CN-116346454-B - Method, system and related equipment for resisting attack

Abstract

The application discloses a method, a system and related equipment for resisting attacks, wherein the method comprises the steps of intercepting an attack request of a malicious program when an upper layer API of the controlled API sends the attack request of the malicious program to the controlled API, and returning controlled API preset parameters corresponding to the intercepted request in the attack request to the upper layer API so that the malicious program considers that the attack request is successfully completed. The method comprises the steps of intercepting an attack request sent by an API of the upper layer to a controlled API, wherein the attack request can be effectively prevented from affecting the normal operation process of a system by intercepting the attack request, and returning the controlled API preset parameters corresponding to the intercepted request to the API of the upper layer by skillfully utilizing the misleading thought, so that a malicious program can be trapped to consider that the attack is successfully realized, thereby effectively defending the attack and ensuring the normal operation of the system process.

Inventors

• DU CHEN

Assignees

• 深圳云网雾联科技有限公司

Dates

Publication Date

20260505

Application Date

20230314

Claims (10)

1. 1. A method of combating an attack, comprising: in an operating system, when an upper layer API of a controlled API sends an attack request of a malicious program to the controlled API, a preset API intercepts the attack request; the preset API returns the preset parameters of the controlled API corresponding to the intercepted request in the attack request to the upper layer of API so that the malicious program considers that the attack request is successfully completed, wherein the preset parameters refer to parameter values or parameter names preset by the controlled API; And breaking the original process linked list corresponding to the attack request, so that the malicious program considers that the attack is successful because the target process to be attacked by the intercepted request cannot be found.
2. 2. The method for countering an attack according to claim 1, wherein the breaking the original process linked list corresponding to the attack request includes: Hiding or cutting off the target process in the original process linked list to obtain a new process linked list spliced by a front process and a rear process of the target process, so that the malicious program cannot find the target process in the new process linked list.
3. 3. The method of combating attacks according to claim 1, wherein the process of intercepting the attack request comprises: Filtering out request information belonging to filtering list information in the attack request, and intercepting the request information belonging to the filtering list information to form the intercepted request, wherein the filtering list information comprises at least one of a preset path of an image file, a preset name of the image file and a preset parameter name.
4. 4. The method of combating attacks according to claim 1, wherein said controlled APIs are system kernel layer APIs.
5. 5. The method of combating attacks according to claim 1, wherein prior to said intercepting said attack request, said method further comprises: and blocking the controlled API from receiving the attack request by adopting a hook mode so as to enable the attack request to be jumped to a preset API before being transmitted to the controlled API.
6. 6. The method of combating attacks according to claim 1, wherein after said intercepting said attack request, said method further comprises: and sending the non-intercepted requests in the attack requests to the controlled API.
7. 7. A system for combating attacks is characterized by comprising an interception unit and a processing unit; The interception unit is used for intercepting an attack request of a malicious program when an upper layer API of a controlled API sends the attack request of the malicious program to the controlled API in an operating system; The processing unit is used for returning the preset parameters of the controlled API corresponding to the intercepted request in the attack request to the upper layer API so that the malicious program considers that the attack request is successfully completed, wherein the preset parameters refer to parameter values or parameter names preset by the controlled API, and the original process linked list corresponding to the attack request is broken so that the malicious program considers that the attack is successful because the target process to be attacked by the intercepted request cannot be found.
8. 8. An electronic device, comprising: a central processing unit, a memory and an input/output interface; the memory is a short-term memory or a persistent memory; the central processor is configured to communicate with the memory and to execute instruction operations in the memory to perform the method of any of claims 1 to 6.
9. 9. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 6.
10. 10. A computer program product comprising instructions or a computer program which, when run on a computer, causes the computer to perform the method of any of claims 1 to 6.

Description

Method, system and related equipment for resisting attack Technical Field The embodiment of the application relates to the technical field of Internet, in particular to a method, a system and related equipment for resisting attacks. Background In network security systems, it is often encountered when combating malicious programs. Generally, a malicious program can forcibly terminate a process of a system component by adopting a violent means, so that the system cannot normally operate, but the related art does not provide an effective solution for the problem. Disclosure of Invention The embodiment of the application provides a method, a system and related equipment for resisting attack, which are used for preventing malicious programs from terminating system processes. An embodiment of the present application provides a method for countering an attack, including: when an upper layer API of a controlled API sends an attack request of a malicious program to the controlled API, intercepting the attack request; And returning the controlled API preset parameters corresponding to the intercepted request in the attack request to the upper layer of API so that the malicious program considers that the attack request is successfully completed. The method according to the first aspect of the present application may be implemented in practice using the content according to the second aspect of the present application. The second aspect of the embodiment of the application provides a system for resisting attacks, which comprises an interception unit and a processing unit; The interception unit is used for intercepting an attack request of a malicious program when an upper layer API of the controlled API sends the attack request of the malicious program to the controlled API; the processing unit is configured to return the controlled API preset parameter corresponding to the intercepted request in the attack request to the upper layer API, so that the malicious program considers that the attack request has been successfully completed. A third aspect of an embodiment of the present application provides an electronic device, including: a central processing unit, a memory and an input/output interface; the memory is a short-term memory or a persistent memory; The central processor is configured to communicate with the memory and to execute instruction operations in the memory to perform the method described in the first aspect of the embodiments of the present application or any particular implementation of the first aspect. A fourth aspect of the embodiments of the present application provides a computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform a method as described in the first aspect of the embodiments of the present application or any particular implementation of the first aspect. A fifth aspect of the embodiments of the present application provides a computer program product comprising instructions or a computer program which, when run on a computer, causes the computer to perform the method as described in the first aspect of the embodiments of the present application or any particular implementation of the first aspect. As can be seen from the above technical solutions, the embodiments of the present application have at least the following advantages: The method comprises the steps of intercepting an attack request sent by an API of the upper layer to a controlled API, wherein the attack request can be effectively prevented from affecting the normal operation process of a system by intercepting the attack request, and returning the controlled API preset parameters corresponding to the intercepted request to the API of the upper layer by skillfully utilizing the misleading thought, so that a malicious program can be induced to think that the attack is successfully realized, thereby effectively defending against the malicious attack, and ensuring that the system process still operates normally. Drawings In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for those of ordinary skill in the art. FIG. 1 is a schematic view of an application environment according to an embodiment of the present application; FIG. 2 is a schematic flow chart of a method according to an embodiment of the application; FIG. 3 is a schematic flow chart of a method according to an embodiment of the present application; FIG. 4 is a schematic flow chart of a method according to an embodiment of the present application; FIG. 5 is a schematic diagram of a system according to an embodiment of the present application; Fig. 6 is a schematic structura