A method for quickly realizing file identification under a host white list mechanism

A whitelist and file technology, applied in the field of rapid file identification under the host whitelist mechanism, can solve the problems of slowing down system response speed, multi-tasking preemption, poor user experience, etc., to improve identification ability and security , reduce the effect of HASH value calculation

Active Publication Date: 2019-04-02
北京威努特技术有限公司 +1
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] 1. A large amount of CPU is consumed in repeated calculations, the loading time is too long, and the user experience is poor
[0008] 2. In some cases, it will cause multi-task preemption, system deadlock, serious slowdown of response, and worse user experience
The shortcoming of prior art 2 is: it will not waste too many resources on computer reading files and calculating Hash
[0014] 3. The manufacturer's signature method has the same weakness as the HASH algorithm. Since the full text of the file is signed, the implementation of this technology will seriously slow down the system response speed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for quickly realizing file identification under a host white list mechanism
  • A method for quickly realizing file identification under a host white list mechanism
  • A method for quickly realizing file identification under a host white list mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0073] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. The method of the present invention comprises the following steps:

[0074] Step 1. Fragmentation Algorithm 1: Segment in sequence according to the fixed size and calculate the HASH value in turn and record it in the database, such as figure 1 Shown:

[0075] Step 1.1, in the preparatory stage, determine the fragment size according to the operating system version, number of digits, and file system, and the default is 4096 bytes;

[0076] Step 1.2, establishing and learning the whitelist stage: read the target PE file, and divide the complete file into several segments according to the unit of 4096 bytes;

[0077] Step 1.3, calculate its HASH value for each segment, and store the file name, serial number, offset position, data length, and HASH value into the structured database;

[0078] Step 1.4, for the data whose tail is less than 4096 bytes, use pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for quickly realizing file identification under a host white list mechanism. The method comprises the following steps of step 1 a first fragmentation algorithm; step 2a fragmentation algorithm 2 characterized by fragmenting according to a fixed size, combining a plurality of adjacent fragmentations, calculating a HASH value, and recording the HASH value in a database; step 3 a fragmentation algorithm III characterized byperforming fragmentation according to the Section of the PE, combining the attribute field of the Section with the Section data body part, calculating a HASH value, and recording and verifying the HASH value; and step 4 carrying out the fragmentation according to the Section of the PE, and combining the attribute field of the Section with the Section data body part. The beneficial effects of the invention are as follows the problem that the process loading or running speed becomes slow due to the white list software is solved, the system jamming problem caused by existing white list software is solved, the memory paging control over executable files is achieved through kernel programming of Windows, and the HASH value of paging is quickly verified during paging exchange.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to a method for quickly realizing file identification under a host white list mechanism. Background technique [0002] At present, host application whitelist technology is a common technology for host application layer security defense. It is different from blacklist technology and is used to achieve more accurate and relatively solid security defense effects on specific-purpose computers. Existing hosts use whitelist technology, and the commonly used file detection and identification technology is to verify the target file to be loaded through the HASH algorithm and digital signature mechanism. Full-text HASH method: Before loading the file, read the full text of the file into the memory, calculate HASH, and then query in the existing HASH library, and decide whether to refuse to load the file according to the query result and whitelist policy Signature mechan...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/64G06F21/62
CPCG06F21/6218G06F21/64
Inventor 李君生
Owner 北京威努特技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap