Method and device for monitoring unknown program exception request and electronic device

A program request, program exception technology, applied in the protection of internal/peripheral computer components, platform integrity maintenance, etc., can solve the problems of file-level monitoring unable to capture, no solution found, etc., to achieve stable operation, low false positive rate, good compatibility

Active Publication Date:
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For this kind of malicious program, file-level monitoring cannot capture, because direct disk read and write will skip the file level to read and write
[0003] For the above-mentioned problems existing in related technologies, no effective solution has been found yet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for monitoring unknown program exception request and electronic device
  • Method and device for monitoring unknown program exception request and electronic device
  • Method and device for monitoring unknown program exception request and electronic device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer device, a server or a similar computing device. Taking running on computer equipment as an example, figure 1 It is a hardware structural block diagram of a computer device according to an embodiment of the present invention. like figure 1 As shown, the computer equipment may include one or more ( figure 1 Only one is shown in the figure) a processor 102 (the processor 102 may include but not limited to a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data. Optionally, the above-mentioned computer equipment is also A transmission device 106 for communication functions as well as input and output devices 108 may be included. Those of ordinary skill in the art can understand that, figure 1 The shown structure is only for illustration, and it does not limit the structure of the above ...

Embodiment 2

[0059] In this embodiment, a control device for opening a file is also provided, which is used to implement the above embodiments and preferred implementation modes, including a client, a server, etc., which have already been described and will not be repeated. As used below, the term "module" may be a combination of software and / or hardware that implements a predetermined function. Although the devices described in the following embodiments are preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.

[0060] image 3 is a structural block diagram of an optional control device for opening files according to an embodiment of the present invention, such as image 3 As shown, the device includes: a monitoring module 10 , a first judging module 20 , a first logic module 30 and an intercepting module 40 .

[0061]Wherein, the monitoring module is used to utilize the microfilter driver of the fi...

Embodiment 3

[0071] An embodiment of the present invention also provides a storage medium, in which a computer program is stored, wherein the computer program is set to execute the steps in any one of the above method embodiments when running.

[0072] Optionally, in this embodiment, the above-mentioned storage medium may include but not limited to: U disk, read-only memory (Read-Only Memory, ROM for short), random access memory (Random Access Memory, RAM for short), Various media that can store computer programs, such as removable hard disks, magnetic disks, or optical disks.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an unknown program exception request monitoring method and device and an electronic device, and the method comprises the steps: monitoring whether a target request is received in a driving layer of terminal equipment through utilization of a microfiltration driver of a file system, and enabling the target request to be used for requesting to open a file; Under the conditionthat the target request is monitored, judging whether the target request is a behavior of reading and writing a disk by an unknown program request according to the requested file object and the equipment object corresponding to the file object by utilizing a microfiltration driver; under the condition that the target request is not the behavior of reading and writing the disk by the unknown program request, allowing to execute the target request; And intercepting the target request under the condition that the target request is an unknown program request reading and writing behavior on the disk. Through the method and the device, the problem that a file-level monitoring method cannot prevent a malicious program from directly reading and writing a disk in the prior art is solved.

Description

technical field [0001] The invention relates to the field of computer security protection, in particular to a method, device and electronic device for monitoring abnormal requests of unknown programs. Background technique [0002] With the increasing popularity of the Internet, people rely more and more on computers to handle various affairs, and it is more and more important to protect the security of the computer's operating system. Some malicious programs may implant some virus codes in the system by directly reading and writing the disk, especially for the operation of the system start sector MBR (Master boot record). Plant rootkits. For this kind of malicious program, file-level monitoring cannot capture it, because the direct read and write of the disk will skip the file level to read and write. [0003] For the above problems existing in the related art, no effective solution has been found so far. Contents of the invention [0004] Embodiments of the present inv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/80
Inventor 杨振华杨晓东游勇王明广
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap