CN110765453B - Tamper-proof method and system for ETC online recharging service - Google Patents
Tamper-proof method and system for ETC online recharging service Download PDFInfo
- Publication number
- CN110765453B CN110765453B CN201910924911.6A CN201910924911A CN110765453B CN 110765453 B CN110765453 B CN 110765453B CN 201910924911 A CN201910924911 A CN 201910924911A CN 110765453 B CN110765453 B CN 110765453B
- Authority
- CN
- China
- Prior art keywords
- monitoring
- service
- files
- tampering
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a tamper-proof method and a tamper-proof system for ETC online recharging service, which detect a modified file in specific time by detecting file modification time for a large-data file service system so as to judge whether malicious intrusion operation exists, do not need public network access control due to intranet deployment and execution, have strong independence, do not destroy the original isolation measure, enhance the safety performance, support the protection of L inux system important files by maintaining an important file list of an operating system where the service is located, control the access authority of the important files during operation, ensure that malicious attack cannot modify the important files and the system files, and prevent operations such as malicious privilege escalation by hackers.
Description
Technical Field
The invention relates to the technical field of ETC, in particular to a tamper-proof method and a tamper-proof system for ETC online recharging business.
Background
Along with the popularization of ETC and the development of technology, more and more ETC issuers provide online recharging service, and when the ETC issuers recharge online, the ETC issuers generally divide into two kinds of situations:
paying first and then recharging: for most individual customers or logistics companies, financial staff of the customers or logistics companies pay through banks or third-party payment mechanisms, the customers recharge and write the ETC card after successful payment, and the recharge is finished after the card writing is finished. At present, personal customers usually use APP developed by ETC issuers to recharge, and for customers such as logistics companies and the like, the enterprise online bank is limited to only support the use of a computer terminal, and ETC recharging is still carried out in a webpage version mode.
Pre-authorized recharging: the method has the advantages that the large client with good enterprise credit and large company scale is cooperated with the ETC issuer, the ETC issuer authorizes a certain recharging amount to the large client in advance, the large client can directly carry out batch ETC card recharging through an online recharging platform provided by the ETC issuer, and the recharging money is paid to the ETC issuer through modes such as enterprise online bank transfer and the like.
The ETC usually charges by a website charging mode by using a high-frequency large customer regardless of whether the ETC charges after paying or pre-authorized, and puts high requirements on an ETC charging website in the business background. The safety problem of the website, especially the tamper-proofing problem of the website Web page content, is of great importance to ETC issuers. At present, the anti-tampering is receiving more and more attention as an important technology for webpage protection, but at present, no special anti-tampering scheme aiming at ETC online recharging business exists.
Disclosure of Invention
The invention aims to provide a tamper-proof method and a tamper-proof system for ETC online recharging service, which aim to solve the problem that no tamper-proof scheme specially aiming at the ETC online recharging service exists in the prior art, realize the tamper-proof scheme aiming at the ETC online recharging service and improve the system safety.
In order to achieve the technical purpose, the invention provides a tamper-proof method for ETC online recharging service, which comprises the following operations:
for different service systems, different monitoring methods are adopted:
monitoring a service system with less service volume or less pages by adopting a mode of combining an event trigger mechanism and authority locking; monitoring a real-time demonstrative service system in a permission locking mode; and monitoring a service system with high service importance by adopting a mode of combining an event triggering mechanism and file filtering.
Preferably, the event triggering mechanism is that a website directory is monitored, if tampering occurs in the directory, a monitoring program can obtain a system notification event, and then whether tampering is illegal or not is judged according to relevant rules, and if tampering is illegal, a reply is immediately made.
Preferably, the permission locking specifically includes controlling read-write and execution permissions of files and folders by adopting a L inux system bottom layer technology, limiting contents and attributes of maliciously modified files, and screening functions of different files in different directories by analyzing static program files in the ETC online recharging service to control permissions of the different files.
Preferably, the monitoring by combining the event trigger mechanism and the file filtering is performed by:
the method comprises the steps of automatically monitoring all contents of a folder in an event triggering mode, comparing the attributes of files at the bottom layer of the folder, detecting in real time through a built-in hash fast algorithm, and copying the contents of the folder to a corresponding position in a monitored folder in a non-protocol pure file safe copying mode if the attributes are changed.
Preferably, the method further comprises backing up and recovering the recharge service, wherein the backup and recovery process comprises the following steps:
after the user sends the version updating program, the system automatically backs up the version sending program, the system enters a monitoring state again, whether malicious tampering exists or not is monitored, and if the malicious tampering exists, the system is restored from the backup service after tampering.
The invention also provides a tamper-proof system for ETC online recharging service, which comprises:
the low-importance service monitoring module is used for monitoring a service system with less service volume or less pages by adopting a mode of combining an event triggering mechanism and authority locking;
the real-time exhibition service monitoring module is used for monitoring the real-time exhibition service system in a permission locking mode;
and the high-importance service monitoring module is used for monitoring a service system with high service importance by adopting a mode of combining an event triggering mechanism and file filtering.
Preferably, the event triggering mechanism is that a website directory is monitored, if tampering occurs in the directory, a monitoring program can obtain a system notification event, whether tampering is illegal or not is judged according to relevant rules, if tampering is illegal, a reply is immediately made, the permission is locked by controlling the read-write and execution permissions of files and folders by adopting L inux system bottom layer technology, the content and the attributes of malicious modification files are limited, and functions of different files in different directories are screened by analyzing static program files in ETC online recharging service to control the permissions of different files.
Preferably, the system further comprises:
and the backup recovery module is used for automatically backing up the version sending program by the system after the user sends the version updating program, the system enters a monitoring state again, whether malicious tampering exists or not is monitored, and if the malicious tampering exists, the system recovery from the tampering of the backup service is completed.
The effect provided in the summary of the invention is only the effect of the embodiment, not all the effects of the invention, and one of the above technical solutions has the following advantages or beneficial effects:
compared with the prior art, the method and the system have the advantages that the files modified within specific time are detected by detecting the file modification time aiming at a large-data-volume file service system, so that whether malicious intrusion operation exists or not is judged, the method and the system are deployed and executed in an intranet, public network access control is not needed, the independence is high, the original isolation measures are not damaged, the safety performance is enhanced, the important file list of the operating system where the service is located is maintained, the L inux system important file protection is supported, the important file access authority can be controlled during operation, the important file and the system file cannot be modified by malicious attack, and operations such as malicious privilege extraction by hackers are prevented.
Drawings
Fig. 1 is a flowchart of a tamper-proofing method for an ETC online recharging service according to an embodiment of the present invention;
fig. 2 is a block diagram of an anti-tampering system for an ETC online recharging service provided in an embodiment of the present invention.
Detailed Description
In order to clearly explain the technical features of the present invention, the following detailed description of the present invention is provided with reference to the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and procedures are omitted so as to not unnecessarily limit the invention.
The following describes a tamper-proof method and system for an ETC online recharging service according to embodiments of the present invention in detail with reference to the accompanying drawings.
As shown in fig. 1, an embodiment of the present invention discloses a tamper-proof method for an ETC online recharging service, where the method includes the following operations:
for different service systems, different monitoring methods are adopted:
monitoring a service system with less service volume or less pages by adopting a mode of combining an event trigger mechanism and authority locking; monitoring a real-time demonstrative service system in a permission locking mode; and monitoring a service system with high service importance by adopting a mode of combining an event triggering mechanism and file filtering.
Because the ETC online recharging business system comprises a plurality of business systems, the daily access amount and importance of different business systems are different. The embodiment of the invention takes real-time performance, safety and lowest power consumption as primary targets, and adopts an event triggering mechanism and an authority locking mode aiming at a service system with small service volume and few pages, such as a registration login system; for a real-time demonstrative service system, such as a recharging service operation management platform, an authority locking mode is adopted; a service system with higher service importance, such as a recharge order creating, payment and pre-charge card writing system, adopts a mode of combining an event trigger mechanism and file filtering to monitor the file access condition in real time.
The event triggering mechanism is that a monitoring program can obtain a system notification event by monitoring a website directory if tampering occurs in the directory, then judges whether the tampering is illegal according to related rules, and immediately replies if the tampering is illegal.
The file filtering adopts an operating system bottom file filtering driving technology, intercepts and analyzes IRP (Internet protocol) streams, immediately cuts off write operations of all protected website directories, and adopts counter measures before tampering and prevents the write operations before tampering the written files, which is contrary to the counter measures after tampering triggered by events.
The method is characterized in that an event trigger mechanism and a file filtering combined mode is adopted for a service system with higher service importance, automatic monitoring is carried out in the event trigger mode, all contents of a folder are compared with the attributes of files at the bottom layer, real-time detection is carried out through a built-in hash fast algorithm, and if the attributes are found to be changed, the contents of the folder are copied to the corresponding positions in the monitored folder in a non-protocol pure file safe copying mode. The copying is carried out by a file filtering technology, and the whole copying process is in millisecond level.
The permission locking mode is characterized in that the reading and writing and execution permissions of files and folders are controlled by adopting L inux system bottom layer technology, and malicious modification of file contents and attributes are limited, static program files which are possibly accessed in a hacker attack process are analyzed by deeply analyzing ETC online recharging services, and functions of different files under different directories are screened, so that the permissions of the different files are controlled, and the control range can be an HTM L file or a file directory.
The method also comprises the functions of backing up and recovering the recharging service, files can be backed up at regular time, and file backup can be automatically executed for disaster recovery and use aiming at the normal version-issuing updating program, wherein the backup recovery process comprises the following steps:
after the user sends the version updating program, the system automatically backs up the version sending program, the system enters a monitoring state again, whether malicious tampering exists or not is monitored, and if the malicious tampering exists, the system is restored from the backup service after tampering.
The embodiment of the invention detects the modified file in specific time by detecting the file modification time aiming at a large data file service system so as to judge whether the operation of malicious intrusion exists or not, does not need public network access control due to the fact that the operation belongs to intranet deployment and execution, has strong independence, does not destroy the original isolation measure, enhances the safety performance, supports the protection of L inux system important files by maintaining an important file list of an operating system where the service is located, can control the access authority of the important files during operation, ensures that malicious attack cannot modify the important files and the system files, and prevents operations such as malicious privilege escalation by hackers.
As shown in fig. 2, an embodiment of the present invention further discloses a tamper-resistant system for an ETC online recharging service, where the system includes:
the low-importance service monitoring module is used for monitoring a service system with less service volume or less pages by adopting a mode of combining an event triggering mechanism and authority locking;
the real-time exhibition service monitoring module is used for monitoring the real-time exhibition service system in a permission locking mode;
and the high-importance service monitoring module is used for monitoring a service system with high service importance by adopting a mode of combining an event triggering mechanism and file filtering.
The event triggering mechanism is that a monitoring program can obtain a system notification event by monitoring a website directory if tampering occurs in the directory, then judges whether the tampering is illegal according to related rules, and immediately replies if the tampering is illegal.
The file filtering adopts an operating system bottom file filtering driving technology, intercepts and analyzes IRP (Internet protocol) streams, immediately cuts off write operations of all protected website directories, and adopts counter measures before tampering and prevents the write operations before tampering the written files, which is contrary to the counter measures after tampering triggered by events.
The method is characterized in that an event trigger mechanism and a file filtering combined mode is adopted for a service system with higher service importance, automatic monitoring is carried out in the event trigger mode, all contents of a folder are compared with the attributes of files at the bottom layer, real-time detection is carried out through a built-in hash fast algorithm, and if the attributes are found to be changed, the contents of the folder are copied to the corresponding positions in the monitored folder in a non-protocol pure file safe copying mode. The copying is carried out by a file filtering technology, and the whole copying process is in millisecond level.
The permission locking mode is characterized in that the reading and writing and execution permissions of files and folders are controlled by adopting L inux system bottom layer technology, and malicious modification of file contents and attributes are limited, static program files which are possibly accessed in a hacker attack process are analyzed by deeply analyzing ETC online recharging services, and functions of different files under different directories are screened, so that the permissions of the different files are controlled, and the control range can be an HTM L file or a file directory.
The system further comprises:
and the backup recovery module is used for automatically backing up the version sending program by the system after the user sends the version updating program, the system enters a monitoring state again, whether malicious tampering exists or not is monitored, and if the malicious tampering exists, the system recovery from the tampering of the backup service is completed.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (5)
1. A tamper-proof method for ETC online recharge services, the method comprising the operations of:
for different service systems, different monitoring methods are adopted:
monitoring a service system with less traffic or few pages by adopting a mode of combining an event triggering mechanism and authority locking, wherein the method comprises the steps of registering and logging in the system, monitoring a website directory, if tampering occurs in the directory, obtaining a system notification event by a monitoring program, then judging whether the tampering is illegal according to related rules, controlling reading and writing of files and folders and executing authority, and limiting malicious modification of the content and attributes of the files; monitoring a real-time demonstrative service system in a permission locking mode, wherein the monitoring comprises a recharging service operation management platform, controlling reading and writing and execution permissions of files and folders, limiting malicious modification of file contents and attributes, and screening functions of different files under different directories by analyzing static program files in an ETC online recharging service to control the permissions of the different files; and monitoring a service system with high service importance by adopting a mode of combining an event trigger mechanism and file filtering, wherein the mode comprises a recharge order creation system, a payment system and a precharge value card writing system.
2. The method according to claim 1, wherein the monitoring by combining the event trigger mechanism and the file filtering is performed by:
the method comprises the steps of automatically monitoring all contents of a folder in an event triggering mode, comparing the attributes of files at the bottom layer of the folder, detecting in real time through a built-in hash fast algorithm, and copying the contents of the folder to a corresponding position in a monitored folder in a non-protocol pure file safe copying mode if the attributes are changed.
3. The method according to claim 1, wherein the method further comprises backing up and recovering the ETC online recharging service, and the backup and recovery process comprises:
after the user sends the version updating program, the system automatically backs up the version sending program, the system enters a monitoring state again, whether malicious tampering exists or not is monitored, and if the malicious tampering exists, the system is restored from the backup service after tampering.
4. A tamper-resistant system for ETC online recharge services, the system comprising:
the low-importance business monitoring module is used for monitoring a business system with less business volume or less pages by adopting a mode of combining an event triggering mechanism and authority locking, and comprises a registration login system, wherein a monitoring program can obtain a system notification event by monitoring a website directory, judges whether the system is illegally tampered according to related rules if tampering occurs in the directory, controls reading and writing of files and folders and executes authority, and limits malicious modification of the content and attributes of the files;
the real-time display business monitoring module is used for monitoring a real-time display business system in a permission locking mode, comprises a recharging business operation management platform, controls the read-write and execution permission of files and folders, limits malicious modification of file contents and attributes, and discriminates the functions of different files under different catalogues by analyzing static program files in the ETC online recharging business to control the permission of the different files;
and the high-importance service monitoring module is used for monitoring a service system with high service importance by adopting a mode of combining an event triggering mechanism and file filtering, and comprises a recharge order creating system, a payment system and a precharge value card writing system.
5. The tamper-resistant system for ETC online recharge services according to claim 4, further comprising:
and the backup recovery module is used for automatically backing up the version sending program by the system after the user sends the version updating program, the system enters a monitoring state again, whether malicious tampering exists or not is monitored, and if the malicious tampering exists, the system recovery from the tampering of the backup service is completed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910924911.6A CN110765453B (en) | 2019-09-27 | 2019-09-27 | Tamper-proof method and system for ETC online recharging service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910924911.6A CN110765453B (en) | 2019-09-27 | 2019-09-27 | Tamper-proof method and system for ETC online recharging service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110765453A CN110765453A (en) | 2020-02-07 |
| CN110765453B true CN110765453B (en) | 2020-07-10 |
Family
ID=69330708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910924911.6A Active CN110765453B (en) | 2019-09-27 | 2019-09-27 | Tamper-proof method and system for ETC online recharging service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110765453B (en) |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101778137A (en) * | 2010-01-15 | 2010-07-14 | 蓝盾信息安全技术股份有限公司 | System and method for preventing webpage from being falsified |
| CN102902928B (en) * | 2012-09-21 | 2017-02-15 | 杭州迪普科技有限公司 | Method and device for webpage integrity assurance |
| CN104156665B (en) * | 2014-07-22 | 2017-02-01 | 杭州安恒信息技术有限公司 | Web page tampering monitoring method |
| CN104574653B (en) * | 2014-11-13 | 2017-12-29 | 深圳市金溢科技股份有限公司 | The method and system that stored value card IC-card supplements with money online are realized based on board units |
| US10382446B2 (en) * | 2015-05-28 | 2019-08-13 | Cameyo Inc. | Computerized system, method and computer program product, for managing a computer program's operations |
| CN109145536B (en) * | 2017-06-19 | 2021-03-26 | 北京金山云网络技术有限公司 | A kind of webpage tamper-proof method and device |
| CN107231371A (en) * | 2017-06-23 | 2017-10-03 | 国家电网公司 | The safety protecting method of Electricity Information Network, device and system |
-
2019
- 2019-09-27 CN CN201910924911.6A patent/CN110765453B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110765453A (en) | 2020-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9852289B1 (en) | Systems and methods for protecting files from malicious encryption attempts | |
| US8844059B1 (en) | Method and apparatus for preventing data loss through screen capture | |
| US9306956B2 (en) | File system level data protection during potential security breach | |
| US9317686B1 (en) | File backup to combat ransomware | |
| US8613040B2 (en) | Adaptive data loss prevention policies | |
| US8886570B1 (en) | Hacker-resistant balance monitoring | |
| US8091127B2 (en) | Heuristic malware detection | |
| US10339304B2 (en) | Systems and methods for generating tripwire files | |
| US9064130B1 (en) | Data loss prevention in the event of malware detection | |
| US9659182B1 (en) | Systems and methods for protecting data files | |
| US11144656B1 (en) | Systems and methods for protection of storage systems using decoy data | |
| CN101739767A (en) | Method and system for processing abnormal operation of self-service terminal | |
| CN102110201A (en) | System for monitoring and auditing compact disc burning | |
| US11113391B2 (en) | Method and computer system for preventing malicious software from attacking files of the computer system and corresponding non-transitory computer readable storage medium | |
| US8108935B1 (en) | Methods and systems for protecting active copies of data | |
| CN112187787B (en) | Digital marketing advertisement page tamper-proof method, device and equipment based on knowledge graph | |
| US9491627B2 (en) | Recovering data in a storage medium of an electronic device that has been tampered with | |
| US9774627B2 (en) | Detecting memory-scraping malware | |
| US20230376964A1 (en) | Systems and methods for detecting unauthorized online transactions | |
| CN110765453B (en) | Tamper-proof method and system for ETC online recharging service | |
| US12034764B1 (en) | Systems and methods for detecting malware based on anomalous cross-customer financial transactions | |
| US8353032B1 (en) | Method and system for detecting identity theft or unauthorized access | |
| Viswanathan et al. | Dynamic monitoring of website content and alerting defacement using trusted platform module | |
| US20250330493A1 (en) | Honeypot-based attack detection | |
| CN120144357A (en) | Backup data protection method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 250101 Hanyu Jingu a7-5 Xinlian technology building, hi tech Zone, Jinan City, Shandong Province Patentee after: Shandong high speed Xinlian Technology Co., Ltd Address before: 250000 Room 211 on the south side of the second floor of the West attached building of Shandong High Speed Research Building, 5006 Olympic Sports Road, Jinan High-tech Zone, Shandong Province Patentee before: Shandong high speed Xinlian Technology Co.,Ltd. |
|
| CP03 | Change of name, title or address |