Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for establishing computer information security protection capable of judging security of computer operation request according to associative relation of computing system operation request

A technology for operating requests and association relationships, applied in computer security devices, computing, platform integrity maintenance, etc., to achieve the effect of defending against unknown malicious codes

Inactive Publication Date: 2010-10-27
ANTAIOS (BEIJING) INFORMATION TECH
View PDF0 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The purpose of the present invention is to provide a computer information security protection method to establish a computer information security protection method for judging the security of computer operation requests based on the association relationship between computer system operation requests in view of the existing information security theory and information security technology deficiencies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0040] Example 1: Assuming that an Office document contains malicious script code, which can infect executable programs, the blocking logic is as follows:

[0041] When the kernel of the operating system intercepts a write operation request for the content of the executable file, according to the request initiator attribute item in the operation request attribute, it can be known that the request is issued by the VBA script engine, in order to find the association relationship of the current operation request , Create a virtual node of the current operation under the VBA script engine node of the known association structure of the computer operation request, and trace back the association relationship of the current operation. The final result of the traceback is that the request to open an Office document triggers the current operation request , take the current operation rules, Office is a common application, the request is triggered by the user, Office requests the VBA scrip...

example 2

[0042] Example 2.: Assuming that the system allows the hacker program to run, the hacker directly calls the operation of a certain system through the hard address

[0043] When a hard address operation request for the memory operation request space is intercepted, a virtual node is constructed according to the attribute of the operation request, and the request is determined to be initiated by the operating system kernel, and its association relationship is traced back, and it is found that the memory hard address operation of the kernel is called by the application; The request association rules of the current memory operation request are matched with the defined memory risk operation request association rules, and the match is successful: 1. Operations that do not call for memory requests are dangerous operations; 2. It is dangerous to remotely perform hard address operations on memory; the result: Dangerous operation request. Block memory operations, delete virtual nodes in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for establishing computer information security protection capable of judging the security of a computer operation request according to the associative relation of a computing system operation request. The method comprises the following steps: in the computation running state, intercepting an operation request generated by the kernel or hardware abstraction layer of a computer operating system; according to the attribute of the intercepted operation request, creating a virtual node under some node of the existing associative architecture, establishing an associative relation, forming a virtual associative architecture; backtracking the root node of the virtual node in the virtual associative architecture, obtaining the associative rule of the current operation request in the virtual associative architecture; according to the associative rule obtained by backtracking, matching with the defined dangerous operation rule to determine whether a hazard exists; and according to the matching result by matching with the dangerous operation rule, deciding whether the current operation is allowed to execute, and updating the associative architecture. The invention overcomes the problem that other systems need to particularly analyze the characteristics of malicious codes and the characteristics of different operating systems and different application systems, and has the ability of preventing unknown malicious codes beforehand.

Description

Technical field: [0001] The invention relates to a computer system security protection method, and more specifically relates to a computer information security protection method for judging the security of computer operation requests based on the association relationship of computing system operation requests. Background technique: [0002] Due to the popularization of computer application technology and network communication technology, the information platform composed of computer application and network communication has become one of the basic conditions for people's daily life such as work, study and shopping. People are fully enjoying the systematic convenience brought by the information platform. At the same time, probably no one is immune to malicious code. [0003] At present, the common systems for protecting information security platforms that people use daily mainly include "blacklist" categories such as antivirus software and firewall software, "whitelist" categ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/02G06F21/22G06F21/56
Inventor 汪家祥曲立东
Owner ANTAIOS (BEIJING) INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com