Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Module and method for LINUX host computing environment safety protection

A computing environment and security protection technology, applied in computer security devices, computing, platform integrity maintenance, etc., can solve the problem of affecting network performance, unable to detect attack types, and cannot well meet the needs of LINUX host computing environment security, etc. question

Inactive Publication Date: 2011-10-19
HARBIN INST OF TECH
View PDF1 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Firewalls are easy to deploy and can effectively block attacks from outside the network, but have the following limitations: First, intruders can find loopholes in the firewall and bypass the firewall to attack; second, the firewall is helpless against internal attacks; third, the firewall has lag It can only respond to known network attacks and cannot detect new types of attacks; Fourth, since the firewall is located in LINUX, it is impossible to make too many judgments on incoming and outgoing attacks, otherwise it will seriously affect network performance
[0006] It can be seen that the existing security mechanism cannot well meet the security needs of the LINUX host computing environment.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Module and method for LINUX host computing environment safety protection
  • Module and method for LINUX host computing environment safety protection
  • Module and method for LINUX host computing environment safety protection

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach 1

[0037] Specific implementation mode one: combine figure 1 Describe this embodiment, this embodiment comprises executable file protection module 1, anomaly detection module 2 and core key data structure protection module 3;

[0038] Executable file protection module 1 is used for the registration and logout of executable programs and the integrity protection function, and performs integrity detection on any program before running. Executable files are tampered with and malicious code is injected to ensure the security of user-mode processes loaded into memory and to protect static executable files in the operating system;

[0039] Anomaly detection module 2 is used to establish a set of legitimate process behaviors. This module extracts the process behaviors in the system during operation, and judges whether the process behaviors in the system are abnormal by matching with normal behaviors, prevents processes from being injected by malicious programs, and realizes computing of ...

specific Embodiment approach 2

[0041] Specific implementation mode two: combination figure 2 Describe this embodiment, the difference between this embodiment and specific embodiment 1 is that the executable file protection module 1 includes an executable file loading filtering submodule 1-1, an integrity detection submodule 1-2 and an executable file management submodule 1 -3;

[0042]The executable file loading and filtering sub-module 1-1 is used to intercept the loading request of the executable file, and initiate an integrity detection request to the integrity detection sub-module 1-2, and make a decision based on the result obtained from the integrity detection sub-module 1-2 Whether to allow the program to load and run; the method for intercepting the executable file loading request is: by adding a hook program, intercepting the system call for loading the executable file in the kernel, and parsing out the file system information such as the file path in the parameter, so as to return ;

[0043] Th...

specific Embodiment approach 3

[0055] Specific embodiment three: This embodiment is described in conjunction with the figure. The difference between this embodiment and specific embodiment one is that the anomaly detection module 2 includes a process behavior extraction sub-module 2-1, a behavior feature extraction sub-module 2-2, and a behavior rule establishment sub-module. Module 2-3, process behavior analysis sub-module 2-4 and exception handling sub-module 2-5;

[0056] The process behavior extraction sub-module 2-1 is used to collect the process behavior. The process behavior is the system call sequence of the process. This module is mainly composed of processing system call interrupt hijacking, obtaining system call and sorting system call, and transferring process behavior information 4 parts.

[0057] The behavior feature extraction sub-module 2-2 is used for preprocessing and formatting the process behavior collected by the process behavior extraction sub-module 2-1;

[0058] The behavior rule es...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a module and a method for LINUX host computing environment safety protection, which belong to the field of computer system safety, and solve the safety threats to an LINUX host. The module comprises an executable file protection module, an anomalous detection module and an inner core key data structure protection module, wherein the executable file protection module is used for registering, canceling, completeness protection functions of an executable program, and carrying out completeness detection before the operation of any program so as to ensure the process safety of a user state loaded in an internal memory; the anomalous detection module is used for setting up a process lawful action set, extracting process actions in a system during the operation process, and jugging whether the process action is anomalous or not through being matched with a normal action so as to prevent the process from being infected by a rogue program; and the inner core key data structure protection module is used for providing the backup, completeness detection and recovery functions of the inner core important data structure in the operating system, detecting whether the inner core important data structure is modified or not during the operation process, and recovering the important data structure according to the previous backup if the inner core important data structure is modified. The module and the method can completely and effectively protect the operation environment safety of the LINUX host.

Description

technical field [0001] The invention relates to a module and a method for protecting the security of a LINUX host computer computing environment, and belongs to the field of computer system security. Background technique [0002] In the Internet, more and more LINUX hosts appear as network connection devices. When the LINUX host is used as the hub node of network connection, the security and reliability of its operating system environment will directly affect the operation of the entire network. Therefore, the security of the LINUX host computing environment is a key factor that must be considered to ensure the safe and reliable operation of the network. [0003] The security of the LINUX host computing environment mainly refers to the protection of sensitive data in the memory of the operating system. Its purpose is: first, to ensure the safe operation of the kernel and memory data from being stolen or tampered with; second, to protect it from malicious attacks from the net...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F21/57
Inventor 牛夏牧李琼韩琦石振峰王申牛抒言饶明
Owner HARBIN INST OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com