Supercharge Your Innovation With Domain-Expert AI Agents!

Daemon process method and device based on file filtering drive framework

A technology of file filtering driver and daemon process, which is applied in the field of network security, can solve the problems of low security level, high system authority, and daemon process cannot be guarded, and achieve the effect of alleviating the low security level

Inactive Publication Date: 2019-11-15
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, if the attacker has higher system privileges, the daemon process can be exited together, and the daemon process cannot achieve effective guarding.
[0003] In summary, there is a technical problem of low security level in the method of daemon process in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Daemon process method and device based on file filtering drive framework
  • Daemon process method and device based on file filtering drive framework
  • Daemon process method and device based on file filtering drive framework

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] figure 1 It is a flow chart of a daemon process method based on a file filtering driver framework according to an embodiment of the present invention, which is applied to a daemon driver, such as figure 1 As shown, the method includes the following steps:

[0031] Determining step S11, determining the application program to be guarded.

[0032] The embodiment of the present invention provides a daemon process method based on the file filtering driver framework. The daemon driver program is based on the specific implementation of the file filter driver framework, that is, the driver program running in the kernel, and the application program to be guarded is responsible for processing normal data at the application layer. For business, the daemon driver is responsible for guarding the application to be guarded at the driver layer. Therefore, at the beginning of operation, the daemon driver needs to first determine its specific guard object: the application to be guarded....

Embodiment 2

[0062] figure 2 is a flow chart of another daemon process method based on the file filtering driver framework according to an embodiment of the present invention, which is applied to an application program to be guarded, such as figure 2 As shown, the method includes the following steps:

[0063] Step S41, establishing a communication connection with the daemon driver.

[0064] Specifically, in order to obtain the process guardianship of the daemon driver, the daemon application must first actively establish a connection with the daemon driver. After the daemon driver starts, the daemon application can access the daemon driver through the hard-coded driver device descriptor. , that is, the daemon driver establishes a communication connection with the application program to be daemonized.

[0065] Step S42, send the process identification of the application program to be guarded to the guard driver program, so that the guard driver program judges whether the newly added act...

Embodiment 3

[0068] The embodiment of the present invention also provides a daemon process device based on the file filtering driver framework, which is applied to a daemon driver program. The daemon process device based on the file filter driver framework is mainly used to execute the file-based filter driver provided in the first embodiment The daemon process method of the framework, the daemon process device based on the file filter driver framework provided by the embodiment of the present invention will be specifically introduced below.

[0069] image 3 It is a functional module diagram of a daemon process device based on a file filtering driver framework according to an embodiment of the present invention, such as image 3 As shown, the device mainly includes: a determination module 11, a judgment module 12, and a filtering module 13, wherein:

[0070] The determining module 11 is configured to determine the application program to be guarded.

[0071] The judging module 12 is conf...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a daemon process method and device based on a file filtering drive framework, and relates to the technical field of network security. The method is applied to daemon drivers. According to the method, a daemon driver can determine a to-be-daemon application program, and whether the newly added activity signal in the operating system is a limiting operation for the to-be-guarded application program or not is determined in real time. If the newly added activity signal in the operating system is a limiting operation for the to-be-guarded application program, the daemon driveprogram filters the newly-added activity signals, the function of intercepting and limiting operation on the drive layer is achieved, an intruder cannot actually and effectively operate the to-be-daemon application program. The effect of daemon the to-be-daemon application program is achieved, and therefore the technical problem that in the prior art, a daemon process method is low in safety level is solved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a daemon process method and device based on a file filtering driver framework. Background technique [0002] In the prior art, in order to prevent applications from being maliciously exited or suspended, a daemon process is usually created. A daemon process (daemon) is a special process that runs in the background and is not controlled by any terminal, and is used to perform specific system tasks. Most daemons start when the system boots and terminate when the system shuts down. The daemon process can guard the process of the target application, and immediately start the process of the target application when it is detected that the process of the target application stops running. However, if the attacker has a higher system authority, the daemon process can be exited together, and the daemon process cannot be effectively guarded. [0003] To sum up, the method of guar...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/12G06F9/48
CPCG06F9/4843G06F21/12
Inventor 王世晋范渊黄进王辉胡瀚璋
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com