comprising:
the access recording module is used for recording an access application record of the client and an access response record of a database memory of the server;
the access comparison module is used for acquiring access abnormal information based on the access application record and the corresponding access response record;
the memory protection module is used for protecting the memory access of the client to the server based on the access exception information; wherein the content of the first and second substances,
the access application record comprises access application time, access memory objects, memory processing behaviors and access memory paths;
the access response record comprises access response time, access memory objects, memory processing behaviors and access memory paths;
the memory access authorization process of the client and the server comprises the following steps:
a client sends an access request to a server;
the server responds to the access request, randomly generates a preset byte seed, encrypts the preset byte seed by combining with the mobile equipment identification code corresponding to the client to obtain an encrypted seed, and sends the encrypted seed to the client;
the server and the client process the encrypted seeds based on a preset encryption algorithm and combined with an identification Key respectively to obtain a corresponding server side Key and a corresponding client side Key respectively;
and the server compares the server side Key with the client side Key, and if the server side Key and the client side Key are compared, the client side is judged to be authorized through memory access.
CN202211230823.4A 2022-10-10 2022-10-10 Memory protection method and device based on intrusion behavior analysis Active CN115292697B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211230823.4A CN115292697B (en) 2022-10-10 2022-10-10 Memory protection method and device based on intrusion behavior analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211230823.4A CN115292697B (en) 2022-10-10 2022-10-10 Memory protection method and device based on intrusion behavior analysis

Publications (2)

Publication Number Publication Date
CN115292697A CN115292697A (en) 2022-11-04
CN115292697B true CN115292697B (en) 2022-12-16

Family

ID=83819278

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211230823.4A Active CN115292697B (en) 2022-10-10 2022-10-10 Memory protection method and device based on intrusion behavior analysis

Country Status (1)

Country Link
CN (1) CN115292697B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116522416B (en) * 2023-05-09 2023-11-24 深圳市银闪科技有限公司 Mobile storage security intelligent supervision system and method based on big data

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534051B (en) * 2015-09-11 2020-02-14 阿里巴巴集团控股有限公司 Processing method and device for access request
CN107368737A (en) * 2016-05-13 2017-11-21 阿里巴巴集团控股有限公司 A kind of processing method for preventing copy-attack, server and client
CN112823503B (en) * 2018-11-20 2022-08-16 深圳市欢太科技有限公司 Data access method, data access device and mobile terminal
CN112732163B (en) * 2019-10-14 2023-02-03 成都华为技术有限公司 Data verification method and device
CN112384923A (en) * 2019-11-27 2021-02-19 深圳市大疆创新科技有限公司 Memory access method, microprocessor, client and computer storage medium
CN111259445B (en) * 2020-01-16 2022-04-19 深圳市元征科技股份有限公司 Database platform access method, device, equipment and medium
CN113918371B (en) * 2021-10-18 2023-06-20 抖音视界有限公司 Memory processing method and device

Also Published As

Publication number Publication date
CN115292697A (en) 2022-11-04

Similar Documents

Publication Publication Date Title
US10699011B2 (en) Efficient white listing of user-modifiable files
US10264104B2 (en) Systems and methods for malicious code detection accuracy assurance
US6892241B2 (en) Anti-virus policy enforcement system and method
US8769296B2 (en) Software signature tracking
US7950056B1 (en) Behavior based processing of a new version or variant of a previously characterized program
US7793094B2 (en) HTTP cookie protection by a network security device
DE602005002572T2 (en) System and method for protecting a computer against computer attacks in secure communication
KR101373542B1 (en) System for Privacy Protection which uses Logical Network Division Method based on Virtualization
US10375091B2 (en) Method, device and assembly operable to enhance security of networks
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
US20100095365A1 (en) Self-setting security system and method for guarding against unauthorized access to data and preventing malicious attacks
CN115292697B (en) Memory protection method and device based on intrusion behavior analysis
Bishop et al. The threat from the net [Internet security]
Nilsson et al. Creating a secure infrastructure for wireless diagnostics and software updates in vehicles
CN106685912B (en) Safety access method of application system
KR20070061287A (en) Apparatus and method for user's privacy & intellectual property protection of enterprise against denial of information
CN116418538A (en) Single-packet authorization state detection method, terminal equipment and storage medium
WO2019235450A1 (en) Information processing device, information processing method, information processing program, and information processing system
JP6562370B1 (en) Information processing apparatus, information processing method, information processing program, and information processing system
CN117195235A (en) User terminal access trusted computing authentication system and method
CN117852021A (en) Behavior management system, method, computer device and storage medium for trusted space
CN118074985A (en) Browser file management and control method, system, device and readable storage medium
CN118074987A (en) Browser secure access handling method, system, device and readable storage medium
CN116781357A (en) Method for improving data exchange safety
CN117614724A (en) Industrial Internet access control method based on system fine granularity processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant