CN116432173A - Method, device and medium for preventing malicious encryption of object storage - Google Patents

Method, device and medium for preventing malicious encryption of object storage Download PDF

Info

Publication number
CN116432173A
CN116432173A CN202310416604.3A CN202310416604A CN116432173A CN 116432173 A CN116432173 A CN 116432173A CN 202310416604 A CN202310416604 A CN 202310416604A CN 116432173 A CN116432173 A CN 116432173A
Authority
CN
China
Prior art keywords
request
encryption
storage
malicious
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310416604.3A
Other languages
Chinese (zh)
Inventor
陶桐桐
程晓煜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Jinan data Technology Co ltd
Original Assignee
Inspur Jinan data Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Jinan data Technology Co ltd filed Critical Inspur Jinan data Technology Co ltd
Priority to CN202310416604.3A priority Critical patent/CN116432173A/en
Publication of CN116432173A publication Critical patent/CN116432173A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a method, a device and a medium for preventing malicious encryption of object storage, and relates to the technical field of distributed storage. The method is applied to the storage barrel, and requests sent by the client are monitored and analyzed; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.

Description

Method, device and medium for preventing malicious encryption of object storage
Technical Field
The present invention relates to the field of distributed storage technologies, and in particular, to a method, an apparatus, and a medium for preventing malicious encryption of object storage.
Background
In the big data age, object storage service (Object Storage Service, OSS) is an emerging mass, secure, low cost, highly reliable storage service suitable for storing any type of file. The virus lux means is a behavior of encrypting data, then luxing the owner of the data, and returning the data after obtaining the reward. As digitization progresses, lux attacks have become a major threat to current network security.
The conventional means for preventing the lux virus in the object storage is a Write Once Read Many (WORM) method, and the data can only be read after being written, and writing operations such as writing, overwriting, and the like cannot be performed. The method aims at static data, namely data which does not need to be changed, and can avoid the data from being tampered or encrypted by viruses to a great extent; however, the present invention is not suitable for the protection against the luxury virus for dynamic data, that is, data that requires additional writing, particularly for dynamic data such as video data that requires a large number of additional writing operations.
In view of the above, how to effectively prevent malicious encryption of an object storage by the lux virus is a problem to be solved by those skilled in the art.
Disclosure of Invention
The purpose of the application is to provide a method, a device and a medium for preventing malicious encryption of object storage, so as to effectively prevent the malicious encryption of the object storage by the Lesovirus.
In order to solve the technical problems, the application provides a method for preventing malicious encryption of object storage, which is applied to a storage bucket; the method comprises the following steps:
monitoring and analyzing a request sent by a client; wherein the request is an operation request for an object;
judging whether the request is an encryption request or not;
if yes, alarming is carried out;
if not, executing the request and encrypting the object.
Preferably, the alerting includes:
resolving information in the request; wherein the information comprises a request operation, a request IP, an encryption key and an operation object;
judging whether the information exists in the virus library;
if yes, alarming is carried out;
if not, storing the information into the virus library, and alarming.
Preferably, after said encrypting the object, further comprises:
the metadata attribute of the object is changed to prohibit external encryption.
Preferably, when the request is the encryption request, further comprising:
judging whether the request times of the encryption requests in a first preset period are larger than a threshold value or not;
if yes, malicious attack warning information is output.
Preferably, when the request is the encryption request, further comprising:
a log is generated that records the encrypted request.
Preferably, after said storing said information in said virus library, further comprising:
and updating the virus library according to a second preset period.
Preferably, after said encrypting the object, further comprises:
a processing log of the request to the client is generated.
In order to solve the technical problems, the application also provides a device for preventing malicious encryption of object storage, which is applied to a storage bucket; the device comprises:
the monitoring and analyzing module is used for monitoring and analyzing the request sent by the client; wherein the request is an operation request for an object;
the judging module is used for judging whether the request is an encryption request or not; if yes, triggering an alarm module, and if not, triggering an execution module;
the alarm module is used for giving an alarm;
the execution module is used for executing the request and encrypting the object.
Preferably, the alarm module includes:
the information analysis module is used for analyzing the information in the request; wherein the information comprises a request operation, a request IP, an encryption key and an operation object;
the information judging module is used for judging whether the information exists in the virus library; if yes, alarming is carried out; if not, storing the information into the virus library, and alarming.
Preferably, the method further comprises:
and the attribute changing module is used for changing the metadata attribute of the object to prohibit external encryption.
Preferably, the method further comprises:
the request number judging module is used for judging whether the request number of the encryption request is larger than a threshold value in a first preset period when the request is the encryption request; if yes, triggering a malicious attack alarm module;
the malicious attack warning module is used for outputting malicious attack warning information.
Preferably, the method further comprises:
and the request log generation module is used for generating a log for recording the encryption request when the request is the encryption request.
Preferably, the method further comprises:
and the virus library updating module is used for updating the virus library according to a second preset period after the information is stored in the virus library.
Preferably, the method further comprises:
and the processing log generation module is used for generating a processing log of the request of the client after the object is encrypted.
In order to solve the above technical problem, the present application further provides another device for preventing malicious encryption of object storage, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the method for preventing the object from storing malicious encryption when executing the computer program.
To solve the above technical problem, the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for preventing malicious encryption of object storage described above.
The method for preventing malicious encryption of object storage, provided by the application, is applied to a storage bucket; monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
In addition, the embodiment of the application also provides a device and a medium for preventing malicious encryption of object storage, and the effects are the same as the above.
Drawings
For a clearer description of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for preventing malicious encryption of object storage according to an embodiment of the present application;
fig. 2 is a schematic diagram of an apparatus for preventing malicious encryption of object storage according to an embodiment of the present application;
fig. 3 is a schematic diagram of another device for preventing malicious encryption of object storage according to an embodiment of the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments herein without making any inventive effort are intended to fall within the scope of the present application.
The core of the application is to provide a method, a device and a medium for preventing malicious encryption of object storage. To effectively prevent malicious encryption of the object store by the lux virus.
In order to provide a better understanding of the present application, those skilled in the art will now make further details of the present application with reference to the drawings and detailed description.
The virus lux means is a behavior of encrypting data, then luxing the owner of the data, and returning the data after obtaining the reward. The lux virus invasion encrypts the business data of the customer, which causes business interruption, data leakage, data loss and the like, thereby bringing serious business risks. There are lux attacks where the internet is available. As digitization progresses, lux attacks have become a major threat to current network security.
The conventional means for preventing the Leucovirus in the object storage is to use WORM method, and the like, and the data can only be read after being written, and the data cannot be modified, overwritten, and the like. The method aims at static data, namely data which does not need to be changed, and can avoid the data from being tampered or encrypted by viruses to a great extent; however, the present invention is not suitable for the protection against the luxury virus for dynamic data, that is, data that requires additional writing, particularly for dynamic data such as video data that requires a large number of additional writing operations. Because dynamic data needs to be continuously written additionally, if WORM limitation is used, the additional writing cannot be performed (because the WORM principle is that only reading can be performed after writing and modification cannot be performed). Therefore, the embodiment of the application provides a method for preventing the malicious encryption of the object storage by the Leesvirus. It should be noted that the method provided in the embodiments of the present application is applied to a bucket of a distributed storage cluster.
Fig. 1 is a flowchart of a method for preventing malicious encryption of object storage according to an embodiment of the present application. The method is applied to the storage barrel; as shown in fig. 1, the method includes:
s10: and monitoring and analyzing the request sent by the client.
Wherein the request is an operation request for the object;
it will be appreciated that Object-based Storage (OBS) is a new network Storage architecture, and that devices based on Object Storage technology are Object Storage Devices (OSDs). The global network storage industry association (SNIA) object storage device working group promulgates ANSI X3T10 standards. In general, object storage combines the advantages of Network Attached Storage (NAS) and Storage Area Network (SAN), while having the advantages of high-speed direct access of SAN and distributed data sharing of NAS, providing a storage architecture with high performance, high reliability, cross-platform, and secure data sharing. The object storage system provides data storage and secure access. The OSD manages the saved data using objects (objects). It stores data to tracks and sectors of a disk, combines several tracks and sectors to form an Object, and provides access to the data to the outside through this Object. Each Object is similar to a conventional file, using a similar access interface to the file, including Open, read, write, etc. But not identical, each Object may include several files, or may be part of a file, and be operating system independent. In addition to the specific user data, the OSD also records attribute information, mainly physical view information, of each Object. The information is put on the OSD, so that the burden of a metadata server is greatly reduced, and the parallel access performance and expandability of the whole storage system are enhanced.
An object storage gateway (RGW) is an access implementation of object storage. The object storage gateway, also known as Ceph object gateway, radosGW, RGW, is a service enabling clients to access Ceph clusters using standard object storage application programming interfaces (Application Programming Interface, API). The object storage gateway storage characteristics include: the data is stored as objects (objects) by the Object storage gateway, each Object containing metadata for the data itself in addition to the data. The Object is retrieved by the Object ID, cannot be accessed directly by the mount mode of the normal file system by the file path plus file name operation, can be accessed only by the API, or can be accessed by a third party client (in fact, also encapsulation of the API). The storage of objects is not a vertical directory tree structure, but is stored in a flat namespace (bucket), which needs to be authorized for access, one account may be authorized for multiple buckets, and permissions may be different. The object storage gateway is convenient for transverse expansion and quick data retrieval, does not support client mounting, requires the client to specify a file name when accessing, and is not suitable for scenes in which files are modified and deleted too frequently.
It should be noted that objects (objects) are the basic units of data storage in an Object storage system, each Object is a complex of data and a set of data attributes, and the data attributes may be set according to the requirements of an application, including data distribution, quality of service, and the like. In conventional storage systems, using files or blocks as the basic unit of storage, a block device records the location on the device of each block of stored data. Objects maintain their own properties, thereby simplifying the management tasks of the storage system and increasing flexibility. The objects may vary in size and may contain the entire data structure, such as files, data entries, etc. In the storage device, all objects have an object identification, and the objects are accessed through an object identification OSD command. There are typically multiple types of objects, a root object on a storage device identifying the storage device and various attributes of that device, a group object being a collection of objects on a storage device that share a resource management policy.
And a Bucket (Bucket) is a container of storage objects in an OBS. Object storage provides a flattened storage mode based on buckets and objects, all objects in the buckets are in the same logic level, and a multi-level tree directory structure in a file system is removed. Each barrel has the own storage category, access right, belonging area and other attributes, and a user can create barrels with different storage categories and access rights in different areas and configure more advanced attributes to meet the storage requirements of different scenes.
Therefore, due to the storage characteristic of the object storage, the method for preventing malicious encryption of the object storage provided by the embodiment of the application is mainly based on the storage barrel and is provided with the lux virus prevention function switch. Specifically, first, requests sent by clients are monitored and parsed by the bucket. It will be appreciated that the request sent by the client is an operation request for the object, including but not limited to a write request, an append write request, and other requests, and may also include malicious encryption requests. It should be noted that the append write is that the Object storage service appends a write data portion after the original Object, and constitutes new data.
S11: it is determined whether the request is an encrypted request. If yes, go to step S12, if no, go to step S13.
S12: and alarming.
S13: the request is executed and the object is encrypted.
Further, the bucket determines whether the received request of the client is an encrypted request. If the storage barrel determines that the request is an encryption request, alarming is carried out to prompt a user client to have a malicious encryption request on the object; if the bucket determines that the request is not an encryption request, the request is executed and the object is encrypted. It is to be appreciated that the request may be embodied as a write object request or an append write object request, which when executed may perform a write operation or append write operation. After the execution of the request is completed, the object is encrypted, so that the object encryption is realized internally, the writing or the additional writing of the data is ensured to be the encrypted storage, and the situation that the external request randomly acquires the object data is avoided.
It should be noted that, in this embodiment, the specific alarm mode is not limited, and the alarm display can be performed through the display screen, the alarm can be performed through the audio prompt mode, and the user can be reminded through the indicator lamp, according to specific implementation conditions.
In addition, the embodiment of the application does not limit the specific encryption mode of the object, can encrypt through software, can encrypt through hardware, can encrypt through a national encryption algorithm, and depends on specific implementation conditions.
In this embodiment, a method for preventing malicious encryption of object storage is applied to a storage bucket; monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
Based on the above embodiments, in order to accurately identify the malicious encrypted request of the lux virus, as a preferred embodiment, the alerting includes:
analyzing information in the request; the information comprises a request operation, a request IP, an encryption key and an operation object;
judging whether information exists in a virus library;
if yes, alarming is carried out;
if not, the information is stored in a virus library, and alarming is carried out.
Specifically, when the bucket confirms that the request of the client is an encryption request, the information in the request, that is, the information in the encryption request, is parsed. It will be appreciated that the information in the encryption request contains information about the content it encrypts, including in particular the request operation, the protocol (Internet Protocol, IP) that the network is to be interconnected with, the encryption key and the object of the operation. Further judging whether the information of the encryption request exists in a pre-constructed virus library.
The virus library is designed as a distributed database, and the stored content is information such as IP, encryption key, operation type, operation object and the like of malicious request. The virus library is designed mainly to intercept the access of the maliciously encrypted Lecable virus immediately and give an alarm. The main purpose of this design is: and the method avoids that a large number of malicious lux virus encryption requests influence normal service access and maliciously occupy software and hardware resources. Because a large amount of resources are occupied to process under the condition that a large amount of malicious lux virus encryption requests are sent, normal request access of the distributed cluster processing is affected. The design of the virus library can effectively avoid the malicious request, and if the same request information is found in the virus library, the request is directly returned, so that a large amount of software and hardware resources are prevented from being occupied.
Therefore, if the information of the encryption request exists in the virus library, the encryption request is considered to be recorded, and the alarm is directly carried out. If the information of the encryption request does not exist in the virus library, the information related to the encryption request is not recorded in the virus library, so that the information of the encryption request needs to be stored in the virus library and an alarm is carried out.
In this embodiment, the information in the request is parsed; the information comprises a request operation, a request IP, an encryption key and an operation object; judging whether information exists in a virus library; if yes, alarming is carried out; if not, the information is stored in a virus library, and alarming is carried out. The Leucasian virus database module is added, and information of malicious encryption requests such as Leucasian viruses can be recorded through the design of a virus database, so that the malicious encryption requests can be better identified, and the problem of software and hardware resource consumption caused by processing a large amount of malicious Leucasian virus encryption data requests is effectively avoided. The method can better support the conventional object operation scene of object writing and additional writing, protect the object data of the user and avoid virus luxury.
On the basis of the above embodiment, in order to prohibit a malicious encryption request sent from outside, as a preferred embodiment, after encrypting the object, it further includes:
the metadata attribute of the modification object is to prohibit external encryption.
In a specific implementation, after the object encryption is performed, the metadata attribute of the object is changed to prohibit external encryption.
Metadata is data (data about data) describing data, mainly information describing data attributes (properties), for supporting functions such as indicating storage locations, history data, resource searching, file recording, etc. There are two types of metadata for object storage: system metadata and user-defined metadata. For each Object in the bucket, the Object store will hold the system metadata for that Object. The object store processes these system metadata as needed. For example, object store will save object creation date and object size and use this information as part of object management.
Therefore, in the embodiment, the object encryption storage is realized in the storage barrel, and the metadata attribute of the object is set to prohibit external encryption requests, so that the data writing or additional writing is ensured to be the encrypted storage, and the random acquisition of the data encryption by the external requests is avoided; and through metadata attribute setting, the malicious encryption request sent from the outside is forbidden, and the threat of the Levovirus to the object storage is further prevented.
On the basis of the foregoing embodiment, in order to improve the security of the bucket and improve the stability of the distributed storage cluster, as a preferred embodiment, when the request is an encrypted request, the method further includes:
judging whether the request times of the encryption requests in a first preset period is larger than a threshold value or not;
if yes, malicious attack warning information is output.
In a specific implementation, when the bucket confirms that the request is an encryption request, it is further determined whether the number of requests of the encryption request in the first preset period is greater than a threshold. If so, the number of requests for encrypting the requests in the time period is considered to be abnormal, and the storage barrel possibly encounters frequent attacks of the lux virus, so that malicious attack warning information needs to be output to prompt a user to timely process the attacks, and the storage barrel and the distributed storage clusters are prevented from being failed.
It should be noted that, in this embodiment, the first preset period is not limited, and depends on the specific implementation. Preferably, the first preset period may be set to one day. The threshold value is not limited in this embodiment, and depends on the specific implementation.
In this embodiment, when the request is an encryption request, it is determined whether the number of requests of the encryption request in the first preset period is greater than a threshold; if yes, malicious attack warning information is output. Through judgment and alarm of malicious attack, the security of the storage barrel is improved, and the stability of the distributed storage cluster is improved.
On the basis of the above embodiment, as a preferred embodiment, when the request is an encrypted request, the method further includes:
a log is generated that records the encrypted request.
In a specific implementation, in order to better record the encryption request of the client, so that the user can trace back and audit the encryption request of the client, as a preferred embodiment, when the request sent by the client is confirmed to be the encryption request, a log for recording the encryption request can be further generated for the user to view the content of the encryption request.
Similarly, in order to make the user learn about the specific processing procedure of each request of the client, on the basis of the above embodiment, as a preferred embodiment, after encrypting the object, the method further includes:
a processing log of requests to clients is generated.
Specifically, after executing the request and encrypting the object, the request is processed, and a processing log of the request to the client is generated, so that a user can learn the specific processing procedure of the request according to the processing log, and backtracking and auditing are facilitated.
In addition, in order to ensure the real-time performance of the virus library, in addition to the above embodiment, as a preferred embodiment, after storing the information into the virus library, the method further includes:
and updating the virus library according to the second preset period.
In this embodiment, the virus library is updated in the second preset period, so that the real-time performance of the content of the virus library is ensured, and the virus library is better used for comparing the encryption requests. In this embodiment, the second preset period is not limited, and depends on the specific implementation.
In the above embodiments, the method for preventing the object from storing malicious encryption is described in detail, and the application further provides a corresponding embodiment of the device for preventing the object from storing malicious encryption. It should be noted that the present application describes an embodiment of the device portion from two angles, one based on the angle of the functional module and the other based on the angle of the hardware structure.
Fig. 2 is a schematic diagram of an apparatus for preventing malicious encryption of object storage according to an embodiment of the present application. The device is applied to the storage barrel; as shown in fig. 2, the apparatus for preventing an object from storing malicious encryption includes:
the monitoring and analyzing module 10 is used for monitoring and analyzing the request sent by the client; wherein the request is an operation request for the object.
A judging module 11, configured to judge whether the request is an encryption request; if yes, the alarm module 12 is triggered, and if not, the execution module 13 is triggered.
An alarm module 12 for alarming;
the execution module 13 is configured to execute the request and encrypt the object.
As a preferred embodiment, the alarm module includes:
the information analysis module is used for analyzing the information in the request; the information comprises a request operation, a request IP, an encryption key and an operation object;
the information judging module is used for judging whether information exists in the virus library; if yes, alarming is carried out; if not, the information is stored in a virus library, and alarming is carried out.
As a preferred embodiment, further comprising:
and the attribute changing module is used for changing the metadata attribute of the object to prohibit external encryption.
As a preferred embodiment, further comprising:
the request number judging module is used for judging whether the request number of the encryption request is larger than a threshold value in a first preset period when the request is the encryption request; if yes, triggering a malicious attack alarm module;
and the malicious attack alarm module is used for outputting malicious attack alarm information.
As a preferred embodiment, further comprising:
and the request log generation module is used for generating a log for recording the encryption request when the request is the encryption request.
As a preferred embodiment, further comprising:
and the virus library updating module is used for updating the virus library according to a second preset period after the information is stored in the virus library.
As a preferred embodiment, further comprising:
and the processing log generation module is used for generating a processing log of the request of the client after encrypting the object.
In this embodiment, the device for preventing malicious encryption of object storage is applied to a storage bucket, and includes a monitoring analysis module, a judgment module, an alarm module and an execution module. The device for preventing the malicious encryption of the object storage can realize all the steps of the method for preventing the malicious encryption of the object storage. Monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
Fig. 3 is a schematic diagram of another device for preventing malicious encryption of object storage according to an embodiment of the present application. As shown in fig. 3, the apparatus for preventing an object from storing malicious encryption includes:
a memory 20 for storing a computer program.
A processor 21 for implementing the steps of the method of preventing malicious encryption of object storage as mentioned in the above embodiments when executing a computer program.
The device for preventing malicious encryption of object storage provided in this embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like.
Processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 21 may be implemented in hardware in at least one of a digital signal processor (Digital Signal Processor, DSP), a Field programmable gate array (Field-Programmable Gate Array, FPGA), a programmable logic array (Programmable Logic Array, PLA). The processor 21 may also comprise a main processor, which is a processor for processing data in an awake state, also called central processor (Central Processing Unit, CPU), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a graphics processor (Graphics Processing Unit, GPU) for use in connection with rendering and rendering of content to be displayed by the display screen. In some embodiments, the processor 21 may also include an artificial intelligence (Artificial Intelligence, AI) processor for processing computing operations related to machine learning.
Memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing a computer program 201, where the computer program, after being loaded and executed by the processor 21, is capable of implementing the relevant steps of the method for preventing malicious encryption of object storage disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may further include an operating system 202, data 203, and the like, where the storage manner may be transient storage or permanent storage. The operating system 202 may include Windows, unix, linux, among others. Data 203 may include, but is not limited to, data involved in a method of preventing an object from storing malicious encryption.
In some embodiments, the device for preventing the object from storing malicious encryption may further comprise a display screen 22, an input/output interface 23, a communication interface 24, a power supply 25 and a communication bus 26.
It will be appreciated by those skilled in the art that the structure shown in fig. 3 does not constitute a limitation on the means for preventing malicious encryption of object storage, and may include more or fewer components than shown.
In this embodiment, an apparatus for preventing malicious encryption of an object store includes a memory and a processor. The memory is used for storing a computer program. The processor is arranged to implement the steps of the method of preventing malicious encryption of an object store as mentioned in the above embodiments when executing a computer program. Monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
Finally, the present application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps as described in the method embodiments above.
It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. With such understanding, the technical solution of the present application, or a part contributing to the prior art or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, performing all or part of the steps of the method described in the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In this embodiment, a computer program is stored on a computer readable storage medium, and when the computer program is executed by a processor, the steps described in the above method embodiments are implemented. Monitoring and analyzing a request sent by a client; wherein the request is an operation request for the object; judging whether the request is an encryption request or not; if yes, alarming is carried out; if not, executing the request and encrypting the object. Therefore, the scheme is based on the fact that the storage barrel is provided with the Levovirus prevention function switch, the external request is forbidden to encrypt the object of the storage barrel, and only encryption inside the storage barrel is allowed. When an encryption request sent by a client is met, processing and alarming are not carried out, so that the object storage is effectively prevented from being infected by viruses, and occupation of mass malicious requests on software and hardware resources of the distributed storage is avoided.
The method, the device and the medium for preventing malicious encryption of object storage provided by the application are described in detail above. In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it would be obvious to those skilled in the art that various improvements and modifications can be made to the present application without departing from the principles of the present application, and such improvements and modifications fall within the scope of the claims of the present application.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A method for preventing malicious encryption of object storage, which is characterized by being applied to a storage bucket; the method comprises the following steps:
monitoring and analyzing a request sent by a client; wherein the request is an operation request for an object;
judging whether the request is an encryption request or not;
if yes, alarming is carried out;
if not, executing the request and encrypting the object.
2. The method of claim 1, wherein the alerting comprises:
resolving information in the request; wherein the information comprises a request operation, a request IP, an encryption key and an operation object;
judging whether the information exists in the virus library;
if yes, alarming is carried out;
if not, storing the information into the virus library, and alarming.
3. The method of claim 1, further comprising, after said encrypting the object:
the metadata attribute of the object is changed to prohibit external encryption.
4. The method of preventing malicious encryption of object storage of claim 1, further comprising, when the request is the encrypted request:
judging whether the request times of the encryption requests in a first preset period are larger than a threshold value or not;
if yes, malicious attack warning information is output.
5. The method of preventing malicious encryption of object storage of claim 1, further comprising, when the request is the encrypted request:
a log is generated that records the encrypted request.
6. The method of preventing malicious encryption of object storage of claim 2, further comprising, after said storing said information into said virus library:
and updating the virus library according to a second preset period.
7. A method of preventing storage of malicious encryption of an object according to any one of claims 1 to 6, further comprising, after said encrypting said object:
a processing log of the request to the client is generated.
8. An apparatus for preventing malicious encryption of object storage, which is characterized by being applied to a storage bucket; the device comprises:
the monitoring and analyzing module is used for monitoring and analyzing the request sent by the client; wherein the request is an operation request for an object;
the judging module is used for judging whether the request is an encryption request or not; if yes, triggering an alarm module, and if not, triggering an execution module;
the alarm module is used for giving an alarm;
the execution module is used for executing the request and encrypting the object.
9. An apparatus for preventing malicious encryption of an object store, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method of preventing malicious encryption of object storage according to any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of the method of preventing an object from storing malicious encryption as claimed in any one of claims 1 to 7.
CN202310416604.3A 2023-04-13 2023-04-13 Method, device and medium for preventing malicious encryption of object storage Pending CN116432173A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310416604.3A CN116432173A (en) 2023-04-13 2023-04-13 Method, device and medium for preventing malicious encryption of object storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310416604.3A CN116432173A (en) 2023-04-13 2023-04-13 Method, device and medium for preventing malicious encryption of object storage

Publications (1)

Publication Number Publication Date
CN116432173A true CN116432173A (en) 2023-07-14

Family

ID=87092405

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310416604.3A Pending CN116432173A (en) 2023-04-13 2023-04-13 Method, device and medium for preventing malicious encryption of object storage

Country Status (1)

Country Link
CN (1) CN116432173A (en)

Similar Documents

Publication Publication Date Title
US10503897B1 (en) Detecting and stopping ransomware
US11675915B2 (en) Protecting data based on a sensitivity level for the data
US10079835B1 (en) Systems and methods for data loss prevention of unidentifiable and unsupported object types
EP3378007B1 (en) Systems and methods for anonymizing log entries
US11301578B2 (en) Protecting data based on a sensitivity level for the data
CN105005528B (en) A kind of log information extracting method and device
IL267241B2 (en) System and methods for detection of cryptoware
JP2016505981A (en) Real-time representation of security-related system status
US7962492B2 (en) Data management apparatus, data management method, data processing method, and program
US11461282B2 (en) Systems and methods for write-once-read-many storage
JPH10312335A (en) Data processing method and processor therefor
US7216207B1 (en) System and method for fast, secure removal of objects from disk storage
CN108229162B (en) Method for realizing integrity check of cloud platform virtual machine
US10466924B1 (en) Systems and methods for generating memory images of computing devices
US20200125723A1 (en) Method and computer system for preventing malicious software from attacking files of the computer system and corresponding non-transitory computer readable storage medium
CN109639726A (en) Intrusion detection method, device, system, equipment and storage medium
US9659182B1 (en) Systems and methods for protecting data files
US11144656B1 (en) Systems and methods for protection of storage systems using decoy data
CN112000971A (en) File permission recording method, system and related device
US10635645B1 (en) Systems and methods for maintaining aggregate tables in databases
CN116432173A (en) Method, device and medium for preventing malicious encryption of object storage
US9400894B1 (en) Management of log files subject to edit restrictions that can undergo modifications
CN114564456B (en) Distributed storage file recovery method and device
CN116089427A (en) Management method and system for multi-medium fusion storage of electronic files
CN115730012A (en) Database desensitization method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination