Real-time protection method and device

A real-time protection and rule technology, applied in the computer field, can solve problems such as hidden security risks and poor user experience, achieve good scalability, reduce the number of choices, and improve the experience.

Active Publication Date: 2014-03-05
SHENZHEN TENCENT COMP SYST CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In order to solve the problem that various real-time protection software in the prior art only detects the driver layer, and when an event that matches the preset rules occurs, the application layer displays it and selects it by the user, resulting in poor user experience and potential safety hazards problem, the embodiment of the present invention proposes a real-time protection method and device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time protection method and device
  • Real-time protection method and device
  • Real-time protection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] Step 101, setting the corresponding relationship between driver layer rules and application layer rules, at least one driver layer rule in the driver layer rules corresponds to one or more application layer rules;

[0049] Step 102, when monitoring the occurrence of the same event as the preset protection monitoring event, judge whether the event complies with the preset driver layer rules; if not, the step ends;

[0050] Step 103, judging whether there is an application layer rule corresponding to the driver layer rule; if not, the step ends;

[0051] Step 104 , according to the acquired event parameters, filter the event through the application layer rules, and send the filtering result to the driver layer.

[0052]The embodiment of the present invention proposes a real-time protection method, which can filter events by adopting a secondary detection method when a predetermined event occurs. The embodiments of the present invention can filter through preset applicati...

Embodiment 2

[0054] The second embodiment of the present invention proposes a real-time protection method, the process of which is as follows figure 2 shown, including:

[0055] Step 201: Set a corresponding relationship between driver layer rules and application layer rules, at least one driver layer rule in the driver layer rules corresponds to one or more application layer rules.

[0056] In the prior art, driver layer rules correspond to driver layer monitoring events. Existing driver layer monitoring events can be divided into four types: registry protection (RP) events, file protection (FP) events, program protection (AP) events, and network protection (NP) events. And each event type can correspond to one or more driver layer rules respectively. When corresponding to multiple driver layer rules, the multiple driver layer rules can be set as a driver layer rule chain.

[0057] Each driver layer rule can describe the monitoring points that need to be monitored by means of four fie...

Embodiment 3

[0078] The third embodiment of the present invention proposes a real-time protection device, the structure of which is as follows image 3 shown, including:

[0079] Correspondence setting module 1, configured to set the correspondence between driver layer rules and application layer rules, at least one driver layer rule in the driver layer rules corresponds to one or more application layer rules;

[0080]The event monitoring module 2 is used for monitoring events. When the same event as the preset protection monitoring event is monitored, it is judged whether the event complies with the preset driver layer rules; and whether there is a corresponding driver layer rule application layer rules;

[0081] The application layer filtering module 3 is configured to filter the event through the application layer rules according to the acquired event parameters, and send the filtering result to the driver layer.

[0082] The embodiment of the present invention proposes a real-time pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a real-time protection method and a device, belonging to the technical field of computer. The embodiment of the invention is provided with a corresponding relation between driving layer regulations and application layer regulations; each driving layer regulation corresponds to one or more than one application layer regulations. The method provided by the invention comprises the following steps of: when monitoring an event which is the same as a pre-set protection monitoring event, judging whether the event accords with the pre-set driving layer regulations; if not, finishing the step; judging whether application layer regulations which corresponds to the driving layer regulations are existed; if not, finishing the step; according to the obtained event parameters, filtering the event through the application layer regulations and sending a filtering result to driving layers. The embodiment of the invention can utilizes a second-grade detection way to filter the event when then pre-set event happens. The method and the device provided by the invention reduce the selection time which is supplied to users and improve the experience of users.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a real-time protection method and device. Background technique [0002] In various real-time protection software, software monitoring rules are defined based on policy files. The implementation method is: the underlying driver captures various events that meet the conditions defined in the driver layer rules according to the driver layer rules in the policy, and then submits them to the application layer, and the user decides whether to allow the operation. [0003] Various types of real-time protection software currently have their own policy definition format and rule detection. The policy includes a set of preset rule chains, and the rules in the rule chain include: registry path, file path, process name, TIPS type, etc. When the driver layer intercepts system events such as file modification, registry modification, and operation process, it judges whether the event confor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F21/50
Inventor 孟齐源王宇
Owner SHENZHEN TENCENT COMP SYST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap