[go: up one dir, main page]

CN118862163A - Container cluster log security protection method, device and storage medium - Google Patents

Container cluster log security protection method, device and storage medium Download PDF

Info

Publication number
CN118862163A
CN118862163A CN202410997557.0A CN202410997557A CN118862163A CN 118862163 A CN118862163 A CN 118862163A CN 202410997557 A CN202410997557 A CN 202410997557A CN 118862163 A CN118862163 A CN 118862163A
Authority
CN
China
Prior art keywords
server
log
container cluster
logs
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410997557.0A
Other languages
Chinese (zh)
Inventor
王颉
菅志刚
万振华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kaiyuan Network Security Chengdu Technology Co ltd
Yangzhou Shuan Technology Co ltd
Seczone Technology Co Ltd
Original Assignee
Kaiyuan Network Security Chengdu Technology Co ltd
Yangzhou Shuan Technology Co ltd
Seczone Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kaiyuan Network Security Chengdu Technology Co ltd, Yangzhou Shuan Technology Co ltd, Seczone Technology Co Ltd filed Critical Kaiyuan Network Security Chengdu Technology Co ltd
Priority to CN202410997557.0A priority Critical patent/CN118862163A/en
Publication of CN118862163A publication Critical patent/CN118862163A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种容器集群日志安全保护方法、设备及存储介质,其中保护方法包括:第一服务器通过采集程序采集容器集群的日志;第一服务器将采集的日志发送给第二服务器;第二服务器将接收的日志进行切割;第二服务器对切割后的日志进行敏感信息检测,并根据敏感信息检测的结果对切割后的日志进行脱敏处理;第二服务器将脱敏处理后的日志发送给第三服务器;第三服务器将接收的日志进行存储。本发明容器集群日志安全保护方法通过日志采集、切割和脱敏技术以及设置专门存储日志的服务器来提升日志和容器集群的安全性,有利于避免日志信息被篡改和泄露以及节省服务器存储资源。

The present invention discloses a container cluster log security protection method, device and storage medium, wherein the protection method comprises: a first server collects logs of a container cluster through a collection program; the first server sends the collected logs to a second server; the second server cuts the received logs; the second server detects sensitive information on the cut logs, and desensitizes the cut logs according to the results of the sensitive information detection; the second server sends the desensitized logs to a third server; the third server stores the received logs. The container cluster log security protection method of the present invention improves the security of logs and container clusters through log collection, cutting and desensitization technology and setting a server specifically for storing logs, which is conducive to preventing log information from being tampered with and leaked and saving server storage resources.

Description

容器集群日志安全保护方法、设备及存储介质Container cluster log security protection method, device and storage medium

技术领域Technical Field

本发明涉及一种容器集群日志安全保护技术领域,尤其涉及一种容器集群日志安全保护方法、设备及存储介质。The present invention relates to the technical field of container cluster log security protection, and in particular to a container cluster log security protection method, device and storage medium.

背景技术Background Art

现有的查看容器集群日志的方法通常是通过登录容器集群的服务器并执行相关的日志查看命令以直接进行日志的查看,但这样的查看方式存在诸多问题:首先不符合权限最小化原则,仅仅是为了执行日志查看的任务,就需要容器集群开放整个服务器的登录权限,服务器存在潜在的安全风险;常见的容器集群日志信息较多,存在大量无用的信息,并且直接保存在容器集群本地的服务器,占用服务器存储资源的同时存在被篡改的风险,而部分日志则存在敏感信息,例如用户口令,数据库连接信息等,存在潜在的信息泄露风险;并且部分日志查看命令是通过日志采集的方式来进行的,其通过在业务中埋点或侵入第三方代码的方式来进行采集,容易影响业务性能或增加故障率。The existing method of viewing container cluster logs is usually to log in to the server of the container cluster and execute relevant log viewing commands to directly view the logs, but this viewing method has many problems: first, it does not conform to the principle of minimization of permissions. Just to perform the task of log viewing, the container cluster needs to open the login permission of the entire server, and the server has potential security risks; common container cluster logs have a lot of information, there is a lot of useless information, and are directly stored in the local server of the container cluster, occupying server storage resources and there is a risk of tampering, and some logs contain sensitive information, such as user passwords, database connection information, etc., there is a potential risk of information leakage; and some log viewing commands are performed through log collection, which is collected by embedding points in the business or invading third-party code, which is easy to affect business performance or increase the failure rate.

发明内容Summary of the invention

本发明的目的是提供一种容器集群日志安全保护方法、设备及存储介质,通过日志采集、切割和脱敏技术以及设置专门存储日志的服务器来提升日志和容器集群的安全性,有利于避免日志信息被篡改和泄露以及节省服务器存储资源。The purpose of the present invention is to provide a container cluster log security protection method, device and storage medium, which improves the security of logs and container clusters through log collection, cutting and desensitization technology and setting up a server specifically for storing logs, which is beneficial to avoid tampering and leakage of log information and save server storage resources.

为了实现上述目的,本发明公开了一种容器集群日志安全保护方法,其包括:In order to achieve the above object, the present invention discloses a container cluster log security protection method, which includes:

第一服务器通过采集程序采集容器集群的日志;The first server collects logs of the container cluster through a collection program;

第一服务器将采集的日志发送给第二服务器;The first server sends the collected logs to the second server;

第二服务器将接收的日志进行切割;The second server cuts the received logs;

第二服务器对切割后的日志进行敏感信息检测,并根据敏感信息检测的结果对切割后的日志进行脱敏处理;The second server performs sensitive information detection on the cut logs, and performs desensitization processing on the cut logs according to the results of the sensitive information detection;

第二服务器将脱敏处理后的日志发送给第三服务器;The second server sends the desensitized log to the third server;

第三服务器将接收的日志进行存储。The third server stores the received logs.

进一步地,所述“第一服务器通过采集程序采集容器集群的日志”之前,还包括:Furthermore, before the “the first server collects logs of the container cluster through a collection program”, the method further includes:

容器集群回收登录权限并锁定查看日志的权限和渠道。The container cluster reclaims login permissions and locks the permissions and channels for viewing logs.

进一步地,所述采集程序包括基于eBPF技术开发的agent程序,所述“第一服务器通过采集程序采集容器集群的日志”包括:Further, the collection program includes an agent program developed based on the eBPF technology, and the “the first server collects logs of the container cluster through the collection program” includes:

第一服务器将agent程序部署至容器集群;The first server deploys the agent program to the container cluster;

第一服务器通过所述agent程序与容器集群连接;The first server is connected to the container cluster through the agent program;

agent程序零侵扰采集容器集群的全量日志;The agent program collects all logs of the container cluster without intrusion.

容器集群将所述agent程序采集的全量日志发送给所述第一服务器。The container cluster sends the full log collected by the agent program to the first server.

进一步地,所述“第一服务器将采集的日志发送给第二服务器”之前,还包括:Furthermore, before the “the first server sends the collected logs to the second server”, the method further includes:

第一服务器向第二服务器发送切割日志请求。The first server sends a log cutting request to the second server.

进一步地,所述“第二服务器将接收的日志进行切割”包括:Further, the “second server cutting the received log” includes:

第二服务器将接收的日志分割为单条日志;The second server splits the received log into individual logs;

第二服务器筛选并保留单条日志中具有关键信息的日志。The second server filters and retains the logs containing key information in the single log.

进一步地,所述脱敏处理包括隐藏日志中的敏感关键字。Furthermore, the desensitization process includes hiding sensitive keywords in the log.

为了实现上述目的,本发明公开了一种电子设备,其包括:In order to achieve the above object, the present invention discloses an electronic device, which includes:

一个或多个处理器;one or more processors;

一个或多个存储器,用于存储一个或多个程序,当一个或多个所述程序被所述处理器执行,使得所述处理器实现如前述的容器集群日志安全保护方法。One or more memories are used to store one or more programs. When one or more of the programs are executed by the processor, the processor implements the container cluster log security protection method as described above.

为了实现上述目的,本发明公开了一种计算机可读存储介质,其上存储有程序,所述程序被处理器执行时实现如前述的容器集群日志安全保护方法。In order to achieve the above-mentioned object, the present invention discloses a computer-readable storage medium, on which a program is stored, and when the program is executed by a processor, the container cluster log security protection method as described above is implemented.

本申请设置有三服务器来对日志进行采集、切割、脱敏和存储,第一服务器通过采集程序采集容器集群的日志,并发送给第二服务器,第二服务器负责对接收的日志进行切割和敏感信息检测,并根据敏感信息检测的结果对切割后的日志进行脱敏处理,第三服务器则负责接收和存储脱敏处理后的日志,以通过上述方法来提升日志和容器集群的安全性,有利于避免日志信息被篡改和泄露以及节省服务器存储资源。The present application sets up three servers to collect, cut, desensitize and store logs. The first server collects the logs of the container cluster through a collection program and sends them to the second server. The second server is responsible for cutting and sensitive information detection of the received logs, and desensitizing the cut logs according to the results of sensitive information detection. The third server is responsible for receiving and storing the desensitized logs. The above method is used to improve the security of logs and container clusters, which is conducive to preventing log information from being tampered with and leaked and saving server storage resources.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明实施例容器集群日志安全保护方法的流程图。FIG1 is a flow chart of a method for protecting container cluster log security according to an embodiment of the present invention.

图2为本发明实施例电子设备的系统图。FIG. 2 is a system diagram of an electronic device according to an embodiment of the present invention.

具体实施方式DETAILED DESCRIPTION

为详细说明本发明的技术内容、构造特征、所实现目的及效果,以下结合实施方式并配合附图详予说明。In order to explain the technical content, structural features, achieved objectives and effects of the present invention in detail, the following is a detailed description in conjunction with the implementation methods and the accompanying drawings.

实施例一Embodiment 1

请参阅图1,本发明公开了一种容器集群日志安全保护方法,其包括:Referring to FIG. 1 , the present invention discloses a container cluster log security protection method, which includes:

进一步地,“第一服务器通过采集程序采集容器集群的日志”之前,还包括:Furthermore, before “the first server collects logs of the container cluster through a collection program”, the method further includes:

1010、容器集群回收登录权限并锁定查看日志的权限和渠道。1010. The container cluster reclaims login permissions and locks the permissions and channels for viewing logs.

可以理解的是,在对容器集群的日志进行处理之前,k8s容器集群通过回收直接登录其服务器的权限,以及锁定原有的查看日志的所有权限及渠道,以禁止通过登录服务器的方式直接查看容器集群的日志来实现服务器权限最小化原则,提升容器集群服务器的安全性,并且同一容器集群执行一次操作1010即可,后续无需重复执行,但不以此为限。It is understandable that before processing the logs of the container cluster, the k8s container cluster implements the principle of minimizing server permissions by reclaiming the permission to directly log into its server and locking all the original permissions and channels for viewing the logs, so as to prohibit directly viewing the logs of the container cluster by logging into the server, thereby improving the security of the container cluster server, and the same container cluster only needs to perform operation 1010 once, and there is no need to repeat it later, but this is not limited to this.

101、第一服务器通过采集程序采集容器集群的日志;101. The first server collects logs of the container cluster through a collection program;

进一步地,采集程序包括基于eBPF技术开发的agent程序,“第一服务器通过采集程序采集容器集群的日志”包括:Furthermore, the collection program includes an agent program developed based on the eBPF technology, and “the first server collects logs of the container cluster through the collection program” includes:

1011、第一服务器将agent程序部署至容器集群;1011. The first server deploys the agent program to the container cluster;

1012、第一服务器通过agent程序与容器集群连接;1012. The first server is connected to the container cluster through the agent program;

1013、agent程序零侵扰采集容器集群的全量日志;1013. The agent program collects all logs of the container cluster without intrusion;

1014、容器集群将agent程序采集的全量日志发送给第一服务器。1014. The container cluster sends the full log collected by the agent program to the first server.

可以理解的是,结合eBPF技术(能够实现程序在不修改内核源代码或添加额外的内核模块情况下运行),开发零侵扰采集容器集群日志的agent程序,并部署在作为日志源的k8s容器集群上,以及开发能够与k8s容器集群上的agent程序连接的第一服务器,实现第一服务器使用eBPF技术零侵扰采集k8s容器集群上的日志,有利于在不破坏业务完整性的情况下获取容器集群日志,不影响业务性能,也不增加业务故障率。It can be understood that, in combination with eBPF technology (which can enable the program to run without modifying the kernel source code or adding additional kernel modules), an agent program for zero-intrusive collection of container cluster logs is developed and deployed on the k8s container cluster as the log source, and a first server that can connect to the agent program on the k8s container cluster is developed, so that the first server uses eBPF technology to collect logs on the k8s container cluster without intrusiveness, which is conducive to obtaining container cluster logs without destroying business integrity, affecting business performance, and increasing business failure rate.

进一步地,“第一服务器将采集的日志发送给第二服务器”之前,还包括:Furthermore, before “the first server sends the collected logs to the second server”, the method further includes:

1020、第一服务器向第二服务器发送切割日志请求。1020. The first server sends a log cutting request to the second server.

102、第一服务器将采集的日志发送给第二服务器;102. The first server sends the collected logs to the second server;

103、第二服务器将接收的日志进行切割;103. The second server cuts the received logs;

进一步地,“第二服务器将接收的日志进行切割”包括:Furthermore, “the second server cuts the received log” includes:

1031、第二服务器将接收的日志分割为单条日志;1031. The second server divides the received log into individual logs;

1032、第二服务器筛选并保留单条日志中具有关键信息的日志。1032. The second server filters and retains the logs containing key information in the single log.

可以理解的是,开发第二服务器的全量日志分割的功能,利用日志分割技术,先对全量日志进行单条日志的分割,再去除大量无用的日志信息,只保留有用的关键日志信息,以有效地节省存储日志服务器的资源并提升日志查询的效率,但不以此为限。It is understandable that the function of developing the full log segmentation of the second server uses log segmentation technology to first segment the full log into single logs, then remove a large amount of useless log information, and only retain useful key log information, so as to effectively save the resources of the storage log server and improve the efficiency of log query, but it is not limited to this.

104、第二服务器对切割后的日志进行敏感信息检测,并根据敏感信息检测的结果对切割后的日志进行脱敏处理;104. The second server performs sensitive information detection on the cut logs, and performs desensitization processing on the cut logs according to the result of the sensitive information detection;

进一步地,脱敏处理包括隐藏日志中的敏感关键字。Furthermore, the desensitization process includes hiding sensitive keywords in the logs.

可以理解的是,开发第二服务器的日志敏感信息检测及隐藏的功能,第二服务器自动检测分割后的日志是否存在敏感信息,并自动对日志中存在的敏感信息进行隐藏敏感字段的脱敏保护,以达到保护容器集群日志安全的目的,但不以此为限。It is understandable that the function of detecting and hiding sensitive information in the logs of the second server is developed. The second server automatically detects whether there is sensitive information in the segmented logs, and automatically desensitizes the sensitive information in the logs by hiding the sensitive fields, so as to achieve the purpose of protecting the security of the container cluster logs, but it is not limited to this.

105、第二服务器将脱敏处理后的日志发送给第三服务器;105. The second server sends the desensitized log to the third server;

106、第三服务器将接收的日志进行存储。106. The third server stores the received log.

可以理解的是,开发具有日志存储及日志查询功能的第三服务器,实现将处理后的日志保存到本地服务器以外的专门的日志服务器,避免原容器集群上的日志存在被篡改的风险。It is understandable that a third server with log storage and log query functions is developed to save the processed logs to a dedicated log server other than the local server, thereby avoiding the risk of logs on the original container cluster being tampered with.

本申请设置有三服务器来对日志进行采集、切割、脱敏和存储,第一服务器通过采集程序采集容器集群的日志,并发送给第二服务器,第二服务器负责对接收的日志进行切割和敏感信息检测,并根据敏感信息检测的结果对切割后的日志进行脱敏处理,第三服务器则负责接收和存储脱敏处理后的日志,以通过上述方法来提升日志和容器集群的安全性,有利于避免日志信息被篡改和泄露以及节省服务器存储资源。The present application sets up three servers to collect, cut, desensitize and store logs. The first server collects the logs of the container cluster through a collection program and sends them to the second server. The second server is responsible for cutting and sensitive information detection of the received logs, and desensitizing the cut logs according to the results of sensitive information detection. The third server is responsible for receiving and storing the desensitized logs. The above method is used to improve the security of logs and container clusters, which is conducive to preventing log information from being tampered with and leaked and saving server storage resources.

实施例二Embodiment 2

请参阅图1和图2,本发明公开了一种电子设备,其包括:Referring to FIG. 1 and FIG. 2 , the present invention discloses an electronic device, which includes:

一个或多个处理器301;One or more processors 301;

一个或多个存储器302,用于存储一个或多个程序,当一个或多个程序被处理器执行,使得处理器实现如前述的容器集群日志安全保护方法。One or more memories 302 are used to store one or more programs. When the one or more programs are executed by the processor, the processor implements the container cluster log security protection method as described above.

实施例三Embodiment 3

本申请实施例公开了一种计算机可读存储介质,其上存储有程序,程序被处理器执行时实现如前述的容器集群日志安全保护方法。An embodiment of the present application discloses a computer-readable storage medium on which a program is stored. When the program is executed by a processor, the aforementioned container cluster log security protection method is implemented.

实施例四Embodiment 4

本申请实施例公开了一种计算机程序产品或计算机程序,该计算机程序产品或计算机程序包括计算机指令,该计算机指令存储在计算机可读存储介质中。电子设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该电子设备执行上述容器集群日志安全保护方法。The embodiment of the present application discloses a computer program product or a computer program, which includes a computer instruction stored in a computer-readable storage medium. A processor of an electronic device reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the electronic device executes the above-mentioned container cluster log security protection method.

应当理解,在本申请实施例中,所称处理器可以是中央处理模块(CentralProcessing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(DigitalSignal Processor,DSP)、专用集成电路(Application SpecificIntegratedCircuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that in the embodiments of the present application, the processor referred to may be a central processing unit (CPU), and the processor may also be other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (ASIC), field-programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may also be any conventional processor, etc.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序指令相关的硬件来完成,程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,的存储介质可为磁碟、光盘、只读存储记忆体(Read-OnlyMemory,ROM)或随机存储记忆体(Random AccessMemory,RAM)等。Those skilled in the art can understand that all or part of the processes in the above-mentioned embodiments can be implemented by hardware related to computer program instructions, and the program can be stored in a computer-readable storage medium. When the program is executed, it can include the processes of the embodiments of the above-mentioned methods. The storage medium can be a disk, an optical disk, a read-only memory (ROM) or a random access memory (RAM).

以上所揭露的仅为本发明的优选实施例而已,当然不能以此来限定本发明之权利范围,因此依本发明申请专利范围所作的等同变化,仍属本发明所涵盖的范围。The above disclosure is only the preferred embodiment of the present invention, which certainly cannot be used to limit the scope of rights of the present invention. Therefore, equivalent changes made according to the scope of the patent application of the present invention are still within the scope covered by the present invention.

Claims (8)

1. A method for securing a container cluster log, comprising:
the first server collects the logs of the container clusters through a collection program;
The first server sends the collected log to the second server;
the second server cuts the received log;
The second server detects sensitive information of the cut log and desensitizes the cut log according to the detection result of the sensitive information;
The second server sends the desensitized log to a third server;
The third server stores the received log.
2. The method for protecting the log security of a container cluster according to claim 1, wherein before the first server collects the log of the container cluster by the collection program, the method further comprises:
The container cluster recovers the login rights and locks the rights and channels to view the log.
3. The container cluster log security protection method according to claim 1, wherein the collection program comprises a agent program developed based on eBPF technologies, and the "the first server collects the log of the container cluster through the collection program" includes:
the first server deploys the agent program to the container cluster;
the first server is connected with the container cluster through the agent program;
the agent program performs zero invasion collection on the full log of the container cluster;
And the container cluster sends the full log acquired by the agent program to the first server.
4. The method of claim 1, wherein before the first server sends the collected log to the second server, further comprising:
the first server sends a request for a cutting log to the second server.
5. The container cluster log security protection method according to claim 1, wherein the "the second server cuts the received log" comprises:
The second server divides the received log into single logs;
the second server screens and retains the logs with key information in the single log.
6. The container cluster log security protection method of claim 1, wherein the desensitizing process comprises hiding sensitive keywords in the log.
7. An electronic device, comprising:
one or more processors;
One or more memories for storing one or more programs that, when executed by the processor, cause the processor to implement the container cluster log security protection method of any of claims 1 to 6.
8. A computer-readable storage medium having a program stored thereon, wherein the program when executed by a processor implements the container cluster log security protection method according to any one of claims 1 to 6.
CN202410997557.0A 2024-07-24 2024-07-24 Container cluster log security protection method, device and storage medium Pending CN118862163A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410997557.0A CN118862163A (en) 2024-07-24 2024-07-24 Container cluster log security protection method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410997557.0A CN118862163A (en) 2024-07-24 2024-07-24 Container cluster log security protection method, device and storage medium

Publications (1)

Publication Number Publication Date
CN118862163A true CN118862163A (en) 2024-10-29

Family

ID=93174748

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410997557.0A Pending CN118862163A (en) 2024-07-24 2024-07-24 Container cluster log security protection method, device and storage medium

Country Status (1)

Country Link
CN (1) CN118862163A (en)

Similar Documents

Publication Publication Date Title
US11663031B2 (en) Techniques for securing virtual cloud assets at rest against cyber threats
US7823201B1 (en) Detection of key logging software
US20230222226A1 (en) Memory scan-based process monitoring
AU2006235058B2 (en) System and method for foreign code detection
US20160232347A1 (en) Mitigating malware code injections using stack unwinding
US20180052720A1 (en) Tracing System Operations Across Remote Procedure Linkages to Identify Request Originators
CN114676424A (en) A container escape detection and blocking method, device, equipment and storage medium
WO2017133442A1 (en) Real-time measurement method and device
CN117009957A (en) Clipboard data safety isolation method based on linux or credit terminal environment
US20200412745A1 (en) Detecting malicious threats via autostart execution point analysis
US11251976B2 (en) Data security processing method and terminal thereof, and server
CN113486335B (en) JNI malicious attack detection method and device based on RASP zero rule
CN118862163A (en) Container cluster log security protection method, device and storage medium
CN110826065B (en) Scanning method, device and system
CN114328119B (en) A database monitoring method, system and server
Petkovic et al. A host based method for data leak protection by tracking sensitive data flow
US7272713B1 (en) Controlling file operations
Jiang et al. Tracing worm break-in and contaminations via process coloring: A provenance-preserving approach
CN118536110A (en) Suspicious process detection method and terminal
CN117668861A (en) Object operation method and device, electronic equipment and computer readable storage medium
CN115396208A (en) A database intrusion detection method and device
CN105279430A (en) Kernel integrity detection method for Xen-based Linux virtual machine malicious code attack
CN116432173A (en) Method, device and medium for preventing malicious encryption of object storage
CN119377939A (en) Measure files according to selection criteria based on file attributes
Shen et al. Implementation of program behavior anomaly detection and protection using hook technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination