技术领域technical field
本发明涉及保密文件监控技术,具体的说是一种智能监控保密文件的系统和方法。The invention relates to a confidential file monitoring technology, in particular to a system and method for intelligently monitoring a confidential file.
背景技术Background technique
传统的安全技术领域中,对文件的防护方式,一般是隔一段时间检测一下文件的MD5值。若文件的MD5发生改变,则表示文件被修改了。这种检测文件是否被修改的方式,在某些场景有些过时,或者说作用受到限制,用户无法实时发现文件被修改过。In the traditional security technology field, the way to protect files is generally to check the MD5 value of the file at intervals. If the MD5 of the file changes, it means that the file has been modified. This method of detecting whether a file has been modified is outdated in some scenarios, or its function is limited, and users cannot find that the file has been modified in real time.
在目前文件是否被修改的判断技术中,通过查看其MD5值是否发生改变,通常需要用户每天定时检测一次,并查看检测结果,操作起来非常繁琐,耗费用户大量精力和时间。并且,由于文件的MD5值过于单一,不能够全面的代表文件的状态,因而不能精确全面的检测文件的修改情况。In the current judging technology of whether a file has been modified, by checking whether its MD5 value has changed, it usually requires the user to regularly check once a day and check the test results. The operation is very cumbersome and consumes a lot of energy and time for the user. Moreover, because the MD5 value of the file is too single, it cannot fully represent the state of the file, so it cannot accurately and comprehensively detect the modification of the file.
发明内容Contents of the invention
本发明针对目前技术发展的需求和不足之处,提供一种智能监控保密文件的系统和方法。The present invention provides a system and method for intelligently monitoring confidential files aiming at the needs and deficiencies of the current technological development.
本发明所述一种智能监控保密文件的系统和方法,解决上述技术问题采用的技术方案如下:所述智能监控保密文件的方法,包括:A system and method for intelligently monitoring confidential files according to the present invention, the technical solution adopted to solve the above technical problems is as follows: The method for intelligently monitoring confidential files includes:
步骤1)动态监测用户指定的特殊文件;Step 1) Dynamically monitor the special files specified by the user;
跟踪用户指定的特殊文件状态,通过智能检测引擎发现特殊文件,是否被修改、执行或打开,并报告给用户;Track the status of the special file specified by the user, find out whether the special file is modified, executed or opened through the intelligent detection engine, and report to the user;
步骤2)判断指定文件是否被修改;Step 2) Determine whether the specified file has been modified;
通过计算指定文件的特征值进行判断文件是否被修改,若文件当前的特征值和基本特征值不一样,则文件被修改;Determine whether the file has been modified by calculating the characteristic value of the specified file. If the current characteristic value of the file is different from the basic characteristic value, the file is modified;
步骤3)智能拦截;Step 3) Intelligent interception;
用户在收到检测程序的报告时,选择拦截或者放过手段。When the user receives the report from the detection program, he chooses to block or let go.
进一步,该智能检测引擎在window、linux、嵌入式多个系统平台上运行,实时监测出系统的修改与变化;将未知行为的病毒或网络攻击进行智能分类,并阻止,通过实际鉴别,根据用户一般经验进行应用程序行为跟踪。Further, the intelligent detection engine runs on windows, linux, and embedded multiple system platforms, and monitors system modifications and changes in real time; intelligently classifies and blocks unknown viruses or network attacks, and through actual identification, according to user General experience with application behavior tracking.
进一步,步骤2)通过计算指定文件的shal值、sha256值、MD5值进行判断文件是否被修改,若文件当前的特征值和基本特征值不一致,则文件被修改,否则文件未被修改。Further, step 2) judges whether the file has been modified by calculating the shal value, sha256 value, and MD5 value of the specified file. If the current characteristic value of the file is inconsistent with the basic characteristic value, the file is modified, otherwise the file is not modified.
进一步,步骤3)通过监控操作系统的执行动作,来分析应用程序的行为,掌握操作系统的动作实时对攻击进行拦截。Further, step 3) analyzes the behavior of the application program by monitoring the execution actions of the operating system, and grasps the actions of the operating system to intercept attacks in real time.
进一步,还包括步骤4)冻结文件;Further, step 4) freezing the file is also included;
智能感知到特殊文件的特征值发生变化后,暂时冻结对特殊文件的修改,并向用户报告,等待用户处理。After IntelliSense detects that the characteristic value of a special file has changed, it temporarily freezes the modification of the special file, reports it to the user, and waits for the user to process.
本发明提出的一种智能监控保密文件的系统,包括:A system for intelligently monitoring confidential files proposed by the present invention includes:
监测模块,用于动态监测用户指定的特殊文件;The monitoring module is used to dynamically monitor the special files specified by the user;
通过智能检测引擎发现用户指定的特殊文件,是否被修改、执行或打开,并报告给用户;Use the intelligent detection engine to discover whether the special file specified by the user has been modified, executed or opened, and report to the user;
判断模块,用于判断指定文件是否被修改;A judging module, used to judge whether the specified file has been modified;
通过计算指定文件的特征值进行判断文件是否被修改,若文件当前的特征值和基本特征值不一样,则文件被修改;Determine whether the file has been modified by calculating the characteristic value of the specified file. If the current characteristic value of the file is different from the basic characteristic value, the file is modified;
拦截模块,当用户在收到检测程序的报告时,用于选择拦截或放过手段。Interception module, when the user receives the report of the detection program, it is used to choose to intercept or let go.
进一步,该智能检测引擎在window、linux、嵌入式多个系统平台上运行,实时监测出系统的修改与变化;将未知行为的病毒或网络攻击进行智能分类,并阻止,通过实际鉴别,根据用户一般经验进行应用程序行为跟踪。Further, the intelligent detection engine runs on windows, linux, and embedded multiple system platforms, and monitors system modifications and changes in real time; intelligently classifies and blocks unknown viruses or network attacks, and through actual identification, according to user General experience with application behavior tracking.
进一步,通过计算指定文件的shal值、sha256值、MD5值进行判断文件是否被修改,若文件当前的特征值和基本特征值不一致,则文件被修改,否则文件未被修改。Further, by calculating the shal value, sha256 value, and MD5 value of the specified file, it is judged whether the file has been modified. If the current characteristic value of the file is inconsistent with the basic characteristic value, the file is modified, otherwise the file is not modified.
进一步,通过监控操作系统的执行动作,来分析应用程序的行为,掌握操作系统的动作实时对攻击进行拦截。Further, by monitoring the execution actions of the operating system, the behavior of the application program is analyzed, and the actions of the operating system are grasped to intercept attacks in real time.
进一步,还包括冻结模块;Further, the freezing module is also included;
智能感知到特殊文件的特征值发生变化后,暂时冻结对特殊文件的修改,并向用户报告,等待用户处理。After IntelliSense detects that the characteristic value of a special file has changed, it temporarily freezes the modification of the special file, reports it to the user, and waits for the user to process.
本发明所述一种智能监控保密文件的系统和方法,与现有技术相比具有的有益效果是:本发明可以动态感知操作系统对某一定保护文件的修改动作,避免传统定时检测文件的繁琐,提高了检测效率,极大节省了人员精力;采用三种加密算法计算特征值,判断文件是否被修改,较单一算法提高了判断精确率和全面性; 能够暂时冻结对特殊文件的修改,等待用户处理,可以预防很多未知病毒和未知攻击,可实现恶意程序攻击拦截,对于未知病毒的防护有着高效的拦截效果,实现对传统的病毒库无法阻止的未知病毒的攻击。Compared with the prior art, the system and method for intelligently monitoring confidential files described in the present invention have the following beneficial effects: the present invention can dynamically perceive the modification action of a certain protected file by the operating system, avoiding the cumbersome traditional timed detection of files , which improves the detection efficiency and greatly saves the energy of personnel; uses three encryption algorithms to calculate the characteristic value and judge whether the file has been modified, which improves the accuracy and comprehensiveness of the judgment compared with a single algorithm; it can temporarily freeze the modification of special files and wait User processing can prevent many unknown viruses and unknown attacks, and can realize the interception of malicious program attacks. It has an efficient interception effect on the protection of unknown viruses, and realizes the attacks of unknown viruses that cannot be prevented by traditional virus databases.
附图说明Description of drawings
为了更清楚的说明本发明实施例或现有技术中的技术内容,下面对本发明实施例或现有技术中所需要的附图做简单介绍。显而易见的,下面所描述附图仅仅是本发明的一部分实施例,对于本领域技术人员来说,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图,但均在本发明的保护范围之内。In order to more clearly illustrate the technical content in the embodiment of the present invention or the prior art, the following briefly introduces the drawings required in the embodiment of the present invention or the prior art. Obviously, the drawings described below are only part of the embodiments of the present invention. For those skilled in the art, other drawings can also be obtained according to these drawings without creative work, but they are all described in this within the scope of protection of the invention.
附图1为实施例1智能监控保密文件的方法的流程图。Accompanying drawing 1 is the flowchart of the method for intelligently monitoring confidential files in Embodiment 1.
具体实施方式detailed description
为使本发明的技术方案、解决的技术问题和技术效果更加清楚明白,以下结合具体实施例,对本发明的技术方案进行清查、完整的描述,显然,所描述的实施例仅仅是本发明的一部分实施例,而不是全部的实施例。基于本发明的实施例,本领域技术人员在没有做出创造性劳动的前提下获得的所有实施例,都在本发明的保护范围之内。In order to make the technical solution of the present invention, the technical problem solved and the technical effect clearer, the technical solution of the present invention is checked and fully described below in conjunction with specific embodiments. Obviously, the described embodiments are only a part of the present invention Examples, not all examples. Based on the embodiments of the present invention, all embodiments obtained by those skilled in the art without making creative efforts are within the protection scope of the present invention.
实施例1:Example 1:
本实施例提出一种智能监控保密文件的方法,其实现流程包括:This embodiment proposes a method for intelligently monitoring confidential files, and its implementation process includes:
步骤1)动态监测用户指定的特殊文件;Step 1) Dynamically monitor the special files specified by the user;
具体的,跟踪用户指定的特殊文件状态,通过智能检测引擎发现特殊文件,是否被修改、执行或打开,并报告给用户。Specifically, track the status of the special file specified by the user, find out whether the special file is modified, executed or opened through the intelligent detection engine, and report to the user.
进一步,该智能检测引擎具有轻量的体积,只需使用系统很少的资源便可运行,不需要占用系统太多资源,能够实时检测到系统的修改。智能检测引擎可以在window、linux、嵌入式等多个系统平台上运行,实时监测出系统的修改与变化,具有跨平台性、实时性。Further, the intelligent detection engine has a light size, can run with only a few resources of the system, does not need to occupy too many resources of the system, and can detect system modifications in real time. The intelligent detection engine can run on multiple system platforms such as window, linux, and embedded, and monitor the modification and change of the system in real time, which is cross-platform and real-time.
步骤2)判断指定文件是否被修改;Step 2) Determine whether the specified file has been modified;
具体的,通过计算指定文件的特征值进行判断文件是否被修改,若文件当前的特征值和基本特征值不一样,则文件被修改;若文件当前的特征值和基本特征值一样,则文件未被修改。基本特征值是指,用户在设置保护文件时,对所保护的文件采集的一个特征值。Specifically, it is judged whether the file has been modified by calculating the characteristic value of the specified file. If the current characteristic value of the file is different from the basic characteristic value, the file is modified; if the current characteristic value of the file is the same as the basic characteristic value, the file is not modified. The basic characteristic value refers to a characteristic value collected by the user for the protected file when setting the protected file.
步骤3)智能拦截;Step 3) Intelligent interception;
具体的,用户在收到检测程序的报告时,可以选择拦截或者放过等手段。传统的检测技术,动态监测系统程序变化,在windows和linux下都可以实时监控程序的行为,安装、更新或卸载应用程序,都可以通过编码的形式实现操作系统的程序监控。通过监控操作系统的执行动作,来分析应用程序的行为,进而掌握操作系统的动作实时对攻击进行拦截。Specifically, when the user receives the report from the detection program, he can choose to intercept or let it go. The traditional detection technology dynamically monitors system program changes, and can monitor program behavior in real time under both windows and linux. Installing, updating or uninstalling applications can realize program monitoring of the operating system in the form of coding. By monitoring the execution actions of the operating system, the behavior of the application program is analyzed, and then the actions of the operating system are mastered to intercept attacks in real time.
附图1为实施例1智能监控保密文件的方法的流程图,如附图1所示,首先跟踪文件状态,开启智能检测引擎监测用户设定的文件,然后通过计算设定文件的特征值智能分析判断文件是否被修改,通过监控操作系统的执行动作,分析应用程序的动作类型,并报告给用户,由用户选择放行或阻止。Accompanying drawing 1 is the flow chart of the method for intelligently monitoring confidential files in embodiment 1, as shown in accompanying drawing 1, firstly track file status, open the intelligent detection engine to monitor the file set by the user, and then set the feature value intelligence of the file by calculating Analyze and judge whether the file has been modified, by monitoring the execution actions of the operating system, analyze the action type of the application program, and report to the user, and the user can choose to allow or block it.
本实施例还提出了一种智能监控保密文件的系统,其技术内容与实施例1智能监控保密文件的方法可以相互参照,包括:This embodiment also proposes a system for intelligently monitoring confidential files, and its technical content can be cross-referenced with the method for intelligently monitoring confidential files in Embodiment 1, including:
监测模块,用于动态监测用户指定的特殊文件;The monitoring module is used to dynamically monitor the special files specified by the user;
具体的,用户指定的特殊文件包括用户的保密文件。通过智能检测引擎发现文件被修改、执行或打开,并报告给用户。Specifically, the special file specified by the user includes the user's confidential file. It is found that the file is modified, executed or opened through the intelligent detection engine, and reported to the user.
判断模块,用于判断指定文件是否被修改;A judging module, used to judge whether the specified file has been modified;
具体的,通过计算指定文件的特征值进行判断文件是否被修改,若文件当前的特征值和基本特征值一样,则未被修改;若文件当前的特征值和基本特征值不一样,则被修改。Specifically, determine whether the file has been modified by calculating the characteristic value of the specified file. If the current characteristic value of the file is the same as the basic characteristic value, it has not been modified; if the current characteristic value of the file is different from the basic characteristic value, it has been modified. .
拦截模块,当用户在收到检测程序的报告时,用于选择拦截或放过等手段;Intercept module, when the user receives the report of the detection program, it is used to choose to intercept or let go;
具体的,通过监控操作系统的执行动作,来分析应用程序的行为,进而掌握操作系统的动作实时对攻击进行拦截。Specifically, by monitoring the execution actions of the operating system, the behavior of the application program is analyzed, and then the actions of the operating system are grasped to intercept attacks in real time.
实施例2:Example 2:
本实施例提出的一种智能监控保密文件的方法,在实施例1的基础上,步骤2)中增加通过文件的shal值、sha256值、MD5值等特征值来判断文件是否被修改,以及冻结文件的步骤,其具体实现过程包括:A method for intelligently monitoring confidential files proposed in this embodiment, on the basis of embodiment 1, in step 2), it is added to judge whether the file has been modified by using the file's shal value, sha256 value, MD5 value and other characteristic values, and to freeze The steps of the file, its specific implementation process includes:
步骤1)动态监测用户指定的特殊文件;Step 1) Dynamically monitor the special files specified by the user;
进一步,若用户指定的特殊文件被修改、执行、打开,则智能检测引擎会发现,并报告给用户。该智能检测引擎,可以将未知行为的病毒或网络攻击进行智能分类,并阻止,通过实际鉴别,根据用户一般经验进行应用程序行为跟踪。Further, if the special file specified by the user is modified, executed, or opened, the intelligent detection engine will find it and report it to the user. The intelligent detection engine can intelligently classify viruses or network attacks with unknown behaviors and prevent them. Through actual identification, the application program behavior is tracked according to the user's general experience.
步骤2)判断指定文件是否被修改;Step 2) Determine whether the specified file has been modified;
具体的,通过计算指定文件的shal值、sha256值、MD5值等特征值进行判断文件是否被修改,若文件当前的特征值和基本特征值一致,则文件未被修改,否则指定文件被修改。Specifically, determine whether the file has been modified by calculating the shal value, sha256 value, MD5 value and other characteristic values of the specified file. If the current characteristic value of the file is consistent with the basic characteristic value, the file has not been modified, otherwise the specified file has been modified.
在步骤2)中判断指定文件是否被修改,与实施例1相比,实施例2通过计算指定文件的三个特征值,并与该文件的基本特征值相比较,来判断指定文件是否修改,增加了文件修改的具体判断因素,提高了文件修改判断的精确性。In step 2), it is judged whether the specified file has been modified. Compared with embodiment 1, embodiment 2 judges whether the specified file is modified by calculating the three characteristic values of the specified file and comparing them with the basic characteristic values of the file. The specific judgment factors of file modification are added, and the accuracy of file modification judgment is improved.
步骤3)智能拦截;Step 3) Intelligent interception;
具体的,当用户在收到检测程序的报告时,用于选择拦截或放过等手段。Specifically, when the user receives the report of the detection program, it is used to choose means such as blocking or letting go.
步骤4)冻结文件;Step 4) Freeze the file;
进一步,智能感知到特殊文件的特征值发生变化后,暂时冻结对特殊文件的修改,并向用户报告,等待用户处理,可以预防很多未知病毒和未知攻击。比如,一个未知病毒或黑客非法访问,修改用户的财务报表或其他相关文件,若用户保护了这一文件,则上述动作会在第一时间被拦截。本发明不会介入操作系统,不会插入操作系统内核,不会为操作系统带来负担。Furthermore, after IntelliSense detects that the characteristic value of a special file has changed, it temporarily freezes the modification of the special file, reports it to the user, and waits for the user to deal with it, which can prevent many unknown viruses and unknown attacks. For example, if an unknown virus or hacker illegally accesses and modifies the user's financial statement or other related files, if the user protects this file, the above actions will be blocked immediately. The present invention does not intervene in the operating system, does not insert into the kernel of the operating system, and does not bring burden to the operating system.
本实施例还提出了一种智能监控保密文件的系统,其技术内容与实施例2智能监控保密文件的方法可以相互参照,包括:This embodiment also proposes a system for intelligently monitoring confidential files, and its technical content can be cross-referenced with the method for intelligently monitoring confidential files in Embodiment 2, including:
监测模块,用于动态监测用户指定的特殊文件;The monitoring module is used to dynamically monitor the special files specified by the user;
进一步,通过智能检测引擎发现用户指定的特殊文件,是否被修改、执行或打开,并报告给用户。该智能检测引擎可以动态感知操作系统对一定保护的文件进行修改等动作,不像传统技术定时或不定时的检测,较盲目,本实施例对特殊文件进行针对性、高效性的检测。Further, through the intelligent detection engine, it is found whether the special file specified by the user has been modified, executed or opened, and reported to the user. The intelligent detection engine can dynamically perceive actions such as modification of a certain protected file by the operating system, unlike the regular or irregular detection of the traditional technology, which is more blind. This embodiment performs targeted and efficient detection of special files.
判断模块,用于判断指定文件是否被修改;A judging module, used to judge whether the specified file has been modified;
具体的,通过计算指定文件的shal值、sha256、MD5值等特征值,进行判断文件是否被修改,若文件当前的特征值与基本特征值一致,则文件未被修改,否则指定文件被修改。针对特殊文件采用了三种以上加密算法进行特征值取值,不再是单一算法,提高了文件修改判断的精确性。Specifically, by calculating the shal value, sha256, MD5 value and other feature values of the specified file, it is judged whether the file has been modified. If the current feature value of the file is consistent with the basic feature value, the file has not been modified, otherwise the specified file has been modified. For special files, more than three encryption algorithms are used for feature value extraction, which is no longer a single algorithm, which improves the accuracy of file modification judgment.
在判断指定文件是否被修改时,通过计算文件的shal值、sha256、MD5值等特征值,并与基本特征值比较来判断文件修改与否;但本发明不仅仅限定于通过这些特征值,通过这些特征值的任意一个或两个,或通过文件的更多特征值,来判断文件是否被修改的方案,均不影响本发明的实现,都在本发明的保护范围之内。When judging whether the specified file is modified, by calculating the eigenvalues such as the shal value, sha256, and MD5 values of the file, and comparing with the basic eigenvalues to determine whether the file is modified; but the present invention is not limited to these eigenvalues, and Any one or two of these feature values, or the solution of judging whether a file has been modified through more feature values of the file, will not affect the implementation of the present invention, and are within the protection scope of the present invention.
拦截模块,当用户在收到检测程序的报告时,用于选择拦截或放过等手段。Interception module, when the user receives the report of the detection program, it is used to choose means such as interception or letting go.
冻结模块,智能感知到特殊文件的特征值发生变化后,暂时冻结对特殊文件的修改,并向用户报告,等待用户处理,可以预防很多未知病毒和未知攻击。The freezing module, after intelligently sensing the change of the characteristic value of the special file, temporarily freezes the modification of the special file, and reports to the user, waiting for the user to process, which can prevent many unknown viruses and unknown attacks.
本实施例提出的智能监控保密文件的系统,在文件被修改以后,能够及时上报给用户哪些文件将要被修改,用户可以选择拦截或放过这些修改动作;当智能感知到文件的特征值发生变化后,将正在执行的动作进行冻结,同时向客户报告这一现象状态,用户根据自己的判断来决定是否允许文件这一修改动作,对于保护特殊文件十分有利。可见,本实施例可实现恶意程序攻击拦截,对于未知病毒的防护有着高效的拦截效果,传统的病毒库无法阻止的工具,通过本实施例也可以实现未知病毒攻击。The system for intelligently monitoring confidential files proposed in this embodiment can promptly report to the user which files will be modified after the file is modified, and the user can choose to intercept or let go of these modification actions; when the intelligent perception of the characteristic value of the file changes Finally, freeze the action being executed, and report the status of the phenomenon to the customer at the same time. The user can decide whether to allow the modification action of the file according to his own judgment, which is very beneficial for protecting special files. It can be seen that this embodiment can realize malicious program attack interception, and has an efficient interception effect on the protection of unknown viruses, and tools that cannot be prevented by traditional virus databases can also implement unknown virus attacks through this embodiment.
以上应用具体个例对本发明的原理及实施方式进行了详细阐述,这些实施例只是用于帮助理解本发明的核心技术内容,并不用于限制本发明的保护范围,本发明的技术方案不限制于上述具体实施方式内。基于本发明的上述具体实施例,本技术领域的技术人员在不脱离本发明原理的前提下,对本发明所作出的任何改进和修饰,皆应落入本发明的专利保护范围。The principles and implementation methods of the present invention have been described in detail with specific examples above. These examples are only used to help understand the core technical content of the present invention, and are not intended to limit the protection scope of the present invention. The technical solutions of the present invention are not limited to In the above-mentioned specific embodiment. Based on the above specific embodiments of the present invention, any improvements and modifications made by those skilled in the art without departing from the principles of the present invention shall fall within the scope of patent protection of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710834982.8ACN107609411A (en) | 2017-09-15 | 2017-09-15 | A kind of system and method for intelligent monitoring classified document |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710834982.8ACN107609411A (en) | 2017-09-15 | 2017-09-15 | A kind of system and method for intelligent monitoring classified document |
| Publication Number | Publication Date |
|---|---|
| CN107609411Atrue CN107609411A (en) | 2018-01-19 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710834982.8APendingCN107609411A (en) | 2017-09-15 | 2017-09-15 | A kind of system and method for intelligent monitoring classified document |
| Country | Link |
|---|---|
| CN (1) | CN107609411A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109871359A (en)* | 2019-03-21 | 2019-06-11 | 国网福建省电力有限公司 | File monitoring system and method |
| CN113672997A (en)* | 2021-10-21 | 2021-11-19 | 统信软件技术有限公司 | A file protection method, computing device and storage medium |
| CN114201370A (en)* | 2022-02-21 | 2022-03-18 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
| CN117634501A (en)* | 2024-01-23 | 2024-03-01 | 青岛理工大学 | A computer file confidentiality inspection method and system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818823A (en)* | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | Computer protecting method based on programm behaviour analysis |
| CN101997832A (en)* | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Safety monitoring device and method for supporting safety monitoring |
| CN104820801A (en)* | 2011-01-04 | 2015-08-05 | 北京奇虎科技有限公司 | Method and device for protecting specified application program |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818823A (en)* | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | Computer protecting method based on programm behaviour analysis |
| CN101997832A (en)* | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Safety monitoring device and method for supporting safety monitoring |
| CN104820801A (en)* | 2011-01-04 | 2015-08-05 | 北京奇虎科技有限公司 | Method and device for protecting specified application program |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109871359A (en)* | 2019-03-21 | 2019-06-11 | 国网福建省电力有限公司 | File monitoring system and method |
| CN113672997A (en)* | 2021-10-21 | 2021-11-19 | 统信软件技术有限公司 | A file protection method, computing device and storage medium |
| CN114386108A (en)* | 2021-10-21 | 2022-04-22 | 统信软件技术有限公司 | A file protection method, computing device and storage medium |
| CN114201370A (en)* | 2022-02-21 | 2022-03-18 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
| CN114201370B (en)* | 2022-02-21 | 2022-06-03 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
| CN117634501A (en)* | 2024-01-23 | 2024-03-01 | 青岛理工大学 | A computer file confidentiality inspection method and system |
| CN117634501B (en)* | 2024-01-23 | 2024-06-04 | 青岛理工大学 | A computer file confidentiality checking method and system |
| Publication | Publication Date | Title |
|---|---|---|
| US10229269B1 (en) | Detecting ransomware based on file comparisons | |
| EP2743854B1 (en) | Clustering processing method and device for virus files | |
| CN102664875B (en) | Malicious code type detection method based on cloud mode | |
| US9781144B1 (en) | Determining duplicate objects for malware analysis using environmental/context information | |
| CN107609411A (en) | A kind of system and method for intelligent monitoring classified document | |
| CN103839003A (en) | Malicious file detection method and device | |
| WO2016082284A1 (en) | Modbus tcp communication behaviour anomaly detection method based on ocsvm dual-profile model | |
| KR102134653B1 (en) | Apparatus for rule optimization to improve detection accuracy for exploit attacks and method thereof | |
| CN109840417B (en) | Malware detection method and device | |
| CN108038374A (en) | It is a kind of to detect the method threatened in real time | |
| EP3455773A1 (en) | Inferential exploit attempt detection | |
| CN103957205A (en) | Trojan horse detection method based on terminal traffic | |
| CN103077352B (en) | The active defense method that a kind of program behavior based on cloud platform is analyzed | |
| EP3531324B1 (en) | Identification process for suspicious activity patterns based on ancestry relationship | |
| KR20200084392A (en) | Web attack detection and classification based on behavior analysis using machine learning | |
| CN105718793A (en) | Method and system for preventing malicious code from identifying sandbox on the basis of sandbox environment modification | |
| CN104794399A (en) | Terminal protection system and method based on massive program behavior data | |
| CN103049696A (en) | Virtual machine identification dodging method and device | |
| CN104598820A (en) | Trojan virus detection method based on feature behavior activity | |
| Al-Maksousy et al. | NIDS: Neural network based intrusion detection system | |
| CN105468975B (en) | Method for tracing, the apparatus and system of malicious code wrong report | |
| CN108509796B (en) | A risk detection method and server | |
| CN101588358A (en) | System and method for detecting host intrusion based on danger theory and NSA | |
| CN115758355A (en) | A ransomware defense method and system based on fine-grained access control | |
| CN101833575B (en) | Method for sorting network virus reports |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20180119 | |
| RJ01 | Rejection of invention patent application after publication |