CN105550593A - Cloud disk file monitoring method and device based on local area network - Google Patents

Abstract

The embodiment of the present invention provides a cloud disk file monitoring method and device based on a local area network, wherein the method specifically includes: when an upload or download operation for a cloud disk file is monitored, obtaining the cloud disk file control strategy corresponding to the user terminal where it is located ; Wherein, the cloud disk file control strategy is provided by the control terminal in the local area network; when the cloud disk file control strategy corresponding to the user terminal is prohibited, intercept the upload or download operation for the cloud disk file. The embodiments of the present invention can prevent user terminals from randomly uploading or downloading cloud disk files to cause file leakage or threaten the security of the enterprise network, so as to improve the security of the enterprise network.

Description

A method and device for monitoring cloud disk files based on local area network

technical field

The present invention relates to the field of local area network technology, in particular to a cloud disk file monitoring method and device based on a local area network.

Background technique

With the rapid development of information technology, more and more users store data through cloud disks. Among them, cloud disks are an Internet storage tool and a product of Internet cloud technology. Cloud disks provide information storage for enterprises and individuals through the Internet. , reading, downloading and other services, with the characteristics of security, stability and mass storage.

For local area networks such as enterprise networks, collaborative office can be realized through cloud disks, and the powerful functions of comprehensive storage, control, movement, sharing and collaboration of cloud disks can be used to optimize business processes and improve operational efficiency.

However, while cloud disks provide convenience, they also bring about information security issues. For example, within the enterprise network, the cloud disk server usually stores important files of the enterprise. These important files can be downloaded by authorized personnel within the enterprise. Once these important files are downloaded and leaked, it is likely to bring serious Huge economic losses; in addition, enterprise personnel can also upload files to the cloud disk. If the uploaded files carry malicious programs, the malicious programs will not only attack the enterprise server, cause the server to crash, cause data loss, but also threaten the security of the enterprise network. Safety.

Contents of the invention

In view of the above problems, the present invention is proposed to provide a local area network-based cloud disk file monitoring method and device that overcomes the above problems or at least partially solves the above problems.

According to an aspect of the present invention, a kind of cloud disk file monitoring method based on local area network is provided, comprising:

When monitoring the upload or download operation for the cloud disk file, obtain the cloud disk file control strategy corresponding to the user terminal where it is located; wherein, the cloud disk file control strategy is provided by the control terminal in the local area network;

When the cloud disk file control policy corresponding to the user terminal is forbidden, intercept the upload or download operation for the cloud disk file.

Optionally, the method also includes:

When the cloud disk file control policy corresponding to the user terminal is allowed, the upload or download operation for the cloud disk file is allowed to continue.

Optionally, the method also includes:

In the process of performing the upload or download operation for the cloud disk file, record the corresponding operation information; wherein, the operation information includes at least one of the following information: the behavior identifier corresponding to the upload or download operation, the execution of the The terminal identification of the user terminal for uploading or downloading operations, and the file identification of the cloud disk file;

uploading the recorded operation information to the control terminal.

Optionally, monitor upload or download operations for cloud disk files through the following steps:

Monitor cloud disk client upload or download operations for cloud disk files; or,

Monitor browser upload or download operations for cloud disk files.

Optionally, the step of monitoring the upload or download operation of the cloud disk file by the cloud disk client includes:

Matching the process ID of the running process with the pre-stored first cloud disk ID;

When the process identifier matches the first cloud disk identifier, it is determined that the process is a process corresponding to the cloud disk client;

Monitoring the process corresponding to the cloud disk client is aimed at uploading or downloading operations of cloud disk files.

Optionally, the steps of the monitoring browser for uploading or downloading operations of cloud disk files include:

Analyzing the Uniform Resource Locator in the browser to obtain keyword information;

Matching the keyword information with the pre-stored second cloud disk identifier;

When the keyword information matches the second cloud disk identifier, it is determined that the current webpage of the browser is a cloud disk operation webpage;

Monitoring the uploading or downloading operation of the cloud disk file in the current webpage of the browser.

Optionally, the method also includes:

Before performing the upload operation for the cloud disk file, perform a security scan on the cloud disk file;

When it is determined through the security scan that the cloud disk file carries a malicious program, the upload operation is intercepted.

Optionally, the method also includes:

Before performing the download operation for the cloud disk file, detect whether the cloud disk file is a preset protection file;

When detecting that the cloud disk file is a preset protected file, intercept the download operation.

According to another aspect of the present invention, a kind of cloud disk file monitoring device based on local area network is provided, comprising:

The operation monitoring module is used to obtain the cloud disk file control strategy corresponding to the user terminal where the user terminal is located when monitoring the upload or download operation for the cloud disk file; wherein, the cloud disk file control strategy is set by the control terminal in the local area network provide; and

An operation interception module, configured to intercept the upload or download operation for the cloud disk file when the cloud disk file control policy corresponding to the user terminal is prohibited.

Optionally, the device also includes:

The operation permission module is configured to allow the upload or download operation for the cloud disk file to continue to be performed when the cloud disk file control policy corresponding to the user terminal is allowed.

Optionally, the device also includes:

An operation recording module, configured to record corresponding operation information during the process of performing the upload or download operation for the cloud disk file; wherein, the operation information includes at least one of the following information: upload or download operation corresponding Behavior identification, the terminal identification of the user terminal performing the upload or download operation, and the file identification of the cloud disk file;

A record uploading module, configured to upload the recorded operation information to the control terminal.

Optionally, the operation monitoring module includes: a monitoring submodule for monitoring upload or download operations for cloud disk files;

The monitoring submodule includes:

The first monitoring unit is used to monitor the upload or download operation of the cloud disk client for the cloud disk file; or,

The second monitoring unit is used to monitor the uploading or downloading operation of the browser on the cloud disk file.

Optionally, the first monitoring unit includes:

The first matching subunit is used to match the process ID of the running process with the pre-stored first cloud disk ID;

The first determining subunit is configured to determine that the process is a process corresponding to the cloud disk client when the process identifier matches the first cloud disk identifier;

The first monitoring subunit is configured to monitor the upload or download operation of the cloud disk file by the process corresponding to the cloud disk client.

Optionally, the second monitoring unit includes:

The parsing subunit is used to parse the Uniform Resource Locator in the browser to obtain keyword information;

The second matching subunit is used to match the keyword information with the pre-stored second cloud disk identifier;

The second determining subunit is used to determine that the current webpage of the browser is a cloud disk operation webpage when the keyword information matches the second cloud disk identifier;

The second monitoring subunit is used to monitor the upload or download operation of the cloud disk file in the current webpage of the browser.

Optionally, it is characterized in that the device also includes:

A scanning module, configured to perform a security scan on the cloud disk file before performing the upload operation for the cloud disk file;

The upload interception module is configured to intercept the upload operation when it is determined through the security scan that malicious programs are carried in the cloud disk file.

Optionally, the device also includes:

A file detection module, configured to detect whether the cloud disk file is a preset protected file before performing the download operation for the cloud disk file;

The download interception module is configured to intercept the download operation when detecting that the cloud disk file is a preset protected file.

According to a cloud disk file monitoring method and device based on a local area network provided by an embodiment of the present invention, the operation behavior of uploading and downloading cloud disk files can be monitored, and when an upload or download operation for a cloud disk file is detected, obtain The cloud disk file control strategy corresponding to the user terminal where the user terminal is corresponding to the cloud disk file control strategy is prohibited, intercepting the upload or download operation for the cloud disk file; because the embodiment of the present invention can provide according to the control terminal The cloud disk file control policy of the user terminal controls the upload or download operation of the cloud disk file in the user terminal, wherein, by setting the cloud disk file control policy corresponding to the user terminal to prohibit, the upload of the cloud disk file in the user terminal can be blocked Or download operations, so it can prevent user terminals from uploading or downloading cloud disk files at will, causing file leakage or threatening the security of the enterprise network, so as to improve the security of the enterprise network.

The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

Description of drawings

Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the alternative embodiments. The drawings are only for purposes of illustrating alternative embodiments and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:

Fig. 1 shows a flow chart of the steps of a cloud disk file monitoring method based on a local area network according to an embodiment of the present invention;

Fig. 2 shows a flow chart of the steps of a cloud disk file monitoring method based on a local area network according to an embodiment of the present invention;

Fig. 3 shows a flow chart of the steps of a cloud disk file monitoring method based on a local area network according to an embodiment of the present invention;

Fig. 4 shows a flow chart of steps of a cloud disk file monitoring method based on a local area network according to an embodiment of the present invention; and

Fig. 5 shows a structural block diagram of a cloud disk file monitoring device based on a local area network according to an embodiment of the present invention.

detailed description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

Referring to Fig. 1, it shows a flow chart of steps of a cloud disk file monitoring method based on a local area network according to an embodiment of the present invention, which may specifically include the following steps:

Step 101. Obtain the cloud disk file control policy corresponding to the user terminal where the cloud disk file is uploaded or downloaded when monitoring; wherein, the cloud disk file control policy may be provided by the control terminal in the local area network;

Step 102, when the cloud disk file control strategy corresponding to the user terminal is forbidden, intercept the upload or download operation for the cloud disk file.

Embodiments of the present invention can be applied to local area networks such as enterprise networks, government networks, and campus networks; in the above-mentioned local area networks, user terminals refer to terminal devices that can perform cloud disk file operations through cloud disk clients or browsers; the control terminal can be used To provide control strategies, for example, you can set which user terminals are prohibited/allowed to upload or download cloud disk files, etc., to prevent file leakage or malicious program intrusion in the LAN.

In a specific application, the present invention does not limit the specific manner of formulating the cloud disk file control strategy. For example, corresponding cloud disk file control policies can be formulated according to the nature of work of various departments in the enterprise and the relevance of cloud disk files. The cloud disk file control policy corresponding to the user terminal is prohibited. In practical applications, since the R&D personnel of the enterprise need to master the core technology of the enterprise and carry out R&D work, the user terminals of the R&D department are allowed to upload or download cloud disk files in the enterprise, and usually the user terminals of the R&D department cannot connect to the external network , so that on the basis of providing convenience for the work of R&D personnel, it can prevent the leakage of important files of the enterprise and the intrusion of malicious files. Since the user terminals of the administrative department usually need to be connected to the external network, and the staff of the administrative department do not need to access the core technical files of the enterprise, the cloud disk file control policy corresponding to the user terminal of the administrative department can be set to prohibit to prevent the enterprise from Important files are leaked through the external network and malicious programs invade the enterprise network through the external network.

For another example, the security scan results from each user terminal in the local area network can also be periodically collected through the control terminal, and the security level of each user terminal can be determined by analyzing the security scan results of each user terminal. For users with higher security levels The terminal can set the corresponding cloud disk file control policy to allow, and set the corresponding cloud disk file control policy to prohibit for a user terminal with a lower security level. By periodically collecting the security scanning results from each user terminal in the local area network, when the security level of the user terminal changes, the cloud disk file control policy can be updated accordingly.

It can be understood that the above method of formulating a cloud disk file control strategy is only an application example of the present invention, and in practical applications, those skilled in the art can flexibly formulate a cloud disk file control strategy according to actual needs.

Wherein, the above-mentioned user terminal and the above-mentioned control terminal can communicate through a standard protocol or a private protocol, wherein the private protocol has the advantages of closure and high security; The specific communication method is not limited.

In practical applications, the user of the control terminal can be an advanced user such as a network administrator with certain knowledge of network security. Therefore, the user of the control terminal can flexibly formulate corresponding cloud disk files according to the current security requirements and actual conditions of the LAN Control policies to improve the security of the enterprise network.

In the embodiment of the present invention, a monitoring module may be provided on the user terminal to monitor whether there is an upload or download operation on the cloud disk file on the user terminal. When it is detected that there is an upload or download operation for the cloud disk file on the user terminal, the cloud disk file control strategy corresponding to the user terminal can be read from the control terminal in the local area network; according to the settings in the control terminal The user terminal executes a corresponding control operation for the cloud disk file control strategy used. Specifically, when the cloud disk file control policy corresponding to the user terminal is forbidden, intercept the user terminal from performing an upload or download operation on the cloud disk file.

It can be understood that the present invention does not limit the acquisition method of the above-mentioned cloud disk file control strategy. For example, the cloud disk file control strategy can be stored in the control terminal, and the user terminal can query the corresponding cloud disk file control strategy online through the local area network access control terminal. Alternatively, the control terminal may issue the above-mentioned cloud disk file control policy to the user terminal, so that the user terminal can query locally.

In an optional embodiment of the present invention, the above method may also include:

When the cloud disk file control policy corresponding to the user terminal is allowed, the upload or download operation for the cloud disk file is allowed to continue.

In an application example of the present invention, the control terminal can formulate a corresponding cloud disk file control policy for each user terminal, and issue it to the corresponding user terminal through the enterprise local area network. Among them, the cloud disk file control strategy can be represented by a mapping table, which can include the terminal identifier of the user terminal and the mapping relationship corresponding to the cloud disk file control strategy. Referring to Table 1, it shows a The specific illustration of the mapping table corresponding to the cloud disk file control strategy.

Table 1

Terminal ID Upload cloud disk files Download cloud disk file 00-01-02-03-04-05 allow prohibit 00-01-02-03-04-06 prohibit allow 00-01-02-03-04-07 prohibit prohibit 00-01-02-03-04-08 allow allow

In the above Table 1, the terminal identification uses the MAC (MediaAccessControl, Media Access Control) address of the user terminal. It can be understood that in practical applications, the present invention does not limit the terminal identification, for example, the IP address of the user terminal can also be used Wait.

In a specific application, after the user terminal is intercepted to perform an upload or download operation on a cloud disk file, a prompt message may also be displayed on the display interface to inform the user that the current terminal device is prohibited from performing an upload or download operation on the cloud disk file .

In practical applications, there are two ways to access cloud disk files. One is to access through the cloud disk client installed in the user terminal. Specifically, after the user enters the user name and password in the cloud disk client to log in, the You can perform corresponding operations on cloud disk files; the other is to access through the browser in the user terminal. Specifically, open the login page of the cloud disk in the browser, and enter the user name and password on the login page to log in. You can enter the cloud disk operation page to perform corresponding operations on cloud disk files. Therefore, the embodiment of the present invention monitors the operation of the cloud disk file for these two access methods.

In an optional embodiment of the present invention, the upload or download operation for cloud disk files can be monitored through the following steps:

Monitor cloud disk client upload or download operations for cloud disk files; or,

Monitor browser upload or download operations for cloud disk files.

In another optional embodiment of the present invention, the step of monitoring the upload or download operation of the cloud disk file by the cloud disk client may specifically include the following sub-steps:

Sub-step S11, matching the process ID of the running process with the pre-stored first cloud disk ID;

Sub-step S12, when the process identifier matches the first cloud disk identifier, determine that the process is a process corresponding to the cloud disk client;

Sub-step S13, monitoring the uploading or downloading operation of the cloud disk file by the process corresponding to the cloud disk client.

In the embodiment of the present invention, the first cloud disk identifier may be stored in advance, and the first cloud disk identifier may include information such as names or digital signatures of currently commonly used cloud disk clients, and may be used to identify different cloud disk clients. For example, the pre-stored first cloud disk identifier includes: Baidu cloud disk, 360 cloud disk, etc.

In a specific application, there are many processes running on the user terminal, and the process IDs of these processes can be matched with the pre-stored first cloud disk ID. For example, if there is a process identifier matching the first cloud disk identifier "360 cloud disk" in the process running on the user terminal, it can be determined that the process is the process corresponding to the 360 cloud disk client, and then the process can be monitored for cloud Disk file upload or download operation.

In the embodiment of the present invention, events (such as uploading or downloading) of cloud disk files in the user terminal can be monitored through a background process. Specifically, the monitoring process can be realized in various ways. For example, it is possible to listen to the broadcast messages sent by the operating system of the user terminal, and to know the event that the cloud disk file is operated by filtering the system broadcast messages. That is, the background process can judge each broadcasted system message, and if the message type is an event that a cloud disk file is operated, information such as the file name and suffix name of the operated cloud disk file can be extracted therefrom.

Alternatively, an API (Application Programming Interface, Application Programming Interface) hook function of the operating system of the user terminal may also be used to monitor the event that the cloud disk file is operated. In the embodiment of the present invention, the background process is used to provide the hook function, and the call function that the system originally performs the file operation is transferred to the hook function (usually realized by modifying the function entry address), so that the hook function can obtain the address of the operated cloud disk file File name, suffix name and other information to complete the monitoring of file operation events.

It can be understood that the detection of uploading or downloading operations of cloud disk files through the above two methods is only used as an application example of the present invention. In practical applications, the present invention does not limit the monitoring method of uploading or downloading operations of cloud disk files. It can be monitored both at the application layer and at the driver layer.

In an optional embodiment of the present invention, the step of monitoring the browser's upload or download operation of the cloud disk file may specifically include the following sub-steps:

Sub-step S21, analyzing the URL in the browser to obtain keyword information;

Sub-step S22, matching the keyword information with the pre-stored second cloud disk identifier;

Sub-step S23, when the keyword information matches the second cloud disk identifier, determine that the current webpage of the browser is a cloud disk operation webpage;

Sub-step S24, monitoring the upload or download operation of the cloud disk file in the current webpage of the browser.

Wherein, the second cloud disk identifier is used to identify keyword information in different cloud disk URLs (UniformResourceLocator, Uniform Resource Locator). In an application example of the present invention, the pre-stored second cloud disk identifiers include: pan.baidu, yunpan.360, and weiyun, respectively representing Baidu cloud disk, 360 cloud disk and Weiyun, assuming a unified resource in the browser The locator URL is: http://pan.baidu.com/#list/path=%2F, by analyzing the URL, you can get the keyword information pan.baidu, and combine the keyword information with the pre-stored second cloud disk ID matching, it can be obtained that the keyword information matches the stored second cloud disk ID "pan.baidu", then it can be determined that the browser's current webpage is a cloud disk operation webpage.

Next, monitor the upload or download operations for cloud disk files on the current web page. For example, an HTTP (HyperTextTransferProtocol, hypertext transfer protocol) request for a file download operation is detected, and the URL information corresponding to the HTTP request is: http://www.weiyun.com/disk/aa.pdf, by performing a Analysis shows that the current request is to download a file named aa.pdf.

It can be understood that the above-mentioned HTTP protocol is only used as an application example of the present invention. In practical applications, the present invention does not limit the transmission protocol for uploading or downloading cloud disk files. For example, FTP (FileTransferProtocol, file transfer protocol) can also be used. .

To sum up, the embodiment of the present invention can monitor the operation behavior of uploading and downloading cloud disk files, and when an upload or download operation for cloud disk files is detected, obtain the cloud disk file control strategy corresponding to the user terminal where the user terminal is located. When the cloud disk file control strategy corresponding to the user terminal is prohibited, intercept the upload or download operation for the cloud disk file. The embodiment of the present invention can control the uploading or downloading operation of the cloud disk file in the user terminal according to the cloud disk file control strategy provided by the control terminal, and the user terminal can be intercepted by setting the cloud disk file control strategy corresponding to the user terminal to prohibit The uploading or downloading operation of cloud disk files can prevent user terminals from uploading or downloading cloud disk files arbitrarily, causing file leakage or threatening the security of the enterprise network, so as to improve the security of the enterprise network.

Referring to Fig. 2, it shows a flow chart of steps of a cloud disk file monitoring method based on a local area network according to an embodiment of the present invention, which may specifically include the following steps:

Step 201. Obtain the cloud disk file control policy corresponding to the user terminal where the cloud disk file is uploaded or downloaded when monitoring; wherein, the cloud disk file control policy is provided by the control terminal in the local area network;

Step 202, when the cloud disk file control policy corresponding to the user terminal is allowed, allow the upload or download operation for the cloud disk file to continue;

Step 203, during the process of performing the upload or download operation for the cloud disk file, record the corresponding operation information; wherein, the operation information includes at least one of the following information: the behavior identifier corresponding to the upload or download operation, The terminal identifier of the user terminal performing the upload or download operation, and the file identifier of the cloud disk file;

Step 204, uploading the recorded operation information to the control terminal.

Referring to Table 2, it shows a specific illustration of an operation record of the present invention.

Table 2

Terminal ID file identification Behavior mark 00-01-02-03-04-05 aa.doc download 00-01-02-03-04-06 bb.doc upload 00-01-02-03-04-07 cc.pdf upload 00-01-02-03-04-08 aa.doc download

In the embodiment of the present invention, during the execution process of uploading or downloading operations for cloud disk files, the corresponding operation information is recorded, and the operation information is uploaded to the control terminal in the local area network, so that the administrator of the local area network can pass through the control terminal. Query the operation record of the cloud disk file, because the operation record may include the behavior identifier corresponding to the upload or download operation, the terminal identifier of the user terminal performing the upload or download operation, and the file identifier of the cloud disk file, therefore, Through the operation records, we can know which user terminal downloaded an important file in the enterprise, or which user terminal uploaded a file carrying a malicious program, so that we can locate the user terminal according to the terminal ID of the user terminal. User terminal to manage and control the user terminal, for example, disconnect the network connection of the user terminal to prevent leakage of important files or further spread of malicious programs, so as to detect and prevent losses or security threats to the enterprise in an early stage event occurs.

Furthermore, a more reasonable cloud disk file control strategy can also be formulated according to the operation record. Specifically, the control terminal can analyze the behavior of each user terminal according to the received operation records from the user terminals in the local area network. If important files of various R&D projects in the enterprise are frequently downloaded, the cloud disk file control policy corresponding to the user terminal is updated to prohibit to prevent leakage of important files.

Referring to FIG. 3 , it shows a flow chart of steps of a cloud disk file monitoring method based on a local area network according to an embodiment of the present invention, which may specifically include the following steps:

Step 301. Obtain the cloud disk file control strategy corresponding to the user terminal where the cloud disk file is uploaded or downloaded when monitoring; wherein, the cloud disk file control strategy is provided by the control terminal in the local area network;

Step 302, when the cloud disk file control policy corresponding to the user terminal is allowed, allow the upload or download operation for the cloud disk file to continue;

Step 303, performing a security scan on the cloud disk file before performing the upload operation for the cloud disk file;

In a specific application, the security scan can be performed through a pre-set black and white list and a virus detection and killing engine. It can be understood that the present invention does not limit the specific manner of the security scan.

Step 304, when it is determined through the security scan that the cloud disk file carries a malicious program, intercept the upload operation.

Wherein, a malicious program refers to a program written with an attack intention, and may specifically include: trapdoors, logic bombs, Trojan horses, worms, bacteria, viruses, and the like.

Through the embodiment of the present invention, it is possible to perform a security scan on the cloud disk file before performing an upload operation on the cloud disk file, and when it is determined through the security scan that the cloud disk file carries a malicious program, the upload operation is intercepted , so as to prevent malicious programs from invading the enterprise network, so as to improve the security of the enterprise network.

Referring to FIG. 4 , it shows a flow chart of steps of a cloud disk file monitoring method based on a local area network according to an embodiment of the present invention, which may specifically include the following steps:

Step 401, when an upload or download operation for a cloud disk file is detected, obtain a cloud disk file control strategy corresponding to the user terminal where it is located; wherein, the cloud disk file control strategy is provided by the control terminal in the local area network;

Step 402, when the cloud disk file control policy corresponding to the user terminal is allowed, allow the upload or download operation for the cloud disk file to continue;

Step 403, before performing the download operation for the cloud disk file, detecting whether the cloud disk file is a preset protected file;

Step 404, when it is detected that the cloud disk file is a preset protected file, intercept the download operation.

In the embodiment of the present invention, the preset protection files may specifically be confidential files within the enterprise, core technical documents, etc. In practical applications, those skilled in the art can pre-set which files belong to the preset protection files. The specific form of the preset protection file is not limited.

Through the embodiment of the present invention, the cloud disk file can be detected before the download operation for the cloud disk file is executed, and when the cloud disk file is detected as a preset protected file, the download operation can be intercepted, so that Prevent important documents in the enterprise from being leaked.

Referring to FIG. 5 , it shows a structural block diagram of a cloud disk file monitoring device based on a local area network according to an embodiment of the present invention, which may specifically include the following modules:

The operation monitoring module 501 is used to obtain the cloud disk file control strategy corresponding to the user terminal where the user terminal is located when monitoring the upload or download operation for the cloud disk file; wherein, the cloud disk file control strategy is the control terminal in the local area network provided; and

The operation interception module 502 is configured to intercept the upload or download operation for the cloud disk file when the cloud disk file control policy corresponding to the user terminal is prohibited.

In an optional embodiment of the present invention, the device may also include:

The operation permission module is configured to allow the upload or download operation for the cloud disk file to continue to be performed when the cloud disk file control policy corresponding to the user terminal is allowed.

In another optional embodiment of the present invention, the device may also include:

An operation recording module, configured to record corresponding operation information during the process of performing the upload or download operation for the cloud disk file; wherein, the operation information includes at least one of the following information: upload or download operation corresponding Behavior identification, the terminal identification of the user terminal performing the upload or download operation, and the file identification of the cloud disk file;

A record uploading module, configured to upload the recorded operation information to the control terminal.

In yet another optional embodiment of the present invention, the operation monitoring module may specifically include: a monitoring submodule, configured to monitor upload or download operations for cloud disk files;

The monitoring submodule may specifically include:

The first monitoring unit is used to monitor the upload or download operation of the cloud disk client for the cloud disk file; or,

The second monitoring unit is used to monitor the uploading or downloading operation of the browser on the cloud disk file.

In another optional embodiment of the present invention, the first monitoring unit may specifically include:

The first matching subunit is used to match the process ID of the running process with the pre-stored first cloud disk ID;

The first determining subunit is configured to determine that the process is a process corresponding to the cloud disk client when the process identifier matches the first cloud disk identifier;

The first monitoring subunit is configured to monitor the upload or download operation of the cloud disk file by the process corresponding to the cloud disk client.

In yet another optional embodiment of the present invention, the second monitoring unit may specifically include:

The parsing subunit is used to parse the Uniform Resource Locator in the browser to obtain keyword information;

The second matching subunit is used to match the keyword information with the pre-stored second cloud disk identifier;

The second determining subunit is used to determine that the current webpage of the browser is a cloud disk operation webpage when the keyword information matches the second cloud disk identifier;

The second monitoring subunit is used to monitor the upload or download operation of the cloud disk file in the current webpage of the browser.

In another optional embodiment of the present invention, the device may also include:

A scanning module, configured to perform a security scan on the cloud disk file before performing the upload operation for the cloud disk file;

The upload interception module is configured to intercept the upload operation when it is determined through the security scan that malicious programs are carried in the cloud disk file.

In another optional embodiment of the present invention, the device may also include:

A file detection module, configured to detect whether the cloud disk file is a preset protected file before performing the download operation for the cloud disk file;

The download interception module is configured to intercept the download operation when detecting that the cloud disk file is a preset protected file.

As for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.

The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It should be understood by those skilled in the art that a microprocessor or a digital signal processor (DSP) can be used in practice to realize some or all of the components in the cloud disk file monitoring method and device based on the local area network according to the embodiment of the present invention Or full functionality. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet platform, or provided on a carrier signal, or provided in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

The invention discloses A1, a cloud disk file monitoring method based on a local area network, comprising:

When monitoring the upload or download operation for the cloud disk file, obtain the cloud disk file control strategy corresponding to the user terminal where it is located; wherein, the cloud disk file control strategy is provided by the control terminal in the local area network;

When the cloud disk file control policy corresponding to the user terminal is forbidden, intercept the upload or download operation for the cloud disk file.

A2. The method according to claim A1, further comprising:

When the cloud disk file control policy corresponding to the user terminal is allowed, the upload or download operation for the cloud disk file is allowed to continue.

A3, the method as claimed in claim A2, is characterized in that, described method also comprises:

In the process of performing the upload or download operation for the cloud disk file, record the corresponding operation information; wherein, the operation information includes at least one of the following information: the behavior identifier corresponding to the upload or download operation, the execution of the The terminal identification of the user terminal for uploading or downloading operations, and the file identification of the cloud disk file;

uploading the recorded operation information to the control terminal.

A4, the method as claimed in claim A1, is characterized in that, the uploading or downloading operation for cloud disk file is monitored through the following steps:

Monitor cloud disk client upload or download operations for cloud disk files; or,

Monitor browser upload or download operations for cloud disk files.

A5. The method according to claim A4, wherein the step of monitoring the upload or download operation of the cloud disk file by the cloud disk client includes:

Matching the process ID of the running process with the pre-stored first cloud disk ID;

When the process identifier matches the first cloud disk identifier, it is determined that the process is a process corresponding to the cloud disk client;

Monitoring the process corresponding to the cloud disk client is aimed at uploading or downloading operations of cloud disk files.

A6, the method as claimed in claim A4, is characterized in that, the step of described monitoring browser uploading or downloading operation for cloud disk file, comprises:

Analyzing the Uniform Resource Locator in the browser to obtain keyword information;

Matching the keyword information with the pre-stored second cloud disk identifier;

When the keyword information matches the second cloud disk identifier, it is determined that the current webpage of the browser is a cloud disk operation webpage;

Monitoring the upload or download operation of the cloud disk file in the current webpage of the browser.

A7. The method according to any one of claims A1 to A6, further comprising:

Before performing the upload operation for the cloud disk file, perform a security scan on the cloud disk file;

When it is determined through the security scan that the cloud disk file carries a malicious program, the upload operation is intercepted.

A8. The method according to any one of claims A1 to A6, further comprising:

Before performing the download operation for the cloud disk file, detect whether the cloud disk file is a preset protection file;

When detecting that the cloud disk file is a preset protected file, intercept the download operation.

The invention discloses B9, a cloud disk file monitoring device based on a local area network, comprising:

The operation monitoring module is used to obtain the cloud disk file control strategy corresponding to the user terminal where the user terminal is located when monitoring the upload or download operation for the cloud disk file; wherein, the cloud disk file control strategy is set by the control terminal in the local area network provide; and

An operation interception module, configured to intercept the upload or download operation for the cloud disk file when the cloud disk file control policy corresponding to the user terminal is prohibited.

B10, the device as claimed in claim B9, is characterized in that, described device also comprises:

The operation permission module is configured to allow the upload or download operation for the cloud disk file to continue to be performed when the cloud disk file control policy corresponding to the user terminal is allowed.

B11, the device as claimed in claim B10, is characterized in that, described device also comprises:

An operation recording module, configured to record corresponding operation information during the upload or download operation for the cloud disk file; wherein, the operation information includes at least one of the following information: upload or download operation corresponding Behavior identification, the terminal identification of the user terminal performing the upload or download operation, and the file identification of the cloud disk file;

A record uploading module, configured to upload the recorded operation information to the control terminal.

B12. The device according to claim B9, wherein the operation monitoring module comprises: a monitoring submodule for monitoring upload or download operations for cloud disk files;

The monitoring submodule includes:

The first monitoring unit is used to monitor the upload or download operation of the cloud disk client for the cloud disk file; or,

The second monitoring unit is used to monitor the uploading or downloading operation of the browser on the cloud disk file.

B13. The device according to claim B12, wherein the first monitoring unit comprises:

The first matching subunit is used to match the process ID of the running process with the pre-stored first cloud disk ID;

The first determining subunit is configured to determine that the process is a process corresponding to the cloud disk client when the process identifier matches the first cloud disk identifier;

The first monitoring subunit is configured to monitor the upload or download operation of the cloud disk file by the process corresponding to the cloud disk client.

B14. The device according to claim B12, wherein the second monitoring unit comprises:

The parsing subunit is used to parse the Uniform Resource Locator in the browser to obtain keyword information;

The second matching subunit is used to match the keyword information with the pre-stored second cloud disk identifier;

The second determining subunit is used to determine that the current webpage of the browser is a cloud disk operation webpage when the keyword information matches the second cloud disk identifier;

The second monitoring subunit is used to monitor the upload or download operation of the cloud disk file in the current webpage of the browser.

B15. The device according to any one of claims B9 to B14, wherein the device further comprises:

A scanning module, configured to perform a security scan on the cloud disk file before performing the upload operation for the cloud disk file;

The upload interception module is configured to intercept the upload operation when it is determined through the security scan that malicious programs are carried in the cloud disk file.

B16. Any device as claimed in claims B9 to B14, wherein said device further comprises:

A file detection module, configured to detect whether the cloud disk file is a preset protected file before performing the download operation for the cloud disk file;

The download interception module is configured to intercept the download operation when detecting that the cloud disk file is a preset protected file.

Claims (10)

1. A cloud disk file monitoring method based on local area network, comprising: When monitoring the upload or download operation for the cloud disk file, obtain the cloud disk file control strategy corresponding to the user terminal where it is located; wherein, the cloud disk file control strategy is provided by the control terminal in the local area network; When the cloud disk file control policy corresponding to the user terminal is forbidden, intercept the upload or download operation for the cloud disk file. 2. The method of claim 1, further comprising: When the cloud disk file control policy corresponding to the user terminal is allowed, the upload or download operation for the cloud disk file is allowed to continue. 3. The method of claim 2, further comprising: In the process of performing the upload or download operation for the cloud disk file, record the corresponding operation information; wherein, the operation information includes at least one of the following information: the behavior identifier corresponding to the upload or download operation, the execution of the The terminal identification of the user terminal for uploading or downloading operations, and the file identification of the cloud disk file; uploading the recorded operation information to the control terminal. 4. The method according to claim 1, characterized in that, the upload or download operation for the cloud disk file is monitored by the following steps: Monitor cloud disk client upload or download operations for cloud disk files; or, Monitor browser upload or download operations for cloud disk files. 5. The method according to claim 4, wherein the step of monitoring the upload or download operation of the cloud disk file by the cloud disk client includes: Matching the process ID of the running process with the pre-stored first cloud disk ID; When the process identifier matches the first cloud disk identifier, it is determined that the process is a process corresponding to the cloud disk client; Monitoring the process corresponding to the cloud disk client is aimed at uploading or downloading operations of cloud disk files. 6. The method according to claim 4, wherein the step of monitoring the uploading or downloading operation of the cloud disk file by the browser comprises: Analyzing the Uniform Resource Locator in the browser to obtain keyword information; Matching the keyword information with the pre-stored second cloud disk identifier; When the keyword information matches the second cloud disk identifier, it is determined that the current webpage of the browser is a cloud disk operation webpage; Monitoring the uploading or downloading operation of the cloud disk file in the current webpage of the browser. 7. any method as claimed in claim 1 to 6, is characterized in that, described method also comprises: Before performing the upload operation for the cloud disk file, perform a security scan on the cloud disk file; When it is determined through the security scan that the cloud disk file carries a malicious program, the upload operation is intercepted. 8. any method as claimed in claim 1 to 6, is characterized in that, described method also comprises: Before performing the download operation for the cloud disk file, detect whether the cloud disk file is a preset protection file; When detecting that the cloud disk file is a preset protected file, intercept the download operation. 9. A cloud disk file monitoring device based on a local area network, comprising: The operation monitoring module is used to obtain the cloud disk file control strategy corresponding to the user terminal where the user terminal is located when monitoring the upload or download operation for the cloud disk file; wherein, the cloud disk file control strategy is set by the control terminal in the local area network provide; and An operation interception module, configured to intercept the upload or download operation for the cloud disk file when the cloud disk file control policy corresponding to the user terminal is forbidden. 10. The device of claim 9, further comprising: The operation permission module is configured to allow the upload or download operation for the cloud disk file to continue to be performed when the cloud disk file control policy corresponding to the user terminal is allowed.