技术领域technical field
本发明涉及计算机安全技术领域,具体地说是一种基于操作系统类型的程序白名单服务方法及系统。The invention relates to the technical field of computer security, in particular to an operating system type-based program whitelist service method and system.
背景技术Background technique
随着互联网的高速发展,网络环境越来越复杂,以往的黑名单技术难以应对零日攻击、特定目标攻击等安全问题,白名单技术被广泛的应用于主动防御领域。With the rapid development of the Internet, the network environment is becoming more and more complex. The previous blacklist technology is difficult to deal with security issues such as zero-day attacks and specific target attacks. Whitelist technology is widely used in the field of active defense.
白名单技术主要是针对已知安全的可执行文件、库文件、驱动等的程序,形成一个安全的白名单总库,白名单库中程序允许运行,而不在白名单库中的文件不允许运行,这样可以有效防止不安全程序的运行。The whitelist technology is mainly aimed at programs such as known safe executable files, library files, drivers, etc., to form a safe whitelist general library. Programs in the whitelist library are allowed to run, but files not in the whitelist library are not allowed to run , which can effectively prevent the running of unsafe programs.
传统的基于白名单的主动防御技术,需要根据所管控的客户端的程序Hash值(或散列算法,又称哈希函数),通过网络从白名单总库获取每个程序的信任级别。这样在请求的时候需要附带程序信息(Hash值),而返回消息同样需要附带程序的信息,这样占用了大量的网络资源,且程序的信任级别识别会很慢。The traditional whitelist-based active defense technology needs to obtain the trust level of each program from the whitelist database through the network according to the program Hash value (or hash algorithm, also known as hash function) of the controlled client. In this way, the program information (Hash value) needs to be attached to the request, and the returned message also needs to include the program information, which takes up a lot of network resources, and the trust level identification of the program will be very slow.
发明内容Contents of the invention
本发明实施例中提供了一种基于操作系统类型的程序白名单服务方法及系统,以解决现有技术中程序新人级别识别过程占用大量网络资源、效率低的问题。Embodiments of the present invention provide an operating system type-based program whitelist service method and system to solve the problems in the prior art that the program newcomer level identification process occupies a large amount of network resources and has low efficiency.
为了解决上述技术问题,本发明实施例公开了如下技术方案:In order to solve the above technical problems, the embodiment of the present invention discloses the following technical solutions:
本发明第一方面提供了一种基于操作系统类型的程序白名单服务方法,包括以下步骤:获取操作系统程序清单,形成操作系统白名单子库;获取当前操作系统的版本号,并请求当前操作系统的白名单子库;根据返回的白名单子库,在本地获知操作系统程序的信任级别。The first aspect of the present invention provides a program whitelist service method based on the type of operating system, including the following steps: obtaining the operating system program list, forming a sub-library of the operating system whitelist; obtaining the version number of the current operating system, and requesting the current operation The system's whitelist sub-library; according to the returned white list sub-library, the trust level of the operating system program is obtained locally.
结合第一方面,在第一方面第一种可能的实现方式中,所述操作系统程序清单包括操作系统安装前后的可执行文件,每个操作系统版本形成一个白名单子库。With reference to the first aspect, in a first possible implementation manner of the first aspect, the operating system program manifest includes executable files before and after the operating system is installed, and each operating system version forms a whitelist sub-library.
结合第一方面,在地方面第一种可能的实现方式中,所述白名单子库中的信息包括程序的hash值和信任级别,所述程序的hash值通过对可执行文件的计算获得。With reference to the first aspect, in a first possible implementation manner of the ground aspect, the information in the whitelist sub-library includes a hash value and a trust level of a program, and the hash value of the program is obtained by calculating an executable file.
结合第一方面,在第一方面第二种可能的实现方式中,所述方法还包括请求识别未知程序;在接收到请求后,首先判断请求的类型,若是基于操作系统版本的请求,则返回请求操作系统版本的白名单子库,若是未知程序识别的请求,则根据所述未知程序的hash值,在白名单总库中查询其信任级别。In combination with the first aspect, in the second possible implementation of the first aspect, the method further includes requesting to identify an unknown program; after receiving the request, first judging the type of the request, and if it is based on the operating system version, returning Request the whitelist sub-library of the operating system version. If it is a request identified by an unknown program, query its trust level in the whitelist general library according to the hash value of the unknown program.
结合第一方面,在第一方面可能的实现方式中,通过白名单总库获取到未知程序的信任级别后,在本地对该程序的信任级别进行记录。In combination with the first aspect, in a possible implementation manner of the first aspect, after the trust level of the unknown program is obtained through the whitelist general database, the trust level of the program is recorded locally.
本发明第二方面提供了一种基于操作系统类型的程序白名单服务系统,所述系统包括白名单服务端和白名单客户端,所述白名单客户端部署在用户计算机上,所述白名单服务端包括程序采集模块和请求处理模块,所述白名单客户端包括信息获取模块和请求发送模块;The second aspect of the present invention provides a program whitelist service system based on the type of operating system, the system includes a whitelist server and a whitelist client, the whitelist client is deployed on the user computer, and the whitelist The server includes a program acquisition module and a request processing module, and the whitelist client includes an information acquisition module and a request sending module;
所述程序采集模块用于获取操作系统程序清单,并形成白名单子库,所述请求处理模块用于识别白名单客户端的请求类型,返回白名单子库和未知程序的信任级别给白名单客户端;所述信息获取模块用于获取当前操作系统的版本号和未知程序的hash值,所述请求发送模块用于向白名单服务端发送程序信任级别的请求。The program acquisition module is used to obtain the operating system program list, and form a whitelist sub-library, and the request processing module is used to identify the request type of the whitelist client, and return the whitelist sub-library and the trust level of the unknown program to the whitelist client The terminal; the information obtaining module is used to obtain the version number of the current operating system and the hash value of the unknown program, and the request sending module is used to send a request of the program trust level to the white list server.
结合第二方面,在第二方面一种可能的实现方式中,所述程序采集模块包括第一采集单元和第二采集单元;With reference to the second aspect, in a possible implementation manner of the second aspect, the program acquisition module includes a first acquisition unit and a second acquisition unit;
所述第一采集单元用于扫描操作系统安装前的镜像文件,获取镜像文件中的可执行文件,并将所述可执行文件加入到白名单子库中;The first acquisition unit is used to scan the image file before the operating system is installed, obtain the executable file in the image file, and add the executable file to the whitelist sub-library;
所述第二采集单元用于扫描以所述镜像文件安装的纯净操作系统,获取纯净安装后的可执行文件,并将纯净安装后的可执行文件加入到白名单子库中。The second collection unit is used to scan the pure operating system installed with the image file, obtain the executable file after clean installation, and add the executable file after clean installation to the white list sub-library.
本发明第二方面的所述白名单服务系统能够实现第一方面及第一方面的各实现方式中的方法,并取得相同的效果。The whitelist service system of the second aspect of the present invention can implement the first aspect and the methods in the various implementation manners of the first aspect, and achieve the same effect.
发明内容中提供的效果仅仅是实施例的效果,而不是发明所有的全部效果,上述技术方案中的一个技术方案具有如下优点或有益效果:The effects provided in the summary of the invention are only the effects of the embodiments, rather than all the effects of the invention. One of the above technical solutions has the following advantages or beneficial effects:
将操作系统自身的程序清单信息生成白名单子库,在白名单客户端运行时,一次获取该操作系统版本的所有程序的白名单,而不是通过向白名单服务端逐一发送程序hash值来获取程序的信任级别,节省了近一半的宽带,大大提高了白名单服务识别效率。Generate a whitelist sub-library from the program list information of the operating system itself. When the whitelist client is running, obtain the whitelist of all programs of the operating system version at one time, instead of sending the program hash value to the whitelist server one by one. The trust level of the program saves nearly half of the bandwidth and greatly improves the efficiency of whitelist service identification.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,对于本领域普通技术人员而言,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, for those of ordinary skill in the art, In other words, other drawings can also be obtained from these drawings on the premise of not paying creative work.
图1是本发明方法的流程示意图;Fig. 1 is a schematic flow sheet of the inventive method;
图2是本发明请求处理的流程示意图;Fig. 2 is a schematic flow chart of request processing in the present invention;
图3是本发明系统的结构示意图。Fig. 3 is a schematic structural diagram of the system of the present invention.
具体实施方式Detailed ways
为能清楚说明本方案的技术特点,下面通过具体实施方式,并结合其附图,对本发明进行详细阐述。下文的公开提供了许多不同的实施例或例子用来实现本发明的不同结构。为了简化本发明的公开,下文中对特定例子的部件和设置进行描述。此外,本发明可以在不同例子中重复参考数字和/或字母。这种重复是为了简化和清楚的目的,其本身不指示所讨论各种实施例和/或设置之间的关系。应当注意,在附图中所图示的部件不一定按比例绘制。本发明省略了对公知组件和处理技术及工艺的描述以避免不必要地限制本发明。In order to clearly illustrate the technical features of this solution, the present invention will be described in detail below through specific implementation modes and in conjunction with the accompanying drawings. The following disclosure provides many different embodiments or examples for implementing different structures of the present invention. To simplify the disclosure of the present invention, components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in different instances. This repetition is for the purpose of simplicity and clarity and does not in itself indicate a relationship between the various embodiments and/or arrangements discussed. It should be noted that components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted herein to avoid unnecessarily limiting the present invention.
一台安装有操作系统的计算机,其中操作系统安装之后生成的可执行文件、库文件、驱动等程序占到很大一部分(可多达几万条),而用户自己安装的程序则相对比较少。基于此,可以通过只发送客户端所在操作系统版本信息,由白名单服务返回给当前操作系统自身程序的信任级别。而客户端中不在操作系统白名单子库中的程序(这部分程序比较少),可通过传统方式获取其信任级别。A computer with an operating system installed, among which executable files, library files, drivers and other programs generated after the operating system is installed account for a large part (up to tens of thousands), while the programs installed by users themselves are relatively small . Based on this, the trust level of the current operating system's own program can be returned by the whitelist service by only sending the version information of the operating system where the client is located. The programs in the client that are not in the operating system whitelist sub-library (this part of the program is relatively small) can obtain their trust level through traditional methods.
如图1所示,白名单服务方法包括以下步骤:As shown in Figure 1, the whitelist service method includes the following steps:
S1,获取操作系统程序清单,形成操作系统白名单子库;S1, obtain the operating system program list, and form the operating system white list sub-library;
S2,获取当前操作系统的版本号,并请求当前操作系统的白名单子库;S2, obtain the version number of the current operating system, and request the whitelist sub-library of the current operating system;
S3,根据返回的白名单子库,在本地获知操作系统程序的信任级别。S3, according to the returned white list sub-library, obtain the trust level of the operating system program locally.
步骤S1中,操作系统程序清单包括操作系统安装前后的可执行文件,每个操作系统版本形成一个白名单子库。白名单服务端通过扫描操作系统镜像文件和以该镜像安装的纯净操作系统程序文件,识别PE(Portable Executable格式,是微软Win32环境可移植可执行文件,如exe、dll、vxd、sys和vdm等的标准文件格式)/ELF(Executable and LinkableFormat,可执行与可链接格式)格式的文件。对于一个操作系统镜像(往往是.iso文件)解压后其中包括很多PE/ELF文件,获取之加入到该操作系统白名单子库中。一个PE/ELF安装后还是有可能产生PE/ELF文件的,比如一个安装程序test.exe,安装后在安装文件夹又产生了新的exe等PE文件,所以又对已该镜像安装的纯净操作系统主机进行扫描获取新产生的PE/ELF文件加入到该操作系统白名单子库中。将操作系统安装前后的程序均加入,从而形成操作系统的白名单子库。其中也会将这些程序信息加入到白名单总库中。In step S1, the operating system program list includes executable files before and after the operating system is installed, and each operating system version forms a whitelist sub-library. The whitelist server identifies PE (Portable Executable format, which is a portable executable file in Microsoft Win32 environment, such as exe, dll, vxd, sys and vdm, etc. by scanning the operating system image file and the pure operating system program file installed on the image. standard file format)/ELF (Executable and LinkableFormat, executable and linkable format) format files. After decompressing an operating system image (often an .iso file), it includes many PE/ELF files, which are obtained and added to the operating system whitelist sub-library. After a PE/ELF is installed, it is still possible to generate PE/ELF files, such as an installation program test.exe, after installation, a new exe and other PE files are generated in the installation folder, so the pure operation of the image installation The system host scans to obtain newly generated PE/ELF files and adds them to the whitelist sub-library of the operating system. The programs before and after the installation of the operating system are added to form a whitelist sub-library of the operating system. These program information will also be added to the whitelist general library.
白名单子库中的信息包括程序名称、相应程序的hash值和信任级别,其中程序的hash值通过对获取的可执行文件的计算获取,具体的hash算法可为sha1、md5或sha256等,但需要与白名单总库中hash值的算法一致。The information in the whitelist sub-library includes the program name, the hash value of the corresponding program, and the trust level. The hash value of the program is obtained by calculating the obtained executable file. The specific hash algorithm can be sha1, md5 or sha256, etc., but It needs to be consistent with the algorithm of the hash value in the whitelist total library.
步骤S2中,在用户计算机部署白名单服务客户端后,白名单服务客户端会获取操作系统的版本号,并将该版本号发送给白名单服务端,请求当前操作系统的白名单子库。操作系统版本号的获取:比如windows/linux版本获取均可通过相应的API(ApplicationProgramming Interface,应用程序编程接口)。In step S2, after the whitelist service client is deployed on the user computer, the whitelist service client will obtain the version number of the operating system, and send the version number to the whitelist server to request the whitelist sub-library of the current operating system. Obtaining the version number of the operating system: For example, the version of windows/linux can be obtained through the corresponding API (Application Programming Interface, application programming interface).
步骤S3中,白名单服务端接收到操作系统的白名单子库请求后,返当前操作系统对应的白名单子库,用户通过白名单子库,在运行操作系统程序时,直接从白名单子库中识别系统的信任级别,无需逐一向白名单服务端的白名单总库中逐一请求程序的信任级别,节省了近一半的宽带,大大提高了白名单服务识别的效率。In step S3, after the white list server receives the white list sub-library request of the operating system, it returns the white list sub-library corresponding to the current operating system. The trust level of the identification system in the library does not need to request the trust level of the program one by one from the white list database of the white list server one by one, saving nearly half of the bandwidth and greatly improving the efficiency of white list service identification.
在实际的应用过程中,计算机内还会包含操作系统之外的未知程序,如腾讯QQ,在该类程序信任级别的获取时,可按照传统方法获取。In the actual application process, the computer will also contain unknown programs other than the operating system, such as Tencent QQ. When obtaining the trust level of such programs, it can be obtained according to the traditional method.
如图2所示,白名单服务端可能会接收到不同请求类型的情况下,工作流程为:S41接收白名单客户端的请求,S42判断该请求的类型,是否是基于操作系统版本的请求,若是,执行S43返回操作系统的白名单子库,若否执行S44在白名单总库中查找程序的信任级别,S45返回程序的信任级别。步骤S42中,若不是基于操作系统类型的请求,接收到的是位置程序的hash值,白名单服务端根据hash值从白名单总库中查找该未知程序的信任级别。As shown in Figure 2, when the whitelist server may receive different request types, the workflow is as follows: S41 receives the request from the whitelist client, S42 judges the type of the request, whether it is a request based on the operating system version, and if so , Execute S43 to return the whitelist sub-library of the operating system, if not, execute S44 to search the trust level of the program in the whitelist general library, and S45 returns the trust level of the program. In step S42, if the request is not based on the type of operating system, but the hash value of the location program is received, the whitelist server searches the trust level of the unknown program from the whitelist total library according to the hash value.
用户在获取到未知程序的信任级别后,将该程序的程序信任级别信息进行保存,方便以后使用。After obtaining the trust level of the unknown program, the user saves the program trust level information of the program for future use.
白名单总库中包括白名单子库,白名单子库的存在是为了能够快速响应白名单服务客户端的请求(当客户端发来一个操作系统白名单子库的请求后,可立即将相应的白名单子库返回,而不需要再从白名单总库中抽取符合特定操作系统版本号的程序,形成一个操作系统白名单子库)。白名单总库是一个不断在增加积累的库,可通过程序行为分析获取程序是否安全可信,并将结果加入到白名单总库。可通过windows/centos/ubuntu等操作系统官网的更新,获取程序信息及相应的信任级别。白名单总库中,包含的信息会比较全面,包括程序的发行商,程序名字,程序hash值,操作系统版本号(如有)等。The total whitelist database includes whitelist sub-libraries. The existence of the whitelist sub-library is to be able to quickly respond to the request of the whitelist service client (when the client sends a request for the operating system whitelist sub-library, the corresponding The whitelist sub-library returns, without the need to extract programs that meet the specific operating system version number from the whitelist general library to form an operating system whitelist sub-library). The whitelist total library is a library that is constantly increasing and accumulating. It can be used to analyze whether the program is safe and credible through program behavior analysis, and add the results to the white list total library. You can obtain program information and corresponding trust levels through updates on the official websites of operating systems such as windows/centos/ubuntu. The white list database contains comprehensive information, including the program publisher, program name, program hash value, operating system version number (if any), etc.
如图3所示,白名单服务系统包括通过HTTP通信的白名单客户端和白名单服务端,白名单客户端部署在用户计算机上,白名单服务端包括程序采集模块和请求处理模块,白名单客户端包括信息获取模块和请求发送模块。程序采集模块用于获取操作系统程序清单,并形成白名单子库,请求处理模块用于识别白名单客户端的请求类型,返回白名单子库和未知程序的信任级别给白名单客户端;信息获取模块用于获取当前操作系统的版本号和未知程序的hash值,请求发送模块用于向白名单服务端发送程序信任级别的请求。As shown in Figure 3, the whitelist service system includes a whitelist client and a whitelist server that communicate through HTTP. The whitelist client is deployed on the user's computer, and the whitelist server includes a program acquisition module and a request processing module. The client includes an information acquisition module and a request sending module. The program acquisition module is used to obtain the operating system program list and form a whitelist sub-library. The request processing module is used to identify the request type of the whitelist client, and return the whitelist sub-library and the trust level of the unknown program to the whitelist client; information acquisition The module is used to obtain the version number of the current operating system and the hash value of the unknown program, and the request sending module is used to send the request of the program trust level to the whitelist server.
白名单服务形成的白名单子库有多个,每个操作系统版本对应一个白名单子库。在形成白名单子库的同时将白名单子库的信息添加到白名单总库中。当前操作系统中的未知程序为用户自行安装的应用程序,可能有多个。There are multiple whitelist sub-libraries formed by the whitelist service, and each operating system version corresponds to a whitelist sub-library. The information of the whitelist sub-library is added to the whitelist general library while forming the whitelist sub-library. Unknown programs in the current operating system are applications installed by users themselves, and there may be more than one.
程序采集模块包括第一采集单元和第二采集单元;第一采集单元用于扫描操作系统安装前的镜像文件,获取镜像文件中的可执行文件,并将所述可执行文件加入到白名单子库中;第二采集单元用于扫描以所述镜像文件安装的纯净操作系统,获取纯净安装后的可执行文件,并将纯净安装后的可执行文件加入到白名单子库中。The program acquisition module includes a first acquisition unit and a second acquisition unit; the first acquisition unit is used to scan the image file before the installation of the operating system, obtain the executable file in the image file, and add the executable file to the white list In the library; the second acquisition unit is used to scan the pure operating system installed with the image file, obtain the executable file after the clean installation, and add the executable file after the clean installation to the white list sub-library.
以上所述只是本发明的优选实施方式,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也被视为本发明的保护范围。The above is only a preferred embodiment of the present invention. For those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications are also considered as the present invention. protection scope of the invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810288807.8ACN108549810A (en) | 2018-04-03 | 2018-04-03 | A kind of program white list service method and system based on OS Type |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810288807.8ACN108549810A (en) | 2018-04-03 | 2018-04-03 | A kind of program white list service method and system based on OS Type |
| Publication Number | Publication Date |
|---|---|
| CN108549810Atrue CN108549810A (en) | 2018-09-18 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810288807.8APendingCN108549810A (en) | 2018-04-03 | 2018-04-03 | A kind of program white list service method and system based on OS Type |
| Country | Link |
|---|---|
| CN (1) | CN108549810A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110162962A (en)* | 2019-05-30 | 2019-08-23 | 苏州浪潮智能科技有限公司 | Program security recognition methods, device, equipment and computer readable storage medium |
| CN110390195A (en)* | 2019-06-26 | 2019-10-29 | 苏州浪潮智能科技有限公司 | Method and system for controlling program operation in a virtual environment |
| CN111741078A (en)* | 2020-05-29 | 2020-10-02 | 深圳市伟众信息技术有限公司 | White list platform message system and method |
| CN111966682A (en)* | 2020-08-14 | 2020-11-20 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106997435A (en)* | 2017-04-14 | 2017-08-01 | 广东浪潮大数据研究有限公司 | A kind of method of operating system security prevention and control, apparatus and system |
| CN107480528A (en)* | 2017-08-16 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of method of operating system anti-virus |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106997435A (en)* | 2017-04-14 | 2017-08-01 | 广东浪潮大数据研究有限公司 | A kind of method of operating system security prevention and control, apparatus and system |
| CN107480528A (en)* | 2017-08-16 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of method of operating system anti-virus |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110162962A (en)* | 2019-05-30 | 2019-08-23 | 苏州浪潮智能科技有限公司 | Program security recognition methods, device, equipment and computer readable storage medium |
| CN110390195A (en)* | 2019-06-26 | 2019-10-29 | 苏州浪潮智能科技有限公司 | Method and system for controlling program operation in a virtual environment |
| CN110390195B (en)* | 2019-06-26 | 2021-05-25 | 苏州浪潮智能科技有限公司 | Method and system for managing and controlling program operation in virtual environment |
| CN111741078A (en)* | 2020-05-29 | 2020-10-02 | 深圳市伟众信息技术有限公司 | White list platform message system and method |
| CN111966682A (en)* | 2020-08-14 | 2020-11-20 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
| CN111966682B (en)* | 2020-08-14 | 2022-06-14 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
| Publication | Publication Date | Title |
|---|---|---|
| US11281658B2 (en) | Trustless stateless incentivized remote node network using minimal verification clients | |
| US11070580B1 (en) | Vulnerability scanning method, server and system | |
| US8943588B1 (en) | Detecting unauthorized websites | |
| US9830452B2 (en) | Scanning device, cloud management device, method and system for checking and killing malicious programs | |
| JP6435398B2 (en) | Method and system for facilitating terminal identifiers | |
| CN106295333B (en) | method and system for detecting malicious code | |
| US8627469B1 (en) | Systems and methods for using acquisitional contexts to prevent false-positive malware classifications | |
| CN103034808B (en) | Scan method, equipment and system and cloud management and equipment | |
| CN108549810A (en) | A kind of program white list service method and system based on OS Type | |
| US9355250B2 (en) | Method and system for rapidly scanning files | |
| JP2011233125A (en) | Method and apparatus for handling intelligent bot utilizing camouflage virtual machine information | |
| US9614866B2 (en) | System, method and computer program product for sending information extracted from a potentially unwanted data sample to generate a signature | |
| CN102982284A (en) | Scanning equipment, cloud management equipment and method and system used for malicious program checking and killing | |
| US20130185645A1 (en) | Determining repeat website users via browser uniqueness tracking | |
| CN106384048A (en) | Threat message processing method and device | |
| CN103390130A (en) | Rogue program searching and killing method and device based on cloud security as well as server | |
| WO2018159337A1 (en) | Profile generation device, attack detection apparatus, profile generation method, and profile generation program | |
| WO2016188029A1 (en) | Method and device for parsing two-dimensional code, computer readable storage medium, computer program product and terminal device | |
| CN112204930B (en) | Malicious domain name detection device, system and method | |
| CN104021154B (en) | A kind of method and apparatus scanned in a browser | |
| CN105095764A (en) | Virus checking and killing method and device | |
| CN107623693B (en) | Domain name resolution protection method and device, system, computing device, and storage medium | |
| CN114866277A (en) | An application access method, apparatus, device and storage medium | |
| CN103957252B (en) | The journal obtaining method and its system of cloud stocking system | |
| US20240406207A1 (en) | Performing a security action regarding an access request using a cluster-based determination of malicious intent |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20180918 | |
| RJ01 | Rejection of invention patent application after publication |