CN117573284A - Method and device for detecting mirror image risk - Google Patents
Method and device for detecting mirror image risk Download PDFInfo
- Publication number
- CN117573284A CN117573284A CN202311594172.1A CN202311594172A CN117573284A CN 117573284 A CN117573284 A CN 117573284A CN 202311594172 A CN202311594172 A CN 202311594172A CN 117573284 A CN117573284 A CN 117573284A
- Authority
- CN
- China
- Prior art keywords
- detected
- image
- mirror image
- risk
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000001514 detection method Methods 0.000 claims abstract description 143
- 230000003068 static effect Effects 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 12
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 8
- 230000000694 effects Effects 0.000 description 3
- 238000011156 evaluation Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Facsimiles In General (AREA)
Abstract
The invention provides a method and a device for detecting mirror image risk, comprising the following steps: acquiring a sha value of a mirror image to be detected; if the preset white list does not have the sha value of the mirror image to be detected, judging whether the preset black list has the sha value of the mirror image to be detected; if yes, determining that the image to be detected is a high-risk image, and intercepting the image to be detected; if not, carrying out risk detection on the mirror image to be detected to obtain a detection result; and if the detection result indicates that the image to be detected is a high-risk image, intercepting the image to be detected. The images to be detected are subjected to static detection by using the white list and the black list, dynamic risk detection is carried out on the images to be detected, the images to be detected which are at risk and have threat are intercepted, and the images are comprehensively detected by a perfect detection mechanism, so that the accuracy of detection results is effectively improved, the risk is avoided, and the safety of a host is ensured.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for detecting a mirror risk.
Background
With the rise of the container market, the capacity of mirror image warehouses is also increasing. The mirror image is the basis of the operation of the container, and in order to ensure the safe operation of the container, the mirror image needs to be subjected to safety detection and evaluation, the mirror image with threat is intercepted, and the safety is improved.
The current common detection method mainly carries out static scanning on the mirror images, but has high false alarm rate of the static scanning, carries out risk assessment on the static mirror image level, has low assessment speed, wastes time and labor, and has the problems of insufficient scanning, lower accuracy and poor detection effect.
Disclosure of Invention
In view of the above, the embodiment of the invention provides a method and a device for detecting mirror image risk, so as to solve the problems of low detection accuracy and poor detection effect.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
the first aspect of the invention discloses a method for detecting mirror image risk, which comprises the following steps:
acquiring a sha value of a mirror image to be detected;
if the sha value of the mirror image to be detected does not exist in the preset white list, judging whether the sha value of the mirror image to be detected exists in the preset black list or not;
if yes, determining that the mirror image to be detected is a high-risk mirror image, and intercepting the mirror image to be detected;
if not, carrying out risk detection on the mirror image to be detected to obtain a detection result;
and if the detection result indicates that the image to be detected is a high-risk image, intercepting the image to be detected.
Preferably, before the obtaining the sha value of the image to be detected, the method further includes:
judging whether the images are subjected to risk detection in a preset period or not according to each image;
if not, determining the mirror image as the mirror image to be detected.
Preferably, the risk detection is performed on the image to be detected to obtain a detection result, including:
pulling up the container in the mirror image to be detected to obtain a target mirror image to be detected;
performing risk detection on the target mirror image to be detected by using a detection engine;
if the detection engine detects that the target image to be detected is a high-risk image, a high-risk detection result is generated;
and if the detection engine detects that the target image to be detected is a low-risk image, generating a low-risk detection result.
Preferably, after intercepting the image to be detected, the method further includes:
if the interception fails, generating alarm information indicating the interception failure;
and sending the alarm information to a user.
Preferably, before the obtaining the sha value of the image to be detected, the method further includes:
receiving a detection instruction input by a user;
and determining the mirror image corresponding to the mirror image sha value contained in the detection instruction as a mirror image to be detected.
Preferably, after intercepting the image to be detected, the method further includes:
and storing the sha value of the mirror image to be detected into the blacklist.
In a second aspect, the present invention discloses an apparatus for detecting a risk of mirroring, the apparatus comprising:
the acquisition unit is used for acquiring the sha value of the mirror image to be detected;
the first judging unit is used for judging whether the preset blacklist has the sha value of the mirror image to be detected or not if the preset whitelist does not have the sha value of the mirror image to be detected;
the first determining unit is used for determining that the mirror image to be detected is a high-risk mirror image if the mirror image to be detected is the high-risk mirror image, and intercepting the mirror image to be detected;
the risk detection unit is used for carrying out risk detection on the mirror image to be detected if not, so as to obtain a detection result;
and the interception unit is used for intercepting the mirror image to be detected if the detection result indicates that the mirror image to be detected is a high-risk mirror image.
Preferably, the apparatus further comprises:
the second judging unit is used for judging whether the mirror images are subjected to risk detection in a preset period or not according to each mirror image;
and the second determining unit is used for determining that the mirror image is the mirror image to be detected if not.
Preferably, the risk detection unit includes:
the pulling-up module is used for pulling up the container in the mirror image to be detected to obtain a target mirror image to be detected;
the detection module is used for detecting risk of the target mirror image to be detected by using a detection engine;
the first generation module is used for generating a high-risk detection result if the detection engine detects that the target image to be detected is a high-risk image;
and the second generation module is used for generating a low-risk detection result if the detection engine detects that the target image to be detected is a low-risk image.
Preferably, the apparatus further comprises:
the generating unit is used for generating alarm information indicating interception failure if the interception fails;
and the sending unit is used for sending the alarm information to the user.
Based on the method and the device for detecting the mirror image risk provided by the embodiment of the invention, the method comprises the following steps: acquiring a sha value of a mirror image to be detected; if the preset white list does not have the sha value of the mirror image to be detected, judging whether the preset black list has the sha value of the mirror image to be detected; if yes, determining that the image to be detected is a high-risk image, and intercepting the image to be detected; if not, carrying out risk detection on the mirror image to be detected to obtain a detection result; and if the detection result indicates that the image to be detected is a high-risk image, intercepting the image to be detected. The images to be detected are subjected to static detection by using the white list and the black list, dynamic risk detection is carried out on the images to be detected, the images to be detected which are at risk and have threat are intercepted, and the images are comprehensively detected by a perfect detection mechanism, so that the accuracy of detection results is effectively improved, the risk is avoided, and the safety of a host is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for detecting image risk according to an embodiment of the present invention;
FIG. 2 is a first block diagram of an apparatus for detecting image risk according to an embodiment of the present invention;
FIG. 3 is a second block diagram of an apparatus for detecting risk of mirroring according to an embodiment of the present invention;
FIG. 4 is a third block diagram of an apparatus for detecting risk of mirroring according to an embodiment of the present invention;
FIG. 5 is a fourth block diagram of an apparatus for detecting risk of mirroring according to an embodiment of the present invention;
FIG. 6 is a fifth block diagram illustrating an apparatus for detecting risk of mirroring according to an embodiment of the present invention;
fig. 7 is a sixth block diagram of an apparatus for detecting a risk of mirroring according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As known from the background art, the mirror image is the basis of the operation of the container, and if not updated in time or obtained from an unreliable source, the mirror image may contain loopholes or malicious files, thereby bringing great security risks; the current method for detecting the mirror image only carries out static scanning on the mirror image, the evaluation speed is low, time and labor are wasted, and the problems of low accuracy and poor detection effect are easy to occur due to insufficient scanning.
Therefore, an embodiment of the present invention provides a method and an apparatus for detecting a mirror risk, where the method includes: acquiring a sha value of a mirror image to be detected; if the preset white list does not have the sha value of the mirror image to be detected, judging whether the preset black list has the sha value of the mirror image to be detected; if yes, determining that the image to be detected is a high-risk image, and intercepting the image to be detected; if not, carrying out risk detection on the mirror image to be detected to obtain a detection result; and if the detection result indicates that the image to be detected is a high-risk image, intercepting the image to be detected. The images to be detected are subjected to static detection by using the white list and the black list, dynamic risk detection is carried out on the images to be detected, the images to be detected which are at risk and have threat are intercepted, and the images are comprehensively detected by a perfect detection mechanism, so that the accuracy of detection results is effectively improved, the risk is avoided, and the safety of a host is ensured.
Referring to fig. 1, a flowchart of a method for detecting a risk of a mirror image according to an embodiment of the present invention is shown, where the method includes:
step S101: and acquiring the sha value of the mirror image to be detected.
It should be noted that, the sha value is a unique value of the mirror image, which can be understood as an "identity card" of the mirror image, and the sha value is used to uniquely identify a mirror image.
In some embodiments, the flyback logic is set for all the images, and periodically for each image, it is determined whether the image has undergone risk detection within a preset period (for example, within 1 day or 7 days); if the risk detection is not carried out in the preset period, determining that the current mirror image is the mirror image to be detected, and detecting the mirror image to be detected.
It can be understood that each mirror image is detected at regular time, so that the safety of the mirror image can be effectively ensured, and the mirror image with threat and high risk can be found in time.
In specific implementation, setting manual trigger detection logic, and when a detection instruction input by a user is received; and determining the mirror image corresponding to the mirror image sha value contained in the detection instruction as the mirror image to be detected.
It can be appreciated that setting the manual trigger detection logic can effectively meet the detection requirements of the user, so as to avoid that the user does not have a proper detection channel when the user needs to perform detection.
Step S102: if the preset white list does not have the sha value of the mirror image to be detected, judging whether the preset black list has the sha value of the mirror image to be detected. If the preset blacklist has the sha value of the mirror image to be detected, executing step S103; if the preset blacklist does not have the sha value of the mirror image to be detected, step S104 is executed.
In the specific implementation process of step S102, the mirror image to be detected is detected by using a preset white list, where the preset white list includes multiple sha values of the mirror images with low risks. Checking whether a sha value of the mirror image to be detected exists in a preset white list, and if the sha value of the mirror image to be detected does not exist in the preset white list, detecting the mirror image to be detected by using the preset black list; if the sha value of the mirror image to be detected exists in the preset white list, indicating that the current mirror image to be detected is a low-risk mirror image, and pulling up the container in the current mirror image to be detected.
It should be noted that, the preset blacklist includes a plurality of sha values of the high-risk images, and if the sha value of the image to be detected exists in the preset blacklist, step S103 is executed; if the preset blacklist does not have the sha value of the mirror image to be detected, step S104 is executed.
It can be understood that the images to be detected are rapidly detected by configuring the white list and the black list, so that the purposes of timely finding out the images with high risk and determining that the images have threat are realized.
Step S103: and determining the image to be detected as a high-risk image, and intercepting the image to be detected.
In the specific implementation process of step S103, when the sha value of the image to be detected does not exist in the preset whitelist, but the sha value of the image to be detected exists in the preset blacklist, determining that the image to be detected is a high-risk image, and calling the runc to intercept the image to be detected.
It should be noted that runc is a command line tool for mass generating and running containers that meet specifications.
It can be understood that the high-risk mirror image is intercepted timely, and the stable operation of the environment of the host machine can be ensured.
Step S104: and performing risk detection on the mirror image to be detected to obtain a detection result.
In the specific implementation process of step S104, when there is no sha value of the image to be detected in the preset whitelist, and there is no sha value of the image to be detected in the preset blacklist, risk detection is performed on the image to be detected, and a detection result is obtained.
Specifically, the operation authority of the mirror image to be detected is obtained, and the container is pulled up in the mirror image to be detected to obtain a target mirror image to be detected; performing risk detection on the target mirror image to be detected by using a detection engine; if the detection engine detects that the target image to be detected is a high-risk image, a high-risk detection result is generated; and if the detection engine detects that the target image to be detected is a low-risk image, generating a low-risk detection result.
It should be noted that the detection engine may be a Trojan detection engine and a vulnerability detection engine. The process of performing risk detection on the target mirror image to be detected by using the Trojan horse detection engine comprises the following steps:
obtaining an md5 value of a target image to be detected (for example, obtaining the image through an 'md 5sum + file name' command), inputting the md5 value of the image to be detected into a Trojan horse detection engine, and judging whether the image is a Trojan horse file; if the Trojan horse file is the Trojan horse file, determining that the target image to be detected is a high-risk image, and generating a high-risk detection result. If the image is not the Trojan horse file, the vulnerability detection engine is utilized to carry out risk detection on the target image to be detected.
It should be noted that, if the Trojan horse detection engine detects that the target image to be detected is a high risk image, the md5 value of the target image to be detected is stored in the local database.
In some embodiments, the sha value of the high risk target to-be-detected image is stored in the blacklist to update the blacklist.
Specifically, the process of performing risk detection on the target image to be detected by using the vulnerability detection engine includes: scanning the target mirror image to be detected by utilizing a vulnerability database in the vulnerability detection engine, and judging whether a vulnerability exists in the target mirror image to be detected; if the loopholes exist, determining that the target mirror image to be detected is a high-risk mirror image, and generating a high-risk detection result; if the vulnerability does not exist, determining that the target image to be detected is a low-risk image, and generating a low-risk detection result.
Step S105: and if the detection result indicates that the image to be detected is a high-risk image, intercepting the image to be detected.
In the specific implementation S105, when the detection result indicates that the image to be detected is a high risk image, the image to be detected is intercepted by calling a run, so as to ensure stable operation of the environment of the host.
In a specific application, intercepting a mirror image to be detected, and if the interception fails, generating alarm information indicating the interception failure; and sending the alarm information to the user. If the interception is successful, generating prompt information indicating that the interception is successful; and sending the prompt information to the user.
In the embodiment of the invention, the images to be detected are statically detected by using the white list and the black list, and the images to be detected are dynamically risk-detected, the images to be detected which are risk-bearing and have threat are intercepted, and the images are comprehensively detected by a perfect detection mechanism, so that the accuracy of detection results is effectively improved, the risk is avoided, and the safety of a host is ensured.
Corresponding to the method for detecting the image risk provided by the embodiment of the present invention, referring to fig. 2, a first block diagram of an apparatus for detecting the image risk provided by the embodiment of the present invention is shown, where the apparatus includes: an acquisition unit 201, a first judgment unit 202, a first determination unit 203, a risk detection unit 204, and an interception unit 205.
An obtaining unit 201, configured to obtain a sha value of a mirror image to be detected.
The first determining unit 202 is configured to determine whether the preset blacklist has the sha value of the mirror image to be detected if the preset whitelist does not have the sha value of the mirror image to be detected.
And the first determining unit 203 is configured to determine that the image to be detected is a high risk image if the image to be detected is a high risk image, and intercept the image to be detected.
And the risk detection unit 204 is configured to perform risk detection on the image to be detected if the image to be detected is not detected, so as to obtain a detection result.
And the interception unit 205 is configured to intercept the image to be detected if the detection result indicates that the image to be detected is a high risk image.
In the embodiment of the invention, the images to be detected are statically detected by using the white list and the black list, and the images to be detected are dynamically risk-detected, the images to be detected which are risk-bearing and have threat are intercepted, and the images are comprehensively detected by a perfect detection mechanism, so that the accuracy of detection results is effectively improved, the risk is avoided, and the safety of a host is ensured.
Referring to fig. 3 in conjunction with the description of fig. 2, a second block diagram of an apparatus for detecting a risk of mirroring according to an embodiment of the present invention is shown, where the apparatus further includes: a second judgment unit 206, and a second determination unit 207.
A second determining unit 206, configured to determine, for each mirror image, whether the mirror image has undergone risk detection within a preset period.
A second determining unit 207, configured to determine that the image is the image to be detected if not.
Referring to fig. 4 in conjunction with the description of fig. 2, a third structural block diagram of an apparatus for detecting a risk of a mirror image according to an embodiment of the present invention is shown, where the risk detection unit 204 includes a pull-up module 2041, a detection module 2042, a first generation module 2043, and a second generation module 2044, and the implementation principles of the respective modules are as follows:
the pulling module 2041 is configured to pull the container in the image to be detected to obtain a target image to be detected.
The detection module 2042 is configured to perform risk detection on the target image to be detected by using the detection engine.
The first generating module 2043 is configured to generate a high risk detection result if the detection engine detects that the target image to be detected is a high risk image.
The second generating module 2044 is configured to generate a low risk detection result if the detection engine detects that the target image to be detected is a low risk image.
Referring to fig. 5 in conjunction with the description of fig. 2, a fourth block diagram of an apparatus for detecting a risk of mirroring according to an embodiment of the present invention is shown, where the apparatus further includes: a generating unit 208 and a transmitting unit 209.
And the generating unit 208 is configured to generate alarm information indicating the interception failure if the interception failure.
A sending unit 209, configured to send the alarm information to the user.
Referring to fig. 6 in conjunction with the description of fig. 2, a fifth block diagram of an apparatus for detecting a risk of mirroring according to an embodiment of the present invention is shown, where the apparatus further includes: a receiving unit 210 and a third determining unit 211.
The receiving unit 210 is configured to receive a detection instruction input by a user.
The third determining unit 211 is configured to determine an image corresponding to the image sha value included in the detection instruction as an image to be detected.
Referring to fig. 7 in conjunction with the description of fig. 2, a sixth structural block diagram of an apparatus for detecting a risk of mirroring according to an embodiment of the present invention is shown, where the apparatus further includes: the storage unit 212 is configured to store the sha value of the mirror image to be detected in the blacklist.
In summary, the embodiment of the invention provides a method and a device for detecting mirror image risk, where the method includes: acquiring a sha value of a mirror image to be detected; if the preset white list does not have the sha value of the mirror image to be detected, judging whether the preset black list has the sha value of the mirror image to be detected; if yes, determining that the image to be detected is a high-risk image, and intercepting the image to be detected; if not, carrying out risk detection on the mirror image to be detected to obtain a detection result; and if the detection result indicates that the image to be detected is a high-risk image, intercepting the image to be detected. The images to be detected are subjected to static detection by using the white list and the black list, dynamic risk detection is carried out on the images to be detected, the images to be detected which are at risk and have threat are intercepted, and the images are comprehensively detected by a perfect detection mechanism, so that the accuracy of detection results is effectively improved, the risk is avoided, and the safety of a host is ensured.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for a system or system embodiment, since it is substantially similar to a method embodiment, the description is relatively simple, with reference to the description of the method embodiment being made in part. The systems and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method of detecting a risk of mirroring, the method comprising:
acquiring a sha value of a mirror image to be detected;
if the sha value of the mirror image to be detected does not exist in the preset white list, judging whether the sha value of the mirror image to be detected exists in the preset black list or not;
if yes, determining that the mirror image to be detected is a high-risk mirror image, and intercepting the mirror image to be detected;
if not, carrying out risk detection on the mirror image to be detected to obtain a detection result;
and if the detection result indicates that the image to be detected is a high-risk image, intercepting the image to be detected.
2. The method of claim 1, further comprising, prior to the obtaining the sha value of the image to be detected:
judging whether the images are subjected to risk detection in a preset period or not according to each image;
if not, determining the mirror image as the mirror image to be detected.
3. The method of claim 1, wherein performing risk detection on the image to be detected to obtain a detection result comprises:
pulling up the container in the mirror image to be detected to obtain a target mirror image to be detected;
performing risk detection on the target mirror image to be detected by using a detection engine;
if the detection engine detects that the target image to be detected is a high-risk image, a high-risk detection result is generated;
and if the detection engine detects that the target image to be detected is a low-risk image, generating a low-risk detection result.
4. The method of claim 1, further comprising, after intercepting the image to be detected:
if the interception fails, generating alarm information indicating the interception failure;
and sending the alarm information to a user.
5. The method of claim 1, wherein prior to the obtaining the sha value of the image to be detected, the method further comprises:
receiving a detection instruction input by a user;
and determining the mirror image corresponding to the mirror image sha value contained in the detection instruction as a mirror image to be detected.
6. The method of claim 1, further comprising, after intercepting the image to be detected:
and storing the sha value of the mirror image to be detected into the blacklist.
7. An apparatus for detecting a risk of mirroring, the apparatus comprising:
the acquisition unit is used for acquiring the sha value of the mirror image to be detected;
the first judging unit is used for judging whether the preset blacklist has the sha value of the mirror image to be detected or not if the preset whitelist does not have the sha value of the mirror image to be detected;
the first determining unit is used for determining that the mirror image to be detected is a high-risk mirror image if the mirror image to be detected is the high-risk mirror image, and intercepting the mirror image to be detected;
the risk detection unit is used for carrying out risk detection on the mirror image to be detected if not, so as to obtain a detection result;
and the interception unit is used for intercepting the mirror image to be detected if the detection result indicates that the mirror image to be detected is a high-risk mirror image.
8. The apparatus of claim 7, wherein the apparatus further comprises:
the second judging unit is used for judging whether the mirror images are subjected to risk detection in a preset period or not according to each mirror image;
and the second determining unit is used for determining that the mirror image is the mirror image to be detected if not.
9. The apparatus of claim 7, wherein the risk detection unit comprises:
the pulling-up module is used for pulling up the container in the mirror image to be detected to obtain a target mirror image to be detected;
the detection module is used for detecting risk of the target mirror image to be detected by using a detection engine;
the first generation module is used for generating a high-risk detection result if the detection engine detects that the target image to be detected is a high-risk image;
and the second generation module is used for generating a low-risk detection result if the detection engine detects that the target image to be detected is a low-risk image.
10. The apparatus of claim 7, wherein the apparatus further comprises:
the generating unit is used for generating alarm information indicating interception failure if the interception fails;
and the sending unit is used for sending the alarm information to the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311594172.1A CN117573284A (en) | 2023-11-27 | 2023-11-27 | Method and device for detecting mirror image risk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311594172.1A CN117573284A (en) | 2023-11-27 | 2023-11-27 | Method and device for detecting mirror image risk |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117573284A true CN117573284A (en) | 2024-02-20 |
Family
ID=89863989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311594172.1A Pending CN117573284A (en) | 2023-11-27 | 2023-11-27 | Method and device for detecting mirror image risk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117573284A (en) |
-
2023
- 2023-11-27 CN CN202311594172.1A patent/CN117573284A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3777076B1 (en) | Service identification of ransomware impact at account level | |
| USRE47558E1 (en) | System, method, and computer program product for automatically identifying potentially unwanted data as unwanted | |
| EP2999188B1 (en) | Method, server, and client for securely accessing web application | |
| US9104872B2 (en) | Memory whitelisting | |
| CN103020520A (en) | Enterprise-based document security detection method and system | |
| US20040088565A1 (en) | Method of identifying software vulnerabilities on a computer system | |
| CN102810138A (en) | Method and system for restoring files of clients | |
| CN107426173B (en) | File protection method and device | |
| US11347847B2 (en) | Cloud-based malware detection | |
| CN103281325A (en) | Method and device for processing file based on cloud security | |
| US8176555B1 (en) | Systems and methods for detecting malicious processes by analyzing process names and process characteristics | |
| CN102945349A (en) | Method and device for processing unknown files | |
| US11019497B2 (en) | Apparatus and method for managing risk of malware behavior in mobile operating system and recording medium for perform the method | |
| CN102945348A (en) | Method and device for collecting file information | |
| CN105814861B (en) | Apparatus and method for transmitting data | |
| CN103049697A (en) | File detection method and system for enterprises | |
| CN110881051A (en) | Security risk event processing method, device, equipment and storage medium | |
| US20130276106A1 (en) | System, method, and computer program product for verifying an identification of program information as unwanted | |
| CN104966020B (en) | The anti-virus cloud detection method of optic and system of feature based vector | |
| CN104021338A (en) | Method, device and system for startup item detection | |
| US10210339B2 (en) | Cancellation requests | |
| CN102982279A (en) | Computer aided design virus infection prevention system and computer aided design virus infection prevention method | |
| CN117573284A (en) | Method and device for detecting mirror image risk | |
| CN110955894B (en) | Malicious content detection method and device, electronic equipment and readable storage medium | |
| CN106104553A (en) | For detecting the equipment distorted and the method for program code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |