A kind of active defense method and device based on Linux system

A technology of active defense and system process, applied in the computer field, can solve the problem of no active defense system and method, etc.

Active Publication Date: 2019-08-23
GUANGZHOU HUADUO NETWORK TECH
View PDF7 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In order to solve the problem that there is no effective active defense system and method under Linux in the prior art, the embodiment of the present invention provides an active defense method and device based on Linux system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kind of active defense method and device based on Linux system
  • A kind of active defense method and device based on Linux system
  • A kind of active defense method and device based on Linux system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] The embodiment of the present invention provides an active defense method based on a Linux system, which is suitable for a Linux host, and the Linux system includes a user state process and a kernel state process, see figure 2 , the method includes:

[0055] Step 101: Monitor system calls of the Linux kernel by using a hook.

[0056] Step 102: When it is detected that the system call with the Hook set is called by the user-mode process, determine whether the user-mode process exists in the whitelist.

[0057]Step 103: When the user-mode process exists in the whitelist, allow the user-mode process to call the system call;

[0058] When the user-mode process does not exist in the whitelist, the user-mode process is prohibited from calling system calls.

[0059] Wherein, the white list includes one or more user mode processes that are allowed to execute system calls.

[0060] The embodiment of the present invention monitors the system call of the Linux kernel by adopti...

Embodiment 2

[0062] The embodiment of the present invention provides an active defense method based on Linux system, which is suitable for Linux hosts, see image 3 , the method includes:

[0063] Step 201: Obtain a defense strategy, where the defense strategy includes a Hook strategy and a white list.

[0064] During specific implementation, step 201 may include:

[0065] Receive the defense policy delivered by the server. Specifically, the defense strategy is delivered by the server to the user-mode process, and then sent to the kernel-mode process by the user-mode process.

[0066] Of course, in this embodiment, the defense policy is uniformly configured by the Linux server. In the scenario of multiple Linux hosts, the uniform configuration of the host defense policy is realized through the server to facilitate management. In the case of fewer hosts, defense policies can also be set directly on the host.

[0067] Further, this step 201 can be realized by the kernel state process in ...

Embodiment 3

[0092] The embodiment of the present invention also provides an active defense device based on Linux system, see Figure 4 , the device consists of:

[0093] Monitoring module 301, for adopting hook Hook to monitor the system call of Linux kernel;

[0094] Judgment module 302, for when detecting that the system call that Hook is set is called by user mode process, judge whether user mode process exists in white list;

[0095] A processing module 303, configured to allow the user-mode process to call a system call when the user-mode process exists in the whitelist;

[0096] When the user-mode process does not exist in the whitelist, the user-mode process is prohibited from calling system calls.

[0097] Wherein, the white list includes one or more user mode processes that are allowed to execute system calls.

[0098] The embodiment of the present invention monitors the system call of the Linux kernel by adopting the hook Hook, when monitoring the system call that Hook is set...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an active defense method and device based on a Linux system, and belongs to the field of system security. The method includes the steps that system call of a Linux kernel is monitored through a Hook; when it is monitored that the system call provided with the Hook is called by a user mode course, whether the user mode course exists in a white list or not is judged; when the user mode course exists in the white list, the user mode course is allowed to call the system call; when the user mode course does not exist in the white list, the user mode course is forbidden from calling the system call, wherein the white list comprises one or more user mode courses allowing execution of the system call. Running programs of the Linux system can be effectively detected, running malicious programs of the Linux system, back door Trojan horse programs and the like can be intercepted in time, and the active defense method is an effective active defense method based on the Linux system.

Description

technical field [0001] The invention relates to the field of computers, in particular to an active defense method and device based on a Linux system. Background technique [0002] Linux is a free and open source UNIX-like operating system. It is an operating system based on multi-user, multi-tasking, multi-threading and multi-central processing unit (Central Processing Unit, referred to as "CPU"). [0003] As Linux systems are used by more and more enterprises as servers, related attacks, intrusion events, and Trojan horse programs are gradually increasing. In the field of computer security, active defense technology is a host security technology that provides real-time protection for computer data. However, the development of active defense technology in Linux systems is slow at present. Malicious programs and backdoor Trojan horse programs running on Linux systems cannot be effectively and timely intercepted. At present, the mainstream active defense systems are basically...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 韩方张涛
Owner GUANGZHOU HUADUO NETWORK TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap