CN113127869A - Method and system for tracking authentication environment - Google Patents
Method and system for tracking authentication environment Download PDFInfo
- Publication number
- CN113127869A CN113127869A CN201911424736.0A CN201911424736A CN113127869A CN 113127869 A CN113127869 A CN 113127869A CN 201911424736 A CN201911424736 A CN 201911424736A CN 113127869 A CN113127869 A CN 113127869A
- Authority
- CN
- China
- Prior art keywords
- sample
- authentication
- identification
- environment
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000013507 mapping Methods 0.000 claims abstract description 16
- 230000015654 memory Effects 0.000 claims description 57
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 description 15
- 238000011156 evaluation Methods 0.000 description 10
- 206010000117 Abnormal behaviour Diseases 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000003068 static effect Effects 0.000 description 6
- 241000700605 Viruses Species 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000001960 triggered effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000011900 installation process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000026676 system process Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides an identification environment tracking method, which comprises the following steps: acquiring a sample uploaded by a user, and establishing an identification task corresponding to the sample according to the sample; configuring an authentication environment corresponding to the sample according to the authentication task to generate an identification code and login information of the authentication environment, and establishing a mapping relation between the identification code and the login information; allocating the identification tasks to the identification environments, and controlling the identification environments to carry out identification operation on the samples; sending the identification code to the user to determine the login information according to the identification code and the mapping relation; and receiving login information input by a user so that the user logs in the authentication environment according to the login information to track the authentication environment. According to the embodiment of the invention, the identification code and the login information of the identification environment and the identification environment can be dynamically configured according to the sample, and the identification code is sent to the user, so that the user can log in the identification environment to track the identification environment, and the safety of the identification environment is further improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to an identification environment tracking method and system.
Background
In the field of network and information security, a virtual operating system is created to run a suspicious sample, and the suspicious sample is isolated from an actual operating system; when a suspicious sample carries a virus or a Trojan horse program, the behavior triggered in the virtual operating system does not cause damage to the actual operating system, and the virtual operating system is called an authentication environment.
The traditional evaluation environment evaluates the sample based on a static schedule, and when the evaluation environment of the sample needs to be tracked, the sample is usually put into a static continuous operation evaluation environment for evaluation. The method for tracking the identification environment based on the static scheduling needs to continuously run the identification environment even when the identification of the sample is not needed because the method is a way of statically allocating resources.
In the prior art, the drawback to static scheduling can be overcome through the artifical developments start and stop the mode of appraising the environment, nevertheless stops under the condition of appraising the environment at artifical developments start and stop, and the user can't know the appraising environment that the sample corresponds, just also can't track the appraising environment, and then also can't ensure the security of appraising the environment.
Therefore, the present invention is directed to solving the problem that the authentication environment cannot be tracked.
Disclosure of Invention
In view of the above, embodiments of the present invention provide an authentication environment tracking method, system, computer device and computer readable storage medium, which can dynamically configure a corresponding authentication environment according to a sample, and allow a user to log into the authentication environment to track the authentication environment, thereby improving the security of the authentication environment.
The embodiment of the invention solves the technical problems through the following technical scheme:
an authentication context tracking method, comprising:
obtaining a sample uploaded by a user, and establishing an identification task corresponding to the sample according to the sample;
configuring the identification environment of the sample according to the identification task to generate an identification code and login information of the identification environment, and establishing a mapping relation between the identification code and the login information;
assigning the identification task to the identification environment and controlling the identification environment to perform identification operation on the sample;
sending the identification code to the user to determine the login information according to the identification code and the mapping relation;
and receiving the login information input by the user so that the user logs in the authentication environment according to the login information to track the authentication environment.
Further, the obtaining a sample uploaded by a user and establishing an authentication task corresponding to the sample according to the sample further includes:
and obtaining the identification parameters uploaded by the user, and establishing an identification task corresponding to the sample according to the sample and the identification parameters.
Further, the identification parameters include the identification time length and the triggering mode of the sample.
Further, the configuring the authentication context of the sample according to the authentication task includes:
obtaining attributes of the sample, wherein the attributes comprise the size of a memory occupied by the sample and an operating system type for executing the identification operation on the sample;
calculating computer resources required by the sample according to the attributes of the sample and the identification parameters, wherein the computer resources comprise a hard disk, a memory and a central processing unit;
configuring the authentication environment according to the computer resources.
Further, after assigning the authentication task to the authentication environment, the method further comprises:
and sending the login information to a preset authentication environment management center so as to register the authentication environment to the authentication environment management center.
In order to achieve the above object, an embodiment of the present invention further provides an authentication environment tracking system, including:
the acquisition module is used for acquiring a sample uploaded by a user and establishing an identification task corresponding to the sample according to the sample;
the configuration module is used for configuring the authentication environment corresponding to the sample according to the authentication task so as to generate an identification code and login information of the authentication environment and establish a mapping relation between the identification code and the login information;
the distribution module is used for distributing the identification tasks to the identification environments and controlling the identification environments to carry out identification operation on the samples;
the sending module is used for sending the identification code to the user so as to determine the login information according to the identification code and the mapping relation;
and the receiving module is used for receiving the login information input by the user so that the user logs in the authentication environment according to the login information to track the authentication environment.
Further, the configuration module is further configured to:
and obtaining the identification parameters uploaded by the user, and establishing an identification task corresponding to the sample according to the sample and the identification parameters.
Further, the identification parameters include the identification time length and the triggering mode of the sample.
Further, the configuration module is further configured to:
obtaining attributes of the sample, wherein the attributes comprise the size of a memory occupied by the sample and an operating system type for executing the identification operation on the sample;
calculating computer resources required by the sample according to the attributes of the sample and the identification parameters, wherein the computer resources comprise a hard disk, a memory and a central processing unit;
configuring the authentication environment according to the computer resources.
Further, the allocation module is further configured to:
and sending the login information to a preset authentication environment management center so as to register the authentication environment to the authentication environment management center.
In order to achieve the above object, an embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the steps of the authentication environment tracking method as described above when executing the computer program.
To achieve the above object, an embodiment of the present invention further provides a computer-readable storage medium, in which a computer program is stored, the computer program being executable by at least one processor to cause the at least one processor to execute the steps of the authentication environment tracking method as described above.
According to the authentication environment tracking method, the authentication environment tracking system, the computer equipment and the computer readable storage medium, the corresponding authentication environment is dynamically configured according to the sample, the identification code of the authentication environment and the login information corresponding to the identification code are generated, and when the authentication environment authenticates the sample, the identification code is sent to the user, so that the user can log in the authentication environment to track the authentication environment, and the security of the authentication environment is greatly improved.
The invention is described in detail below with reference to the drawings and specific examples, but the invention is not limited thereto.
Drawings
FIG. 1 is a diagram of an application environment of a method for tracking an authentication environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating steps of a method for tracking an authentication environment according to an embodiment of the present invention;
FIG. 3 is a block diagram of a second embodiment of a system for tracking authentication environment according to the present invention;
fig. 4 is a schematic hardware structure diagram of a computer device according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Technical solutions between various embodiments may be combined with each other, but must be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Referring to fig. 1, an application environment diagram of an authentication environment tracking method according to a first embodiment of the invention is shown.
When a user delivers a sample to the task management module, the task management module creates an authentication task according to the sample, then the deployment management module calculates the requirement of dynamic deployment according to the requirement of the authentication task, allocates resources for the required authentication environment to initialize, and creates an environment number, a user name and a password of the authentication environment. And after the authentication environment is initialized, the deployment management module registers the environment number, the user name and the password to an authentication environment management center. The authentication environment then obtains the authentication task from the task management module and performs the authentication operation. When the user receives the authentication task and starts the authentication work, the user can acquire the environment number from the task management module, then acquire the corresponding user name and password in the authentication environment management center according to the environment number, and log in the authentication environment according to the user name and the password so as to track the authentication environment.
Example one
Referring to fig. 2, a flowchart illustrating steps of a method for tracking an authentication environment according to a first embodiment of the invention is shown.
It is to be understood that the flow charts in the embodiments of the present method are not intended to limit the order in which the steps are performed. The following description is given by taking a computer device as an execution subject, specifically as follows:
and S100, obtaining a sample uploaded by a user, and establishing an identification task corresponding to the sample according to the sample.
In particular, common examples are files, executables, and Uniform Resource Locators (URLs). A user may deliver a sample, which the computer device receives and distributes to an authentication environment for scanning and parsing, thereby enabling authentication of the sample. In an exemplary embodiment, the user may also set and upload the identification parameters of the sample when delivering the sample. And the computer equipment acquires the identification parameters and establishes an identification task corresponding to the sample according to the identification parameters and the sample. The identification parameter can be a scanning time length and a triggering mode, wherein the triggering mode can be a manual triggering mode or an automatic triggering mode. In this embodiment, after the corresponding authentication task is established by the authentication parameters and the sample, the authentication mode of the sample can be determined according to the established authentication task.
In a preferred embodiment, the authentication parameter may also be a priority level of the sample, that is, when the user delivers the sample in batch, the timing of the authentication of the sample may be determined by setting the priority level, so that the authentication environment scans the sample according to the priority level.
Illustratively, when the user delivers one hundred samples at a time, the one hundred samples include an audio-video file, an executable program and a URL; the audio and video files and the executable program occupy larger storage space, and the required scanning time is longer; the URL occupies a smaller storage space and requires a shorter scanning time. The user may set the URL samples to a higher priority level and the audio video file samples and executable program samples to a lower priority level. For example: and setting the priority level of the URL sample as A, the priority level of the executable program sample as B and the priority level of the audio and video file sample as C, thereby forming a priority level queue. According to the set priority levels, the priority levels of the samples are in the following sequence: and A > B > C, the URL sample is preferentially scanned by the authentication environment, then the executable program sample is scanned, and finally the audio and video file sample is scanned. After receiving the sample and the authentication parameters delivered by the user, the computer device creates an authentication task corresponding to the sample in a preset task management center, wherein the task management center manages the authentication process of the sample, and data generated by the sample in an authentication environment is synchronized to the task management center.
And S102, configuring an authentication environment corresponding to the sample according to the authentication task to generate an identification code and login information of the authentication environment, and establishing a mapping relation between the identification code and the login information. In a specific embodiment of the present invention, the identification code of the authentication environment refers to an authentication environment number of the authentication environment, and the login information includes a user name and a password.
Specifically, after the task management center creates the authentication task, the computer device may calculate required computer resources according to a sample in the authentication task, thereby configuring an authentication environment corresponding to the authentication task. When the authentication environment is configured, an authentication environment number and login information of the authentication environment are also configured, wherein the login information comprises a user name and a password of the authentication environment. And then establishing a mapping relation among the authentication environment number, the user name and the password, and enabling the authentication environment number, the user name and the password to correspond to one another.
Illustratively, when the user delivers an audio-video file, the computer device calculates the size of the corresponding required hardware according to the size of the file, thereby configuring a corresponding authentication environment. Meanwhile, the computer device generates a random authentication environment number, a user name and a password for the authentication environment, wherein the authentication environment number may be in the form of an authentication environment name plus five-bit random characters, or in the form of a sample type code plus five-bit random characters or other character combinations. The user randomly generates an identification environment number, a user name and a password of an identification environment every time the sample is delivered, and the identification environment stops running after the sample identification is finished; when the user delivers the sample again, a new authentication context is configured and a new authentication context number, username and password are generated.
In a preferred embodiment, when configuring the authentication environment corresponding to the sample according to the authentication task, the attribute of the sample is obtained, the computer resource required by the sample is calculated according to the attribute of the sample and the authentication parameter, and then the authentication environment is configured according to the computer resource. The attributes comprise the size of the memory occupied by the sample and the type of the operating system for executing the identification operation on the sample, and the computer resources comprise a hard disk, a memory and a central processing unit. Through the attribute and the identification parameter of the sample, the identification environment corresponding to the memory size and the type of the operating system can be configured according to the memory size occupied by the sample and the type of the operating system executing the identification operation on the sample, and the utilization rate of computer resources and the matching rate of the sample and the identification environment operating system are greatly improved.
Specifically, the storage spaces occupied by different samples are different, and the corresponding operating systems are also different. Some samples need to be scanned in a Windows XP system, and a Windows XP operating system needs to be simulated in an authentication environment to scan the samples; if some samples need to be scanned in the WIN7 system, a WIN7 operating system needs to be simulated in the authentication environment to scan the samples; the simulated Windows XP operating system and the WIN7 operating system occupy different memories, the Windows XP occupies a smaller memory, and the WIN7 occupies a larger memory. Therefore, the attributes of the sample, i.e., the size of the memory occupied by the sample and the type of the operating system, need to be obtained, and then the sizes of the memory, the hard disk, and the CPU needed for configuring the authentication environment are calculated according to the attributes, so as to create the corresponding authentication environment.
In a preferred embodiment, the authentication environment is also configured according to authentication parameters set by a user when creating the authentication environment.
Illustratively, the user sets the authentication parameters to: the scanning time is 15 minutes, and the triggering mode is automatic triggering, so that the computer equipment can increase the memory, the hard disk and the CPU of the identification environment according to the scanning time, so as to ensure that the hardware resources of the computer can meet the requirement of long-time scanning of the identification environment.
And step S104, distributing the identification tasks to the identification environments, and controlling the identification environments to carry out identification operation on the samples.
Specifically, after the authentication environments are created, the computer device may sequentially assign the authentication tasks to the different authentication environments according to the priority levels of the authentication samples, and control the authentication environments to scan the samples. And then, analyzing according to the scanning result of the sample to judge whether the sample has abnormal behaviors in the identification environment.
For example, after an executable program is assigned to an authentication environment, an automated script within the authentication environment will automatically install the executable program and run the program. Meanwhile, the authentication environment records a log generated during the running of the program, and then the computer device judges whether the program has abnormal behaviors or not by extracting information in the log. For example, if the extracted modified registry information in the log has a record for modifying the registry of the program system, it is determined that the sample has an abnormal behavior, and the computer device marks the sample as a suspected virus sample; if the extracted process information in the log has a record that the system process is closed by the sample, judging that the sample has an abnormal behavior, and marking the sample as a suspected virus sample by the computer equipment.
In another preferred embodiment, after the authentication task is assigned to the authentication environment, the login information is further sent to a preset authentication environment management center to register the authentication environment with the authentication environment management center. After the authentication environment is registered in the environment management center, the login information of the authentication environment can be acquired through the authentication environment management center.
And step S106, sending the identification code to the user so as to determine the login information according to the identification code and the mapping relation.
Specifically, after the sample is scanned by the authentication environment, the computer device sends the authentication environment number of the authentication environment to the user. Then, according to the authentication environment number, the user can obtain the user name and the password of the authentication environment.
Step S108, receiving the login information input by the user, so that the user logs in the authentication environment according to the login information to track the authentication environment.
For example, after obtaining the user name and the password, the user may log in to the authentication environment according to the user name and the password. After the user logs in, the scanning process of the sample can be observed in the authentication environment, and it is understood that the scanning process of the sample observed in the authentication environment as described herein refers to the operation of the sample by the analog operating system of the authentication environment, the operation process is displayed on the display device, and the user can see the scanning process of the sample through the display device.
In a preferred embodiment, the user may also be triggered to perform an action upon logging into the authentication environment. For example, an automated script of an authentication environment performs an installation operation on an executable program, and during the installation process, a dialog box is popped up and prompt information, a "next" button and a "cancel" button are displayed, and at this time, if the automated script cannot perform a click operation of the "next" button, a user can manually click the "next" button, so that the executable program continues to be installed in the authentication environment. After the executable program installation is complete, the authentication environment performs an authentication operation on the sample.
According to the embodiment of the invention, the corresponding identification environment is dynamically configured according to the sample, the identification code of the identification environment and the login information corresponding to the identification code are generated, and when the identification environment identifies the sample, the identification code is sent to the user, so that the user can log in the identification environment to track the identification environment, and the safety of the identification environment is greatly improved.
Example two
Referring to fig. 3, a schematic diagram of program modules of an authentication environment tracking system according to a second embodiment of the invention is shown. It is to be understood that the flow charts in the embodiments of the present method are not intended to limit the order in which the steps are performed. In this embodiment, the authentication environment tracking system 20 may include or be divided into one or more program modules, which are stored in a storage medium and executed by one or more processors to implement the present invention and the above-described authentication environment tracking method. The program modules referred to in the embodiments of the present invention are a series of computer program instruction segments that can perform specific functions, and are more suitable than the program itself for describing the execution process of the authentication environment tracking system 20 in the storage medium. The following description will specifically describe the functions of the program modules of the present embodiment:
the obtaining module 200 is configured to obtain a sample uploaded by a user, and establish an authentication task corresponding to the sample according to the sample.
In particular, common examples are files, web content, and Uniform Resource Locators (URLs). The user may deliver the sample through the acquisition module 200, and the acquisition module 200 receives the sample and distributes the sample to the authentication environment for scanning and parsing, thereby implementing authentication of the sample. In an exemplary embodiment, the user may also set and upload the identification parameters of the sample when the sample is delivered. The obtaining module 200 obtains the identification parameters, and establishes an identification task corresponding to the sample according to the identification parameters and the sample. The identification parameters can be scanning duration and triggering mode, wherein the triggering mode can be manual triggering or automatic triggering. In this embodiment, after the corresponding authentication task is established by the authentication parameters and the sample, the authentication mode of the sample can be determined according to the established authentication task.
In a preferred embodiment, the authentication parameter may also be a priority level of the sample, that is, when the user delivers the sample in batch, the timing of the authentication of the sample may be determined by setting the priority level, so that the authentication environment scans the sample according to the priority level.
Illustratively, when a user delivers one hundred samples at a time in the acquisition module 200, the one hundred samples include an audio-video file, an executable program and a URL; the audio and video files and the executable program occupy larger storage space, and the required scanning time is longer; the URL occupies a smaller storage space and requires a shorter scanning time. The user may set the URL to a higher priority level and the audio-video file and executable program to a lower priority level. For example: the obtaining module 200 sets the priority level of the URL to a, the priority level of the executable program to B, and the priority level of the audio/video file to C, thereby forming a priority level queue. According to the set priority levels, the priority levels of the samples are in the following sequence: and A > B > C, the URL sample is preferentially scanned by the authentication environment, then the executable program sample is scanned, and finally the audio and video file sample is scanned. After receiving the sample and the identification parameters delivered by the user, the obtaining module 200 creates an identification task corresponding to the sample in a preset task management center, where the task management center manages the identification process of the sample, and data generated by the sample in the identification environment is stored in the task management center.
A configuration module 202, configured to configure, according to the authentication task, an authentication environment corresponding to the sample, so as to generate an identification code and login information of the authentication environment, and establish a mapping relationship between the identification code and the login information, where the login information includes a user name and a password.
Specifically, after the task management center creates the authentication task, the configuration module 202 may calculate the required computer resources according to the samples in the authentication task, thereby configuring the authentication environment corresponding to the authentication task. When configuring the authentication environment, the configuration module 202 further configures an authentication environment number and login information of the authentication environment, where the login information includes a user name and a password of the authentication environment. Then, a mapping relation among the identification environment number, the user name and the password is established, and the three are in one-to-one correspondence.
Illustratively, when a user delivers an audio/video file, the configuration module 202 calculates the size of the corresponding required hardware according to the size of the file, thereby configuring a corresponding authentication environment. Meanwhile, the configuration module 202 generates a random authentication environment number, a user name and a password for the authentication environment, where the authentication environment number may be in the form of an authentication environment name plus five random characters, or in the form of a sample type code plus five random characters or other character combinations. The user randomly generates an identification environment number, a user name and a password of an identification environment every time the sample is delivered, and the identification environment stops running after the sample identification is finished; when the user delivers the sample again, the configuration module 202 configures a new authentication environment and generates a new authentication environment number, username, and password.
In a preferred embodiment, when configuring the authentication environment corresponding to the sample according to the authentication task, the attribute of the sample is obtained, the computer resource required by the sample is calculated according to the attribute of the sample and the authentication parameter, and then the authentication environment is configured according to the computer resource. The attributes may include a size of a memory occupied by the sample and a type of an operating system that performs the evaluation operation on the sample, and the computer resources may include a hard disk, a memory, and a central processing unit. Through the attribute and the identification parameter of the sample, the identification environment corresponding to the memory size and the type of the operating system can be configured according to the memory size occupied by the sample and the type of the operating system executing the identification operation on the sample, and the utilization rate of computer resources and the matching rate of the sample and the identification environment operating system are greatly improved.
Specifically, the storage spaces occupied by different samples are different, and the corresponding operating systems are also different. Some samples need to be scanned in a Windows XP system, and a Windows XP operating system needs to be simulated in an authentication environment to scan the samples; if some samples need to be scanned in the WIN7 system, a WIN7 operating system needs to be simulated in the authentication environment to scan the samples; the simulated Windows XP operating system and the WIN7 operating system occupy different memories, the Windows XP occupies a smaller memory, and the WIN7 occupies a larger memory. Therefore, the attributes of the sample, i.e., the size of the memory occupied by the sample and the type of the operating system, need to be obtained, and then the sizes of the memory, the hard disk, and the CPU needed for configuring the authentication environment are calculated according to the attributes, so as to create the corresponding authentication environment.
In a preferred embodiment, the configuration module 202 may also configure the authentication environment according to the authentication parameters set by the user when creating the authentication environment.
Illustratively, the user sets the authentication parameters to: the scanning time is 15 minutes, the triggering mode is automatic triggering, and then the memory, the hard disk and the CPU of the identification environment are added according to the scanning time, so that the hardware resources of the computer can meet the requirement of long-time scanning of the identification environment.
An assigning module 204, configured to assign the authentication task to the authentication environment and control the authentication environment to perform an authentication operation on the sample.
Specifically, after creating the evaluation environment, the assignment module 204 may assign the evaluation tasks to different evaluation environments in sequence according to the priority levels of the evaluation samples, and control the evaluation environments to scan the samples. And then, analyzing according to the scanning result of the sample to judge whether the sample has abnormal behaviors in the identification environment.
For example, after an executable program is allocated to the authentication environment, an automation script in the authentication environment automatically installs the executable program and runs the program, during which the authentication environment records a log generated during the running of the program, and the allocation module 204 determines whether the program has abnormal behavior by extracting information in the log. For example, if the extracted information for modifying the registry in the log has a record for modifying the registry of the program system, it is determined that the sample has an abnormal behavior, and the distribution module 204 marks the sample as a suspected virus sample; if the extracted process information in the log has a record that the system process is closed by the sample, it is determined that the sample has an abnormal behavior, and the distribution module 204 marks the sample as a suspected virus sample.
In another preferred embodiment, after the authentication task is assigned to the authentication environment, the login information is further sent to a preset authentication environment management center to register the authentication environment with the authentication environment management center. After the authentication environment is registered in the environment management center, the login information of the authentication environment can be acquired through the authentication environment management center.
A sending module 206, configured to send the identifier to the user, so as to determine the login information according to the identifier and the mapping relationship.
Specifically, after the sample is scanned by the authentication environment, the sending module 206 sends the authentication environment number of the authentication environment to the user. Then, according to the authentication environment number, the user can obtain the user name and the password of the authentication environment.
A receiving module 208, configured to receive the login information input by the user, so that the user logs in the authentication environment according to the login information to track the authentication environment.
For example, after obtaining the user name and the password, the user may log in to the authentication environment according to the user name and the password. After the user logs in, the scanning process of the sample can be observed in the authentication environment, and it is understood that the scanning process of the sample observed in the authentication environment as described herein refers to the operation of the sample by the analog operating system of the authentication environment, the operation process is displayed on the display device, and the user can see the scanning process of the sample through the display device.
In a preferred embodiment, the user may also be triggered to perform an action upon logging into the authentication environment. For example, an automated script of an authentication environment performs an installation operation on an executable program, and during the installation process, a dialog box is popped up and prompt information, a "next" button and a "cancel" button are displayed, and at this time, if the automated script cannot perform a click operation of the "next" button, a user can manually click the "next" button, so that the executable program continues to be installed in the authentication environment. After the executable program installation is complete, the authentication environment performs an authentication operation on the sample.
According to the embodiment of the invention, the corresponding identification environment is dynamically configured according to the sample, the identification code of the identification environment and the login information corresponding to the identification code are generated, and when the identification environment identifies the sample, the identification code is sent to the user, so that the user can log in the identification environment to track the identification environment, and the safety of the identification environment is greatly improved.
EXAMPLE III
Fig. 4 is a schematic diagram of a hardware architecture of a computer device according to a third embodiment of the present invention. In the present embodiment, the computer device 2 is a device capable of automatically performing numerical calculation and/or information processing in accordance with a preset or stored instruction. The computer device 2 may be a rack server, a blade server, a tower server or a rack server (including an independent server or a server cluster composed of a plurality of servers), and the like. As shown in FIG. 4, the computer device 2 may include, but is not limited to, a memory 21, a processor 22, a network interface 23, and an authentication environment tracking system 20 communicatively coupled to each other via a system bus. Wherein:
in this embodiment, the memory 21 may include one type of computer-readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 21 may be an internal storage unit of the computer device 2, such as a hard disk or a memory of the computer device 2. In other embodiments, the memory 21 may also be an external storage device of the computer device 2, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like provided on the computer device 2. Of course, the memory 21 may also comprise both internal and external memory units of the computer device 2. In this embodiment, the memory 21 is generally used for storing an operating system and various application software installed in the computer device 2, such as the program code of the authentication environment tracking system 20 of the second embodiment. Further, the memory 21 may also be used to temporarily store various types of data that have been output or are to be output.
The network interface 23 may comprise a wireless network interface or a wired network interface, and the network interface 23 is generally used for establishing communication connection between the computer device 2 and other electronic apparatuses. For example, the network interface 23 is used to connect the computer device 2 to an external terminal through a network, establish a data transmission channel and a communication connection between the computer device 2 and the external terminal, and the like. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a Global System for mobile communication (GSM), Wideband Code Division Multiple Access (WCDMA), a 4G network, a 5G network, Bluetooth (Bluetooth), Wi-Fi, and the like.
It is noted that fig. 4 only shows the computer device 2 with components 20-23, but it is to be understood that not all shown components are required to be implemented, and that more or less components may be implemented instead.
In this embodiment, the authentication environment tracking system 20 stored in the memory 21 may be further divided into one or more program modules, and the one or more program modules are stored in the memory 21 and executed by one or more processors (in this embodiment, the processor 22) to complete the present invention.
For example, fig. 3 shows a schematic diagram of program modules of the authentication environment tracking system 20, and in this embodiment, the authentication environment tracking system 20 may be classified as an authentication environment tracking. The program modules referred to herein are a series of computer program instruction segments that are capable of performing specific functions and are more suitable than programs for describing the execution of the authentication environment tracking system 20 on the computer device 2. The specific functions of the program modules 200 and 208 have been described in detail in the second embodiment, and are not described herein again.
Example four
The present embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., on which a computer program is stored, which when executed by a processor implements corresponding functions. The computer-readable storage medium of the embodiment is used for storing the authentication environment tracking system 20, and when executed by a processor, implements the authentication environment tracking method of the first embodiment.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. An authentication context tracking method, comprising:
obtaining a sample uploaded by a user, and establishing an identification task corresponding to the sample according to the sample;
configuring the identification environment of the sample according to the identification task to generate an identification code and login information of the identification environment, and establishing a mapping relation between the identification code and the login information;
assigning the identification task to the identification environment and controlling the identification environment to perform identification operation on the sample;
sending the identification code to the user to determine the login information according to the identification code and the mapping relation;
and receiving the login information input by the user so that the user logs in the authentication environment according to the login information to track the authentication environment.
2. The method for tracking an authentication environment according to claim 1, wherein the obtaining a sample uploaded by a user and establishing an authentication task corresponding to the sample based on the sample further comprises:
and obtaining the identification parameters uploaded by the user, and establishing an identification task corresponding to the sample according to the sample and the identification parameters.
3. The method of claim 2, wherein the authentication parameters include an authentication duration and a trigger mode of the sample.
4. The method for tracking an authentication environment according to claim 1, wherein the configuring the authentication environment of the sample according to the authentication task includes:
obtaining attributes of the sample, wherein the attributes comprise the size of a memory occupied by the sample and an operating system type for executing the identification operation on the sample;
calculating computer resources required by the sample according to the attributes of the sample and the identification parameters, wherein the computer resources comprise a hard disk, a memory and a central processing unit;
configuring the authentication environment according to the computer resources.
5. The authentication environment tracking method of claim 1, wherein after assigning the authentication task to the authentication environment, further comprising:
and sending the login information to a preset authentication environment management center so as to register the authentication environment to the authentication environment management center.
6. An authentication environment tracking system, comprising:
the acquisition module is used for acquiring a sample uploaded by a user and establishing an identification task corresponding to the sample according to the sample;
the configuration module is used for configuring the authentication environment corresponding to the sample according to the authentication task so as to generate an identification code and login information of the authentication environment and establish a mapping relation between the identification code and the login information;
the distribution module is used for distributing the identification tasks to the identification environments and controlling the identification environments to carry out identification operation on the samples;
the sending module is used for sending the identification code to the user so as to determine the login information according to the identification code and the mapping relation;
and the receiving module is used for receiving the login information input by the user so that the user logs in the authentication environment according to the login information to track the authentication environment.
7. The authentication environment tracking system of claim 6, wherein the configuration module is further configured to obtain the authentication parameters uploaded by the user, and establish an authentication task corresponding to the sample according to the sample and the authentication parameters.
8. The authentication environment tracking system of claim 6, wherein the configuration module is further configured to:
obtaining attributes of the sample, wherein the attributes comprise the size of a memory occupied by the sample and an operating system type for executing the identification operation on the sample;
calculating computer resources required by the sample according to the attributes of the sample and the identification parameters, wherein the computer resources comprise a hard disk, a memory and a central processing unit;
configuring the authentication environment according to the computer resources.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the authentication environment tracking method according to any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, having stored therein a computer program executable by at least one processor to cause the at least one processor to perform the steps of the authentication environment tracking method of any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911424736.0A CN113127869B (en) | 2019-12-31 | 2019-12-31 | Identification environment tracking method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911424736.0A CN113127869B (en) | 2019-12-31 | 2019-12-31 | Identification environment tracking method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113127869A true CN113127869A (en) | 2021-07-16 |
CN113127869B CN113127869B (en) | 2024-02-13 |
Family
ID=76770751
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911424736.0A Active CN113127869B (en) | 2019-12-31 | 2019-12-31 | Identification environment tracking method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113127869B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140173709A1 (en) * | 2011-12-16 | 2014-06-19 | Avigdor Eldar | Secure user attestation and authentication to a remote server |
CN106650427A (en) * | 2016-12-28 | 2017-05-10 | 北京奇虎科技有限公司 | Sandbox operation environment detection method and device |
CN107659540A (en) * | 2016-07-25 | 2018-02-02 | 中兴通讯股份有限公司 | Dynamic behaviour analysis method, device, system and equipment |
-
2019
- 2019-12-31 CN CN201911424736.0A patent/CN113127869B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140173709A1 (en) * | 2011-12-16 | 2014-06-19 | Avigdor Eldar | Secure user attestation and authentication to a remote server |
CN107659540A (en) * | 2016-07-25 | 2018-02-02 | 中兴通讯股份有限公司 | Dynamic behaviour analysis method, device, system and equipment |
CN106650427A (en) * | 2016-12-28 | 2017-05-10 | 北京奇虎科技有限公司 | Sandbox operation environment detection method and device |
Also Published As
Publication number | Publication date |
---|---|
CN113127869B (en) | 2024-02-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109766696B (en) | Method and device for setting software permission, storage medium and electronic device | |
CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
CN109284205B (en) | Snapshot backup method and device, computer equipment and storage medium | |
EP2989543B1 (en) | Method and device for updating client | |
CN111191226B (en) | Method, device, equipment and storage medium for determining program by utilizing right-raising loopholes | |
US10284561B2 (en) | Method and server for providing image captcha | |
CN105955779B (en) | Process closing method and device | |
CN105704178B (en) | Task platform access method and device | |
CN110674440A (en) | Buried point data processing method, system, computer device and readable storage medium | |
US20100146590A1 (en) | System and method for security using one-time execution code | |
CN108021400B (en) | Data processing method and device, computer storage medium and equipment | |
CN111342992B (en) | Method and system for processing equipment information change record | |
CN110708360A (en) | Information processing method and system and electronic equipment | |
CN110069278B (en) | Automatic distributed multi-task packaging method and system | |
CN111984520A (en) | Buried point testing method, computer device and computer-readable storage medium | |
CN112954040A (en) | Method, system, device and storage medium for embedding application release server | |
CN113452556A (en) | Product skill configuration method and device, storage medium and electronic device | |
CN104869229A (en) | Task allocation method | |
CN115004666A (en) | Registration method, device, equipment and storage medium of Internet of things equipment | |
CN113285843B (en) | Container network configuration method and device, computer readable medium and electronic equipment | |
CN112817816B (en) | Embedded point processing method and device, computer equipment and storage medium | |
CN113127869B (en) | Identification environment tracking method and system | |
CN112559352A (en) | Interface test method, device, equipment and storage medium | |
CN106603701A (en) | Method and device for sending message based on long connection platform | |
CN114327757B (en) | Network target range tool delivery method, device, equipment and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: QAX Technology Group Inc. Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant before: QAX Technology Group Inc. Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |