CN117668861A - Object operation method and device, electronic equipment and computer readable storage medium - Google Patents
Object operation method and device, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN117668861A CN117668861A CN202211005700.0A CN202211005700A CN117668861A CN 117668861 A CN117668861 A CN 117668861A CN 202211005700 A CN202211005700 A CN 202211005700A CN 117668861 A CN117668861 A CN 117668861A
- Authority
- CN
- China
- Prior art keywords
- target object
- user program
- operation method
- program
- operate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000003860 storage Methods 0.000 title claims abstract description 19
- 230000004044 response Effects 0.000 claims abstract description 6
- 238000013507 mapping Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The present disclosure provides an object operation method, including: determining whether the operated target object is a protected object or not in response to an operation request of the user program; judging whether the user program has the authority to operate the target object or not under the condition that the target object is a protected object; and executing the operation corresponding to the operation request on the target object under the condition that the user program has the authority to operate the target object. The present disclosure also provides an object operating apparatus, an electronic device, and a computer-readable storage medium.
Description
Technical Field
The present disclosure relates to the field of computer security technology, and in particular, to an object operation method, an object operation device, an electronic apparatus, and a computer-readable storage medium.
Background
Currently, in the linux system, there are two known measures for protecting a data file: firstly, feature information of an original file is needed, or fragment information of the original file is extracted, then encryption or other processing is carried out, a group of verification information is obtained and stored, and whether the verification information of the original file is consistent with the verification information or not is obtained through a technical means; second, the address information of the interrupt service routine is utilized to modify the currently stored routine address information in the file operation table and the inode operation table, so that the routine address information in the file operation table and the inode operation table is consistent with the address information of the interrupt service routine.
The first approach has the disadvantage that the verification information needs to be extracted for each file to be protected, the extraction, calculation and storage all need to consume CPU resources, and the real-time monitoring cannot be performed, and only the intrusion can be verified afterwards. The second approach has the disadvantage of requiring acquisition of each protected file, setting of routine address information, and poor flexibility.
Disclosure of Invention
Embodiments of the present disclosure provide an object operation method, an object operation apparatus, an electronic device, and a computer-readable storage medium.
As a first aspect of the present disclosure, there is provided an object operation method including:
determining whether the operated target object is a protected object or not in response to an operation request of the user program;
judging whether the user program has the authority to operate the target object or not under the condition that the target object is a protected object;
and executing the operation corresponding to the operation request on the target object under the condition that the user program has the authority to operate the target object.
As a second aspect of the present disclosure, there is provided an object operation device including:
the permission judging module is used for responding to an operation request of a user program, determining whether an operated target object is a protected object or not, and judging whether the user program has permission for operating the target object or not under the condition that the target object is the protected object or not;
and the execution module is used for executing the operation corresponding to the operation request on the target object under the condition that the user program has the authority to operate the target object.
As a third aspect of the present disclosure, there is provided an electronic apparatus including:
a memory having an executable program stored thereon;
one or more processors, when the first one or more processors call the executable program, are capable of implementing the object operation method provided in the first aspect of the present disclosure.
As a fourth aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon an executable program that, when called, is capable of implementing the object operation method according to the first aspect of the present disclosure.
When a user program wants to operate on a target object, it is first determined whether the target object is a protected object, and when the target object is a protected object, it is further determined whether the user program has authority to operate the target object. And executing the operation corresponding to the operation request on the target object only when the user program sending the operation request is determined to have the authority to operate the protected target object. And if the user program sending the operation request does not have the authority to operate the protected target object, not allowing the operation request to operate the protected target object. Therefore, in the present disclosure, an object to be protected (the object may be a directory or a file) may be flexibly configured as needed, feature information of the protected object may not be extracted, content or storage form of the protected object may not be concerned, and system load may not be increased.
Drawings
FIG. 1 is a flow diagram of one embodiment of a method of object operation provided by the present disclosure;
FIG. 2 is a flow diagram of another embodiment of the object manipulation method provided by the present disclosure;
FIG. 3 is a flow diagram of yet another embodiment of the object manipulation method provided by the present disclosure;
FIG. 4 is a block diagram of one embodiment of an object handling apparatus provided by the present disclosure;
fig. 5 is a block diagram of another embodiment of the subject manipulation device provided by the present disclosure.
Detailed Description
In order to better understand the technical solutions of the present disclosure, the following describes in detail an object operation method, an object operation device, an electronic apparatus, and a computer-readable storage medium provided by the present disclosure with reference to the accompanying drawings.
Example embodiments will be described more fully hereinafter with reference to the accompanying drawings, but may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Embodiments of the disclosure and features of embodiments may be combined with each other without conflict.
As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and the present disclosure, and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
As a first aspect of the present disclosure, there is provided an object operation method, as shown in fig. 1, including:
in step S110, in response to an operation request of the user program, it is determined whether the operated target object is a protected object;
in step S120, if the target object is a protected object, determining whether the user program has authority to operate the target object;
in step S130, in a case where the user program has authority to operate the target object, an operation corresponding to the operation request is performed on the target object.
It should be noted that, the object of the operation required by the operation request is the target object. When a user program wants to operate on a target object, it is first determined whether the target object is a protected object, and when the target object is a protected object, it is further determined whether the user program has authority to operate the target object. And executing the operation corresponding to the operation request on the target object only when the user program sending the operation request is determined to have the authority to operate the protected target object. And if the user program sending the operation request does not have the authority to operate the protected target object, not allowing the operation request to operate the protected target object. Therefore, in the present disclosure, an object to be protected (the object may be a directory or a file) may be flexibly configured as needed, feature information of the protected object may not be extracted, content or storage form of the protected object may not be concerned, and system load may not be increased.
As an alternative embodiment, performing the operation corresponding to the operation request may include calling a function in a system call table. For Linux systems, the function may be a key function in a system call function table, for example, a key file or directory operation function such as open, write, link, unlink.
In the present disclosure, there is no particular limitation on how to determine whether the target object is a protected object. For example, unprotected objects may be restricted by way of setting a blacklist. If the operation request requires that the target object of the operation is not in the blacklist, the target object is indicated as a protected object.
Of course, the present disclosure is not limited thereto. A user program with an operating protected object may also be defined by means of a configuration whitelist. That is, as another alternative embodiment, as shown in fig. 2, the object operation repetition may further include, before step S110:
in step S100, the white list issued in the user state is received in the kernel state.
In the present disclosure, the whitelist is generated in the user mode, and the whitelist includes identification information of a plurality of objects, and a mapping relationship between identification information of each object and identification information of a trusted program corresponding to each object, where the objects allow the trusted program of the object to operate.
Accordingly, the determining in step S110 whether the operated target object is a protected object may specifically include:
and matching in a white list according to the identification information of the target object, wherein the target object is judged to be a protected object under the condition that the identification information of the target object is matched in the white list.
In the present disclosure, the identification information of the target object is not particularly limited, and for example, the identification information of the target object may be the name of the target object. The names of the plurality of protected objects are listed in the white list.
In the present disclosure, there is no particular limitation on how to determine whether the user program has the right to operate the target object. For example, a user program that does not allow the operation of the target object may be defined by setting a blacklist. In the embodiment where the white list is configured, the "determining whether the user program has the authority to operate the target object" in step S120 may specifically include:
in the kernel mode, under the condition that the identification information of the user program exists in the identification information of the trusted program corresponding to the target object based on the mapping relation, the user program is judged to have the authority to operate the target object.
Accordingly, if the identification information of the user program is not matched, it is determined that the user program does not have the authority to operate the target object.
It should be noted that the user program here is a program that issues an operation request.
In the present disclosure, the identification information of the security program is not particularly limited. As an alternative embodiment, the identification information of the trusted program is the name of the trusted program.
For Linux systems, a configuration table including the whitelist may be configured in a user state. Accordingly, the whitelist may be obtained by receiving the configuration table issued in the user state in the kernel state.
In the present disclosure, the configuration table may be preconfigured. Thus, before the configuration table issued in the user state is received in the kernel state, the object operation method further includes:
and generating the configuration table in the user state.
In the present disclosure, there is no particular limitation on how to obtain the white list of the target object issued in the user mode. For example, a white list of the target object sent in the user state can be obtained through netlink. For another example, the white list of the target object may also be obtained by any of a shared memory, a pipeline, a message queue, and the like.
In the present disclosure, in order to alert the operator, optionally, as shown in fig. 3, the object operation method further includes:
in step S140, in case the user program does not have the right to operate the target object, an alert message is returned to the user program.
In the present disclosure, the content of the warning information is not particularly limited. For example, the alert information may include a reason for not allowing the user program to operate the target object. For another example, the alert information may also include the name of the user program that is not allowed to operate (e.g., the name of an illegal process or the name of an illegal script), and the name of the protected target object (e.g., directory or file).
In order to facilitate the server to analyze the cause of the illegal access, as shown in fig. 3, after returning the alarm information to the user program, the object operation method further includes:
in step S150, the alarm information is stored;
in step S160, the stored alarm information is transmitted to the server.
In the present disclosure, the generated alarm information may be transmitted to the server every time one alarm information is generated, or all the collected alarm information may be transmitted to the server together at a predetermined time every day. In the present disclosure, alert information may be stored in a formatted form in the current electronic device. And uploading the stored alarm information to a server through sftp, and performing intrusion detection examination.
As described above, the target object includes a target directory and/or a target file.
As described above, the user program includes a user-oriented process and/or a user-oriented script.
As a second aspect of the present disclosure, there is provided an object operation device, as shown in fig. 4, including:
a permission judging module 210, wherein the permission judging module 210 is configured to determine whether a target object to be operated is a protected object in response to an operation request of a user program, and the permission judging module is further configured to judge whether the user program has permission to operate the target object if the target object is the protected object;
and an execution module 220, where the execution module 220 is configured to execute, in a case where the user program has a right to operate the target object, an operation corresponding to the operation request on the target object.
The object operation device is configured to execute the above object operation method provided by the present disclosure, and the above object operation method has been described in detail, which is not described herein.
As described above, the protected objects, and the trusted program that allows operation of the protected objects, may be defined by way of a configuration whitelist. Accordingly, the object manipulating apparatus may further include a configuration module 230, where the configuration module 230 is located in a user state, and the configuration module 230 is configured to configure a whitelist and issue the whitelist to the rights judging module 210. Wherein the whitelist includes identification information of a plurality of objects, and a mapping relationship between each object identification information and identification information of a trusted program corresponding to each object, wherein the objects are allowed to be operated by the trusted program of the object, as described above.
Accordingly, in the present disclosure, the permission determination module 210 is in a kernel mode, and the permission determination module 210 is configured to perform matching in a white list according to the identification information of the target object, and determine that the target object is a protected object if the identification information of the target object is matched in the white list.
Accordingly, the permission judging module 210 is further configured to judge that the user program has permission to operate the target object based on the fact that the mapping relationship matches that the identification information of the trusted program corresponding to the target object exists in the identification information of the user program.
In this disclosure, the configuration module 230 configures the whitelist means that the configuration module 230 may configure a user program (utilized, an application program, or a script) capable of operating (e.g., accessing, modifying, writing, etc.) a certain object (e.g., a directory or a file) of the system. In other words, the configuration module 230 may configure a user program that mainly includes protected objects, and may operate on individual objects.
The permission judging module 210 queries whether the target object is a protected object according to the configuration table issued by the configuration module 230, and further queries the trusted program of the target object if the target object is a protected object, and judges whether the user program has permission to operate the target object, which is equivalent to checking the validity of the user program to operate the protected target object, and the basis of the detection is the whitelist issued by the configuration module 230. If a certain application or script is allowed to operate a certain object in the white list, the execution module 220 executes the operation flow of the system itself; if the white list is not allowed, then no application or script is allowed to operate on the object. The script may include shell, perl, python, among others.
As an alternative embodiment, the object handling apparatus may further include an alarm module 240. The permission judging module 210 is further configured to send an alarm prompt message to the alarm module 240 when it is detected that the user program does not have permission to operate the target object; accordingly, the alarm module 240 is configured to generate alarm information after receiving the alarm prompt information.
As described above, the alert information may include the name of the illegal process or script, and the protected directory or file name of its operation.
In the present disclosure, by constructing the permission judging module 210, before the user program operates the directory or the file (operations include opening the file, writing the file, renaming, linking the file, creating the directory, deleting the directory, modifying the permission, modifying the user and group to which the file belongs, etc.), it is checked whether the related process is legal and can operate the related directory or file according to the white list in the file access configuration table.
As shown in FIG. 5, the permission determination module 210 is in the Linux kernel mode, and the alarm module 240 and the configuration module 230 are both in the userbar. At a system call function entry, acquiring a directory (i.e., a target object) of a file to be operated and a file name thereof; and searching whether the access strategy of the directory or the file exists in the configuration table, if so, acquiring the directory where the process application program file exists according to the calling process pid, and finally searching whether the application program has the authority for operating the directory or the file in the configuration table. If the operation is legal, the operation flow is continued, and if the operation is illegal, illegal operation information is sent to the alarm module 240.
That is, the configuration module 230 mainly performs the white list configuration for file intrusion detection, i.e. a certain directory or file may be accessed by a certain trusted application or script.
The white list configuration form is as follows:
rule sequence number: a sequence number indicating white list configuration;
process name: refers to the name of an application that can access a certain directory or file; the application program can be a binary executable file or shell, perl, python script;
directory name: refer to the protected directory name;
file name: refer to the file name under the protected directory, identify the directory and all files under the sub-directory
The alarm module 240 has a main function of completing the structured output of illegal operation information in the permission judging module 210 and storing the illegal operation information in a system in a file form.
Specifically, when the rights judgment module 210 detects that the protected directory or file is operated by the untrusted application program or script, the rights judgment module timely collects the name of the intrusion program and the information of the protected directory or file, sends the information of the intrusion program and the information of the protected directory or file to the application layer alarm collection module, and after receiving the information of illegal operation, the alarm module 240 stores the information in a file system in a formatted form and uploads the information to a remote server through sftp for intrusion detection and examination.
As a third aspect of the present disclosure, there is provided an electronic apparatus including:
a memory having an executable program stored thereon;
one or more processors, when the first one or more processors call the executable program, are capable of implementing the object operation method provided in the first aspect of the present disclosure.
As an optional implementation manner, the electronic device may be a streaming media server, where after the server is invaded, the deletion or tampering of key files such as media, database, version, etc. may be prevented by using the object operation method, and related illegal operations may be prohibited.
As another alternative implementation manner, the electronic device may be a web server, and when a client needs to access a file in the web server, the object operation method may check whether an accessed process is legal, and allow access to a related file. The invention can rapidly configure the related process and the protected catalogue or file, and can isolate different service processes to access different catalogues or files.
As a fourth aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon an executable program, which when called, is capable of implementing the object operation method provided in the first aspect of the present disclosure.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, functional modules/units in the apparatus, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
Example embodiments have been disclosed herein, and although specific terms are employed, they are used and should be interpreted in a generic and descriptive sense only and not for purpose of limitation. In some instances, it will be apparent to one skilled in the art that features, characteristics, and/or elements described in connection with a particular embodiment may be used alone or in combination with other embodiments unless explicitly stated otherwise. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the disclosure as set forth in the appended claims.
Claims (13)
1. An object operation method, comprising:
determining whether the operated target object is a protected object or not in response to an operation request of the user program;
judging whether the user program has the authority to operate the target object or not under the condition that the target object is a protected object;
and executing the operation corresponding to the operation request on the target object under the condition that the user program has the authority to operate the target object.
2. The object operation method according to claim 1, wherein before the determination of whether the operated target object is a protected object in response to an operation request of a user program, the object operation method further comprises:
and receiving a white list issued by a user mode in a kernel mode, wherein the white list is generated in the user mode, and comprises identification information of a plurality of objects and mapping relations between the identification information of each object and the identification information of a trusted program corresponding to each object, wherein the objects allow the trusted program of the objects to operate.
3. The object operation method according to claim 2, wherein the determining whether the operated target object is a protected object includes:
and matching in a white list according to the identification information of the target object, wherein the target object is judged to be a protected object under the condition that the identification information of the target object is matched in the white list.
4. The object operation method according to claim 2, wherein the determining whether the user program has authority to operate the target object comprises:
in the kernel mode, under the condition that the identification information of the user program exists in the identification information of the trusted program corresponding to the target object based on the mapping relation, the user program is judged to have the authority to operate the target object.
5. The object operation method according to claim 1, wherein the object operation method further comprises:
and returning alarm information to the user program under the condition that the user program does not have the authority to operate the target object.
6. The object operation method according to claim 5, wherein after returning alert information to the user program, the object operation method further comprises:
storing the alarm information;
and sending the stored alarm information to a server.
7. The object operation method according to any one of claims 1 to 6, wherein the target object includes a target directory and/or a target file.
8. The object operation method according to any one of claims 1 to 6, wherein the user program includes a user-oriented process and/or a user-oriented script.
9. An object handling device comprising:
the permission judging module is used for responding to an operation request of a user program, determining whether an operated target object is a protected object or not, and judging whether the user program has permission for operating the target object or not under the condition that the target object is the protected object or not;
and the execution module is used for executing the operation corresponding to the operation request on the target object under the condition that the user program has the authority to operate the target object.
10. The object handling device according to claim 9, which is special, the object handling device further comprising:
the configuration module is located in a user state and is used for configuring a white list and issuing the white list to the permission judging module, wherein the white list comprises identification information of a plurality of objects and mapping relations between the identification information of each object and identification information of a trusted program corresponding to each object, and the objects allow the trusted program of the objects to operate;
the permission judging module is used for matching in a white list according to the identification information of the target object, and judging that the target object is a protected object under the condition that the identification information of the target object is matched in the white list.
11. The object handling device according to claim 9 or 10, further comprising an alarm module,
the permission judging module is also used for sending out warning prompt information to the warning module under the condition that the user program is detected not to have permission to operate the target object;
the alarm module is used for generating alarm information after receiving the alarm prompt information.
12. An electronic device, the electronic device comprising:
a memory having an executable program stored thereon;
one or more processors, which when invoking the executable program, are capable of implementing the object operation method of any one of claims 1 to 8.
13. A computer-readable storage medium having stored thereon an executable program, which when called, is capable of implementing the object operation method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211005700.0A CN117668861A (en) | 2022-08-22 | 2022-08-22 | Object operation method and device, electronic equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211005700.0A CN117668861A (en) | 2022-08-22 | 2022-08-22 | Object operation method and device, electronic equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117668861A true CN117668861A (en) | 2024-03-08 |
Family
ID=90070063
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211005700.0A Pending CN117668861A (en) | 2022-08-22 | 2022-08-22 | Object operation method and device, electronic equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117668861A (en) |
-
2022
- 2022-08-22 CN CN202211005700.0A patent/CN117668861A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108446407B (en) | Database auditing method and device based on block chain | |
| US11354446B2 (en) | Peer integrity checking system | |
| CN111614656B (en) | Credible management method and device for cross-link data and electronic equipment | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN112035472B (en) | Data processing method, device, computer equipment and storage medium | |
| CN110647750B (en) | File integrity measurement method and device, terminal and security management center | |
| US20130014260A1 (en) | Apparatus, system, and method for preventing infection by malicious code | |
| WO2021121382A1 (en) | Security management of an autonomous vehicle | |
| CN109062965B (en) | Big data analysis system, server, data processing method and storage medium | |
| US20160335433A1 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| CN113779545A (en) | Data cross-process sharing method, terminal equipment and computer readable storage medium | |
| US20100162349A1 (en) | Content protection device, content protection method, and computer readable medium | |
| CN105183799B (en) | Authority management method and client | |
| CN109784051B (en) | Information security protection method, device and equipment | |
| CN117668861A (en) | Object operation method and device, electronic equipment and computer readable storage medium | |
| US20210067554A1 (en) | Real-time notifications on data breach detected in a computerized environment | |
| CN113518055B (en) | Data security protection processing method and device, storage medium and terminal | |
| WO2016180134A1 (en) | Method and apparatus for managing information security specification library | |
| CN114186278A (en) | Database abnormal operation identification method and device and electronic equipment | |
| CN115221136A (en) | Log tamper-proof verification system, method and device and computer equipment | |
| CN106911678B (en) | Virus detection method and device | |
| CN103971065A (en) | Method and device used for preventing data tampering | |
| RU2700185C1 (en) | Method for detecting hidden software in a computing system operating under a posix-compatible operating system | |
| US11875306B1 (en) | System and method for agentless application inventory detection | |
| CN112947864B (en) | Metadata storage method, apparatus, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |