Method for efficiently and non-inductively establishing security baseline of terminal file system

A file system and security baseline technology, applied in the field of information security, can solve problems such as high resource occupation, low baseline establishment efficiency, uncontrollable learning process, etc., and achieve the effect of reducing impact, shortening content length and computing time, and excellent experience

Pending Publication Date: 2022-03-11
成都网思科平科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] For this reason, the present invention provides an efficient and non-inductive method for establishing a security baseline of a terminal file system, so as to solve the problems of low efficiency, high resource occupation, and uncontrollable learning process of the existing file system baseline

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for efficiently and non-inductively establishing security baseline of terminal file system
  • Method for efficiently and non-inductively establishing security baseline of terminal file system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0028] This embodiment discloses an efficient and non-inductive method for establishing a security baseline of a terminal file system. The method is as follows:

[0029] Through the USN log of the NTFS file system, the file traversal of the volume device is realized;

[0030] The CRC64 algorithm is used to replace the traditional MD5 digest algorithm to calculate the file hash value. The calculation content of the file hash value is calculated using the file four-element group, and the calculation process is no longer affected by the file size;

[0031] After the calculation is completed, the file is traversed and learned, and the learning process is designed in layers. Each step of the learning process has a corresponding caching mechanism and is marked to support learning from any progress position of any step after the learning process is interrupted;

[0032] Carry out multi-dimensional identification for system resources, dynamically adjust the rhythm of the learning proc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for efficiently and noninductively establishing a security baseline of a terminal file system. The method comprises the following steps of: realizing file traversal of volume equipment through a USN log of an NTFS file system; a file Hash value is calculated by adopting a CRC64 algorithm, and the calculation content of the file Hash value is calculated by adopting a file four-element group; after calculation is completed, traversing learning is carried out on the file, hierarchical design is carried out on the learning process, and each step of the learning process has a corresponding cache mechanism and is marked, so that learning can be continued from any progress position of any step after the learning process is interrupted; multi-dimensional recognition is performed according to system resource conditions, the rhythm of the learning process is dynamically adjusted, and the speed of the learning process is determined according to the load coefficient of the system. The problems that an existing file system is low in baseline establishment efficiency, high in occupied resource and uncontrollable in learning process are solved.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method for establishing a security baseline of a terminal file system efficiently and without feeling. Background technique [0002] Establishing a security baseline for the file system requires learning all the file contents on the entire file system one by one. At present, it is mainly to traverse all files on all disks, calculate the hash value of each file, and generate an information retrieval library. This process consumes a lot of system resources, resulting in long-term serious impact on system operation, especially for some storage systems or servers with large file sizes, the impact is more obvious. [0003] Among them, the traditional implementation technology of traversing the file system is to use the general Windows API (FindFirstFile and FindNextFile) to perform directory recursive traversal, which is simple to implement, but has problems such as low...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F16/13G06F16/16G06F16/172G06F16/18G06F11/10
CPCG06F16/137G06F16/16G06F16/172G06F16/1815G06F11/1004
Inventor 胡鑫森
Owner 成都网思科平科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap