Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system of preventing files from being damaged by malicious operation behaviors

A malicious operation and file technology, applied in the field of information security, can solve the problems of affecting file operation, unable to control illegal operation of illegal programs, unable to guarantee the normal operation behavior of whitelisted programs, etc., to achieve the effect of reducing the frequency of risks

Inactive Publication Date: 2017-12-22
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF2 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, many mainstream security guards and antivirus software include the file protection function, but many ordinary users have not turned it on. Even if it is turned on to ensure that the file is not maliciously tampered with, it will still affect the operation of normal software on the file. The list mechanism is used to ensure the operation behavior of normal programs on files, but it still cannot guarantee the normal operation behavior of all whitelisted programs on files, and at the same time, it cannot control the illegal operations of all illegal programs on files.
For many Linux servers, security guards and anti-virus software are not installed, and the core applications of many enterprise units are deployed on Linux servers. Once the server is attacked, the data files will be encrypted and deleted, causing heavy losses and disastrous consequences.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system of preventing files from being damaged by malicious operation behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The present invention will be further described in detail below in conjunction with examples, but the embodiments of the present invention are not limited thereto.

[0044] A method of protecting files from corruption by malicious manipulation, comprising:

[0045] If there is a process of deleting files, the whitelist program can directly delete the file, the blacklist program directly prevents file deletion, and the gray list program suspends the process and backs up the file to the readable protection area, and releases the process after the backup is completed.

[0046] If there is a process of modifying the file, the whitelist program will allow it, and the blacklist program will directly prevent the file from being modified. The gray list will suspend the process and back up the file to the readable protection area. After the backup is completed, the process will be released. Value comparison results to determine whether the current process has performed an encryp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system of preventing files from being damaged by malicious operation behaviors. if a process of deleting the file exists, the process is released if the process is a white-list process, is directly blocked if the process is a black-list file reading or writing operation process, and is suspended if the process is a gray-list process, and released after backing up the file to a readable protected area is completed; if a process of modifying the file exists, the process is released if the process is a white-list process, is directly blocked if the process is a black-list process, and is suspended if the process is a gray-list process, and released after backing up the file to the readable protected area is completed; and if an encryption / compression encryption operation exists, whether operation frequency of a process for the file in a preset time exceeds a set threshold value is judged, and if yes, it is determined that the operation is a suspected malicious file operation behavior. According to the technical solution of the invention, the malicious file operation behaviors can be effectively identified, and risk frequency of maliciously deleting and modifying important files can be reduced at the same time.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for preventing files from being damaged by malicious operations. Background technique [0002] With the rapid popularization and vigorous development of the Internet, text files, document files, picture files, installed program-related files, movie files, etc. that illegally operate computer systems such as various extortion, encryption software, and illegal programs have resulted in the illegal deletion of a large number of computer files. , Illegal encryption. When encountering an illegal blackmailer, it will use a high-digit asymmetric encryption algorithm to encrypt the file. Only after paying a high amount of data recovery can the illegal person decrypt and restore the file. For ordinary users, these data may not be important at all, but for a large commercial company, relevant data and files are the core assets of a company and are crucial....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55G06F21/56G06F21/62
CPCG06F21/554G06F21/565G06F21/566G06F21/568G06F21/6209G06F2221/2113G06F2221/2141G06F2221/2149
Inventor 李成东常清雪
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com