CN115630356A - Attack defense method and device, electronic equipment and storage medium - Google Patents
Attack defense method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115630356A CN115630356A CN202211291165.XA CN202211291165A CN115630356A CN 115630356 A CN115630356 A CN 115630356A CN 202211291165 A CN202211291165 A CN 202211291165A CN 115630356 A CN115630356 A CN 115630356A
- Authority
- CN
- China
- Prior art keywords
- target
- document
- editing software
- target document
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/166—Editing, e.g. inserting or deleting
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Artificial Intelligence (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- Document Processing Apparatus (AREA)
Abstract
The application provides an attack defense method, an attack defense device, electronic equipment and a storage medium, wherein the method is applied to the electronic equipment and comprises the following steps: acquiring a target document; controlling target document editing software to open the target document in the background so as to establish a target process; the target document editing software is any installed document editing software in the electronic equipment; monitoring the target process; and if a process closing instruction which is sent by an external process and aims at the target process is monitored, suspending the external process. In the application, because the external process is suspended, if the external process is the lasso software, the subsequent encryption step cannot be carried out so as to defend the lasso software attack. Meanwhile, even if the lasso software encrypts the document through an independent encryption process, the external process cannot smoothly complete the task of closing the target process, so that the encryption process cannot be triggered, and the defense against the lasso software attack can be realized.
Description
Technical Field
The present application relates to the field of data security, and in particular, to an attack defense method and apparatus, an electronic device, and a storage medium.
Background
The lasso software is a common trojan horse, and enables user data assets or computing resources to be incapable of being normally used by harassing, scaring or even adopting a way of kidnapping user files and the like, and lassifies money to the user under the condition of the strangling. Such user data assets include documents, mail, databases, source code, pictures, compressed files, and the like.
A common operation method of the lasso software is to encrypt documents and the like in a computer through a key, so that a user cannot normally open the corresponding documents, thereby forcing the user.
Disclosure of Invention
In view of the above, the present application provides an attack defense method, an attack defense apparatus, an electronic device, and a storage medium, which at least partially solve the problems in the prior art.
In an aspect of the present application, an attack defense method is provided, which is applied to an electronic device, and includes:
acquiring a target document;
controlling target document editing software to open the target document in a background so as to establish a target process; the target document editing software is any installed document editing software in the electronic equipment;
monitoring the target process;
and if a process closing instruction which is sent by an external process and aims at the target process is monitored, the external process is suspended.
In an exemplary embodiment of the present application, the obtaining the target document includes:
taking any document editing software installed in the electronic equipment as target document editing software;
and controlling the target editing software to establish a new document with empty content as a target document.
In an exemplary embodiment of the application, the taking any document editing software installed in the electronic device as target document editing software includes:
determining target document editing software from a plurality of document editing software according to software types of the plurality of document editing software installed in the electronic equipment;
the minimum occupation amount of the processes established by the document editing software with different software types to the resources of the electronic equipment is different.
In an exemplary embodiment of the present application, the obtaining the target document includes:
and acquiring a target document in a preset storage space.
In an exemplary embodiment of the present application, the obtaining a target document in a preset storage space includes:
taking all editable documents in a preset storage space as candidate documents;
determining document type and data size information of each candidate document;
determining a target document from a plurality of candidate documents according to the document type and the data size information;
and determining the document editing software corresponding to the target document as the target document editing software.
In an exemplary embodiment of the present application, after the suspending the external process, the method further comprises:
outputting prompt information; the hint information is used to indicate that the target process is being shut down by an unauthorized process.
In an exemplary embodiment of the present application, after the suspending the external process, the method further comprises:
and outputting the process name of the external process and/or the storage address of the executable file corresponding to the external process.
In another aspect of the present application, there is provided an attack defense apparatus provided in an electronic device, the apparatus including:
the acquisition module is used for acquiring a target document;
the establishing module is used for controlling target document editing software to open the target document at the background so as to establish a target process;
the monitoring module is used for monitoring the target process;
and the processing module is used for suspending the external process if a process closing instruction which is sent by the external process and aims at the target process is monitored.
In another aspect of the present application, there is provided an electronic device comprising a processor and a memory;
the processor is configured to perform the steps of any of the above methods by calling a program or instructions stored in the memory.
In another aspect of the application, there is provided a non-transitory computer readable storage medium storing a program or instructions for causing a computer to perform the steps of any of the methods described above.
Has the beneficial effects that:
when a document is opened by document editing software (such as office, etc.), the opened document cannot be encrypted by other software. Through the research on a large amount of Leso software, many Leso software can close the related processes of document editing software in a task manager before encrypting a document.
The attack defense method provided by the application can open a target document in the background through a target document editor in the electronic equipment, so that a document editing process (namely a target process) is generated in the task manager, the target process is monitored, and whether a process except the target document editor tries to close the target process is determined. Therefore, if the electronic device has the lasso software and wants to encrypt the document, the electronic device tries to close the target process first, so that the target process is monitored. At this time, the method judges that the stranger software has the probability, and therefore the external process is directly suspended to prevent the target process from being closed.
Thus, since the external process is suspended, if it is the lasso software, the subsequent encryption step cannot be performed to protect against the lasso software attack. Meanwhile, even if the lasso software encrypts the document through an independent encryption process, the external process cannot smoothly complete the task of closing the target process, so the encryption process cannot be triggered, and the defense against the lasso software attack can be realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of an attack defense method provided in an embodiment of the present application;
fig. 2 is a block diagram of a structure of an attack defense apparatus according to an embodiment of the present disclosure.
Detailed Description
Embodiments of the present application are described in detail below with reference to the accompanying drawings.
It should be noted that, in the case of no conflict, the features in the following embodiments and examples may be combined with each other; moreover, all other embodiments that can be derived by one of ordinary skill in the art from the embodiments disclosed herein without making any creative effort fall within the scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. In addition, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to or other than one or more of the aspects set forth herein.
Referring to fig. 1, in an aspect of the present application, an attack defense method is provided, which is applied to an electronic device. The electronic equipment can be common electronic equipment such as a mobile phone, a computer, a notebook computer, a server or a tablet computer.
The method comprises the following steps:
s100, acquiring a target document. The target document may be any existing editable document in the electronic device, or may be a newly created editable document. The target document may be a word document, a ppt document, or the like.
S200, controlling target document editing software to open the target document in the background so as to establish a target process. The target document editing software is any installed document editing software in the electronic equipment. Opening the target document in the background can be understood as enabling the application icon corresponding to the process not to be displayed in the task bar of the system interface. The specific method may be to hide the application icon corresponding to the target process through a preset icon hiding program. The target process can be established under the condition that the user does not sense the target process, so that the user experience is improved.
S300, monitoring the target process. Specifically, the control instruction received by the task manager or the target process may be monitored.
S400, if a process closing instruction which is sent by an external process and aims at the target process is monitored, the external process is suspended.
Specifically, the method for determining that the external process closes the target process may be that the task manager monitors an instruction received, and if the WM _ destruly instruction including the name of the target process is received, the task manager determines that the task manager monitors a process closing instruction sent by the external process and directed to the target process.
And/or the presence of a gas in the atmosphere,
monitoring a cmd instruction, and if monitoring that the cmd instruction simultaneously contains a kill character string and a target process name character string, determining the cmd instruction as a process closing instruction which is sent to an external process and aims at the target process.
And/or the presence of a gas in the gas,
monitoring a CloseHandle api function in the system, and if the calling instruction of the CloseHandle api function contains the process name of a target process, determining the calling instruction as a process closing instruction which is sent by an external process and aims at the target process.
When the target document is opened by target document editing software (such as office and the like), the opened target document cannot be encrypted by other software. Through the research on a large amount of Lesson software, the Lesson software can shut down the related process of the document editing software in the task manager before encrypting the document.
However, the attack defense method provided in this embodiment opens a target document in the background through the target document editor in the electronic device, so as to generate a document editing process (i.e., a target process) in the task manager, monitor the target process, and determine whether a process other than the target document editor tries to close the target process. Therefore, if the electronic device has the lasso software and wants to encrypt the document, the electronic device tries to close the target process first, so that the target process is monitored. At this time, the method judges that the stranger software has the probability, and therefore the external process is directly suspended to prevent the target process from being closed.
Thus, since the external process is suspended, if it is the lasso software, the subsequent encryption step cannot be performed to realize the defense against the lasso software attack. Meanwhile, even if the lasso software encrypts the document through an independent encryption process, the external process cannot smoothly complete the task of closing the target process, so the encryption process cannot be triggered, and the defense against the lasso software attack can be realized.
In an exemplary embodiment of the present application, the obtaining the target document includes:
and taking one of the plurality of document editing software installed in the electronic equipment as target document editing software.
And controlling the target editing software to establish a new document with empty content as a target document.
Specifically, it may be determined, through a registry or a software manager in the electronic device, which installed and available document editors exist in the electronic device, and a target document editor is determined from the document editors. Wherein, the document editing software which is common or has higher use frequency can be selected as the target document editor. And controlling the document to establish a new document with empty content as a target document. Therefore, the data size of the target document can be ensured to be as small as possible, and the resources of the electronic equipment occupied by the target process established in the subsequent steps are as few as possible. Specifically, the aforementioned resources may be storage resources (such as a hard disk storage space or a memory storage space) or computing resources (such as CPU resources or GPU resources).
In an exemplary embodiment of the application, the taking one of several document editing software installed in the electronic device as a target document editing software includes:
determining target document editing software from a plurality of document editing software according to software types of the plurality of document editing software installed in the electronic equipment;
the minimum occupation amount of resources of the electronic equipment is different in the process of establishing the document editing software with different software types.
It can be understood that different types of document editing software, which open one editable document corresponding thereto, have different occupation amounts of resources of the electronic device. For example, the resource occupied by the PS software for opening a PS document is far larger than the resource occupied by the word editing software for opening a word document. Therefore, in the embodiment, the document editing software with the minimum resource occupation is determined as the target document editing software according to the software types of the document editing software installed in the electronic device, so that the occupation of the target process on the resources in the electronic device is reduced as much as possible. In this embodiment, the minimum occupied amount of the resource corresponding to each software type can be recorded through a preset occupied amount comparison table, so that the target document editing software can be determined through the occupied amount comparison table and the software types of a plurality of document editing software installed in the electronic device.
In an exemplary embodiment of the present application, the obtaining the target document includes:
and acquiring a target document in a preset storage space.
The preset storage space may be a disk or a folder designated by a user or a program, and specifically, the preset storage space does not contain a system operating file, so that the system operating file is prevented from being determined as a target document to be opened, and normal operation of the system is prevented from being affected. The target document may be a preset empty document, and may be a document normally stored by the user. A plurality of documents can be stored in the preset storage space, and after the target document is determined, the document editing software capable of opening the target document is determined as the target document editing software according to the document type of the target document.
Further, if the target document is a preset empty document and there are a plurality of empty documents, the document types of the empty documents may be different. When the target document is selected, the target document may be determined from the installed document editing software in the electronic device. For example, only the installed document editing software corresponding to the document type may be determined as the target document editing software.
In an exemplary embodiment of the present application, the obtaining a target document in a preset storage space includes:
and taking all editable documents in the preset storage space as candidate documents.
Document type and data size information for each candidate document is determined. The document type may be a word document, a ppt document, a ps document, or the like. The data size information, namely the document size, and candidate documents with different data size information have different occupation amounts of corresponding processes to electronic equipment resources when opened even if the document types are the same.
And determining a target document from the candidate documents according to the document type and the data size information.
And determining the document editing software corresponding to the target document as the target document editing software.
Specifically, according to the document type and the data size information, the candidate document with the minimum electronic device occupation amount in the plurality of candidate documents is determined as the target document. Therefore, the established target process can occupy the resources of the electronic equipment as little as possible.
In an exemplary embodiment of the present application, after said suspending said external process, said method further comprises:
and outputting prompt information.
The hint information is used to indicate that the target process is being shut down by an unauthorized process.
In this embodiment, after the external process is suspended, a prompt message is directly output to notify the user that the target process is being closed by the unauthorized process, instead of being closed by the user actively. Therefore, the user can timely know that the lasso software is possibly running at present and can carry out corresponding processing as soon as possible so as to avoid the loss of the virtual assets of the user.
In an exemplary embodiment of the present application, after said suspending said external process, said method further comprises:
and outputting the process name of the external process and/or the storage address of the executable file corresponding to the external process.
Outputting the process name of the external process and/or the storage address of the executable file corresponding to the external process can enable a user or safety software to timely and quickly position the file corresponding to the external process and timely perform safety detection on the file without performing full-disk scanning so as to timely eliminate potential safety hazards.
Referring to fig. 2, in another aspect of the present application, there is provided an attack defense apparatus disposed on an electronic device, the apparatus including:
the acquisition module is used for acquiring a target document;
the establishing module is used for controlling target document editing software to open the target document in the background so as to establish a target process;
the monitoring module is used for monitoring the target process;
and the processing module is used for suspending the external process if a process closing instruction which is sent by the external process and aims at the target process is monitored.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, and may also be implemented by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.), or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device according to this embodiment of the present application. The electronic device is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present application.
The electronic device is in the form of a general purpose computing device. Components of the electronic device may include, but are not limited to: the at least one processor, the at least one memory, and a bus connecting the various system components (including the memory and the processor).
Wherein the storage stores program code that is executable by the processor to cause the processor to perform steps according to various exemplary embodiments of the present application as described in the "exemplary methods" section above of this specification.
The memory may include readable media in the form of volatile memory, such as Random Access Memory (RAM) and/or cache memory, and may further include Read Only Memory (ROM).
The storage may also include a program/utility having a set (at least one) of program modules including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The bus may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures.
The electronic device may also communicate with one or more external devices (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface. Also, the electronic device may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via a network adapter. The network adapter communicates with other modules of the electronic device over the bus. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, to name a few.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, various aspects of the present application may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the present application described in the "exemplary methods" section above of this specification, when the program product is run on the terminal device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are only schematic illustrations of the processes involved in the methods according to exemplary embodiments of the present application and are not intended to be limiting. It will be readily appreciated that the processes illustrated in the above figures are not intended to indicate or limit the temporal order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. An attack defense method applied to an electronic device, the method comprising:
acquiring a target document;
controlling target document editing software to open the target document in a background so as to establish a target process; the target document editing software is any installed document editing software in the electronic equipment;
monitoring the target process;
and if a process closing instruction which is sent by an external process and aims at the target process is monitored, the external process is suspended.
2. The attack defense method according to claim 1, wherein the obtaining of the target document comprises:
taking any document editing software installed in the electronic equipment as target document editing software;
and controlling the target editing software to establish a new document with empty content as a target document.
3. The attack defense method according to claim 2, wherein the step of using any installed document editing software in the electronic device as the target document editing software comprises:
determining target document editing software from the document editing software according to the software types of the document editing software installed in the electronic equipment;
the minimum occupation amount of the processes established by the document editing software with different software types to the resources of the electronic equipment is different.
4. The attack defense method according to claim 1, wherein the obtaining of the target document comprises:
and acquiring a target document in a preset storage space.
5. The attack defense method according to claim 4, wherein the obtaining of the target document in the preset storage space comprises:
taking all editable documents in a preset storage space as candidate documents;
determining document type and data size information of each candidate document;
determining a target document from a plurality of candidate documents according to the document type and the data size information;
and determining the document editing software corresponding to the target document as the target document editing software.
6. The attack defense method according to claim 1, wherein after said suspending the external process, the method further comprises:
outputting prompt information; the hint information is used to indicate that the target process is being shut down by an unauthorized process.
7. The attack defense method according to claim 1, wherein after said suspending the external process, the method further comprises:
and outputting the process name of the external process and/or the storage address of the executable file corresponding to the external process.
8. An attack defense apparatus provided in an electronic device, the apparatus comprising:
the acquisition module is used for acquiring a target document;
the establishing module is used for controlling target document editing software to open the target document in the background so as to establish a target process;
the monitoring module is used for monitoring the target process;
and the processing module is used for suspending the external process if a process closing instruction which is sent by the external process and aims at the target process is monitored.
9. An electronic device comprising a processor and a memory;
the processor is adapted to perform the steps of the method of any one of claims 1 to 7 by calling a program or instructions stored in the memory.
10. A non-transitory computer readable storage medium storing a program or instructions for causing a computer to perform the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211291165.XA CN115630356A (en) | 2022-10-21 | 2022-10-21 | Attack defense method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211291165.XA CN115630356A (en) | 2022-10-21 | 2022-10-21 | Attack defense method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115630356A true CN115630356A (en) | 2023-01-20 |
Family
ID=84907449
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211291165.XA Pending CN115630356A (en) | 2022-10-21 | 2022-10-21 | Attack defense method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115630356A (en) |
-
2022
- 2022-10-21 CN CN202211291165.XA patent/CN115630356A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10671724B2 (en) | Techniques for detecting encryption | |
| US9514309B1 (en) | Systems and methods for protecting files from malicious encryption attempts | |
| US10216954B2 (en) | Privacy detection of a mobile application program | |
| US10079835B1 (en) | Systems and methods for data loss prevention of unidentifiable and unsupported object types | |
| US7475260B2 (en) | Method and apparatus for protecting sensitive information in a log file | |
| JP2020502648A (en) | Systems and methods for detecting cryptoware | |
| CN111163095A (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
| CN112417484A (en) | Resource file protection method and device, computer equipment and storage medium | |
| US20180034780A1 (en) | Generation of asset data used in creating testing events | |
| US20040205354A1 (en) | System and method for detecting malicious applications | |
| CN115630356A (en) | Attack defense method and device, electronic equipment and storage medium | |
| JP7353346B2 (en) | Systems and methods for preventing the injection of malicious processes into software | |
| US10318250B1 (en) | Systems and methods for locating functions for later interception | |
| CN110659478A (en) | Method for detecting malicious files that prevent analysis in an isolated environment | |
| CN116028917A (en) | Authority detection method and device, storage medium and electronic equipment | |
| US10503929B2 (en) | Visually configurable privacy enforcement | |
| CN115618335A (en) | Attack defense method and device, electronic equipment and storage medium | |
| US11463463B1 (en) | Systems and methods for identifying security risks posed by application bundles | |
| US11347849B2 (en) | Ransomware detection and prevention | |
| CN113420302A (en) | Host vulnerability detection method and device | |
| CN112631478A (en) | Hidden application display method and device, electronic equipment and storage medium | |
| KR20210000398A (en) | Method and apparatus for releasing obfunscation | |
| CN115618334A (en) | Attack defense method and device, electronic equipment and storage medium | |
| CN115618333A (en) | Attack defense method and device, electronic equipment and storage medium | |
| CN108153545A (en) | A kind of document handling method, system, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |