Intrusion kernel defense method and device, computing equipment and computer storage medium

A kernel and equipment technology, applied in computer security devices, calculations, instruments, etc., can solve problems such as incomplete recovery of memory, equipment crashes, memory crashes, etc., and achieve the effect of avoiding system crashes

Pending Publication Date: 2021-02-02
BEIJING QIHOO TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At this time, the continued attack of directly intercepting the process that invades the kernel will lead to problems such as the damaged memory cannot be fully restored, the device crashes, restarts, etc.
For example, for buffer overflow attacks, directly intercept the attacks, which may easily cause memory crashes, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion kernel defense method and device, computing equipment and computer storage medium
  • Intrusion kernel defense method and device, computing equipment and computer storage medium
  • Intrusion kernel defense method and device, computing equipment and computer storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0024] figure 1 A flow chart of a defense method for kernel intrusion according to an embodiment of the present invention is shown. Such as figure 1 As shown, the defense method for intruding the kernel specifically includes the following steps:

[0025] Step S101 , using the kernel intrusion detection system to detect the process, and determine whether the process is a kernel intrusion process.

[0026] The device is equipped w...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion kernel defense method and device, computing equipment and a computer storage medium, and the method comprises the steps: carrying out the detection of a process through an intrusion kernel detection system, and judging whether the process is the process of an intrusion kernel or not; if yes, freezing the process, and obtaining calling information related to theprocess; and determining and restoring the attack content of the process according to the calling information. After the process invading the kernel is detected, the process is frozen, so that the process is kept in the current state, currently occupied resources are not released, and attacks cannot be continued. For the frozen process, the calling information of the process is acquired and analyzed, and the attack content of the process is determined and restored, so that the content modified by the attack is recovered, and the problems of system crash and the like are avoided.

Description

technical field [0001] The invention relates to the field of software, in particular to a defense method and device for kernel intrusion, computing equipment, and computer storage media. Background technique [0002] The goal of an attacker invading the kernel is to obtain the ROOT privilege of the device, so that the ROOT privilege can be used to control the entire device. Based on kernel security considerations, the process of intrusion into the kernel is detected, so as to quickly and timely find out whether the process is attacking ROOT. [0003] When an attack on ROOT by a process that intrudes into the kernel is detected, it may have already attacked such as memory, and performed damage actions on the memory. At this time, the continued attack of directly intercepting the process of invading the kernel will lead to problems such as the damaged memory cannot be fully restored, and the device crashes and restarts. For example, if a buffer overflow attack is directly in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/57
CPCG06F21/554G06F21/57
Inventor 周明建姚俊王彦峰窦文科张继
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products