Unlock instant, AI-driven research and patent intelligence for your innovation.

File baseline defense method and device based on Linux pre-link and storage equipment

A file and baseline technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems of file MD5 changes, inability to identify malicious file modifications, etc., and achieve the effect of easy identification and reduced calculation

Active Publication Date: 2020-02-07
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Based on the above-mentioned problems, the embodiment of the present invention provides a file baseline defense method, device and storage device based on Linux pre-linking to solve the problem that the use of the pre-linking program will cause the file MD5 to change, resulting in the inability to distinguish whether the file has been maliciously modified question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • File baseline defense method and device based on Linux pre-link and storage equipment
  • File baseline defense method and device based on Linux pre-link and storage equipment
  • File baseline defense method and device based on Linux pre-link and storage equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] In order to make the purpose, technical solution and advantages of the present invention clearer, the specific implementation of the method for identifying same-origin attacks based on program logic provided by the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be understood that the preferred embodiments described below are only used to illustrate and explain the present invention, not to limit the present invention. And in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

[0044] Through the binary comparison of the contents of the executable file before and after the pre-linking of the Linux system, it is found that the pre-linking technology does not change all files, and the modification position is mainly concentrated in the file header, that is, the acceleration is achieved by modifying the section...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a file baseline defense method and device based on a Linux pre-link and storage equipment, for solving the problem that whether a file is maliciously modifiedor not cannot be distinguished due to the fact that MD5 of the file is changed by utilizing a pre-link program. The file baseline defense method comprises the following steps: reading a pre-link configuration file; determining an executable file; executing a pre-link on the executable file; recording modification time and modification content of the executable file; and calculating and recordingan executable file MD5 by utilizing the unmodified part of the executable file, and judging whether the executable file is maliciously modified or not.

Description

technical field [0001] The embodiment of the present invention relates to the field of computer anti-virus, in particular to a file baseline defense method, device and storage device based on Linux pre-linking. Background technique [0002] The Linux system provides a pre-link program, that is, prelink, which is used to pre-link executable files so that executable files can be executed faster, but using the pre-link program will result in modification of the contents of the executable file, resulting in executable The MD5 change of the file causes the baseline information to change frequently. [0003] The change of MD5 will make it impossible to distinguish whether the file has been maliciously modified. In the prior art, when the executable file changes, the content of the executable file is usually read into the memory, and the reverse operation of the pre-link operation is performed to convert the executable file into the memory. The file information is restored, and th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/64G06F21/62
CPCG06F21/6209G06F21/64
Inventor 刘一飞徐翰隆肖新光王小丰
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD