CN114900326B - Method, system and storage medium for monitoring and protecting terminal instruction operation - Google Patents
Method, system and storage medium for monitoring and protecting terminal instruction operation Download PDFInfo
- Publication number
- CN114900326B CN114900326B CN202210332213.9A CN202210332213A CN114900326B CN 114900326 B CN114900326 B CN 114900326B CN 202210332213 A CN202210332213 A CN 202210332213A CN 114900326 B CN114900326 B CN 114900326B
- Authority
- CN
- China
- Prior art keywords
- terminal
- instruction
- operation instruction
- blacklist
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012795 verification Methods 0.000 claims abstract description 14
- 244000035744 Hura crepitans Species 0.000 claims description 23
- 230000006870 function Effects 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 9
- 230000008901 benefit Effects 0.000 abstract description 7
- 238000012216 screening Methods 0.000 abstract description 6
- 241000700605 Viruses Species 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000009434 installation Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a system and a storage medium for monitoring and protecting terminal instruction operation, wherein the method comprises the following steps: receiving an initial blacklist sent by a cloud server, wherein the initial blacklist is generated by the cloud server according to identity information of terminal equipment; responding and executing the operation instruction, determining the dangerous level of the operation instruction according to the operation result, and sending the operation information and the dangerous level of the operation instruction to the cloud server; and when the cloud server determines to add the operation instruction into the blacklist, receiving the updated blacklist sent by the cloud server. The monitoring and protecting method can monitor and protect the terminal operation instruction by utilizing the resource advantage of the cloud server and through data screening verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for terminal equipment.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method for monitoring and protecting operation of a terminal instruction, a computer readable storage medium, a terminal device, a cloud server, and a system for monitoring and protecting operation of a terminal instruction.
Background
Along with the rapid development of the Internet of things, the Internet of things is integrated with the existing industry, and the market potential of the terminal is huge. The terminal of the Internet of things is a device for connecting the sensing network layer and the transmission network layer in the Internet of things to collect data and send the data to the network layer, and is mainly responsible for multiple functions of data collection, preliminary processing, encryption, transmission and the like. The rapid popularization of the terminal of the internet of things also has a huge safety risk, so that higher requirements are put on instruction operation of the terminal.
The monitoring of the current terminal instruction operation is only carried out aiming at dangerous operation commands and uploaded to the cloud platform, the dangerous operation commands cannot be prevented when the dangerous operation commands are executed next time, the terminal still can be caused to be trapped into the same safety risk due to the same operation, and meanwhile, if the data are leaked, serious economic loss can be caused for a user.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems in the related art to some extent. Therefore, a first object of the present invention is to provide a method for monitoring and protecting terminal instruction operation, which can utilize the resource advantage of a cloud server, monitor and protect terminal operation instructions through data screening verification in a blacklist, prevent dangerous operation instructions in advance, and provide safer guarantee for terminal equipment.
A second object of the present invention is to provide a method for monitoring and protecting the command operation of a terminal.
A third object of the present invention is to propose a computer readable storage medium.
A fourth object of the present invention is to propose a terminal device.
A fifth object of the present invention is to provide a cloud server.
A sixth object of the present invention is to propose a monitoring and protection system for terminal command operations.
In order to achieve the above objective, an embodiment of a first aspect of the present invention provides a method for monitoring and protecting terminal instruction operation, including: receiving an initial blacklist sent by a cloud server, wherein the initial blacklist is generated by the cloud server according to identity information of terminal equipment; responding and executing the operation instruction, determining the dangerous level of the operation instruction according to the operation result, and sending the operation information and the dangerous level of the operation instruction to the cloud server; and when the cloud server determines to add the operation instruction into the blacklist, receiving the updated blacklist sent by the cloud server.
According to the monitoring and protecting method for terminal instruction operation, an initial blacklist sent by a cloud server is received, wherein the initial blacklist is generated by the cloud server according to identity information of terminal equipment, then an operation instruction is responded and executed, a dangerous level of the operation instruction is determined according to an operation result, the operation information and the dangerous level of the operation instruction are sent to the cloud server, and finally, when the cloud server determines that the operation instruction is added to the blacklist, the updated blacklist sent by the cloud server is received. Therefore, the method can monitor and protect the terminal operation instruction by utilizing the resource advantage of the cloud server and through data screening verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for the terminal equipment.
In addition, the method for monitoring and protecting the terminal command operation according to the above embodiment of the present invention may further have the following additional technical features:
according to one embodiment of the invention, the operation result is determined according to the influence of the execution of the operation instruction on the terminal device.
According to one embodiment of the present invention, determining an operation result according to an influence of an operation instruction on a terminal device includes: when garbage data, redundant logs, redundant services or processes are generated in the terminal equipment without affecting the operation of the terminal system, determining an operation result as a first result; when the application program cannot be normally used in the terminal equipment, determining an operation result as a second result; and when the terminal equipment cannot be used normally, determining the operation result as a third result.
According to one embodiment of the invention, when the operation result is the first result, determining that the risk level of the operation instruction is the first risk level; when the operation result is a second result, determining that the risk level of the operation instruction is a second risk level, wherein the risk coefficient of the first risk level is smaller than that of the second risk level; and when the operation result is the third result, determining that the risk level of the operation instruction is the third risk level, wherein the risk coefficient of the second risk level is smaller than that of the third risk level.
To achieve the above object, an embodiment of a second aspect of the present invention provides a method for monitoring and protecting a terminal command operation, including: receiving identity information of a plurality of terminal devices; generating an initial blacklist according to the identity information, and sending the initial blacklist to corresponding terminal equipment; receiving dangerous grades of operation instructions and operation instruction information sent by a plurality of terminal devices; when determining to add the operation instruction into the blacklist according to the danger level of the operation instruction and the operation instruction information, updating initial blacklists corresponding to the plurality of terminal devices, and sending the updated blacklists to the corresponding terminal devices.
According to the monitoring and protecting method for terminal instruction operation, firstly, identity information of a plurality of terminal devices is received, then an initial blacklist is generated according to the identity information, the initial blacklist is sent to corresponding terminal devices, then dangerous levels of operation instructions and operation instruction information sent by the plurality of terminal devices are received, and finally when the operation instructions are added into the blacklist according to the dangerous levels of the operation instructions and the operation instruction information, the initial blacklist corresponding to the plurality of terminal devices is updated, and the updated blacklist is sent to the corresponding terminal devices. Therefore, the method can monitor and protect the terminal operation instruction by utilizing the resource advantage of the cloud server and through data screening verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for the terminal equipment.
In addition, the method for monitoring and protecting the terminal command operation according to the above embodiment of the present invention may further have the following additional technical features:
According to one embodiment of the invention, when any one of the following conditions is met, determining to add the operation instruction to the blacklist, wherein the danger level of the operation instruction is a second danger level or a third danger level; the danger level of the operation instruction is a first danger level, and the execution frequency of the operation instruction is greater than a first set threshold; the risk level of the operation instruction is a first risk level and the number of terminal devices executing the operation instruction is greater than a second set threshold.
According to one embodiment of the invention, before adding the operation instruction to the blacklist, the method further comprises: verifying the operation instruction in a sandbox environment, wherein the sandbox environment is similar to the identity information of the terminal equipment corresponding to the operation instruction; and when the verification operation instruction is a dangerous operation instruction, updating the current blacklist of the corresponding terminal equipment.
According to an embodiment of the present invention, the method for monitoring and protecting terminal instruction operation further includes: and when determining to add the operation instruction into the blacklist, updating the current blacklist of all the terminal equipment with similar identity information as the terminal equipment.
To achieve the above object, according to a third aspect of the present invention, there is provided a computer readable storage medium having stored thereon a terminal instruction operation monitoring and protection program, which when executed by a processor, implements the terminal instruction operation monitoring and protection method described above.
The computer readable storage medium of the embodiment of the invention can prevent dangerous operation instructions in advance by executing the monitoring and protecting method of the terminal instruction operation, and ensure the terminal equipment to be safer.
To achieve the above object, a terminal device according to a fourth aspect of the present invention includes: the system comprises a processor, a memory and a monitoring and protecting program of terminal instruction operation, wherein the monitoring and protecting program of terminal instruction operation is stored in the memory and can be run on the processor, and the monitoring and protecting method of the terminal instruction operation is realized when the processor executes the monitoring and protecting program of the terminal instruction operation.
According to the terminal equipment provided by the embodiment of the invention, the dangerous operation instruction can be prevented in advance by executing the monitoring and protecting method for the terminal instruction operation of the embodiment of the first aspect, so that safer guarantee is given to the terminal equipment.
In order to achieve the above object, a cloud server according to an embodiment of the present invention includes: the system comprises a processor, a memory and a monitoring and protecting program of terminal instruction operation, wherein the monitoring and protecting program of terminal instruction operation is stored in the memory and can be run on the processor, and the monitoring and protecting method of the terminal instruction operation is realized when the processor executes the monitoring and protecting program of the terminal instruction operation.
According to the cloud server provided by the embodiment of the invention, the dangerous operation instruction can be prevented in advance by executing the monitoring and protecting method for the terminal instruction operation of the second embodiment, so that safer guarantee is given to the terminal equipment.
In order to achieve the above objective, a sixth embodiment of the present invention provides a monitoring and protection system for terminal instruction operation, which includes the above terminal device and cloud server.
According to the monitoring and protecting system for the terminal instruction operation, which is disclosed by the embodiment of the invention, through the terminal equipment and the cloud server, dangerous operation instructions can be prevented in advance, and safer guarantee is given to the terminal equipment.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a flow chart of a method for monitoring and safeguarding operation of a terminal instruction according to an embodiment of the present invention;
FIG. 2 is an interactive schematic diagram of a method for monitoring and protecting terminal operation instructions according to an embodiment of the present invention;
FIG. 3 is a flow chart of a method of monitoring and safeguarding operation of a terminal instruction in accordance with another embodiment of the present invention;
fig. 4 is a block schematic diagram of a terminal device according to an embodiment of the present invention;
Fig. 5 is a block diagram of a cloud server according to an embodiment of the invention;
Fig. 6 is a block diagram of a monitoring and protection system for terminal command operations according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present invention and should not be construed as limiting the invention.
The method for monitoring and protecting terminal instruction operation, the computer readable storage medium, the terminal device, the cloud server and the system for monitoring and protecting terminal instruction operation according to the embodiment of the invention are described below with reference to the accompanying drawings.
In embodiments of the invention, the terminal device may be a personal computer (Personal Computer, PC), a smart mobile device (e.g., a smart phone), a microprocessor-based system, a set-top box, or the like. The terminal equipment can be 1 or more, and is connected with the cloud server, and each user can correspond to one terminal equipment, and the cloud server can be connected with a plurality of terminal equipment. The terminal equipment is called an entity computer and can be provided for a virtual machine hardware environment, and the cloud server serves as a cloud computing processing system, namely a decision making system which is established on an Internet technology network equipment base layer and used for carrying out data communication, analysis and statistics on multiple users according to specific rules. The terminal device and the cloud server can run windows, unix, linux and other operating systems and corresponding operating instructions of the operating systems.
Fig. 1 is a flowchart of a method for monitoring and protecting a terminal command operation according to an embodiment of the present invention.
As shown in fig. 1, the method for monitoring and protecting terminal instruction operation according to the embodiment of the present invention may include the following steps:
S1, receiving an initial blacklist sent by a cloud server, wherein the initial blacklist is generated by the cloud server according to identity information of terminal equipment.
Specifically, referring to fig. 2, the terminal device is first connected to the cloud server in a communication manner, for example, by Wi-Fi (wireless communication technology). After successful connection, the terminal equipment uploads the identity information of the terminal equipment to a cloud server, wherein the identity information can comprise unique numbers, system versions, hardware modules, installation containers, applications and other related information of the terminal equipment, and the cloud server can generate dangerous instructions according to the terminal identity information, store the dangerous instructions into a blacklist corresponding to the terminal equipment, and send the blacklist to the terminal equipment according to unique codes of the terminal equipment. When the terminal equipment receives the operation instruction, the operation instruction is executed, and instruction operation monitoring software pre-installed in the terminal equipment determines whether the current operation instruction is in a blacklist according to the received blacklist, and rapidly judges whether the instruction is dangerous or not, and reminds a user of whether to perform the next operation or not so as to ensure the safety of the terminal equipment.
S2, responding to and executing the operation instruction, determining the danger level of the operation instruction according to the operation result, and sending the operation information and the danger level of the operation instruction to the cloud server.
According to one embodiment of the invention, the operation result is determined according to the influence of the execution of the operation instruction on the terminal device.
That is, when it is determined that the operation instruction is not in the initial blacklist, execution of the operation instruction is started, and in the course of executing the operation instruction, an influence of executing the operation instruction on the terminal device is acquired, and then the risk level is determined based on the generated influence. For example, when executing the operation instruction generates garbage data, redundant logs, redundant services or processes without affecting the operation of the terminal system, the risk level is considered to be low; when the operation instruction is executed to change some configurations of the terminal equipment and influence the use of part of application programs, the danger level is considered to be medium; when the operation instruction is executed, the terminal equipment cannot normally operate, and if the configuration of an operating system of the terminal equipment is changed, the risk level is considered to be higher.
According to one embodiment of the present invention, determining an operation result according to an influence of an operation instruction on a terminal device includes: when garbage data, redundant logs, redundant services or processes are generated in the terminal equipment without affecting the operation of the terminal system, determining an operation result as a first result; when the application program cannot be normally used in the terminal equipment, determining an operation result as a second result; and when the terminal equipment cannot be used normally, determining the operation result as a third result.
According to one embodiment of the invention, when the operation result is the first result, determining that the risk level of the operation instruction is the first risk level; when the operation result is a second result, determining that the risk level of the operation instruction is a second risk level, wherein the risk coefficient of the first risk level is smaller than that of the second risk level; and when the operation result is the third result, determining that the risk level of the operation instruction is the third risk level, wherein the risk coefficient of the second risk level is smaller than that of the third risk level.
Specifically, when the instruction operation monitoring software determines that the operation instruction is not in the initial blacklist, the terminal equipment starts to execute the operation instruction sent by the user, the instruction operation monitoring software records operation instruction information such as the operation instruction, an execution user of the instruction, execution time of the instruction and the like, and the danger level of the operation instruction is drawn according to the operation result of the instruction. For example, when the terminal device generates junk data through operation of a user, for example, after the user upgrades the terminal device system, some original functions are updated and optimized, some relevant information such as a registry is not removed in time, and some redundant logs, redundant services or processes generated when the terminal device is in operation, and when the junk data, logs, services or processes do not influence normal operation of the terminal system, or do not influence normal operation of service applications (such as some important service applications related to transaction and power supply of the power terminal), the dangerous level of the operation instruction can be set to a first dangerous level. When the application program in the terminal equipment cannot be normally used, if the website accessed by the user through the start iexplore.exe operation instruction has viruses, the terminal equipment is attacked by the viruses, the application program is maliciously tampered and cannot be normally started, and the dangerous level of the operation instruction can be set to be a second dangerous level. When the terminal device cannot be used normally, if the System configuration is changed and the original System is incompatible, the device cannot be started normally, or the System32, the System file and the like are deleted through the del instruction, so that the device cannot be used normally, and the dangerous level of the operation instruction can be set to be a third dangerous level. Wherein the risk factor of the first risk level, the risk factor of the second risk level, and the risk factor of the third risk level are sequentially increased. If the command data amount recorded by the terminal equipment is large, a large amount of storage space is occupied, the operation command information and the danger level stored by the terminal equipment can be uploaded to the cloud server, or a fixed uploading period can be set, and the command operation information and the danger level stored by the terminal equipment can be automatically uploaded to the cloud server. In addition, after the operation instruction information stored by the terminal equipment is uploaded to the cloud server, the operation instruction information stored by the terminal equipment can be deleted, so that the storage space is saved.
And S3, when the cloud server determines to add the operation instruction into the blacklist, receiving the updated blacklist sent by the cloud server.
Specifically, referring to fig. 2, after collecting and summarizing instruction operation information reported by a plurality of terminal devices, the cloud server screens an operation instruction according to factors such as a danger level of the instruction, the number of terminal devices related to the instruction, an operation frequency of the instruction, and the like, and judges whether execution of the instruction causes harm to system software of the terminal device and affects service functions of the terminal device. For example, when the risk level of the operation instruction is the second risk level or the third risk level, the system software of the terminal device is primarily determined to be damaged, in order to further verify whether the operation instruction is a dangerous operation instruction, the cloud server performs virtual execution and verification on the operation instruction in a sandbox environment similar to the reported terminal device, and if the operation instruction is found to cause a system crash, an important application cannot run and other problems in the virtual environment, the operation instruction is determined to be a dangerous operation instruction, and the operation instruction is added into a blacklist. Or when the dangerous level of the operation instruction is the first dangerous level and the execution frequency of the operation instruction is higher, primarily judging that frequent operation can generate a lot of garbage data, which causes harm to the system software of the terminal equipment, in order to further verify whether the operation instruction is a dangerous operation instruction, and the cloud server performs virtual execution and verification on the operation instruction in a sandbox environment similar to the reporting terminal equipment, and adds the operation instruction into a blacklist when the operation instruction is verified to be dangerous. Or when the dangerous level of the operation instruction is the first dangerous level and the number of the terminal devices executing the operation instruction is large, primarily judging that the operation instruction can cause harm to system software of the terminal devices, and in order to further verify whether the operation instruction is the dangerous operation instruction, the cloud server virtually executes and verifies the operation instruction in a sandbox environment similar to the reported terminal devices, and adds the operation instruction into a blacklist when the operation instruction is verified to be the dangerous operation instruction.
After verifying that the operation instruction is a dangerous operation instruction, the cloud server puts the operation instruction into a blacklist of a corresponding terminal device, sends the updated blacklist to all terminal devices of the same type (for example, terminal devices with similar identity information are terminal devices of the same type), and the terminal device receives the updated blacklist sent by the cloud server and updates the current blacklist of the corresponding terminal device. When the terminal device executes the same command (the operation command) again, the command operation monitoring software can prevent the command from executing and upload alarm information to the cloud server. Therefore, through continuous updating of dangerous operation instructions in the blacklist, novel dangerous commands can be handled instead of dangerous commands which can only be set in a protective mode, and safer guarantee is given to the terminal.
It should be noted that the sandbox environment is equivalent to a security mechanism, and provides an isolated environment for the running program. Often, the experimental use is provided as a program that is not trusted, destructive, or unable to determine the intent of the program. In a sandbox environment, the resources that are accessible by programs therein are often tightly controlled, e.g., the sandbox may provide disk and memory space that is reclaimed after use. In a sandbox environment, network access, access to a real system and reading of input equipment are generally prohibited or strictly limited, so that the damage to the terminal equipment is avoided, and the normal use of the terminal equipment can be ensured.
In addition, the cloud server gathers the operation information of the terminal device executing the operation instruction, at this time, the identity information of the terminal device is the same or different, so that when the terminal device is verified in the sandbox environment, the terminal device may be verified once or may be verified multiple times, and according to the identity information of the terminal device executing the operation instruction, for example, two different identity information are used to execute the operation instruction, and when the terminal device is verified in the sandbox environment, the terminal device needs to be verified in sandbox environments similar to the two identity information respectively.
In summary, in the method for monitoring and protecting terminal instruction operation according to the embodiment of the present invention, firstly, identity information of a plurality of terminal devices is received, then an initial blacklist is generated according to the identity information, and the initial blacklist is sent to a corresponding terminal device, then, a dangerous level of an operation instruction and operation instruction information sent by the plurality of terminal devices are received, and finally, when determining that the operation instruction is added to the blacklist according to the dangerous level of the operation instruction and the operation instruction information, the initial blacklist corresponding to the plurality of terminal devices is updated, and the updated blacklist is sent to the corresponding terminal device. Therefore, the method can monitor and protect the terminal operation instruction by utilizing the resource advantage of the cloud server and through data screening verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for the terminal equipment.
Corresponding to the above embodiment, the invention also provides a method for monitoring and protecting the terminal instruction operation.
As shown in fig. 3, the method for monitoring and protecting terminal instruction operation according to the embodiment of the present invention includes the following steps:
s101, receiving identity information of a plurality of terminal devices. Wherein the identity information may include: terminal unique number, system version, hardware module, installation container and application, etc.
S102, generating an initial blacklist according to the identity information, and sending the initial blacklist to the corresponding terminal equipment.
Specifically, referring to fig. 2, the cloud server may be communicatively connected to a plurality of terminal devices, for example, may be connected by Wi-Fi (wireless communication technology). After successful connection, the identity information sent by each terminal device is received, and different terminal devices have different identity information, for example, the unique numbers of the different terminal devices are different, the system versions installed by the different terminal devices are different, and the hardware modules, the installation containers and the applications installed by the different terminal devices are different. The cloud server determines a corresponding blacklist according to the identity information, wherein the blacklist comprises a dangerous operation instruction obtained according to the identity information and is used as an initial blacklist, and the initial blacklist is sent to corresponding terminal equipment according to the unique number of the terminal equipment. When the terminal equipment receives the operation instruction, the instruction operation monitoring software monitors whether the operation instruction is in a blacklist or not in real time, and rapidly judges whether the instruction is dangerous or not. When the operation instruction is in the blacklist, the instruction is prevented, warning information is uploaded to the cloud server, and the danger of data leakage or Trojan virus attack and the like caused by the instruction operated by a user is prevented.
S103, receiving the dangerous level and the operation instruction information of the operation instructions sent by the plurality of terminal devices.
And S104, when determining to add the operation instruction into the blacklist according to the danger level of the operation instruction and the operation instruction information, updating initial blacklists corresponding to the plurality of terminal devices, and sending the updated blacklist to the corresponding terminal devices.
According to one embodiment of the invention, when any one of the following conditions is met, determining to add the operation instruction to the blacklist, wherein the danger level of the operation instruction is a second danger level or a third danger level; the danger level of the operation instruction is a first danger level, and the execution frequency of the operation instruction is greater than a first set threshold; the risk level of the operation instruction is a first risk level and the number of terminal devices executing the operation instruction is greater than a second set threshold. The first set threshold and the second set threshold may be determined according to practical situations, for example, the first set threshold may be 3 times.
According to one embodiment of the invention, before adding the operation instruction to the blacklist, the method further comprises: verifying the operation instruction in a sandbox environment, wherein the sandbox environment is similar to the identity information of the terminal equipment corresponding to the operation instruction; and when the verification operation instruction is a dangerous operation instruction, updating the current blacklist of the corresponding terminal equipment.
According to an embodiment of the present invention, the method for monitoring and protecting terminal instruction operation further includes: and when determining to add the operation instruction into the blacklist, updating the current blacklist of all the terminal equipment with the same identity information as the terminal equipment.
Specifically, when the instruction operation monitoring software determines that the operation instruction is not in the initial blacklist, the terminal equipment starts to execute the operation instruction sent by the user, the instruction operation monitoring software records operation instruction information such as the operation instruction, an execution user of the instruction, execution time of the instruction and the like, and the danger level of the operation instruction is formulated according to an operation result. For example, when garbage data is generated in the terminal device with the unique number A1 through the operation of the user, for example, after the terminal device system is upgraded, some original functions are updated and optimized, some relevant information such as a registry is removed in time, garbage data is generated, or some redundant logs, redundant services or processes generated by the terminal device during operation are generated, and when the garbage data, logs, services or processes do not affect the normal operation of the terminal system, or do not affect the normal operation of service applications (such as some important service applications related to transaction and power supply of the power terminal), the dangerous level of the operation instruction can be set to be the first dangerous level. For another example, when the application program cannot be normally used in the terminal device with the unique number A2, if the website accessed by the user through the start iexplore.exe operation instruction has virus, the terminal device is attacked by the virus, the program is tampered maliciously and cannot be normally started, and the dangerous level of the operation instruction can be set to be the second dangerous level. For another example, when the terminal device with the unique number A3 cannot be used normally, if the System configuration is changed and the original System is not compatible, the device cannot be started normally, or the System32 and the System file are deleted through the del command, so that the terminal device cannot be started or cannot be used normally, the dangerous level of the operation command can be set to a third dangerous level. The plurality of terminal devices send the dangerous grade of the operation instruction and the operation instruction information to the cloud server, wherein a fixed uploading period can be set, the instruction operation information and the dangerous grade stored by the terminal devices are automatically uploaded to the cloud server, or when the instruction data quantity recorded by one terminal device is more, a large amount of storage space is occupied, and the instruction operation information and the dangerous grade stored by the terminal device can be uploaded to the cloud server according to the unique number. In addition, after the cloud server receives the dangerous level and the operation instruction information of the operation instructions sent by the plurality of terminal devices, the operation instruction information stored by the corresponding terminal devices can be deleted, so that the storage space is saved.
With continued reference to fig. 2, after the cloud server collects the instruction operation information collected and reported by the plurality of terminals, the operation instruction is screened according to the risk level of the instruction, the number of terminal devices related to the instruction, the operation frequency of the instruction and other factors, and whether the execution of the instruction causes harm to the system software of the terminal device or not is judged, so that the service function of the terminal device is affected. For example, when the risk level of the operation instruction is the second risk level or the third risk level, the system software of the terminal device is primarily determined to be damaged, in order to further verify whether the operation instruction is a dangerous operation instruction, the cloud server performs virtual execution and verification on the operation instruction in a sandbox environment similar to the reporting terminal, and if the operation instruction is found to cause a system crash and an important application cannot run in the virtual environment, the verification operation instruction is determined to be a dangerous operation instruction, and the operation instruction is added into a blacklist. Or when the dangerous level of the operation instruction is the first dangerous level and the execution frequency of the operation instruction is higher (the execution frequency is greater than the first set threshold value), the preliminary judgment is that the frequent operation can generate a lot of garbage data, a lot of redundant logs and a lot of services or processes, which cause harm to the system software of the terminal equipment. Or when the danger level of the operation instruction is the first danger level and the operation instruction quantity is executed by a plurality of terminal devices (the number of the terminal devices is larger than the second set threshold value), primarily judging that the operation instruction can cause harm to system software of the terminal devices, and in order to further verify whether the operation instruction is the dangerous operation instruction, the cloud server virtually executes and verifies the instruction in a sandbox environment similar to the reported terminal devices, and adds the operation instruction into a blacklist when the operation instruction is verified to be the dangerous operation instruction.
After verifying that the operation instruction is a dangerous operation instruction, the cloud server puts the operation instruction into a blacklist of the corresponding terminal equipment, sends the updated blacklist to all the terminal equipment with the same type (for example, the terminal equipment with similar identity information is the terminal equipment with the same type), and the plurality of terminal equipment receive the updated blacklist sent by the cloud server and update the current blacklist of the corresponding terminal equipment according to the unique number. For example, the terminal device with the unique number A1 and the terminal device with the unique number A2 are provided with similar identity information, when it is judged that some operation instructions are dangerous in the terminal device with the unique number A1, the instructions are added to the blacklist, the current blacklist is updated, and the same dangerous instructions are also applicable to updating the blacklist of the terminal device with the unique number A2. And sending the updated blacklist to the corresponding terminal equipment, wherein when the terminal equipment executes the instruction again, the instruction operation monitoring software can traverse all instructions in the blacklist, and if the instructions in the blacklist are the same as the instructions executed by the current user at the terminal equipment, the execution of the instructions is prevented and the alarm information is uploaded to the cloud server. Therefore, the instruction operation monitoring software can cope with new dangerous instructions instead of the dangerous instructions which can only be set in a protection way through the continuous updating of dangerous operation instructions in the blacklist, and safer guarantee is given to the terminal equipment.
In addition, the cloud server gathers the operation information of the terminal device executing the operation instruction, at this time, the identity information of the terminal device is the same or different, so that when the terminal device is verified in the sandbox environment, the terminal device may be verified once or may be verified multiple times, and according to the identity information of the terminal device executing the operation instruction, for example, two different identity information are used to execute the operation instruction, and when the terminal device is verified in the sandbox environment, the terminal device needs to be verified in the sandbox environment similar to the two identity information.
In summary, in the method for monitoring and protecting terminal instruction operation according to the embodiment of the present invention, firstly, identity information of a plurality of terminal devices is received, then an initial blacklist is generated according to the identity information, and the initial blacklist is sent to a corresponding terminal device, then, a dangerous level of an operation instruction and operation instruction information sent by the plurality of terminal devices are received, and finally, when determining that the operation instruction is added to the blacklist according to the dangerous level of the operation instruction and the operation instruction information, the initial blacklist corresponding to the plurality of terminal devices is updated, and the updated blacklist is sent to the corresponding terminal device. Therefore, the method can monitor and protect the terminal operation instruction by utilizing the resource advantage of the cloud server and through data screening verification in the blacklist, can prevent dangerous operation instructions in advance, and provides safer guarantee for the terminal equipment.
The present invention also proposes a computer-readable storage medium corresponding to the above-described embodiments.
The computer readable storage medium of the present invention has stored thereon a terminal instruction operation monitoring and protection program which, when executed by a processor, implements the terminal instruction operation monitoring and protection method described above.
The computer readable storage medium of the invention can prevent dangerous operation instructions in advance by executing the monitoring and protecting method of terminal instruction operation, and ensure safer terminal equipment.
The invention also provides a terminal device corresponding to the embodiment.
As shown in fig. 4, the terminal device 200 of the present invention may include: memory 210, processor 220.
The memory 210 is used to store a monitoring and protection program for terminal instruction operations and to transmit the program code to the processor 220. In other words, the processor 220 may call and run the monitoring and protection program of the terminal instruction operation from the memory 210 to implement the method in the embodiment of the present application.
As shown in fig. 4, the terminal device 200 of the present invention may further include: a transceiver 230, the transceiver 230 being connectable to the memory 210 or the processor 220.
The processor 220 may control the transceiver 230 to communicate with other devices, and in particular, may send information or data to other devices or receive information or data sent by other devices. Transceiver 230 may include a transmitter and a receiver.
It will be appreciated that the individual components in the terminal device are connected by a bus system comprising, in addition to a data bus, a power bus, a control bus and a status signal bus.
The terminal equipment can prevent dangerous operation instructions in advance by executing the monitoring and protecting method for the terminal instruction operation, and ensures safer terminal equipment.
Corresponding to the embodiment, the invention further provides a cloud server.
As shown in fig. 5, the cloud server 300 of the present invention may include: memory 310, processor 320.
The memory 310 is used to store a monitoring and protection program for terminal instruction operations and to transmit the program code to the processor 320. In other words, the processor 320 may call and run the monitoring and protection program of the terminal instruction operation from the memory 310 to implement the method in the embodiment of the present application.
For example, the processor 320 may be configured to perform the above-described method embodiments in accordance with instructions in a monitor and guard program operated by the terminal instructions.
As shown in fig. 5, the cloud server may further include: a transceiver 330, the transceiver 330 being connectable to the memory 310 or the processor 320.
The processor 320 may control the transceiver 330 to communicate with other devices, and in particular, may send information or data to other devices or receive information or data sent by other devices. Transceiver 330 may include a transmitter and a receiver.
It should be appreciated that the various components in the cloud server are connected by a bus system that includes a power bus, a control bus, and a status signal bus in addition to a data bus.
According to the cloud server, through executing the monitoring and protecting method for the terminal instruction operation, dangerous operation instructions can be prevented in advance, and safer guarantee is given to terminal equipment.
Corresponding to the embodiment, the invention also provides a monitoring and protecting system for terminal instruction operation.
As shown in fig. 6, the monitoring and protection system 400 for terminal instruction operation of the present invention may include a terminal device 200 and a cloud server 300.
According to the monitoring and protecting system for the terminal instruction operation, through the terminal equipment and the cloud server, dangerous operation instructions can be prevented in advance, and safer guarantee is given to the terminal equipment.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, for example, may be considered as a ordered listing of executable instructions for implementing logical functions, and may be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
In the present invention, unless explicitly specified and limited otherwise, the terms "mounted," "connected," "secured," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly, through intermediaries, or both, may be in communication with each other or in interaction with each other, unless expressly defined otherwise. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.
Claims (11)
1. A method for monitoring and protecting terminal instruction operation, comprising:
Receiving an initial blacklist sent by a cloud server, wherein the initial blacklist is generated by the cloud server according to identity information of terminal equipment;
When the operation instruction is not in the initial blacklist, responding and executing the operation instruction, determining the dangerous level of the operation instruction according to an operation result, and sending the operation information and the dangerous level of the operation instruction to the cloud server;
When the cloud server determines to add the operation instruction into a blacklist, receiving an updated blacklist sent by the cloud server; the operation result is determined according to the influence of the execution of the operation instruction on the terminal equipment; the cloud server performs virtual execution and verification in a sandbox environment similar to the terminal equipment according to the danger level of the operation instruction and the operation frequency of the operation instruction, and determines to add the operation instruction into a blacklist when system software of the terminal equipment is damaged and business functions of the terminal equipment are affected.
2. The method for monitoring and protecting operation of a terminal command according to claim 1, wherein determining the operation result according to the influence of the operation command on the terminal device comprises:
When garbage data, redundant logs, redundant services or processes are generated in the terminal equipment without affecting the operation of a terminal system, determining the operation result as a first result;
When the application program cannot be normally used in the terminal equipment, determining the operation result as a second result;
and when the terminal equipment cannot be used normally, determining the operation result as a third result.
3. The method for monitoring and protecting the operation of the terminal command according to claim 2, wherein determining the risk level of the operation command according to the operation result comprises:
when the operation result is the first result, determining that the danger level of the operation instruction is a first danger level;
when the operation result is the second result, determining that the risk level of the operation instruction is a second risk level, wherein the risk coefficient of the first risk level is smaller than that of the second risk level;
and when the operation result is the third result, determining that the risk level of the operation instruction is a third risk level, wherein the risk coefficient of the second risk level is smaller than that of the third risk level.
4. A method for monitoring and protecting terminal instruction operation, comprising:
receiving identity information of a plurality of terminal devices;
generating an initial blacklist according to the identity information, and sending the initial blacklist to the corresponding terminal equipment;
Receiving dangerous grades of operation instructions and operation instruction information sent by a plurality of terminal devices, wherein the dangerous grades are determined according to operation results, and the operation results are determined according to the influence of the execution operation instructions on the terminal devices;
When determining to add the operation instruction into a blacklist according to the danger level of the operation instruction and the operation instruction information, updating the initial blacklist corresponding to a plurality of terminal devices, and sending the updated blacklist to the corresponding terminal devices; the cloud server performs virtual execution and verification in a sandbox environment similar to the terminal equipment according to the dangerous level of the operation instruction and the operation frequency of the operation instruction according to the number of the terminal equipment related to the operation instruction, and determines to add the operation instruction into a blacklist when system software of the terminal equipment is damaged and business functions of the terminal equipment are affected.
5. The method for monitoring and protecting operation of terminal instruction according to claim 4, wherein it is determined to add the operation instruction to a blacklist when any one of the following conditions is satisfied,
The danger level of the operation instruction is a second danger level or a third danger level;
The danger level of the operation instruction is a first danger level, and the execution frequency of the operation instruction is greater than a first set threshold;
The danger level of the operation instruction is a first danger level, and the number of terminal devices executing the operation instruction is larger than a second set threshold.
6. The method for monitoring and protecting operation of a terminal command according to claim 5, wherein before adding the operation command to a blacklist, the method further comprises:
verifying the operation instruction in a sandbox environment, wherein the sandbox environment is similar to the identity information of the terminal equipment corresponding to the operation instruction;
And when the operation instruction is verified to be a dangerous operation instruction, updating the corresponding current blacklist of the terminal equipment.
7. The method for monitoring and protecting operation of a terminal command according to claim 4, further comprising:
and updating the current blacklist of all the terminal equipment with similar identity information with the terminal equipment when determining to add the operation instruction into the blacklist.
8. A computer-readable storage medium, on which a monitoring and protection program of terminal instruction operations is stored, which, when executed by a processor, implements the method of monitoring and protection of terminal instruction operations according to any one of claims 1-7.
9. A terminal device comprising a memory, a processor and a monitoring and protection program for terminal instruction operations stored on the memory and executable on the processor, the processor implementing the method for monitoring and protection of terminal instruction operations according to any one of claims 1-3 when executing the monitoring and protection program for terminal instruction operations.
10. A cloud server comprising a memory, a processor and a monitoring and protection program for terminal instruction operation stored in the memory and operable on the processor, wherein the monitoring and protection method for terminal instruction operation according to any one of claims 4-7 is implemented when the processor executes the monitoring and protection program for terminal instruction operation.
11. A system for monitoring and protecting the operation of a terminal command, comprising: the terminal device of claim 9 and the cloud server of claim 10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210332213.9A CN114900326B (en) | 2022-03-30 | 2022-03-30 | Method, system and storage medium for monitoring and protecting terminal instruction operation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210332213.9A CN114900326B (en) | 2022-03-30 | 2022-03-30 | Method, system and storage medium for monitoring and protecting terminal instruction operation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114900326A CN114900326A (en) | 2022-08-12 |
CN114900326B true CN114900326B (en) | 2024-08-27 |
Family
ID=82715018
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210332213.9A Active CN114900326B (en) | 2022-03-30 | 2022-03-30 | Method, system and storage medium for monitoring and protecting terminal instruction operation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114900326B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102902919A (en) * | 2012-08-30 | 2013-01-30 | 北京奇虎科技有限公司 | Method, device and system for identifying and processing suspicious practices |
CN107634931A (en) * | 2016-07-18 | 2018-01-26 | 深圳市深信服电子科技有限公司 | Processing method, cloud server, gateway and the terminal of abnormal data |
CN108011880A (en) * | 2017-12-04 | 2018-05-08 | 郑州云海信息技术有限公司 | The management method and computer-readable recording medium monitored in cloud data system |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009152933A (en) * | 2007-12-21 | 2009-07-09 | Duaxes Corp | Communication monitoring device |
CN103679031B (en) * | 2013-12-12 | 2017-10-31 | 北京奇虎科技有限公司 | A kind of immune method and apparatus of file virus |
CN104038504A (en) * | 2014-06-25 | 2014-09-10 | 深圳市鸿宇顺科技有限公司 | System and method for preventing Internet payment information from being stolen |
CN105323261A (en) * | 2015-12-15 | 2016-02-10 | 北京奇虎科技有限公司 | Data detection method and device |
CN106027462B (en) * | 2016-01-21 | 2019-09-27 | 李明 | A kind of operation requests control method and device |
CN107145782B (en) * | 2017-04-28 | 2020-04-24 | 维沃移动通信有限公司 | Abnormal application program identification method, mobile terminal and server |
CN108092795A (en) * | 2017-11-09 | 2018-05-29 | 深圳市金立通信设备有限公司 | A kind of reminding method, terminal device and computer-readable medium |
KR101975681B1 (en) * | 2017-12-28 | 2019-05-07 | 호남대학교 산학협력단 | Environment monitoring system of internet of things in cloud computing environment |
CN108234486A (en) * | 2017-12-29 | 2018-06-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of network monitoring method and monitoring server |
CN109756368B (en) * | 2018-12-24 | 2022-03-01 | 广州市百果园网络科技有限公司 | Method and device for detecting abnormal change of equipment, computer readable storage medium and terminal |
CN111159690B (en) * | 2019-12-13 | 2023-08-08 | 深圳市科陆电子科技股份有限公司 | Remote monitoring method, system and storage medium based on embedded Linux system |
CN111726774B (en) * | 2020-06-28 | 2023-09-05 | 阿波罗智联(北京)科技有限公司 | Method, device, equipment and storage medium for defending attack |
CN112087423A (en) * | 2020-07-29 | 2020-12-15 | 深圳市国电科技通信有限公司 | Method, device and system for cloud-side cooperative management of terminal equipment |
CN112799925A (en) * | 2021-01-25 | 2021-05-14 | 北京嘀嘀无限科技发展有限公司 | Data acquisition method and device, electronic equipment and readable storage medium |
-
2022
- 2022-03-30 CN CN202210332213.9A patent/CN114900326B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102902919A (en) * | 2012-08-30 | 2013-01-30 | 北京奇虎科技有限公司 | Method, device and system for identifying and processing suspicious practices |
CN107634931A (en) * | 2016-07-18 | 2018-01-26 | 深圳市深信服电子科技有限公司 | Processing method, cloud server, gateway and the terminal of abnormal data |
CN108011880A (en) * | 2017-12-04 | 2018-05-08 | 郑州云海信息技术有限公司 | The management method and computer-readable recording medium monitored in cloud data system |
Also Published As
Publication number | Publication date |
---|---|
CN114900326A (en) | 2022-08-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9860263B2 (en) | System and method for assessing data objects on mobile communications devices | |
US9344431B2 (en) | System and method for assessing an application based on data from multiple devices | |
US9740852B2 (en) | System and method for assessing an application to be installed on a mobile communications device | |
US8875289B2 (en) | System and method for preventing malware on a mobile communication device | |
CN100454326C (en) | Access controller and access control method | |
US20160125184A1 (en) | System and method for identifying a mobile application likely to adversely affect network performance | |
CN104662517A (en) | Techniques for detecting a security vulnerability | |
CN112783518A (en) | Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method | |
CN102629310A (en) | System and method for protecting computer system from being infringed by activities of malicious objects | |
CN110688653A (en) | Client security protection method and device and terminal equipment | |
EP3433783A1 (en) | Rule enforcement in a network | |
CN110874231A (en) | Method, device and storage medium for updating terminal version | |
CN108183884B (en) | Network attack determination method and device | |
KR102213460B1 (en) | System and method for generating software whistlist using machine run | |
CN114900326B (en) | Method, system and storage medium for monitoring and protecting terminal instruction operation | |
CN100390753C (en) | Terminal control apparatus having a fragility detection unit | |
CN110489969B (en) | System and electronic equipment for disposing mine excavation viruses of host based on SOAR | |
CN113031997A (en) | Upgrade package generation and management method and device, computer equipment and storage medium | |
CN114726722B (en) | Bian Yun collaborative baseline checking and configuration updating method, system and storage medium | |
CN108334788A (en) | File tamper resistant method and device | |
CN114237665A (en) | Patch updating method and device, computing equipment and storage medium | |
CN105678167A (en) | Safety protection method and apparatus | |
CN114978737B (en) | Comprehensive management system for Doppler weather radar data | |
CN115470479A (en) | Authority control method of application program, electronic device and storage medium | |
CN113032351B (en) | Recovery method and device of network file system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |