Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Source tracing method during modification of software file, monitoring method and restoration method and system

A modified and file technology, applied in transmission systems, electrical components, instruments, etc., can solve problems such as the inability of administrators to quickly conduct investigations, the failure of defense functions, and the inability to quickly find the root cause of intrusions.

Active Publication Date: 2016-09-07
SHANGHAI GUAN AN INFORMATION TECH
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The current intrusion prevention software is based on the front-end protection software in the form of a firewall, using rules and strategies for protection, because of its own design flaws and its own security flaws make it easy for intruders to bypass the defense, or the software itself cannot handle high concurrency and large traffic Causes the default policy to be enabled to release all requests, resulting in the failure of the defense function, which is easy for hackers to bypass the policy, or bypass the firewall to conduct the next penetration test on the target without any unsafe notification on the firewall, leaving a series of hackers after hacking the system Untraceable records and changes, these untraceable records and changes make it impossible for managers to quickly find the root cause of the intrusion and make it impossible for administrators to quickly troubleshoot

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Source tracing method during modification of software file, monitoring method and restoration method and system
  • Source tracing method during modification of software file, monitoring method and restoration method and system
  • Source tracing method during modification of software file, monitoring method and restoration method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0071] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0072] See figure 1 , the source tracing method when the software file in the computer of the present invention is modified comprises the following steps:

[0073] S101. When the operating system kernel is about to write to the hard disk, intercept the writing function of the operating system kernel to the hard disk;

[0074] S102. Obtain the process ID number of the process according to the parameters passed when the operating system calls the write function...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a source tracing method during modification of a software file, a monitoring method and a restoration method and system. The source tracing method comprises the steps of S101, when an operation system kernel is about to perform write on a hard disk, intercepting a write function of the operation system kernel to the hard disk; S102, obtaining a process ID number of a process according to a parameter transmitted when the write function is called by the operation system; S103, obtaining a corresponding process object through the process ID; S104, reading a return address of the write function through a process stack, and performing recursive analysis on original request function call of the process object; S105, obtaining an operator ID and message data submitted by the operator through an original call function so as to obtain a modification source of the modified software file; S106, packaging the operator ID and the message data submitted by the operator by a client computer to form a data package, and uploading the data package to a server; and S107, receiving the data package and sending caution information to a corresponding administrator of the client computer by the server.

Description

technical field [0001] The invention relates to the field of computer software safety monitoring, in particular to a source tracing method, a monitoring method, a restoring method and a system when a software file is modified. Background technique [0002] After personal computers, servers and other computers are invaded, the software files in the computer will be modified, resulting in problems such as Trojan horse files and original files being tampered with in the computer. To find viruses and protect computers, many users install anti-virus software, protective wall software, etc. on their computers to protect the software files in the computers. The current intrusion prevention software is based on the front-end protection software in the form of a firewall, using rules and strategies for protection, because of its own design flaws and its own security flaws make it easy for intruders to bypass the defense, or the software itself cannot handle high concurrency and large...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/62G06F21/64H04L29/06
CPCG06F21/6218G06F21/64H04L63/1441
Inventor 舒小龙
Owner SHANGHAI GUAN AN INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com