[go: up one dir, main page]

CN103384240B - A kind of P2P active defense method and system - Google Patents

A kind of P2P active defense method and system Download PDF

Info

Publication number
CN103384240B
CN103384240B CN201210559790.8A CN201210559790A CN103384240B CN 103384240 B CN103384240 B CN 103384240B CN 201210559790 A CN201210559790 A CN 201210559790A CN 103384240 B CN103384240 B CN 103384240B
Authority
CN
China
Prior art keywords
list
end device
service end
file characteristic
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210559790.8A
Other languages
Chinese (zh)
Other versions
CN103384240A (en
Inventor
关墨辰
徐瀚隆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ahtech network Safe Technology Ltd
Original Assignee
Beijing Antiy Electronic Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Antiy Electronic Equipment Co Ltd filed Critical Beijing Antiy Electronic Equipment Co Ltd
Priority to CN201210559790.8A priority Critical patent/CN103384240B/en
Publication of CN103384240A publication Critical patent/CN103384240A/en
Application granted granted Critical
Publication of CN103384240B publication Critical patent/CN103384240B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides a kind of P2P active defense method and system, and described method is: to all service end device degree of belief classifications;Detect and collect the file characteristic of program to be detected;Judge whether described file characteristic is included in local list;If it is, be disposed according to the disposal options in local list;Otherwise send inquiry request to other service end device to judge whether in the local list of other service end device;If it is, identify according to the black and white in list information and disposal options is disposed, and by the list information updating that receives to local list, otherwise prompting user selects blacklist to dispose or white list disposal;If service end device is high trusted terminal simultaneously, then file characteristic, black and white lists mark and disposal options are updated local list.The method and device of the present invention does not relies on Cloud Server, and timely Cloud Server blocks, and still can obtain disposal options by other-end.

Description

A kind of P2P Active defense method and system
Technical field
The present invention relates to computer network security technology field, particularly to a kind of P2P active defense method and system.
Background technology
Rogue program is a recapitulative term, refers to that any intentional establishment is for performing without permission and the software program of typically harmful act.Virus, backdoor programs, wooden horse or spyware etc. are all that some can be referred to as the example of rogue program.Senior persistence threatens (Advanced Persistent Threat, APT) threaten the data safety of enterprise.APT be hacker for the purpose of stealing core data, the network attack started for client and invasion and attack behavior, be a kind of malice corporate espionage kept on plotting for a long time threaten.This behavior is often over long-term operation and planning, and possesses the disguise of height.Various Malware, system vulnerability and social engineering means would generally be comprehensively utilized.Existing malware detection method and active defense method are all to identify that malicious act is as core, regardless of whether use cloud security technology to depend on the identification to malicious act, and one of advanced feature of APT is exactly antagonism, in terms of feature and behavior, accomplishes to avoid to be identified as rogue program or increase is identified as time of rogue program;The mode blocked with cloud communication the most also can be utilized to resist cloud killing, cloud Initiative Defense.
Summary of the invention
The present invention provides a kind of P2P active defense method and system, solves prior art and depends on Cloud Server, the problem that cannot be carried out Prevention-Security when cloud communication is blocked.
A kind of P2P active defense method, including:
To all service end device degree of belief classifications, at least include high trusted terminal, general terminal, insincere terminal;
Detecting and collect the file characteristic of program to be detected, described file characteristic at least includes that file hash, file Process Attributes, function call information, program run stack information or the network behavior of program;File characteristic is not limited only to above listed content;
Judge whether described file characteristic is included in local list, local list at least includes file characteristic, black and white mark and disposal options;
If it is, be disposed according to the disposal options in local list;Otherwise sending inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device, request judges whether in the local list of other service end device;
Receive and judge feedback information, if the feedback information received comprises list information, then identify according to the black and white in list information and disposal options is disposed, and by the list information updating that receives to local list, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed;
Judge whether service end device is high trusted terminal, if it is, file characteristic, black and white lists mark and disposal options are updated local list, the most do not update local list;
Described blacklist disposal options at least includes that prevention program is run, stops process creation, stoped network to connect or deletion program, and described white list disposal options at least includes that permission program is run, allowed process creation or allow network to connect.
In described method, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed, it is also possible to for: if the feedback information received is do not exist, then carry out blacklist disposal.
In described method, after file characteristic, black and white lists mark and disposal options are updated local list by service end device, newly added list information is sent to other service end device.
In described method, described sends inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device also include, the file characteristic associated with program to be detected is sent to other service terminals simultaneously, and the file that program described and to be detected associates is at least the dynamic link library of executable program or same catalogue file.
In described method, also include: service end device receives inquiry request, the file characteristic received is mated with local list, if it is present return list information, otherwise return and there is not information.
In described method, service end device returns list information and also includes returning other features of group same with the file characteristic received.
In described method, also include: service end device receives request of data, and judge that request of data is removal request or more newly requested, if removal request, then delete the respective items in local list according to the file characteristic in removal request, if more newly requested, then the file characteristic in more newly requested, black and white lists mark and disposal options are updated local list.
The present invention also provides for a kind of P2P Active Defending System Against, first to all service end device degree of belief classifications, at least includes high trusted terminal, general terminal, insincere terminal;
Described service end device includes:
Detection module, for detecting and collect the file characteristic of program to be detected, described file characteristic at least includes that file hash, file Process Attributes, function call information, program run stack information or the network behavior of program;
Judge module, is used for judging whether described file characteristic is included in local list, at least includes file characteristic, black and white mark and disposal options in local list;
Dispose module, for when local list exists file characteristic, be disposed according to the disposal options in local list;Otherwise sending inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device, request judges whether in the local list of other service end device;
Communication module, receive and judge feedback information, if the feedback information received comprises list information, then dispose module to be disposed according to the black and white mark in list information and disposal options, and the list information received is updated local list by more new module, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed;
More new module, is used for judging whether service end device is high trusted terminal, if it is, file characteristic, black and white lists mark and disposal options are updated local list, does not the most update local list;
Described blacklist disposal options at least includes that prevention program is run, stops process creation, stoped network to connect or deletion program, and described white list disposal options at least includes that permission program is run, allowed process creation or allow network to connect.
In described system, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed, it is also possible to for: if the feedback information received is do not exist, then carry out blacklist disposal.
In described system, newly added list information, after file characteristic, black and white lists mark and disposal options are updated local list by service end device, is sent to other service end device by more new module.
In described system, described sends inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device also include, the file characteristic associated with program to be detected is sent to other service terminals simultaneously, and the file that program described and to be detected associates is at least the dynamic link library of executable program or same catalogue file.
In described system, also include: service end device receives inquiry request, the file characteristic received is mated with local list, if it is present return list information, otherwise return and there is not information.
In described system, service end device returns list information and also includes returning other features of group same with the file characteristic received.
In described system, also include: service end device receives request of data, and judge that request of data is removal request or more newly requested, if removal request, then delete the respective items in local list according to the file characteristic in removal request, if more newly requested, then the file characteristic in more newly requested, black and white lists mark and disposal options are updated local list.
The method of the present invention does not relies on traditional black and white lists decision procedure, after can judging according to known list, disposal options is selected by user, the strict service terminal disposed of, needs higher for reliability rating, the disposal options of " non-black the whitest " can be used, the most not in local list, i.e. carry out blacklist disposal.The present invention is also not dependent on Cloud Server simultaneously, and timely Cloud Server is blocked, but still can obtain Query Result and disposal options by other-end.
The present invention provides a kind of P2P active defense method and system, and described method is: to all service end device degree of belief classifications;Detect and collect the file characteristic of program to be detected;Judge whether described file characteristic is included in local list;If it is, be disposed according to the disposal options in local list;Otherwise send inquiry request to other service end device to judge whether in the local list of other service end device;If it is, identify according to the black and white in list information and disposal options is disposed, and by the list information updating that receives to local list, otherwise prompting user selects blacklist to dispose or white list disposal;If service end device is high trusted terminal simultaneously, then file characteristic, black and white lists mark and disposal options are updated local list.The method and device of the present invention does not relies on Cloud Server, and timely Cloud Server blocks, and still can obtain disposal options by other-end.
Accompanying drawing explanation
In order to be illustrated more clearly that the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in describing below is only some embodiments described in the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of P2P active defense method flow chart;
Fig. 2 is a kind of P2P Active Defending System Against structural representation.
Detailed description of the invention
For the technical scheme making those skilled in the art be more fully understood that in the embodiment of the present invention, and it is understandable to enable the above-mentioned purpose of the present invention, feature and advantage to become apparent from, and is described in further detail technical scheme in the present invention below in conjunction with the accompanying drawings.
The present invention provides a kind of P2P active defense method and system, solves prior art and depends on Cloud Server, the problem that cannot be carried out Prevention-Security when cloud communication is blocked.
A kind of P2P active defense method, as it is shown in figure 1, include:
S101: to all service end device degree of belief classifications, at least include high trusted terminal, general terminal, insincere terminal;When all service end device are carried out classification, it is a kind of special case that all terminals are in same rank, and all of terminal is all believable;Also being a kind of special case when there is a service end device as the terminal only providing inquiry service, this service end device is high believable, according to concrete application scenarios, it is also possible to the degree of belief classification more refined;
S102: detect and collect the file characteristic of program to be detected, described file characteristic at least includes that file hash, file Process Attributes, function call information, program run stack information or the network behavior of program;File characteristic is not limited only to above listed content;
S103: judge whether described file characteristic is included in local list, at least includes file characteristic, black and white mark and disposal options in local list;If it is, perform S104, otherwise perform S105
S104: be disposed according to the disposal options in local list;
S105: send inquiry request to other service end device in addition to insincere terminal, is sent to other service end device by file characteristic, and request judges whether in the local list of other service end device;
S106: receive and judge feedback information, it is judged that whether comprise list information in the feedback information received, if it is, perform S107, if the feedback information received is does not exists, then performs S108;
S107: identify according to the black and white in list information and disposal options is disposed, and by the list information updating that receives to local list;
S108: prompting user selects blacklist to dispose or white list is disposed;
S109: judge whether service end device is high trusted terminal, if it is, perform S110, does not the most update local list;
S110: file characteristic, black and white lists mark and disposal options are updated local list.
Described blacklist disposal options at least includes that prevention program is run, stops process creation, stoped network to connect or deletion program, and described white list disposal options at least includes that permission program is run, allowed process creation or allow network to connect.
In described method, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed, it is also possible to for: if the feedback information received is do not exist, then carry out blacklist disposal.
In described method, after file characteristic, black and white lists mark and disposal options are updated local list by service end device, newly added list information is sent to other service end device.
In described method, described sends inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device also include, the file characteristic associated with program to be detected is sent to other service terminals simultaneously, and the file that program described and to be detected associates is at least the dynamic link library of executable program or same catalogue file.
In described method, also include: service end device receives inquiry request, the file characteristic received is mated with local list, if it is present return list information, otherwise return and there is not information.
Described method, it is characterised in that service end device returns list information and also includes returning other features of group same with the file characteristic received.
In described method, also include: service end device receives request of data, and judge that request of data is removal request or more newly requested, if removal request, then delete the respective items in local list according to the file characteristic in removal request, if more newly requested, then the file characteristic in more newly requested, black and white lists mark and disposal options are updated local list.
For being best understood from the inventive method, the application to the inventive method is illustrated.
Embodiment 1, the service end device of the present embodiment is made up of some clients and some servers, and wherein client is insincere terminal.When program to be detected is scanned by client, extraction document feature, in the present embodiment, file characteristic is the MD5 hashed value of file;
Client judges in local list according to file characteristic, and local list content in the present embodiment is the MD5 hashed value of file, black and white mark and disposal options, and black and white is designated in the present embodiment, black for malicious code title, Bai Weikong;Disposal options is, if malicious code, then prompting user's malicious code title, the most then without operation.Judge whether local list exists the MD5 hashed value of this document, if there is, then it is disposed according to the disposal options in local list, otherwise send inquiry request to server, file characteristic is sent to Servers-all, server judges whether in the local list of server, if, the list information then returned according to server is disposed, and list information is saved in local list, and otherwise prompting user selects disposal options.Owing to client is insincere terminal, then the disposal options that user selects is not updated local list by client.
In the present embodiment, when user end to server sends inquiry request, it is also possible to the alternative document feature being associated with detected file is sent jointly to server, the dynamic link library that relied on such as executable file or be in the file of same catalogue with this document.And when server returns list information, file characteristic can be sent jointly to client, to reduce the inquiry of client with other features of group.
Embodiment 2, the service end device in the present embodiment is made up of some honey jar equipment and some firewall boxs, and wherein honey jar equipment is high trusted terminal.File characteristic is network linking objective main frame and port in the present embodiment.
When honey jar equipment generation network behavior, obtain network linking objective main frame and port, local list judges, local list content in the present embodiment is network linking objective main frame and interface, black and white mark and disposal options, black and white is designated in the present embodiment, black for malicious code title, Bai Weikong;Disposal options is, if malicious code, then stops network behavior, the most then lets pass.Judge whether local list exists this document feature, if there is, then it is disposed according to the disposal options in local list, otherwise send inquiry request to other honey jar equipment, judge whether in the local list of other honey jar equipment, if, the list information then returned according to other honey jar equipment is disposed, and list information is saved in local list, otherwise prompting user selects disposal options, and by the information updating that postpones at user to local list, then the list information being labeled as blacklist is sent to firewall box.Firewall box is being attached filtering when, and whether inquiry local list determines to connect lets pass.Can reach after honey jar finds Cyberthreat with this, it is provided that to the purpose of other computers in firewall protection net.
The present invention also provides for a kind of P2P Active Defending System Against, first to all service end device degree of belief classifications, at least includes high trusted terminal, general terminal, insincere terminal;
Described service end device is as in figure 2 it is shown, include:
Detection module 201, for detecting and collect the file characteristic of program to be detected, described file characteristic at least includes that file hash, file Process Attributes, function call information, program run stack information or the network behavior of program;
Judge module 202, is used for judging whether described file characteristic is included in local list, at least includes file characteristic, black and white mark and disposal options in local list;
Dispose module 203, for when local list exists file characteristic, be disposed according to the disposal options in local list;Otherwise sending inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device, request judges whether in the local list of other service end device;
Communication module 204, receive and judge feedback information, if the feedback information received comprises list information, then dispose module to be disposed according to the black and white mark in list information and disposal options, and the list information received is updated local list by more new module 205, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed;
More new module 205, is used for judging whether service end device is high trusted terminal, if it is, file characteristic, black and white lists mark and disposal options are updated local list, does not the most update local list;
Described blacklist disposal options at least includes that prevention program is run, stops process creation, stoped network to connect or deletion program, and described white list disposal options at least includes that permission program is run, allowed process creation or allow network to connect.
In described system, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed, it is also possible to for: if the feedback information received is do not exist, then carry out blacklist disposal.
In described system, newly added list information, after file characteristic, black and white lists mark and disposal options are updated local list by service end device, is sent to other service end device by more new module.
In described system, described sends inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device also include, the file characteristic associated with program to be detected is sent to other service terminals simultaneously, and the file that program described and to be detected associates is at least the dynamic link library of executable program or same catalogue file.
In described system, also include: service end device receives inquiry request, the file characteristic received is mated with local list, if it is present return list information, otherwise return and there is not information.
In described system, service end device returns list information and also includes returning other features of group same with the file characteristic received.
In described system, also include: service end device receives request of data, and judge that request of data is removal request or more newly requested, if removal request, then delete the respective items in local list according to the file characteristic in removal request, if more newly requested, then the file characteristic in more newly requested, black and white lists mark and disposal options are updated local list.
The method of the present invention does not relies on traditional black and white lists decision procedure, after can judging according to known list, disposal options is selected by user, the strict service terminal disposed of, needs higher for reliability rating, the disposal options of " non-black the whitest " can be used, the most not in local list, i.e. carry out blacklist disposal.The present invention is also not dependent on Cloud Server simultaneously, and timely Cloud Server is blocked, but still can obtain Query Result and disposal options by other-end.
The present invention provides a kind of P2P active defense method and system, and described method is: to all service end device degree of belief classifications;Detect and collect the file characteristic of program to be detected;Judge whether described file characteristic is included in local list;If it is, be disposed according to the disposal options in local list;Otherwise send inquiry request to other service end device to judge whether in the local list of other service end device;If it is, identify according to the black and white in list information and disposal options is disposed, and by the list information updating that receives to local list, otherwise prompting user selects blacklist to dispose or white list disposal;If service end device is high trusted terminal simultaneously, then file characteristic, black and white lists mark and disposal options are updated local list.The method and device of the present invention does not relies on Cloud Server, and timely Cloud Server blocks, and still can obtain disposal options by other-end.
Each embodiment in this specification all uses the mode gone forward one by one to describe, and between each embodiment, identical similar part sees mutually, and what each embodiment stressed is the difference with other embodiments.For system embodiment, owing to it is substantially similar to embodiment of the method, so describe is fairly simple, relevant part sees the part of embodiment of the method and illustrates.
The present invention can be used in numerous general or special purpose computing system environment or configuration.Such as: personal computer, server computer, handheld device or portable set, laptop device, multicomputer system, system based on microprocessor, set top box, programmable consumer-elcetronics devices, network PC, minicomputer, mainframe computer, the distributed computing environment including any of the above system or equipment etc..
Although depicting the present invention by embodiment, it will be appreciated by the skilled addressee that the present invention has many deformation and the change spirit without deviating from the present invention, it is desirable to appended claim includes these deformation and the change spirit without deviating from the present invention.

Claims (14)

1. a P2P active defense method, it is characterised in that including:
To all service end device degree of belief classifications, at least include high trusted terminal, general terminal, insincere terminal;
Detecting and collect the file characteristic of program to be detected, described file characteristic at least includes that file hash, file Process Attributes, function call information, program run stack information or the network behavior of program;
Judge whether described file characteristic is included in local list, local list at least includes file characteristic, black and white mark and disposal options;
If it is, be disposed according to the disposal options in local list;Otherwise sending inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device, request judges whether in the local list of other service end device;
Receive and judge feedback information, if the feedback information received comprises list information, then identify according to the black and white in list information and disposal options is disposed, and by the list information updating that receives to local list, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed;
Judge whether service end device is high trusted terminal, if it is, file characteristic, black and white lists mark and disposal options are updated local list, the most do not update local list;
Described blacklist disposal options at least includes that prevention program is run, stops process creation, stoped network to connect or deletion program, and described white list disposal options at least includes that permission program is run, allowed process creation or allow network to connect.
2. the method for claim 1, it is characterized in that, not existing if be by the described feedback information received, then prompting user selects blacklist to dispose or white list is disposed, replace with: if the feedback information received is do not exist, then carry out blacklist disposal.
3. method as claimed in claim 1 or 2, it is characterised in that after file characteristic, black and white lists mark and disposal options are updated local list by service end device, newly added list information is sent to other service end device.
4. method as claimed in claim 1, it is characterized in that, described sends inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device also include, the file characteristic of the file associated with program to be detected is sent to other service terminals simultaneously, and the file that program described and to be detected associates is at least the dynamic link library of executable program or same catalogue file.
5. the method for claim 1, it is characterised in that also include: service end device receives inquiry request, mates the file characteristic received with local list, if it is present return list information, otherwise returns and there is not information.
6. method as claimed in claim 5, it is characterised in that service end device returns other features that list information also includes returning the file characteristic with reception with group.
7. the method for claim 1, it is characterized in that, also include: service end device receives request of data, and judge that request of data is removal request or more newly requested, if removal request, then delete the respective items in local list according to the file characteristic in removal request, if more newly requested, then file characteristic, black and white lists mark and the disposal options in more newly requested is updated local list.
8. a P2P Active Defending System Against, it is characterised in that to all service end device degree of belief classifications, at least include high trusted terminal, general terminal, insincere terminal;
Described service end device includes:
Detection module, for detecting and collect the file characteristic of program to be detected, described file characteristic at least includes that file hash, file Process Attributes, function call information, program run stack information or the network behavior of program;
Judge module, is used for judging whether described file characteristic is included in local list, at least includes file characteristic, black and white mark and disposal options in local list;
Dispose module, for when local list exists file characteristic, be disposed according to the disposal options in local list;Otherwise sending inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device, request judges whether in the local list of other service end device;
Communication module, receive and judge feedback information, if the feedback information received comprises list information, then dispose module to be disposed according to the black and white mark in list information and disposal options, and the list information received is updated local list by more new module, if the feedback information received is do not exist, then prompting user selects blacklist to dispose or white list is disposed;
More new module, is used for judging whether service end device is high trusted terminal, if it is, file characteristic, black and white lists mark and disposal options are updated local list, does not the most update local list;
Described blacklist disposal options at least includes that prevention program is run, stops process creation, stoped network to connect or deletion program, and described white list disposal options at least includes that permission program is run, allowed process creation or allow network to connect.
9. system as claimed in claim 8, it is characterized in that, not existing if be by the described feedback information received, then prompting user selects blacklist to dispose or white list is disposed, replace with: if the feedback information received is do not exist, then carry out blacklist disposal.
10. system as claimed in claim 8 or 9, it is characterised in that newly added list information, after file characteristic, black and white lists mark and disposal options are updated local list by service end device, is sent to other service end device by more new module.
11. systems as claimed in claim 8, it is characterized in that, described sends inquiry request to other service end device in addition to insincere terminal, file characteristic is sent to other service end device also include, the file characteristic associated with program to be detected is sent to other service terminals simultaneously, and the file that program described and to be detected associates is at least the dynamic link library of executable program or same catalogue file.
12. system as claimed in claim 8, it is characterised in that also include: service end device receives inquiry request, the file characteristic received is mated with local list, if it is present return list information, otherwise return and there is not information.
13. systems as claimed in claim 12, it is characterised in that service end device returns list information and also includes returning other features of group same with the file characteristic received.
14. systems as claimed in claim 8, it is characterized in that, also include: service end device receives request of data, and judge that request of data is removal request or more newly requested, if removal request, then delete the respective items in local list according to the file characteristic in removal request, if more newly requested, then file characteristic, black and white lists mark and the disposal options in more newly requested is updated local list.
CN201210559790.8A 2012-12-21 2012-12-21 A kind of P2P active defense method and system Active CN103384240B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210559790.8A CN103384240B (en) 2012-12-21 2012-12-21 A kind of P2P active defense method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210559790.8A CN103384240B (en) 2012-12-21 2012-12-21 A kind of P2P active defense method and system

Publications (2)

Publication Number Publication Date
CN103384240A CN103384240A (en) 2013-11-06
CN103384240B true CN103384240B (en) 2016-09-07

Family

ID=49491937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210559790.8A Active CN103384240B (en) 2012-12-21 2012-12-21 A kind of P2P active defense method and system

Country Status (1)

Country Link
CN (1) CN103384240B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618626A (en) * 2013-11-28 2014-03-05 北京奇虎科技有限公司 Method and system for generating safety analysis report on basis of logs
CN105721416B (en) * 2015-11-16 2019-09-13 哈尔滨安天科技股份有限公司 A kind of apt event attack tissue homology analysis method and device
CN108183831A (en) * 2016-12-08 2018-06-19 中国移动通信有限公司研究院 Information processing method and device in a kind of P2P transmission
CN108304728A (en) * 2017-11-28 2018-07-20 中国电子科技集团公司电子科学研究院 A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE
CN108429762B (en) * 2018-04-13 2020-09-01 中国石油大学(华东) Dynamic honeypot defense method based on service role transformation
CN109194671B (en) * 2018-09-19 2021-07-13 网宿科技股份有限公司 A method and server for identifying abnormal access behavior
CN110417903B (en) * 2019-08-01 2020-06-23 深圳风月科技有限公司 Information processing method and system based on cloud computing
CN111092886B (en) * 2019-12-17 2023-05-12 深信服科技股份有限公司 Terminal defense method, system, equipment and computer readable storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1391809A1 (en) * 2001-05-24 2004-02-25 Sony Corporation Service providing method and integrated circuit
CN1913528A (en) * 2006-08-25 2007-02-14 清华大学 P2P data message detection method based on character code
CN101304321A (en) * 2008-07-09 2008-11-12 南京邮电大学 A Trust-Based Peer-to-Peer Network Virus Defense Method
CN101924762A (en) * 2010-08-18 2010-12-22 奇智软件(北京)有限公司 A proactive defense method based on cloud security
CN102023999A (en) * 2009-09-10 2011-04-20 华东师范大学 P2P file sharing system with high defense
CN102413142A (en) * 2011-11-30 2012-04-11 华中科技大学 Active defense method based on cloud platform
CN102752326A (en) * 2011-04-19 2012-10-24 腾讯科技(深圳)有限公司 Method, client, server and system for processing data in file downloading

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1391809A1 (en) * 2001-05-24 2004-02-25 Sony Corporation Service providing method and integrated circuit
CN1913528A (en) * 2006-08-25 2007-02-14 清华大学 P2P data message detection method based on character code
CN101304321A (en) * 2008-07-09 2008-11-12 南京邮电大学 A Trust-Based Peer-to-Peer Network Virus Defense Method
CN102023999A (en) * 2009-09-10 2011-04-20 华东师范大学 P2P file sharing system with high defense
CN101924762A (en) * 2010-08-18 2010-12-22 奇智软件(北京)有限公司 A proactive defense method based on cloud security
CN102752326A (en) * 2011-04-19 2012-10-24 腾讯科技(深圳)有限公司 Method, client, server and system for processing data in file downloading
CN102413142A (en) * 2011-11-30 2012-04-11 华中科技大学 Active defense method based on cloud platform

Also Published As

Publication number Publication date
CN103384240A (en) 2013-11-06

Similar Documents

Publication Publication Date Title
CN103384240B (en) A kind of P2P active defense method and system
US11489855B2 (en) System and method of adding tags for use in detecting computer attacks
US11902303B2 (en) System and method for detecting lateral movement and data exfiltration
US10225280B2 (en) System and method for verifying and detecting malware
CN105721461B (en) System and method for utilizing special purpose computer security services
US10326778B2 (en) System and method for detecting lateral movement and data exfiltration
CN111737696A (en) Method, system and equipment for detecting malicious file and readable storage medium
US20140208426A1 (en) Systems and methods for dynamic cloud-based malware behavior analysis
US9124617B2 (en) Social network protection system
CN104380657A (en) System and method for determining and using local reputations of users and hosts to protect information in a network environment
US20160366176A1 (en) High-level reputation scoring architecture
KR102189361B1 (en) Managed detection and response system and method based on endpoint
CN103888480B (en) Network information security authentication method and cloud device based on cloud monitoring
EP3783857A1 (en) System and method for detecting lateral movement and data exfiltration
Kaspersky Threat landscape for industrial automation systems
CN103023871A (en) Android privilege escalation attack detection system and method based on cloud platform
US9332023B1 (en) Uploading signatures to gateway level unified threat management devices after endpoint level behavior based detection of zero day threats
CN112115457A (en) Power terminal access method and system
Karmakar et al. Security of Internet of Things devices: Ethical hacking a drone and its mitigation strategies
CN111756707A (en) Back door safety protection device and method applied to global wide area network
Om Secure email gateway
CN107819787B (en) A system and method for preventing illegal external connection of local area network computers
US20250240277A1 (en) Adaptive rate limiter based on transactional heuristics and artificial intelligence
KR102690914B1 (en) Network security system and network security method using the system
KR20240165147A (en) Process controlling system for managing computer in incorporation using gray list and method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 100080 Beijing city Haidian District minzhuang Road No. 3, Tsinghua Science Park Building 1 Yuquan Huigu a

Patentee after: Beijing ahtech network Safe Technology Ltd

Address before: 100080 Haidian District City, Zhongguancun, the main street, No. 1 Hailong building, room 1415, room 14

Patentee before: Beijing Antiy Electronic Installation Co., Ltd.

CP03 Change of name, title or address

Address after: 100080 Beijing city Haidian District minzhuang Road No. 3, Tsinghua Science Park Building 1 Yuquan Huigu a

Patentee after: Beijing ahtech network Safe Technology Ltd

Address before: 100080 Haidian District City, Zhongguancun, the main street, No. 1 Hailong building, room 1415, room 14

Patentee before: Beijing Antiy Electronic Installation Co., Ltd.

CP03 Change of name, title or address
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: P2P active defense method and system

Effective date of registration: 20181119

Granted publication date: 20160907

Pledgee: Shanghai Pudong Development Bank Limited by Share Ltd Harbin branch

Pledgor: Beijing ahtech network Safe Technology Ltd

Registration number: 2018990001084

PE01 Entry into force of the registration of the contract for pledge of patent right
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20200508

Granted publication date: 20160907

Pledgee: Shanghai Pudong Development Bank Limited by Share Ltd Harbin branch

Pledgor: BEIJING ANTIY NETWORK TECHNOLOGY Co.,Ltd.

Registration number: 2018990001084

PC01 Cancellation of the registration of the contract for pledge of patent right