CN116010927A - Digital signature certificate detection method and device - Google Patents

Digital signature certificate detection method and device Download PDF

Info

Publication number
CN116010927A
CN116010927A CN202211698006.1A CN202211698006A CN116010927A CN 116010927 A CN116010927 A CN 116010927A CN 202211698006 A CN202211698006 A CN 202211698006A CN 116010927 A CN116010927 A CN 116010927A
Authority
CN
China
Prior art keywords
digital signature
signature certificate
reputation
library
credit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211698006.1A
Other languages
Chinese (zh)
Inventor
奚乾悦
孙洪伟
肖新光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Antiy Network Technology Co Ltd
Original Assignee
Beijing Antiy Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Antiy Network Technology Co Ltd filed Critical Beijing Antiy Network Technology Co Ltd
Priority to CN202211698006.1A priority Critical patent/CN116010927A/en
Publication of CN116010927A publication Critical patent/CN116010927A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a digital signature certificate detection method and device. The method comprises the following steps: receiving a digital signature certificate loaded by a target file and sent by a client; searching a reputation score corresponding to the digital signature certificate in a preset digital signature certificate library; and sending the reputation score to the client so that the client can determine whether to perform virus killing on the target file according to the reputation score.

Description

Digital signature certificate detection method and device
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for detecting a digital signature certificate.
Background
Digitally signed certificates are files that prove that codes, software, applications, and executable files are legitimate. The digital signature based on the public key infrastructure signs the code and ensures that the code is not altered or damaged during the process from the developer system to the end user system. Therefore, based on the security of the digital signature certificate, the operating system or the antivirus software usually defaults that the file with the digital signature certificate is safe, and the antivirus software cannot search and kill or alarm the file with the digital signature certificate when searching and killing viruses, so that the resource consumption and the possibility of false alarm are reduced.
However, some lawbreakers can attack the terminal device by stealing the digital signature certificate of the manufacturer or purchasing the digital signature certificate, and by utilizing the characteristic that the antivirus software does not search and kill the digital signature certificate. Therefore, a method for detecting digital signature certificates is needed to make up for the shortages of the current disinfection software.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for detecting a digital signature certificate, which can detect the digital signature certificate, and reduce resource consumption as much as possible while improving security of a terminal device.
In a first aspect, an embodiment of the present invention provides a digital signature certificate detection method, where the method is applied to a server, and the method includes:
receiving a digital signature certificate loaded by a target file and sent by a client;
searching a reputation score corresponding to the digital signature certificate in a preset digital signature certificate library;
and sending the reputation score to the client so that the client can determine whether to perform virus killing on the target file according to the reputation score.
Preferably, the digital signature certificate library includes: a trusted digital signature certificate repository and a reputation evaluation digital signature certificate repository; searching the reputation score corresponding to the digital signature certificate in a preset digital signature certificate library, which specifically comprises the following steps: searching the credit score corresponding to the digital signature certificate 5 in the credit granting digital signature certificate library; if the credit score corresponding to the digital signature certificate is not found in the credit authorization digital signature certificate library, searching the digital signature certificate in the credit evaluation digital signature certificate library;
if the digital signature certificate is found in the reputation evaluation digital signature certificate library, detecting whether the number of files loaded with the digital signature certificate in a public network is larger than a preset first threshold value, and according to the detection
Updating the reputation score corresponding to the 0 digital signature certificate in the reputation evaluation digital signature certificate library according to the result and a preset first reputation score rule; and determining the updated reputation score as the reputation score corresponding to the digital signature certificate.
Preferably, the method further comprises: and if the number of files loaded with the digital signature certificates in the public network is larger than the first threshold value and the updated reputation score is larger than a preset second threshold value, adding the digital signature certificates and the corresponding reputation scores to the trusted digital signature certificate library.
5 preferably, the method further comprises: responding to the received execution action triggered on the client by the target file sent by the client; and updating the credit score corresponding to the digital signature certificate in the credit giving digital signature certificate library according to the execution action and a preset second credit score rule.
Preferably, the method further comprises: and if the digital signature certificate is not found in the digital signature certificate library, sending alarm information to the client so that the client performs 0 virus searching and killing on the target file or outputs an option for a user to select whether to perform virus searching and killing on the target file.
Preferably, the method further comprises: if the digital signature certificate is not found in the credit digital signature certificate library and the credit evaluation digital signature certificate library, determining a credit score corresponding to the digital signature certificate according to a preset third credit evaluation rule; adding the digital signature certificate and the corresponding reputation score to the reputation evaluation digital signature library; wherein the third reputation evaluation rule comprises: and determining the credit score corresponding to the digital signature certificate based on the number of files loaded with the digital signature certificate in a public network and/or compiler information of the target file and/or shell information of the digital signature certificate.
In a first aspect, an embodiment of the present invention provides a digital signature certificate detection apparatus, which is applied to a server, and includes:
the receiving unit is used for receiving the digital signature certificate loaded by the target file and sent by the client;
the searching unit is used for searching the credit score corresponding to the digital signature certificate in a preset digital signature certificate library;
and the sending unit is used for sending the reputation score to the client so that the client can determine whether to kill viruses on the target file according to the reputation score.
Preferably, the digital signature certificate library includes: a trusted digital signature certificate repository and a reputation evaluation digital signature certificate repository; the searching unit is specifically configured to: searching a credit score corresponding to the digital signature certificate in the credit-giving digital signature certificate library; if the credit score corresponding to the digital signature certificate is not found in the credit authorization digital signature certificate library, searching the digital signature certificate in the credit evaluation digital signature certificate library; if the digital signature certificate is found in the reputation evaluation digital signature certificate library, detecting whether the number of files loaded with the digital signature certificate in a public network is larger than a preset first threshold value, and updating a reputation score corresponding to the digital signature certificate in the reputation evaluation digital signature certificate library according to a detection result and a preset first reputation score rule; and determining the updated reputation score as the reputation score corresponding to the digital signature certificate.
Preferably, the search unit is further configured to: and if the number of files loaded with the digital signature certificates in the public network is larger than the first threshold value and the updated reputation score is larger than a preset second threshold value, adding the digital signature certificates and the corresponding reputation scores to the trusted digital signature certificate library.
Preferably, the apparatus further comprises: the adding unit is used for: if the digital signature certificate is not found in the credit digital signature certificate library and the credit evaluation digital signature certificate library, determining a credit score corresponding to the digital signature certificate according to a preset third credit evaluation rule; adding the digital signature certificate and the corresponding reputation score to the reputation evaluation digital signature library; wherein the third reputation evaluation rule comprises: and determining the credit score corresponding to the digital signature certificate based on the number of files loaded with the digital signature certificate in a public network and/or compiler information of the target file and/or shell information of the digital signature certificate.
According to the method and the device for detecting the digital signature certificate, the reputation score corresponding to the digital signature certificate is searched in the preset digital signature certificate library by receiving the digital signature certificate loaded by the target file sent by the client, and the reputation score is sent to the client, so that whether the client performs virus searching and killing on the target file is determined according to the reputation score. Based on this, it is possible to realize detection of the digital signature certificate and reduce resource consumption as much as possible while improving the security of the terminal device.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a digital signature certificate detection method according to an embodiment of the present invention;
FIG. 2 is a flowchart of another digital signature certificate detection method according to an embodiment of the present invention;
FIG. 3 is a flowchart of another digital signature certificate detection method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a digital signature certificate detection device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another digital signature certificate detection device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an embodiment of the electronic device of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are merely some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a flowchart of a digital signature certificate detection method according to an embodiment of the present invention. The digital signature certificate detection method can be applied to a server.
As shown in fig. 1, the digital signature certificate detection method of the present embodiment may include:
step 101, receiving a digital signature certificate loaded by a target file and sent by a client.
Specifically, the client may be antivirus software running on the terminal device. The client monitors whether the newly added file on the terminal equipment loads the digital signature certificate or not in real time. When a newly added file loaded with the digital signature certificate is monitored, the digital signature certificate of the file is collected and uploaded to a server.
Step 102, searching a reputation score corresponding to the digital signature certificate in a preset digital signature certificate library.
Preferably, the digital signature certificate library may include: a trusted digital signature certificate repository and a reputation evaluation digital signature certificate repository.
Accordingly, as shown in fig. 2, step 102 may specifically include:
step 1021, searching the credit score corresponding to the digital signature certificate in the credit authorization digital signature certificate library.
Specifically, the digital signature certificates in the trusted digital signature certificate library are trusted digital signature certificates, so step 103 may be executed if the reputation score corresponding to the digital signature certificate is found in the trusted digital signature.
Step 1022, if the reputation score corresponding to the digital signature certificate is not found in the trusted digital signature certificate library, the digital signature certificate is found in the reputation evaluation digital signature certificate library.
Specifically, the digital signature certificate in the reputation evaluation digital signature library is the digital signature certificate under evaluation, so if the digital signature certificate is found in the reputation evaluation digital signature library, before feeding back to the client, the reputation score corresponding to the digital signature certificate needs to be updated, that is, step 1023 is executed.
Step 1023, if the digital signature certificate is found in the reputation evaluation digital signature certificate library, detecting whether the number of files loaded with the digital signature certificate in the public network is larger than a preset first threshold value, and updating the reputation score corresponding to the digital signature certificate in the reputation evaluation digital signature certificate library according to the detection result and a preset first reputation score rule.
Specifically, the first reputation scoring rule includes, but is not limited to: if the number of files loaded with the digital signature certificate in the public network is greater than a first threshold, the reputation score corresponding to the digital signature certificate is increased, for example, 20 points are increased. And if the number of files loaded with the digital signature certificate in the public network is not greater than a first threshold value, deducting the credit score corresponding to the digital signature certificate, for example, deducting 20 points.
Step 1024, determining the updated reputation score as the reputation score corresponding to the digital signature certificate, and then executing step 103.
Preferably, the digital signature certificate detection method provided in this embodiment may further include:
and if the number of files loaded with the digital signature certificates in the public network is larger than a first threshold value and the updated reputation scores are larger than a preset second threshold value, adding the digital signature certificates and the corresponding reputation scores to a trusted digital signature certificate library. In one example, the second threshold may be 100 minutes.
And step 103, the reputation score is sent to the client so that the client can determine whether to perform virus killing on the target file according to the reputation score.
Specifically, after receiving the reputation score corresponding to the digital signature certificate, the client determines whether to perform virus searching and killing on the target file according to a preset rule. For example, the full score of the reputation score may be 100 points and the preset rules may be: if the credit score is greater than 70 points, the digital signature certificate is considered to be trusted, the target file is not subjected to virus killing, and if the credit score is not greater than 70 points, the digital signature certificate is considered to be untrusted, and the target file is subjected to virus killing.
Preferably, as shown in fig. 3, in order to ensure accuracy of reputation scoring of a digital signature certificate, the method for detecting a digital signature certificate according to the embodiment of the present invention may further include:
step 301, an execution action triggered on the client is performed in response to a received target file sent by the client.
In particular, the execution acts are specifically dangerous acts including, but not limited to: registry operations, startup behavior, startup parameters, program startup relationship chains, system file calls, network accesses, and permission changes. When the client monitors that the target file triggers the dangerous actions, the dangerous actions are reported to the server.
Step 302, updating the credit score corresponding to the digital signature certificate in the credit-giving digital signature certificate library according to the execution action and the preset second credit score rule.
Specifically, the second reputation scoring rule includes, but is not limited to: and deducting the credit scores corresponding to the digital signature certificates according to the weights of the different execution action pairs. For example, the reputation score corresponding to a weight of 1 is 5 points, the weight of registry operation and starting action is 5, the weight of starting parameter and program starting relation chain is 8, and the weight of system file call, network access and authority change is 10. Then, when the server receives the execution action triggered by the target file sent by the client, the execution action is registry operation and permission change, and the weight of the registry operation is 5 and the weight of the permission change is 10, the reputation score corresponding to the digital signature certificate needs to be deducted by 75 points.
Preferably, the method for detecting a digital signature certificate provided by the embodiment of the present invention may further include:
if the digital signature certificate is not found in the digital signature certificate library, sending alarm information to the client so that the client performs virus killing on the target file or outputs an option for a user to select whether to perform virus killing on the target file.
It will be appreciated that if no digital signature certificate is found in the digital signature certificate store, there is currently no reputation score, so no reputation score is sent to the client, but rather alert information is sent to the client. After receiving the alarm information, the client can select to search and kill the target file according to the local setting, or output the option for the user to select whether to search and kill the target file, and perform the next processing according to the selection of the user.
Preferably, the method for detecting a digital signature certificate provided by the embodiment of the present invention may further include:
if the digital signature certificate is not found in the credit digital signature certificate library and the credit evaluation digital signature certificate library, determining a credit score corresponding to the digital signature certificate according to a preset third credit evaluation rule.
Wherein the third reputation evaluation rule includes, but is not limited to: determining a reputation score corresponding to the digital signature certificate based on the number of files in the public network, the number of files loaded with the digital signature certificate, and/or compiler information of the target file, and/or shell information of the digital signature certificate, and then executing step 103. Specific:
(1) Detecting whether the number of files loaded with the digital signature certificate in the public network is larger than a preset threshold value, if so, increasing the score, for example, 20 score, and if not, deducting the score, for example, 20 score; (2) Detecting compiler information of the target file, and deducting points, such as 10 points, if the compiler is of a very common type; (3) The shell information of the digital signature certificate is detected, and if the shell information is of a very common type, a score is deducted, for example 30.
By utilizing the digital signature certificate detection method provided by the embodiment of the invention, the reputation score corresponding to the digital signature certificate is searched in the preset digital signature certificate library by receiving the digital signature certificate loaded by the target file sent by the client, and the reputation score is sent to the client, so that the client determines whether to search and kill viruses on the target file according to the reputation score. Based on this, it is possible to realize detection of the digital signature certificate and reduce resource consumption as much as possible while improving the security of the terminal device.
Fig. 4 is a schematic structural diagram of a digital signature certificate detection device according to an embodiment of the present invention. The device can be applied to a server.
As shown in fig. 4, the digital signature certificate detection apparatus of the present embodiment may include:
a receiving unit 401, configured to receive a digital signature certificate loaded by a target file sent by a client;
a searching unit 402, configured to search a preset digital signature certificate library for a reputation score corresponding to the digital signature certificate;
and the sending unit 403 is configured to send the reputation score to the client, so that the client determines whether to perform virus killing on the target file according to the reputation score.
Preferably, the digital signature certificate library includes: a trusted digital signature certificate repository and a reputation evaluation digital signature certificate repository;
the searching unit 402 is specifically configured to: searching a credit score corresponding to the digital signature certificate in the credit-giving digital signature certificate library; if the credit score corresponding to the digital signature certificate is not found in the credit authorization digital signature certificate library, searching the digital signature certificate in the credit evaluation digital signature certificate library; if the digital signature certificate is found in the reputation evaluation digital signature certificate library, detecting whether the number of files loaded with the digital signature certificate in a public network is larger than a preset first threshold value, and updating a reputation score corresponding to the digital signature certificate in the reputation evaluation digital signature certificate library according to a detection result and a preset first reputation score rule; and determining the updated reputation score as the reputation score corresponding to the digital signature certificate.
Preferably, the searching unit 402 is further configured to: and if the number of files loaded with the digital signature certificates in the public network is larger than the first threshold value and the updated reputation score is larger than a preset second threshold value, adding the digital signature certificates and the corresponding reputation scores to the trusted digital signature certificate library.
Preferably, as shown in fig. 5, the apparatus further comprises: the adding unit 405 is configured to: if the digital signature certificate is not found in the credit digital signature certificate library and the credit evaluation digital signature certificate library, determining a credit score corresponding to the digital signature certificate according to a preset third credit evaluation rule; adding the digital signature certificate and the corresponding reputation score to the reputation evaluation digital signature library; wherein the third reputation evaluation rule comprises: and determining the credit score corresponding to the digital signature certificate based on the number of files loaded with the digital signature certificate in a public network and/or compiler information of the target file and/or shell information of the digital signature certificate.
By utilizing the digital signature certificate detection device provided by the embodiment of the invention, the reputation score corresponding to the digital signature certificate is searched in the preset digital signature certificate library by receiving the digital signature certificate loaded by the target file sent by the client, and the reputation score is sent to the client, so that the client determines whether to search and kill viruses on the target file according to the reputation score. Based on this, it is possible to realize detection of the digital signature certificate and reduce resource consumption as much as possible while improving the security of the terminal device.
The embodiment of the invention also provides electronic equipment. Fig. 6 is a schematic structural diagram of an embodiment of an electronic device according to the present invention, where the flow of the embodiment shown in fig. 1 of the present invention may be implemented, and as shown in fig. 6, the electronic device may include: the processor 62 and the memory 63 are arranged on the circuit board 64, wherein the circuit board 64 is arranged in a space surrounded by the shell 61; a power supply circuit 65 for supplying power to the respective circuits or devices of the above-described electronic apparatus; the memory 63 is for storing executable program code; the processor 62 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 63 for performing the method described in any of the foregoing embodiments.
The electronic device exists in a variety of forms including, but not limited to:
(1) A mobile communication device: such devices are characterized by mobile communication capabilities and are primarily aimed at providing voice, data communications. Such terminals include: smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, etc.
(2) Ultra mobile personal computer device: such devices are in the category of personal computers, having computing and processing functions, and generally also having mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as iPad.
(3) Portable entertainment device: such devices may display and play multimedia content. The device comprises: audio and video playback modules (e.g., iPod), palm game consoles, electronic books, and smart toys and portable car navigation devices.
(4) And (3) a server: the configuration of the server includes a processor, a hard disk, a memory, a system bus, and the like, and the server is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, and the like.
(5) Other electronic devices with data interaction functions.
Embodiments of the present invention provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the method of any of the preceding embodiments.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
For convenience of description, the above apparatus is described as being functionally divided into various units/modules, respectively. Of course, the functions of the various elements/modules may be implemented in the same piece or pieces of software and/or hardware when implementing the present invention.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present invention should be included in the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (10)

1. A digital signature certificate detection method, wherein the method is applied to a server, the method comprising:
receiving a digital signature certificate loaded by a target file and sent by a client;
searching a reputation score corresponding to the digital signature certificate in a preset digital signature certificate library;
and sending the reputation score to the client so that the client can determine whether to perform virus killing on the target file according to the reputation score.
2. The method of claim 1, wherein the digital signature certificate store comprises: a trusted digital signature certificate repository and a reputation evaluation digital signature certificate repository;
searching the reputation score corresponding to the digital signature certificate in a preset digital signature certificate library, which specifically comprises the following steps:
searching a credit score corresponding to the digital signature certificate in the credit-giving digital signature certificate library;
if the credit score corresponding to the digital signature certificate is not found in the credit authorization digital signature certificate library, searching the digital signature certificate in the credit evaluation digital signature certificate library;
if the digital signature certificate is found in the reputation evaluation digital signature certificate library, detecting whether the number of files loaded with the digital signature certificate in a public network is larger than a preset first threshold value, and updating a reputation score corresponding to the digital signature certificate in the reputation evaluation digital signature certificate library according to a detection result and a preset first reputation score rule;
and determining the updated reputation score as the reputation score corresponding to the digital signature certificate.
3. The method according to claim 2, wherein the method further comprises:
and if the number of files loaded with the digital signature certificates in the public network is larger than the first threshold value and the updated reputation score is larger than a preset second threshold value, adding the digital signature certificates and the corresponding reputation scores to the trusted digital signature certificate library.
4. The method according to claim 2, wherein the method further comprises:
responding to the received execution action triggered on the client by the target file sent by the client;
and updating the credit score corresponding to the digital signature certificate in the credit giving digital signature certificate library according to the execution action and a preset second credit score rule.
5. The method according to claim 1, wherein the method further comprises:
and if the digital signature certificate is not found in the digital signature certificate library, sending alarm information to the client so that the client performs virus searching and killing on the target file or outputs an option for a user to select whether to perform virus searching and killing on the target file.
6. The method according to claim 2, wherein the method further comprises:
if the digital signature certificate is not found in the credit digital signature certificate library and the credit evaluation digital signature certificate library, determining a credit score corresponding to the digital signature certificate according to a preset third credit evaluation rule;
adding the digital signature certificate and the corresponding reputation score to the reputation evaluation digital signature library;
wherein the third reputation evaluation rule comprises: and determining the credit score corresponding to the digital signature certificate based on the number of files loaded with the digital signature certificate in a public network and/or compiler information of the target file and/or shell information of the digital signature certificate.
7. A digital signature certificate detection apparatus, the apparatus being applied to a server, the apparatus comprising:
the receiving unit is used for receiving the digital signature certificate loaded by the target file and sent by the client;
the searching unit is used for searching the credit score corresponding to the digital signature certificate in a preset digital signature certificate library;
and the sending unit is used for sending the reputation score to the client so that the client can determine whether to kill viruses on the target file according to the reputation score.
8. The apparatus of claim 7, wherein the digital signature certificate store comprises: a trusted digital signature certificate repository and a reputation evaluation digital signature certificate repository;
the searching unit is specifically configured to:
searching a credit score corresponding to the digital signature certificate in the credit-giving digital signature certificate library;
if the credit score corresponding to the digital signature certificate is not found in the credit authorization digital signature certificate library, searching the digital signature certificate in the credit evaluation digital signature certificate library;
if the digital signature certificate is found in the reputation evaluation digital signature certificate library, detecting whether the number of files loaded with the digital signature certificate in a public network is larger than a preset first threshold value, and updating a reputation score corresponding to the digital signature certificate in the reputation evaluation digital signature certificate library according to a detection result and a preset first reputation score rule;
and determining the updated reputation score as the reputation score corresponding to the digital signature certificate.
9. The apparatus of claim 8, wherein the lookup unit is further configured to:
and if the number of files loaded with the digital signature certificates in the public network is larger than the first threshold value and the updated reputation score is larger than a preset second threshold value, adding the digital signature certificates and the corresponding reputation scores to the trusted digital signature certificate library.
10. The apparatus of claim 8, wherein the apparatus further comprises:
the adding unit is used for:
if the digital signature certificate is not found in the credit digital signature certificate library and the credit evaluation digital signature certificate library, determining a credit score corresponding to the digital signature certificate according to a preset third credit evaluation rule;
adding the digital signature certificate and the corresponding reputation score to the reputation evaluation digital signature library;
wherein the third reputation evaluation rule comprises: and determining the credit score corresponding to the digital signature certificate based on the number of files loaded with the digital signature certificate in a public network and/or compiler information of the target file and/or shell information of the digital signature certificate.
CN202211698006.1A 2022-12-28 2022-12-28 Digital signature certificate detection method and device Pending CN116010927A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211698006.1A CN116010927A (en) 2022-12-28 2022-12-28 Digital signature certificate detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211698006.1A CN116010927A (en) 2022-12-28 2022-12-28 Digital signature certificate detection method and device

Publications (1)

Publication Number Publication Date
CN116010927A true CN116010927A (en) 2023-04-25

Family

ID=86018943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211698006.1A Pending CN116010927A (en) 2022-12-28 2022-12-28 Digital signature certificate detection method and device

Country Status (1)

Country Link
CN (1) CN116010927A (en)

Similar Documents

Publication Publication Date Title
CN109492378B (en) Identity verification method based on equipment identification code, server and medium
CN111030986B (en) Attack organization traceability analysis method and device and storage medium
CN108875364B (en) Threat determination method and device for unknown file, electronic device and storage medium
CN113973012B (en) Threat detection method and device, electronic equipment and readable storage medium
CN110866248B (en) Lesovirus identification method and device, electronic equipment and storage medium
CN106203092B (en) Method and device for intercepting shutdown of malicious program and electronic equipment
CN110868383A (en) Website risk assessment method and device, electronic equipment and storage medium
CN111224953A (en) Method, device and storage medium for discovering threat organization attack based on abnormal point
CN111030968A (en) Detection method and device capable of customizing threat detection rule and storage medium
CN108804918B (en) Security defense method, security defense device, electronic equipment and storage medium
CN107070845B (en) System and method for detecting phishing scripts
CN110865774B (en) Information security detection method and device for printing equipment
CN111062035B (en) Lesu software detection method and device, electronic equipment and storage medium
CN109145589B (en) Application program acquisition method and device
CN111030974A (en) APT attack event detection method, device and storage medium
CN111027065B (en) Leucavirus identification method and device, electronic equipment and storage medium
CN110611675A (en) Vector magnitude detection rule generation method and device, electronic equipment and storage medium
CN114338102B (en) Security detection method, security detection device, electronic equipment and storage medium
CN116010927A (en) Digital signature certificate detection method and device
CN111030977A (en) Attack event tracking method and device and storage medium
CN114035812A (en) Application software installation and/or operation method, device, electronic equipment and storage medium
CN110868385B (en) Website safety operation capacity determination method and device, electronic equipment and storage medium
CN114039779A (en) Method and device for safely accessing network, electronic equipment and storage medium
CN114281587A (en) Asset abnormity detection method and device for terminal equipment, electronic equipment and storage medium
CN110413871B (en) Application recommendation method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination