Monitoring method, device, and electronic device for abnormal request of unknown program

A technology for program requests and program exceptions, applied in internal/peripheral computer component protection, platform integrity maintenance, etc., can solve problems such as undiscovered solutions, file-level monitoring that cannot be captured, etc., to achieve stable operation, low false alarm rate, good compatibility

Active Publication Date: 2021-07-23
QI AN XIN SECURITY TECH ZHUHAI CO LTD +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For this kind of malicious program, file-level monitoring cannot capture, because direct disk read and write will skip the file level to read and write
[0003] For the above-mentioned problems existing in related technologies, no effective solution has been found yet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Monitoring method, device, and electronic device for abnormal request of unknown program
  • Monitoring method, device, and electronic device for abnormal request of unknown program
  • Monitoring method, device, and electronic device for abnormal request of unknown program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer device, a server or a similar computing device. Taking running on computer equipment as an example, figure 1 It is a hardware structural block diagram of a computer device according to an embodiment of the present invention. Such as figure 1 As shown, the computer equipment may include one or more ( figure 1 Only one is shown in the figure) a processor 102 (the processor 102 may include but not limited to a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data. Optionally, the above-mentioned computer equipment is also A transmission device 106 for communication functions as well as input and output devices 108 may be included. Those of ordinary skill in the art can understand that, figure 1 The shown structure is only for illustration, and it does not limit the structure of the abo...

Embodiment 2

[0059] In this embodiment, there is also provided a control device for opening a file, which is used to implement the above embodiments and preferred implementation modes, including a client, a server, etc., which have already been described and will not be repeated. As used below, the term "module" may be a combination of software and / or hardware that realizes a predetermined function. Although the devices described in the following embodiments are preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.

[0060] image 3 is a structural block diagram of an optional control device for opening files according to an embodiment of the present invention, such as image 3 As shown, the device includes: a monitoring module 10 , a first judging module 20 , a first logic module 30 and an intercepting module 40 .

[0061]Wherein, the monitoring module is used to utilize the microfilter driver of th...

Embodiment 3

[0071] An embodiment of the present invention also provides a storage medium, in which a computer program is stored, wherein the computer program is set to execute the steps in any one of the above method embodiments when running.

[0072] Optionally, in this embodiment, the above-mentioned storage medium may include but not limited to: U disk, read-only memory (Read-Only Memory, ROM for short), random access memory (Random Access Memory, RAM for short), Various media that can store computer programs, such as removable hard disks, magnetic disks, or optical disks.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a method, device, and electronic device for monitoring abnormal requests from unknown programs, wherein the method includes: using the microfilter driver of the file system to monitor whether the target request is received at the driver layer of the terminal device, wherein the target request It is used to request to open a file; when the target request is monitored, the microfilter driver is used to judge whether the target request is an unknown program requesting to read or write to the disk according to the requested file object and the device object corresponding to the file object; when the target request is not In the case of an unknown program requesting the behavior of reading and writing to the disk, the target request is allowed to be executed; in the case that the target request is an unknown program requesting the behavior of reading and writing the disk, the target request is intercepted. The present invention solves the problem that the file-level monitoring method in the related art cannot prevent malicious programs from directly reading and writing disks.

Description

technical field [0001] The invention relates to the field of computer security protection, in particular to a method, device and electronic device for monitoring abnormal requests of unknown programs. Background technique [0002] With the increasing popularity of the Internet, people rely more and more on computers to handle various affairs, and it is more and more important to protect the security of the computer's operating system. Some malicious programs may implant some virus codes in the system by directly reading and writing the disk, especially for the operation of the system start sector MBR (Master boot record). Plant rootkits. For this kind of malicious program, file-level monitoring cannot capture it, because the direct read and write of the disk will skip the file level to read and write. [0003] Aiming at the above-mentioned problems existing in related technologies, no effective solution has been found yet. Contents of the invention [0004] Embodiments ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/80
Inventor 杨振华杨晓东游勇王明广
Owner QI AN XIN SECURITY TECH ZHUHAI CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap