[go: up one dir, main page]

CN109101818A - A kind of computer network security detection method - Google Patents

A kind of computer network security detection method Download PDF

Info

Publication number
CN109101818A
CN109101818A CN201810919259.4A CN201810919259A CN109101818A CN 109101818 A CN109101818 A CN 109101818A CN 201810919259 A CN201810919259 A CN 201810919259A CN 109101818 A CN109101818 A CN 109101818A
Authority
CN
China
Prior art keywords
computer
security
file
detection method
computer network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810919259.4A
Other languages
Chinese (zh)
Inventor
亓蓓
王国栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qilu University of Technology
Original Assignee
Qilu University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qilu University of Technology filed Critical Qilu University of Technology
Priority to CN201810919259.4A priority Critical patent/CN109101818A/en
Publication of CN109101818A publication Critical patent/CN109101818A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了一种计算机网络安全检测方法,涉及计算机网络技术领域,首先在计算机硬盘上建立一个安全空间,在计算机下载或接收文件后先在这个安全空间中运行,如果文件中存在恶意代码则直接将文件删除,在计算机使用中还查询是否存在安全漏洞,如果存在威胁程度很大的A级安全漏洞则直接下载并修复,同时还实时监测系统资源的占用量,当占用量超过一定值时判断占用量高的进程是否为受信任的,如果不受信任则直接结束进程。本发明的方法从计算机本身出发对接入的网络进行分析,在安全漏洞、下载安全和资源占用等多个方面进行检测管理,对计算机进行实时检测和保护。

The invention discloses a computer network security detection method, which relates to the technical field of computer networks. First, a security space is established on a computer hard disk, and the computer runs in the security space after downloading or receiving a file. If malicious code exists in the file, the Delete files directly, and check whether there are security vulnerabilities during computer use. If there are A-level security vulnerabilities with a high degree of threat, download and repair them directly. At the same time, it also monitors the occupation of system resources in real time. When the occupation exceeds a certain value Determine whether the process with high usage is trusted, and end the process directly if it is not trusted. The method of the present invention analyzes the connected network starting from the computer itself, detects and manages multiple aspects such as security loopholes, download security and resource occupation, and performs real-time detection and protection on the computer.

Description

A kind of computer network security detection method
Technical field
The present invention relates to technical field of the computer network, more particularly to a kind of computer network security detection method.
Background technique
Universal and development with Internet in the whole world, more and more computer users can not be gone out enough by network Information resources abundant are enjoyed to family, are conveniently and efficiently received and sent messages.Computer network is close with the study of people, work Link together, become not retrievable pith in many people life.But it is huge to enjoy network bring in people When convenient, the safety of computer network is also of increasing concern.On the one hand with the increasingly sophisticated of network structure and application Diversification, so that there are a possibility that loophole to greatly increase for system;Another aspect hacker attack means are maked rapid progress, in addition internal Staff is intentional or unintentionally illegal unauthorized operation, constitutes great threat for the normal operation of network.
Many network security detection methods are mainly the analysis concentrated on to network itself at present, and this analysis is suitable for big Amount computer is in the situation in consolidated network, and this method can largely save cost and effect is preferable.And for Influence of the case where analysis of single computer is less, computer itself to network security is also very important, therefore having must It provides and a kind of network security is detected from computer and is guaranteed using safe method.
Summary of the invention
The embodiment of the invention provides a kind of computer network security detection methods, can solve existing in the prior art Problem.
The present invention provides a kind of computer network security detection methods, method includes the following steps:
Step 1, a safe space is established on the computer's hard;
Step 2, after computer receives or downloads file, first file is run in safe space, and after parsing operation File, if parsing result shows in file there are malicious code, direct deletion file;
Step 3, behind each computer booting connection internet, it whether there is security breaches in inspection system, if there is It then inquires with the presence or absence of A level security loophole in these security breaches, and if so, directly downloading simultaneously patching bugs;
Step 4, in computer use process real-time monitoring system resource service condition, if system resource occupy it is super Cross it is a certain amount of, then inquiry system resource occupation be more than a certain amount of process, according to process list judge these processes whether be by The process of trust directly closes not trusted process if there are not trusted processes in these processes.
Preferably, in step 1 after establishing the safe space pop-up notification dialog box on a display screen.
Preferably, safe space is being established if being equipped with two or more independent hard disks on computer in step 1 When inquire user, then establish safe space in the hard disk of selection.
Preferably, file pops up prompted dialog frame on a display screen in step 2 after deleting, and user's file is reminded to be deleted It removes.
Preferably, then remind user that there are security breaches, user's choosings if there is no A level security loophole in step 3 Start to download and repair these security breaches after selecting reparation.
Preferably, ignore in step 4 if it is trusted process that system resource, which occupies over a certain amount of process all, This system resource occupies over a certain amount of event.
One of embodiment of the present invention computer network security detection method, establishes one on the computer's hard first Safe space is first run in downloaded or after receiving file in this safe space, if there are malice generations in file Code then directly deletes file, and also inquiry whether there is security breaches in computer use, very big if there is threat degree A level security loophole then directly download and repair, while the occupancy of real-time monitoring system resource is gone back, when occupancy is more than certain Judge when value the high process of occupancy whether be it is trusted, directly terminate process if not trusted.Method of the invention It is analyzed from network of computer to the access itself, in security breaches, the downloading many aspects such as safety and resource occupation Detection management is carried out, computer is measured in real time and is protected, is suitable for home computer and uses.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow chart of computer network security detection method in the embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Referring to Fig.1, the embodiment of the invention provides a kind of computer network security detection method, this method includes following step It is rapid:
Step 1, a safe space is established on the computer's hard, and the safe space is invisible to user, and cannot It is deleted or modified by user.The size of the safe space is generally advisable within 10G, avoids occupying the excessive of hard disc of computer Space impacts routine use.Certainly, there is event in order to avoid user is mistakenly considered computer without knowing it Barrier, needs pop-up notification dialog box on a display screen after establishing the safe space, so that user understands.
In the present embodiment, due to hard disc of computer generally all can subregion, and computer operating system is all mounted on C disk In, then safe space is also advisable on C disk with establishing.If being equipped with two or more independent hard disks on computer, User can be inquired when establishing safe space, establish safe space in the hard disk of selection after user's selection.
Step 2, after computer receives or downloads file, first file is run in safe space, and after parsing operation File, if parsing result shows in file there are any malicious code, direct deletion file, and after file deletion Prompted dialog frame is popped up on display screen, reminding file is deleted.
Step 3, behind each computer booting connection internet, it whether there is security breaches in inspection system, if there is It then inquires with the presence or absence of A level security loophole in these security breaches, and if so, directly downloading simultaneously patching bugs, and is repairing User is reminded after the completion;Then remind user there are security breaches if there is no A level security loophole, user selects to repair After start to download and repair these security breaches.
Loophole is generally divided into three-level to the degree of danger of destination host by it:
(1) A level vulnerability
It is the loophole for allowing malice invader to access and may destroying entire goal systems, e.g., allows remote user The loophole of unauthorized access.A level vulnerability is to threaten a kind of maximum loophole, and most of A level vulnerabilities are due to poor system Manage or configure it is wrong caused by.Meanwhile all can almost may be used in any type of remote access software in different places To find such loophole.Such as: some network programs such as FTP, GOPHER, TELNET, SENDMAIL, FINGER are commonly present Serious A level vulnerability.
(2) B level vulnerability
It is the loophole for allowing local user to improve access authority, and its acquisition system may being allowed to control.For example, allowing Local user (local user is all users for possessing account on target machine or network, has no the meaning on geographical location) The loophole of unauthorized access.Most of B level vulnerabilities are as caused by some defects or code error in application program on network.
SENDMAIL and TELNET is typical example.Delay caused by because of the problem of programming defect or programming language Rushing area's overflow problem is a typical B level security loophole.According to statistics, attack is carried out using buffer overflow to account for all systems and attack 80% or more hit.
(3) C level vulnerability
It is any permission user interruption, the loophole for reducing or hindering system operatio.Such as, refusal service loophole.Refusal clothes The danger that business attack does not destroy destination host, attack are intended merely to reach certain purpose, carry out event to destination host Meaning is disturbed.A kind of most typical Denial of Service attack is SYN-Flooder, i.e., a large amount of connection request is sent to target by invader Server, destination host are had to the SYN for handling these " half-open ", however can not obtain ACK answer, and server will be used quickly Complete all memories and hang up, any user cannot be serviced from server again.
Step 4, in computer use process real-time monitoring system resource service condition, if system resource occupy it is super Cross a certain amount of, such as more than 90%, then inquiry system resource occupation is more than a certain amount of process, is arranged according to the process of pre-production Table judges whether these processes are trusted processes, if it is ignores this event;If in these processes exist not by The process of trust then directly closes not trusted process, and the process for avoiding these not trusted influences computer normal use.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (6)

1.一种计算机网络安全检测方法,其特征在于,该方法包括以下步骤:1. A computer network security detection method, characterized in that the method may further comprise the steps: 步骤1,在计算机硬盘上建立一个安全空间;Step 1, create a safe space on the computer hard disk; 步骤2,当计算机接收或下载文件后,先将文件在安全空间中运行,并解析运行后的文件,如果解析结果表明文件中存在恶意代码,则直接删除文件;Step 2, after the computer receives or downloads the file, first run the file in the safe space, and analyze the run file, if the analysis result shows that there is malicious code in the file, delete the file directly; 步骤3,每次计算机开机连接因特网后,检查系统中是否存在安全漏洞,如果存在则查询这些安全漏洞中是否存在A级安全漏洞,如果存在则直接下载并修复漏洞;Step 3. After the computer is turned on and connected to the Internet each time, check whether there are security holes in the system. If there are security holes, check whether there are A-level security holes in these security holes. If there are, directly download and repair the holes; 步骤4,在计算机使用过程中实时监测系统资源的使用情况,如果系统资源占用超过一定量,则查询系统资源占用超过一定量的进程,根据进程列表判断这些进程是否是受信任的进程,如果这些进程中存在不受信任的进程,则直接关闭不受信任的进程。Step 4, monitor the use of system resources in real time during computer use. If the system resources occupy more than a certain amount, then query the processes that occupy more than a certain amount of system resources, and judge whether these processes are trusted processes according to the process list. If these If there is an untrusted process in the process, close the untrusted process directly. 2.如权利要求1所述的计算机网络安全检测方法,其特征在于,步骤1中在建立所述安全空间后在显示屏上弹出通知对话框。2. The computer network security detection method according to claim 1, characterized in that, in step 1, a notification dialog box pops up on the display screen after the safe space is established. 3.如权利要求1所述的计算机网络安全检测方法,其特征在于,步骤1中如果计算机上安装有两个或以上的独立硬盘,则在建立安全空间时询问使用者,随后在选择的硬盘中建立安全空间。3. The computer network security detection method as claimed in claim 1, wherein in step 1, if two or more independent hard disks are installed on the computer, the user is asked when setting up the safe space, and then the selected hard disk Create a safe space. 4.如权利要求1所述的计算机网络安全检测方法,其特征在于,步骤2中文件删除后在显示屏上弹出提示对话框,提醒使用者文件被删除。4. The computer network security detection method according to claim 1, characterized in that, after the file is deleted in step 2, a prompt dialog box pops up on the display screen to remind the user that the file is deleted. 5.如权利要求1所述的计算机网络安全检测方法,其特征在于,步骤3中如果不存在A级安全漏洞则提醒使用者存在安全漏洞,使用者选择修复后开始下载并修复这些安全漏洞。5. The computer network security detection method as claimed in claim 1, wherein in step 3, if there are no A-level security loopholes, the user is reminded that there are security loopholes, and the user selects to start downloading and repairing these security loopholes after repairing. 6.如权利要求1所述的计算机网络安全检测方法,其特征在于,步骤4中如果系统资源占用超过一定量的进程都是受信任的进程,则忽略本次系统资源占用超过一定量的事件。6. The computer network security detection method as claimed in claim 1, wherein in step 4, if the processes whose system resource occupation exceeds a certain amount are all trusted processes, then ignore the event that this system resource occupation exceeds a certain amount .
CN201810919259.4A 2018-08-14 2018-08-14 A kind of computer network security detection method Pending CN109101818A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810919259.4A CN109101818A (en) 2018-08-14 2018-08-14 A kind of computer network security detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810919259.4A CN109101818A (en) 2018-08-14 2018-08-14 A kind of computer network security detection method

Publications (1)

Publication Number Publication Date
CN109101818A true CN109101818A (en) 2018-12-28

Family

ID=64849364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810919259.4A Pending CN109101818A (en) 2018-08-14 2018-08-14 A kind of computer network security detection method

Country Status (1)

Country Link
CN (1) CN109101818A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107347079A (en) * 2017-09-05 2017-11-14 合肥丹朋科技有限公司 Computer network means of defence
CN107563713A (en) * 2017-06-20 2018-01-09 华迪计算机集团有限公司 A kind of electronic document system and its method for operation monitoring
CN107896273A (en) * 2017-09-28 2018-04-10 努比亚技术有限公司 A kind of terminal processes management method, terminal and computer-readable recording medium
CN108377242A (en) * 2018-02-24 2018-08-07 河南工程学院 A kind of computer network security detection method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107563713A (en) * 2017-06-20 2018-01-09 华迪计算机集团有限公司 A kind of electronic document system and its method for operation monitoring
CN107347079A (en) * 2017-09-05 2017-11-14 合肥丹朋科技有限公司 Computer network means of defence
CN107896273A (en) * 2017-09-28 2018-04-10 努比亚技术有限公司 A kind of terminal processes management method, terminal and computer-readable recording medium
CN108377242A (en) * 2018-02-24 2018-08-07 河南工程学院 A kind of computer network security detection method

Similar Documents

Publication Publication Date Title
US12192170B2 (en) System and method for implementing content and network security inside a chip
US11604861B2 (en) Systems and methods for providing real time security and access monitoring of a removable media device
US20230071193A1 (en) System and method for providing network security to mobile devices
US11652829B2 (en) System and method for providing data and device security between external and host devices
EP2132643B1 (en) System and method for providing data and device security between external and host devices
CN1885788B (en) Network safety protection method and system
CN110401621A (en) A protection method, device and storage medium for sensitive instructions
CN106856478A (en) A kind of safety detection method and device based on LAN
KR20220032788A (en) Method And System for Providing Cyber Attack Simulation
CN109101818A (en) A kind of computer network security detection method
US20250392567A1 (en) System and method for implementing content and network security inside a chip
Chan et al. Denial of Service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181228