CN115329343A - Method and system for processing information security vulnerability - Google Patents

Method and system for processing information security vulnerability Download PDF

Info

Publication number
CN115329343A
CN115329343A CN202211014209.4A CN202211014209A CN115329343A CN 115329343 A CN115329343 A CN 115329343A CN 202211014209 A CN202211014209 A CN 202211014209A CN 115329343 A CN115329343 A CN 115329343A
Authority
CN
China
Prior art keywords
information
client
information security
security vulnerability
document
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211014209.4A
Other languages
Chinese (zh)
Other versions
CN115329343B (en
Inventor
徐智
涂玉雅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Energy Cloud Computing Technology Co ltd
Original Assignee
Wuhan Energy Cloud Computing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Energy Cloud Computing Technology Co ltd filed Critical Wuhan Energy Cloud Computing Technology Co ltd
Priority to CN202211014209.4A priority Critical patent/CN115329343B/en
Publication of CN115329343A publication Critical patent/CN115329343A/en
Application granted granted Critical
Publication of CN115329343B publication Critical patent/CN115329343B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a processing method of information security loopholes, which only allows the information security loopholes to execute loophole analysis and processing under the specific environment of a client, obtains calling function information corresponding to the information security loopholes, generates corresponding Dockerfile files according to the calling function information, obtains a file directory of a specific position of a detection client, inquires whether activated documents of a generated detection environment are included, and does not analyze the Dockerfile files when the activated documents of the generated detection environment are not included; firstly, checking the legality of an information format in the activated document, after judging that the information format in the activated document is legal, checking whether the information in the activated document is matched with the resource parameters of a client, if the activated document is matched with the resource parameter information of the client, allowing the client to analyze the Dockerfile, and generating a docker mirror image aiming at the information security vulnerability so as to realize the monitoring of a calling function corresponding to the information security vulnerability.

Description

Method and system for processing information security vulnerability
Technical Field
The invention relates to the technical field of computer security, in particular to a method and a system for processing information security vulnerabilities.
Background
With the rapid development of computer technology, the informatization degree of human society is higher and higher, and the dependence degree of politics, economy, military, culture and other fields of the whole society on a computer information system is higher and higher. Under such circumstances, the security of computer systems has received increasing attention. However, the compiling of large-scale software and systems needs a lot of programmers to complete together, and the programmers divide one software or system into a plurality of plates, compile the software by dividing labor, then gather and test the software; and finally, patching and releasing are carried out, so that security holes exist in software almost inevitably. Software security holes refer to defects introduced in the implementation process of software design, in data access or behavior logic and the like. These vulnerabilities are often exploited by attackers, causing program behavior to violate certain security policies. For the reasons, the research on the software security vulnerability detection technology is more and more focused at present.
However, the configuration of the operating environment for vulnerability analysis and detection is often not emphasized, and the generation mode is only to use the general detection environment generated by the virtual machine to analyze and detect vulnerabilities.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention discloses a processing method of information security loopholes, which comprises the following steps:
step 1, only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, and generating a corresponding Dockerfile file according to the calling function information, wherein the Dockerfile comprises function monitoring configuration of the calling function information;
step 2, acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating a detection environment is contained or not, and when the activation document for generating the detection environment is not contained, not analyzing the Dockerfile file;
and 3, when an activated document for generating a detection environment is included, firstly checking the legality of an information format in the activated document, after judging that the information format in the activated document is legal, checking whether the information in the activated document is matched with resource parameters of a client side, wherein the resource parameters comprise an operating memory, an operating program, an I/O (input/output) driver and an instruction execution authority, and if the activated document is matched with the resource parameter information of the client side, allowing the client side to analyze the Docker file and generating a docker mirror image aiming at the information security vulnerability so as to monitor a calling function corresponding to the information security vulnerability.
Further, the dockerfile including the function monitoring configuration for the calling function information further includes: when a monitoring program is set to execute the information security loophole, the call function is subjected to embedded Hook hooking to obtain a return address parameter of the call function, and the severity of the information security loophole is verified by analyzing the return address parameter.
Further, whether the address range of the return address parameter belongs to a normal range or not is judged, whether the read-write attribute of the return address parameter is normal or not is judged, and the condition of the return address parameter is scored so as to evaluate the severity of the information security vulnerability.
Further, obtaining a file directory that detects a specific location of the client further comprises: the file directory of the specific position is a secure storage area of the client, and the secure storage area is an encrypted storage area or a trusted area.
Further, the allowing the client to parse the Dockerfile file and generate a docker image for the information security vulnerability to monitor a call function corresponding to the information security vulnerability further includes: configuring a basic mirror image according to a Dockerfile, then setting a monitoring program of a single layer of Docker layer aiming at calling function information through function monitoring configuration of the calling function information in the Dockerfile, and executing generation of a corresponding monitoring program on a Docker layer needing to be generated according to the Dockerfile.
Furthermore, the docker image is image content which is obtained by connecting the client and the server from a corresponding image warehouse.
Furthermore, when the activation document for generating the detection environment is not included, the client establishes a trusted connection with the server, acquires the activation document preset in the server corresponding to the client, and stores the activation document in a file directory at a specific position of the client.
The invention also discloses a system for processing the information security loophole, which comprises the following modules:
the vulnerability positioning and limiting module is used for only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, generating a corresponding Dockerfile according to the calling function information, wherein the Dockerfile comprises function monitoring configuration for the calling function information, setting a monitoring program to carry out embedded Hook hooking on the calling function when the information security vulnerability is executed, obtaining a return address parameter of the calling function, verifying the severity of the information security vulnerability through analyzing the returned address parameter, judging whether the address range of the return address parameter belongs to a normal range, judging whether the read-write attribute of the return address parameter is normal, and grading the condition of the return address parameter to evaluate the severity of the information security vulnerability;
the vulnerability analysis environment generation pre-verification module is used for acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating the detection environment is contained or not, and when the activation document for generating the detection environment is not contained, not analyzing the Dockerfile, wherein the file directory of the specific position is a safe storage area of the client, and the safe storage area is an encrypted storage area or a trusted area;
the vulnerability analysis environment generation module is used for firstly checking the legality of an information format in an activated document when the activated document for generating a detection environment is included, then checking whether the information in the activated document is matched with resource parameters of a client or not after the information format in the activated document is judged to be legal, wherein the resource parameters comprise an operating memory, an operating program, an I/O (input/output) driver and an instruction execution authority, if the activated document is matched with the resource parameter information of the client, allowing the client to analyze the Docker file, generating a Docker mirror image aiming at the information security vulnerability to monitor a calling function corresponding to the information security vulnerability, configuring a basic mirror image according to the Docker file, setting a monitoring program aiming at calling function information of a single layer of the Docker layer through the function monitoring configuration of the calling function information in the Docker file, and executing the generation of the corresponding monitoring program on the Docker layer needing to be generated according to the Docker file.
The invention also discloses an electronic system comprising: the information security vulnerability processing method comprises the following steps of a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the information security vulnerability processing method.
The invention also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps in the processing method for the information security vulnerability are realized.
Compared with the prior art, the invention has the beneficial effects that: the invention can carry out corresponding environment configuration aiming at the condition of the vulnerability, and only allows the vulnerability to be analyzed and processed under a specific environment in order to ensure the safety of the operating environment and the equipment, the invention further sets a multiple safety check mode to generate the corresponding operating environment and the detection program, and generates dockerfile according to the requirement and then configures the detection layer related to the vulnerability by utilizing the multi-layer configuration principle of the docker mirror image, which is the generating mode of the missing vulnerability processing environment in the prior art.
Drawings
The invention will be further understood from the following description in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. In the drawings, like reference numerals designate corresponding parts throughout the different views.
Fig. 1 is a flowchart of a processing method of information security vulnerabilities according to the present invention.
Detailed Description
The technical solution of the present invention will be described in more detail with reference to the accompanying drawings and embodiments.
A mobile terminal implementing various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.
A mobile terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. In the following, it is assumed that the terminal is a mobile terminal. However, it will be understood by those skilled in the art that the configuration according to the embodiment of the present invention can be applied to a fixed type terminal in addition to elements particularly used for moving purposes.
As shown in fig. 1, a method for processing information security vulnerabilities includes the following steps:
step 1, only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, and generating a corresponding Dockerfile file according to the calling function information, wherein the Dockerfile file comprises function monitoring configuration on the calling function information;
step 2, acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating a detection environment is contained, and when the activation document for generating the detection environment is not contained, not analyzing the Dockerfile file;
and 3, when an activated document for generating a detection environment is included, firstly checking the legality of an information format in the activated document, after judging that the information format in the activated document is legal, checking whether the information in the activated document is matched with resource parameters of a client side, wherein the resource parameters comprise an operating memory, an operating program, an I/O (input/output) driver and an instruction execution authority, and if the activated document is matched with the resource parameter information of the client side, allowing the client side to analyze the Docker file and generating a docker mirror image aiming at the information security vulnerability so as to monitor a calling function corresponding to the information security vulnerability.
Further, the dockerfile including the function monitoring configuration for the calling function information further includes: when a monitoring program is set to execute the information security loophole, the call function is subjected to embedded Hook hooking to obtain a return address parameter of the call function, and the severity of the information security loophole is verified by analyzing the return address parameter.
Further, whether the address range of the return address parameter belongs to a normal range or not is judged, whether the read-write attribute of the return address parameter is normal or not is judged, and the condition of the return address parameter is scored so as to evaluate the severity of the information security vulnerability.
Further, obtaining a file directory that detects a specific location of the client further comprises: the file directory of the specific position is a secure storage area of the client, and the secure storage area is an encrypted storage area or a trusted area.
Further, the allowing the client to parse the Dockerfile file and generate a docker image for the information security vulnerability to monitor a call function corresponding to the information security vulnerability further includes: configuring a basic mirror image according to a Dockerfile, then setting a monitoring program of a single layer of Docker layer aiming at calling function information through function monitoring configuration of the calling function information in the Dockerfile, and executing generation of a corresponding monitoring program on a Docker layer needing to be generated according to the Dockerfile.
Furthermore, the docker image is image content which is obtained by connecting the client and the server from a corresponding image warehouse.
Furthermore, when the activation document for generating the detection environment is not included, the client establishes a trusted connection with the server, acquires the activation document preset in the server corresponding to the client, and stores the activation document in a file directory at a specific position of the client.
The invention also discloses a system for processing the information security loophole, which comprises the following modules:
the vulnerability positioning and limiting module is used for only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, generating a corresponding Dockerfile according to the calling function information, wherein the Dockerfile comprises function monitoring configuration for the calling function information, setting a monitoring program to carry out embedded Hook hooking on the calling function when the information security vulnerability is executed, obtaining a return address parameter of the calling function, verifying the severity of the information security vulnerability through analyzing the returned address parameter, judging whether the address range of the return address parameter belongs to a normal range, judging whether the read-write attribute of the return address parameter is normal, and grading the condition of the return address parameter to evaluate the severity of the information security vulnerability;
the vulnerability analysis environment generation pre-verification module acquires a file directory of a specific position of a detection client, inquires whether an activation document for generating the detection environment is contained or not, and does not analyze the Dockerfile file when the activation document for generating the detection environment is not contained, wherein the file directory of the specific position is a safe storage area of the client, and the safe storage area is an encryption storage area or a trusted area;
the vulnerability analysis environment generation module is used for firstly checking the legality of an information format in an activated document when the activated document for generating a detection environment is included, then checking whether the information in the activated document is matched with resource parameters of a client side or not after the information format in the activated document is judged to be legal, wherein the resource parameters comprise an operation memory, an operation program, an I/O (input/output) driver and an instruction execution authority, if the activated document is matched with the resource parameter information of the client side, the client side is allowed to analyze the Docker file, a Docker mirror image aiming at the information security vulnerability is generated so as to realize the monitoring of a calling function corresponding to the information security vulnerability, wherein a basic mirror image is configured according to the Docker file, then a monitoring program aiming at calling function information of a single Docker layer is set through the function monitoring configuration of the calling function information in the Docker file, and the generation of a corresponding monitoring program is executed on the Docker layer needing to be generated according to the Docker file.
The invention also discloses an electronic system comprising: the information security vulnerability processing method comprises the following steps of a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the information security vulnerability processing method.
The invention also discloses a computer readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps in the processing method of the information security vulnerability are realized.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
Although the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications can be made without departing from the scope of the invention. It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention. The above examples are to be construed as merely illustrative and not limitative of the remainder of the disclosure. After reading the description of the present invention, the skilled person can make various changes or modifications to the invention, and these equivalent changes and modifications also fall into the scope of the invention defined by the claims.

Claims (10)

1. A processing method for information security loopholes is characterized by comprising the following steps:
step 1, only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, and generating a corresponding Dockerfile file according to the calling function information, wherein the Dockerfile file comprises function monitoring configuration on the calling function information;
step 2, acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating a detection environment is contained, and when the activation document for generating the detection environment is not contained, not analyzing the Dockerfile file;
and 3, when the activated document generating the detection environment is included, firstly checking the legality of the information format in the activated document, after the information format in the activated document is judged to be legal, then checking whether the information in the activated document is matched with the resource parameters of the client side or not, wherein the resource parameters comprise an operating memory, an operating program, an I/O (input/output) driver and an instruction execution authority, and if the activated document is matched with the resource parameter information of the client side, allowing the client side to analyze the Docker file and generating a Docker mirror image aiming at the security vulnerability of the information so as to monitor a call function corresponding to the security of the information.
2. The method of claim 1, wherein the dockerfile includes a function monitoring configuration for the calling function information further comprises: and when a monitoring program is set for executing the information security vulnerability, the call function is subjected to embedded Hook to obtain the return address parameter of the call function, and the severity of the information security vulnerability is verified by analyzing the return address parameter.
3. The method according to claim 2, wherein the address range of the return address parameter is determined to be within a normal range, and then the read-write attribute of the return address parameter is determined to be normal, and the condition of the return address parameter is scored to evaluate the severity of the information security vulnerability.
4. The method of claim 3, wherein obtaining a file directory that detects a client-specific location further comprises: the file directory of the specific position is a secure storage area of the client, and the secure storage area is an encrypted storage area or a trusted area.
5. The method as claimed in claim 1, wherein the allowing the client to parse the Dockerfile file and generate a docker image for the information security vulnerability to monitor a call function corresponding to the information security vulnerability further comprises: configuring a basic mirror image according to a Dockerfile, then setting a monitoring program of a single layer of Docker layer aiming at calling function information through function monitoring configuration of the calling function information in the Dockerfile, and executing generation of a corresponding monitoring program on a Docker layer needing to be generated according to the Dockerfile.
6. The method for processing the information security vulnerability of claim 5, wherein the docker image is an image content which is connected between a client and a server and is obtained from a corresponding image warehouse.
7. The method for processing the information security vulnerability according to claim 1, wherein when the activation document for generating the detection environment is not included, the client establishes a trusted connection with the server, obtains the activation document preset in the server corresponding to the client, and stores the activation document in a file directory at a specific position of the client.
8. The system for processing the information security vulnerability is characterized by comprising the following modules:
the vulnerability positioning and limiting module is used for only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, generating a corresponding Dockerfile according to the calling function information, wherein the Dockerfile comprises function monitoring configuration for the calling function information, setting a monitoring program to carry out embedded Hook hooking on the calling function when the information security vulnerability is executed, obtaining a return address parameter of the calling function, verifying the severity of the information security vulnerability through analyzing the returned address parameter, judging whether the address range of the return address parameter belongs to a normal range, judging whether the read-write attribute of the return address parameter is normal, and grading the condition of the return address parameter to evaluate the severity of the information security vulnerability;
the vulnerability analysis environment generation pre-verification module is used for acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating the detection environment is contained or not, and when the activation document for generating the detection environment is not contained, not analyzing the Dockerfile, wherein the file directory of the specific position is a safe storage area of the client, and the safe storage area is an encrypted storage area or a trusted area;
the vulnerability analysis environment generation module is used for firstly checking the legality of an information format in an activated document when the activated document for generating a detection environment is included, then checking whether the information in the activated document is matched with resource parameters of a client side or not after the information format in the activated document is judged to be legal, wherein the resource parameters comprise an operation memory, an operation program, an I/O (input/output) driver and an instruction execution authority, if the activated document is matched with the resource parameter information of the client side, the client side is allowed to analyze the Docker file, a Docker mirror image aiming at the information security vulnerability is generated so as to realize the monitoring of a calling function corresponding to the information security vulnerability, wherein a basic mirror image is configured according to the Docker file, then a monitoring program aiming at calling function information of a single Docker layer is set through the function monitoring configuration of the calling function information in the Docker file, and the generation of a corresponding monitoring program is executed on the Docker layer needing to be generated according to the Docker file.
9. An electronic system, comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method for processing information security vulnerabilities according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program implements the steps in the processing method of information security vulnerabilities according to any one of claims 1 to 7.
CN202211014209.4A 2022-08-23 2022-08-23 Method and system for processing information security loophole Active CN115329343B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211014209.4A CN115329343B (en) 2022-08-23 2022-08-23 Method and system for processing information security loophole

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211014209.4A CN115329343B (en) 2022-08-23 2022-08-23 Method and system for processing information security loophole

Publications (2)

Publication Number Publication Date
CN115329343A true CN115329343A (en) 2022-11-11
CN115329343B CN115329343B (en) 2023-04-07

Family

ID=83925305

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211014209.4A Active CN115329343B (en) 2022-08-23 2022-08-23 Method and system for processing information security loophole

Country Status (1)

Country Link
CN (1) CN115329343B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103778373A (en) * 2014-01-10 2014-05-07 深圳市深信服电子科技有限公司 Virus detection method and device
CN106709359A (en) * 2017-01-05 2017-05-24 中国电子科技网络信息安全有限公司 Detection method of Android application vulnerabilities
CN108415795A (en) * 2018-02-12 2018-08-17 人和未来生物科技(长沙)有限公司 A kind of container Dockerfile, container mirror image rapid generation and system
CN109656829A (en) * 2018-12-24 2019-04-19 西安四叶草信息技术有限公司 Test method and device based on docker
CN111857967A (en) * 2020-07-29 2020-10-30 中科方德软件有限公司 Container integrity checking method
CN112416462A (en) * 2020-11-28 2021-02-26 郑州信大捷安信息技术股份有限公司 Offline H5 application loading method and system
CN112882792A (en) * 2021-02-03 2021-06-01 天津五八到家货运服务有限公司 Information loading method, computer device and storage medium
CN113268739A (en) * 2021-05-13 2021-08-17 江苏拓邮信息智能技术研究院有限公司 Docker mirror image security detection method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103778373A (en) * 2014-01-10 2014-05-07 深圳市深信服电子科技有限公司 Virus detection method and device
CN106709359A (en) * 2017-01-05 2017-05-24 中国电子科技网络信息安全有限公司 Detection method of Android application vulnerabilities
CN108415795A (en) * 2018-02-12 2018-08-17 人和未来生物科技(长沙)有限公司 A kind of container Dockerfile, container mirror image rapid generation and system
CN109656829A (en) * 2018-12-24 2019-04-19 西安四叶草信息技术有限公司 Test method and device based on docker
CN111857967A (en) * 2020-07-29 2020-10-30 中科方德软件有限公司 Container integrity checking method
CN112416462A (en) * 2020-11-28 2021-02-26 郑州信大捷安信息技术股份有限公司 Offline H5 application loading method and system
CN112882792A (en) * 2021-02-03 2021-06-01 天津五八到家货运服务有限公司 Information loading method, computer device and storage medium
CN113268739A (en) * 2021-05-13 2021-08-17 江苏拓邮信息智能技术研究院有限公司 Docker mirror image security detection method

Also Published As

Publication number Publication date
CN115329343B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
Sun et al. Monet: a user-oriented behavior-based malware variants detection system for android
Afonso et al. Identifying Android malware using dynamically obtained features
Abawajy et al. Identifying cyber threats to mobile-IoT applications in edge computing paradigm
Jang et al. Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information
Garcia et al. Obfuscation-resilient, efficient, and accurate detection and family identification of android malware
Bhandari et al. Android inter-app communication threats and detection techniques
Patil et al. Designing in-VM-assisted lightweight agent-based malware detection framework for securing virtual machines in cloud computing
US8578174B2 (en) Event log authentication using secure components
US8474040B2 (en) Environmental imaging
Liu et al. MR-Droid: A scalable and prioritized analysis of inter-app communication risks
Andow et al. A study of grayware on google play
Damopoulos et al. Exposing mobile malware from the inside (or what is your mobile app really doing?)
Hammad et al. DelDroid: an automated approach for determination and enforcement of least-privilege architecture in android
Faruki et al. Droidanalyst: Synergic app framework for static and dynamic app analysis
CN105095759A (en) File detection method and device
Elish et al. A static assurance analysis of android applications
Yang et al. Droidward: an effective dynamic analysis method for vetting android applications
Tchakounté et al. LimonDroid: a system coupling three signature-based schemes for profiling Android malware
Delosières et al. Infrastructure for detecting Android malware
CN115329343B (en) Method and system for processing information security loophole
Watanabe et al. Understanding the inconsistency between behaviors and descriptions of mobile apps
Bhandari et al. Android app collusion threat and mitigation techniques
Hein Permission based malware protection model for android application
US11436331B2 (en) Similarity hash for android executables
Blasco et al. Detection of app collusion potential using logic programming

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant