CN102045368A - Virus preventing method of intelligent mobile terminal and system - Google Patents
Virus preventing method of intelligent mobile terminal and system Download PDFInfo
- Publication number
- CN102045368A CN102045368A CN2011100232575A CN201110023257A CN102045368A CN 102045368 A CN102045368 A CN 102045368A CN 2011100232575 A CN2011100232575 A CN 2011100232575A CN 201110023257 A CN201110023257 A CN 201110023257A CN 102045368 A CN102045368 A CN 102045368A
- Authority
- CN
- China
- Prior art keywords
- downlink data
- virus
- payload
- mobile terminal
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
Abstract
The invention discloses a virus preventing method of an intelligent mobile terminal and a system. In the method, a communication processor of the intelligent mobile terminal decomposes protocol for received downlink data, and analyzes payload of the downlink data; the communication processor matches the payload with suspicious virus characteristics so as to acquire a matching value; and when the matching value is more than a threshold, the communication processor transmits the payload to a base station to execute subsequent virus analysis. According to the technical scheme, virus prevention on the intelligent mobile terminal is effectively realized, and running efficiency reduction of the intelligent mobile terminal when virus are searched and killed can be avoided.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of virus defense method and system of intelligent mobile terminal.
Background technology
At intelligent mobile terminal (for example, smart mobile phone) more and more popularize, more and more by under the overall situation that people accepted and used, there are some lawless persons to utilize intelligent terminal that the characteristics of application software can arbitrarily be installed, make and disseminate smart mobile phone virus and Malware without restraint, statistics have shown, from year June in December, 2009 to 2010, only the whole world virus that adds your mobile phone surpasses 500, the summation several years ago that this has surpassed six months.In case several hundred million smart mobile phone users are infected in a large number by virus, or the loss that can't estimate is brought to the user possibly by malicious exploitation in the back door of some cell phone software.
Fig. 1 is the schematic diagram of poisoning intrusion smart mobile phone in the correlation technique.As shown in Figure 1, the poisoning intrusion intelligent mobile terminal mainly is divided into following process:
Process (1): virus hiding and communication process at cell phone network;
Process (2): virus arrives smart mobile phone communication processor process by the base station;
Process (3): virus arrives the application processor process by the smart mobile phone communication processor;
Process (4): virus is planted in the process of application processor;
Process (5): virus triggers and the outburst process.
The virus defense and the killing system of intelligent mobile terminal are also perfect gradually at present, but mainly all are to concentrate on virus to detect and the removing aspect, and the work that detects and remove is all finished on the local application processor of smart mobile phone again.The processor working frequency of present terminal is all on the low side down, in the application program parallel running, virus is detected, can cause operational efficiency low excessively, and only be that virus is carried out killing, can not reach the effect of effectively blocking similar or similar virus or rogue program propagation path.
Summary of the invention
Virus detection and removing work at intelligent mobile terminal in the correlation technique are all finished on local application processor, cause the low excessively problem of operational efficiency, the invention provides a kind of virus defense method and system of intelligent mobile terminal, one of to address the above problem at least.
A kind of virus defense method of intelligent mobile terminal is provided according to an aspect of the present invention.
Virus defense method according to intelligent mobile terminal of the present invention comprises: the communication processor of intelligent mobile terminal carries out agreement to the downlink data that receives and decomposes, and parses the payload of downlink data; Communication processor mates payload and doubtful virus characteristic, to obtain the matching degree value; During greater than threshold value, communication processor sends the base station to carry out follow-up virus analysis with payload in the matching degree value.
A kind of virus defense system of intelligent mobile terminal is provided according to an aspect of the present invention.
Virus defense system according to intelligent mobile terminal of the present invention comprises: intelligent mobile terminal; This intelligent mobile terminal comprises: communication processor; Communication processor further comprises: protocol-analysis model, and be used for that the downlink data that receives is carried out agreement and decompose, parse the payload of downlink data; First determination module is used for payload and doubtful virus characteristic are mated, and obtaining the matching degree value, and judges that whether the matching degree value is greater than threshold value; First communication module is used for being output as when being at first determination module, sends payload to carry out follow-up virus analysis to the base station.
By the present invention, the communication processor and the mobile network base station of intelligent mobile terminal are combined, realization is to the virus defense of intelligent mobile terminal, the virus of intelligent mobile terminal detects and removing work is all finished on local application processor, the virus that has solved smart mobile phone in the correlation technique detects and removing work is all finished on local application processor, cause the low excessively problem of operational efficiency, effectively realized virus defense, and avoided killing when virus to reduce the operational efficiency of intelligent mobile terminal intelligent mobile terminal.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of poisoning intrusion intelligent mobile terminal in the correlation technique;
Fig. 2 is the structured flowchart according to the virus defense system of the intelligent mobile terminal of the embodiment of the invention;
Fig. 3 is the structured flowchart of the virus defense system of intelligent mobile terminal according to the preferred embodiment of the invention;
Fig. 4 is the workflow diagram of protocol-analysis model according to the preferred embodiment of the invention;
Fig. 5 is the workflow diagram of first determination module and first communication module according to the preferred embodiment of the invention;
Fig. 6 is the workflow diagram of second communication module, second determination module, blocking module and statistical module according to the preferred embodiment of the invention;
Fig. 7 is the flow chart according to the virus defense method of the intelligent mobile terminal of the embodiment of the invention;
Fig. 8 is the flow chart of the virus defense method of intelligent mobile terminal according to the preferred embodiment of the invention.
Embodiment
Hereinafter will describe the present invention with reference to the accompanying drawings and in conjunction with the embodiments in detail.Need to prove that under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Fig. 2 is the structured flowchart according to the virus defense system of the intelligent mobile terminal of the embodiment of the invention.As shown in Figure 2, this virus defense system comprises: intelligent mobile terminal 1;
Wherein, intelligent mobile terminal 1 comprises: communication processor 10; Communication processor 10 further comprises:
Protocol-analysis model 100 is used for that the downlink data that receives is carried out agreement and decomposes, and parses the payload of downlink data;
First determination module 102 is used for payload and doubtful virus characteristic are mated, and obtaining the matching degree value, and judges that whether the matching degree value is greater than threshold value;
First communication module 104 is used for being output as when being at first determination module, sends payload to carry out follow-up virus analysis to the base station.
Preferably, as shown in Figure 3, above-mentioned virus defense system can also comprise: base station 2, and this base station may further include:
Second communication module 200 is used to receive the payload that comes from first communication module;
Second determination module 204 is used for according to payload downlink data being carried out virus analysis.
In the correlation technique, intelligent mobile terminal processor (for example, smart mobile phone) is divided into application processor and communication processor, and wherein, general application processor operating system mostly is platform commonly used (as Windows, Linux etc.) greatly.Virus at these platforms is many, and the operating system of communication processor all is some RTOS, and the possibility that is subjected to virus infraction is very little, so in the present embodiment, on communication processor virus is handled itself and be difficult at first by virus damage, risk is less.
In addition, the application processor of intelligent mobile terminal also is responsible for local exterior storage usually, virus will just can reach under stored situation usually hides with self-replacation and the purpose of propagating again, control virus is " killing is in already " on application processor, and interception virus is " preventing trouble before it happens " on communication processor, do the virus that is or rogue program like this and just be abandoned not being rooted between the mobile phone, safer.
Preferably, above-mentioned protocol-analysis model 100 may further include:
Judging unit 1000 (not shown)s are used to judge that downlink data is circuit domain data or block domain data;
First resolution unit, 1002 (not shown)s are used for when downlink data is the circuit domain data, parse the payload of downlink data according to short message format or circuit domain data format;
Second resolution unit, 1004 (not shown)s are used for when downlink data is block domain data, adopt transport layer protocol, route layer protocol and upper-layer protocol to parse the payload of downlink data.
The detailed operation flow process of above-mentioned protocol-analysis model is described below in conjunction with Fig. 4.As shown in Figure 4, mainly comprise following processing:
Step S402: (for example, smart mobile phone all submodules start when communication processor starts intelligent mobile terminal in) the communication processor, and run on the backstage when work;
Step S404: whether protocol-analysis model is monitored has data to arrive;
Step S406: protocol-analysis model receives after the packet, judges at first that according to current business these data arrive portable terminal by circuit domain or packet domain.
Step S408: if circuit domain is then carried out protocal analysis according to common short message format or circuit domain data format, the payload of the user data of extracting, and payload submitted to first determination module 102, finish this processing procedure.
Step S410: if packet domain then adopts transport layer protocol and route layer protocol to carry out protocal analysis.
Step S412: judge how this downlink data realizes protocol encapsulation at the upper-layer protocol stack, is divided into IP/PPP → HTTP/MMS/SMTP etc. by common protocol, and parse the payload of user data, submit to first determination module 102, finish this processing procedure.
Preferably, as shown in Figure 3, above-mentioned intelligent mobile terminal 1 can also comprise: application processor 12, be used for when the matching degree value is less than or equal to threshold value, and receive the downlink data that comes from communication processor.That is, when the matching degree value was less than or equal to threshold value, communication processor 10 directly directly was sent to downlink data the application processor 12 of intelligent mobile terminal.
Preferably, as shown in Figure 3, second determination module 204 comprises: matching unit 2040 (not shown)s, be used for the Virus Info of payload and virus base is mated, and judge whether downlink data is Virus Info.
The detailed operation flow process of first determination module and first communication module is described below in conjunction with Fig. 5.
Fig. 5 is the workflow diagram of first determination module 102, first communication module 104 according to the preferred embodiment of the invention.As shown in Figure 5, mainly comprise following processing:
Step S502: whether first determination module 102 is monitored has data to arrive;
Step S504: first determination module 102 receives the data message that protocol-analysis model 100 is submitted to, need carry out the first time and judge.
Particularly, can carry out viral dubiety judgement, promptly adopt and to judge also the not basic principle of mistakes and omissions by accident, effectively avoid virus to slip through the net according to very simply mating rule (for example, Data Source, data length, a virus essential characteristic, file type etc.).For example, execution in step S506, step S508 and step S510.
Step S506: judge that whether downlink data is the suspicious source data of coming; If, execution in step S512.Otherwise, execution in step S508.
Step S508: whether the decision data form is suspicious.If, execution in step S512, otherwise execution in step S510.
Step S510: adopt other decision criterias to judge whether above-mentioned downlink data is suspicious.If, execution in step S512, otherwise, execution in step S514.
Step S512: first determination module 102 is judged to be doubtful virus, then the payload of downlink data is submitted to first communication module 104, first communication module 104 receives the payload of first determination module 102 and directly submits to the base station in high in the clouds afterwards, and attaches a secondary decision request information.
The general dominant frequency of the communication processor of intelligent mobile terminal is lower, and in communication process, require very high to real-time, therefore be not suitable for the detailed matching algorithm program of virus that operation is had relatively high expectations to time complexity on communication processor, once judge so the communication processor of intelligent mobile terminal only is responsible for virus, find suspicious data and submit to the base station and handle.
Step S514: first determination module 102 is judged to be non-doubtful virus, directly submits to the application processor 12 of intelligent mobile terminal 1.
Preferably, as shown in Figure 3, above-mentioned first communication module 104 also is used to receive the judgement response and the analysis report that come from base station feedback, wherein, judges that response carries the indication information that downlink data is a Virus Info; Then communication processor 10 can also comprise: blocking module 106 is used for tackling downlink data and this transmission other data except that above-mentioned downlink data; Statistical module 108 is noted the information of line data correspondence, wherein, this information can include but not limited to following one of at least: the source-information of packet, propagation path.
Statistical module 108 is set, can be so that the collection information relevant with virus as the foundation of judging next time, can effectively be taken precautions against the infringement from now on of similar virus.
It should be noted that, also can be and the statistical module of other wireless access dot system middle part administration said function in the base station, can also set up special mobile virus statistics storehouse,, find viral source and gather Virus Sample to collect those lawless persons' the means of activity.
State the detailed operation flow process of second communication module, second determination module, blocking module and statistical module below in conjunction with Fig. 6.
Fig. 6 is the workflow diagram of second communication module, second determination module, blocking module and statistical module according to the preferred embodiment of the invention.As shown in Figure 6, mainly comprise following processing:
Step S602: second communication module 200 is waited for the scan request that the communication processor of reception intelligent mobile terminal sends and is scanned data (being above-mentioned payload).
Step S604: after second communication module 200 received data to be scanned and scan request, the 200 pairs of data of second determination module that are positioned at the base station, high in the clouds were carried out the rescan judgement.
It should be noted that second determination module 200 that is deployed on the base station is not to move always because the traffic of base station is big and busier.The base station receives after the suspicious data and secondary decision request that smart mobile phone sends over, just start viral secondary decision procedure immediately, suspicious data is carried out detailed scanning, its match-on criterion mates for the virus base according to standard, comprise mobile phone viruses if confirm this program, then send feedback and Virus Info to smart mobile phone immediately.
When intelligent mobile terminal need carry out more detailed detection to virus, initiate request to the base station again, alleviated the burden of base station so greatly.The communication processor of client and the collaborative work of base station, high in the clouds like this makes the disposal ability of virus improve greatly.
Step S606: second determination module 200 mates the Virus Info in payload and the virus base, judges whether downlink data is Virus Info.If, execution in step S608, otherwise, execution in step S610.
Step S608: second communication module 200 sends scan report to intelligent mobile terminal, shows that these data are virus.Return execution in step S602 afterwards.
Step S610: second communication module 200 sends scan report to intelligent mobile terminal, shows that these data are not virus.Return execution in step S602 afterwards.
Step S612: first communication module 104 is waited for and is received viral rescan report.
Step S614: determine whether result of determination is virus.If, execution in step S616, otherwise, execution in step S618.
Step S616: the data code that in viral secondary is judged, is judged as portable terminal virus, to be received by the statistical module of intelligent mobile terminal, blocking module stops the processing to other data except that downlink data in this transmission immediately, abandon these data, in order to avoid it encroaches on application processor, and statistical module is with current bag source (the short message sender number that is judged to be viral data, IP source address, IP transmission route etc.) record in addition, as the foundation of once judging next time, if receive the data that these sources send again, will pay the utmost attention to its possibility as viral data.Afterwards, return execution in step S612.
Step S618: the communication processor of intelligent mobile terminal directly sends above-mentioned downlink data to the application processor of intelligent mobile terminal.Afterwards, return execution in step S612.
Fig. 7 is the flow chart according to the virus defense method of the intelligent mobile terminal of the embodiment of the invention.As shown in Figure 7, this virus defense method mainly comprises following processing:
Step S702: the communication processor of intelligent mobile terminal carries out agreement to the downlink data that receives and decomposes, and parses the payload of downlink data;
Step S704: communication processor mates payload and doubtful virus characteristic, to obtain the matching degree value;
Step S706: during greater than threshold value, communication processor sends the base station to carry out follow-up virus analysis with payload in the matching degree value.
In the correlation technique, the virus of intelligent mobile terminal detects and removing work is all finished on local application processor, in the application program parallel running virus is detected, and can cause operational efficiency low excessively.Process from Fig. 1 (3) is set about, communication processor and above-mentioned each module of mobile network base station deploy at intelligent mobile terminal, communication processor and base station are combined, effectively realized virus defense, and avoided killing when virus to reduce the operational efficiency of intelligent mobile terminal intelligent mobile terminal.
Preferably, above-mentioned steps S702 may further include following processing:
(1) communication processor judges that downlink data is circuit domain data or block domain data;
(2) when downlink data is the circuit domain data, then parse the payload of downlink data according to short message format;
(3) when downlink data is block domain data, then parse the payload of downlink data according to transport layer protocol and route layer protocol.
Preferably, when above-mentioned matching degree value was less than or equal to threshold value, communication processor directly was sent to downlink data the application processor of intelligent mobile terminal.
Preferably, the base station is carried out follow-up virus analysis and be may further include following processing: the Virus Info in payload and the virus base is mated in the base station, judges whether downlink data is Virus Info.
Preferably, when judging that downlink data is Virus Info, can also comprise following processing:
(1) communication processor receives judgement response and the analysis report that comes from base station feedback, wherein, judges that response carries the indication information that downlink data is a Virus Info;
(2) communication processor is tackled other data except that downlink data in downlink data and this transmission, and notes the information of line data correspondence.
Wherein, the information of above-mentioned downlink data correspondence include but not limited to following one of at least: the source-information of packet, propagation path.
Below be that smart mobile phone is an example with the intelligent mobile terminal, describe above-mentioned preferred implementation in detail.
Fig. 8 is the flow chart of the virus defense method of intelligent mobile terminal according to the preferred embodiment of the invention.As shown in Figure 8, this virus defense method mainly comprises following processing:
Step S802: the communication processor downlink data receiving of smart mobile phone.
Step S804: communication processor carries out agreement to all its downlink datas (data that comprise CS territory and PS territory) of flowing through according to different communication protocol and decomposes, and this process relates to above-mentioned protocol-analysis model.
Step S806: the payload that was decomposed is judged by first determination module of smart mobile phone communication processor.
In specific implementation process, can set simple criterion, because the algorithm time complexity is low, influence the operate as normal of smart mobile phone communication processor hardly.
Step S808: first determination module takes a decision as to whether doubtful virus.If, execution in step S810, otherwise, execution in step S822.
Step S810: if result of determination is set up, think that promptly this payload and doubtful virus characteristic matching degree are higher, surpass certain threshold value, then the communication processor time-out sends above-mentioned downlink data to application processor, commentaries on classics is submitted to the base station, high in the clouds by first communication module with this payload, and initiates viral secondary decision request to the base station, high in the clouds.
Step S812: the base station, high in the clouds receives viral secondary decision request, and the payload data of doubtful virus, and input dependence is in the viral secondary decision procedure (being above-mentioned second determination module) of high-speed treating apparatus.
Step S814: whether carry out detailed virus analysis by second determination module, analyzing is virus, and be which kind of virus.If virus then jumps to step S816,, then jump to step S818 if not virus.
Step S816: the base station, high in the clouds is organized into the communication processor that report is handed down to smart mobile phone with the detail analysis result, and subsidiary viral secondary judgement response, and indicating this payload is virus or rogue program.
Step S818: the smart mobile phone communication processor receives secondary and judges response and analysis report, tackle this segment data, do not allow these data send to the smart mobile phone application processor, and record virus or rogue program information on the external memory storage of communication processor, comprise Data Source and propagation path, when the data arrival of this source or propagation path will be arranged from now on again, can report automatically and give high in the clouds base station requests secondary judgement.
Step S820: the base station, high in the clouds is organized into the communication processor that report is handed down to smart mobile phone with the detail analysis result, and subsidiary viral secondary judgement response, and indicating this payload is secure data.
Step S822: if these data are not virus or rogue program, the smart mobile phone communication processor directly transmits valid data and handles to application processor.
It should be noted that, aspect communication processor, because smart mobile phone not only can be supported traditional base station communication at present, can also support communication patterns such as Wi-Fi, bluetooth, therefore on data transfer path, also diversification can be accomplished, similar scheme can be disposed on Wi-Fi, bluetooth process chip or driver and Wi-Fi, Bluetooth accessing point.
In sum, by the foregoing description provided by the invention, with intelligent mobile terminal (for example, smart mobile phone) communication processor and mobile network base station combine, realization effectively detects, tackles smart mobile phone virus and viral propagation path, Virus Type are monitored, thereby has effectively avoided hidden danger from now on.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, and in some cases, can carry out step shown or that describe with the order that is different from herein, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. the virus defense method of an intelligent mobile terminal is characterized in that, comprising:
The communication processor of intelligent mobile terminal carries out agreement to the downlink data that receives and decomposes, and parses the payload of described downlink data;
Described communication processor mates described payload and doubtful virus characteristic, to obtain the matching degree value;
During greater than threshold value, described communication processor sends the base station to carry out follow-up virus analysis with described payload in described matching degree value.
2. method according to claim 1 is characterized in that, described communication processor carries out the agreement decomposition to the downlink data that receives and comprises:
Described communication processor judges that described downlink data is circuit domain data or block domain data;
When described downlink data is the circuit domain data, then parse the payload of described downlink data according to short message format or circuit domain data format;
When described downlink data is block domain data, then adopt transport layer protocol, route layer protocol and upper-layer protocol to parse the payload of described downlink data.
3. method according to claim 1 is characterized in that, when obtaining the matching degree value, also comprises:
When described matching degree value was less than or equal to described threshold value, described communication processor directly was sent to described downlink data the application processor of described intelligent mobile terminal.
4. method according to claim 1 is characterized in that, described base station is carried out follow-up virus analysis and comprised: the Virus Info in described payload and the virus base is mated in described base station, judges whether described downlink data is Virus Info.
5. method according to claim 4 is characterized in that, when judging that described downlink data is Virus Info, also comprises:
Described communication processor receives judgement response and the analysis report that comes from described base station feedback, and wherein, described judgement response carries the indication information that described downlink data is a Virus Info;
Described communication processor is tackled other data except that described downlink data in described downlink data and this transmission, and writes down the information of described downlink data correspondence.
6. method according to claim 5 is characterized in that, the information of described downlink data correspondence comprise following one of at least:
The source-information of described packet, propagation path.
7. the virus defense system of an intelligent mobile terminal is characterized in that, comprising: intelligent mobile terminal;
Described intelligent mobile terminal comprises: communication processor; Described communication processor further comprises:
Protocol-analysis model is used for that the downlink data that receives is carried out agreement and decomposes, and parses the payload of described downlink data;
First determination module is used for described payload and doubtful virus characteristic are mated, and obtaining the matching degree value, and judges that whether described matching degree value is greater than threshold value;
First communication module is used for being output as when being at described first determination module, sends described payload to carry out follow-up virus analysis to described base station.
8. system according to claim 7 is characterized in that, described base station comprises:
Second communication module is used to receive the described payload that comes from described first communication module;
Second determination module is used for according to described payload described downlink data being carried out virus analysis.
9. system according to claim 7 is characterized in that, described protocol-analysis model comprises:
Judging unit is used to judge that described downlink data is circuit domain data or block domain data;
First resolution unit is used for when described downlink data is the circuit domain data, parses the payload of described downlink data according to short message format or circuit domain data format;
Second resolution unit is used for when described downlink data is block domain data, adopts transport layer protocol, route layer protocol and upper-layer protocol to parse the payload of described downlink data.
10. system according to claim 7 is characterized in that, described intelligent mobile terminal also comprises:
Application processor is used for when described matching degree value is less than or equal to described threshold value, receives the described downlink data that comes from described communication processor.
11. system according to claim 7 is characterized in that, described second determination module comprises:
Matching unit is used for the Virus Info of described payload and virus base is mated, and judges whether described downlink data is Virus Info.
12. system according to claim 11 is characterized in that,
Described first communication module also is used to receive the judgement response and the analysis report that come from described base station feedback, and wherein, described judgement response carries the indication information that described downlink data is a Virus Info;
Described communication processor also comprises:
Blocking module is used for tackling described downlink data and this transmission other data except that described downlink data; Statistical module writes down the information of described downlink data correspondence.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100232575A CN102045368A (en) | 2011-01-20 | 2011-01-20 | Virus preventing method of intelligent mobile terminal and system |
| PCT/CN2011/073710 WO2012097553A1 (en) | 2011-01-20 | 2011-05-05 | Virus prevention method and system for intelligent mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100232575A CN102045368A (en) | 2011-01-20 | 2011-01-20 | Virus preventing method of intelligent mobile terminal and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102045368A true CN102045368A (en) | 2011-05-04 |
Family
ID=43911138
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100232575A Pending CN102045368A (en) | 2011-01-20 | 2011-01-20 | Virus preventing method of intelligent mobile terminal and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102045368A (en) |
| WO (1) | WO2012097553A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012097553A1 (en) * | 2011-01-20 | 2012-07-26 | 中兴通讯股份有限公司 | Virus prevention method and system for intelligent mobile terminal |
| CN103294953A (en) * | 2012-12-27 | 2013-09-11 | 武汉安天信息技术有限责任公司 | Detection method and system of mobile phone malicious code |
| CN103810428A (en) * | 2014-02-24 | 2014-05-21 | 珠海市君天电子科技有限公司 | Method and device for detecting macro virus |
| WO2016011614A1 (en) * | 2014-07-23 | 2016-01-28 | 华为技术有限公司 | Method and device for blocking harassment number |
| CN112528285A (en) * | 2020-12-18 | 2021-03-19 | 南方电网电力科技股份有限公司 | Security protection method and device for cloud computing platform, electronic equipment and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103824017A (en) * | 2012-11-19 | 2014-05-28 | 腾讯科技(深圳)有限公司 | Method and platform for monitoring rogue programs |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1889773A (en) * | 2006-07-18 | 2007-01-03 | 毛兴鹏 | Mobile phone virtus examining and protecting method and system based on base station |
| CN101079689A (en) * | 2006-05-26 | 2007-11-28 | 上海晨兴电子科技有限公司 | Method and device for virus scanning and processing of the data received by mobile phone |
| CN101340680A (en) * | 2008-08-12 | 2009-01-07 | 深圳华为通信技术有限公司 | Method and apparatus for implementing virus defending and virus killing by bi-core terminal |
| CN101388056A (en) * | 2008-10-20 | 2009-03-18 | 成都市华为赛门铁克科技有限公司 | Method, system and apparatus for preventing worm |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101482124B1 (en) * | 2008-09-02 | 2015-01-13 | 엘지전자 주식회사 | Method for treating virus in mobile terminal and system thereof |
| CN102045368A (en) * | 2011-01-20 | 2011-05-04 | 中兴通讯股份有限公司 | Virus preventing method of intelligent mobile terminal and system |
-
2011
- 2011-01-20 CN CN2011100232575A patent/CN102045368A/en active Pending
- 2011-05-05 WO PCT/CN2011/073710 patent/WO2012097553A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101079689A (en) * | 2006-05-26 | 2007-11-28 | 上海晨兴电子科技有限公司 | Method and device for virus scanning and processing of the data received by mobile phone |
| CN1889773A (en) * | 2006-07-18 | 2007-01-03 | 毛兴鹏 | Mobile phone virtus examining and protecting method and system based on base station |
| CN101340680A (en) * | 2008-08-12 | 2009-01-07 | 深圳华为通信技术有限公司 | Method and apparatus for implementing virus defending and virus killing by bi-core terminal |
| CN101388056A (en) * | 2008-10-20 | 2009-03-18 | 成都市华为赛门铁克科技有限公司 | Method, system and apparatus for preventing worm |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012097553A1 (en) * | 2011-01-20 | 2012-07-26 | 中兴通讯股份有限公司 | Virus prevention method and system for intelligent mobile terminal |
| CN103294953A (en) * | 2012-12-27 | 2013-09-11 | 武汉安天信息技术有限责任公司 | Detection method and system of mobile phone malicious code |
| CN103810428A (en) * | 2014-02-24 | 2014-05-21 | 珠海市君天电子科技有限公司 | Method and device for detecting macro virus |
| CN103810428B (en) * | 2014-02-24 | 2017-05-24 | 珠海市君天电子科技有限公司 | Method and device for detecting macro virus |
| US10237285B2 (en) | 2014-02-24 | 2019-03-19 | Zhuhai Juntian Electronic Technology Co., Ltd. | Method and apparatus for detecting macro viruses |
| WO2016011614A1 (en) * | 2014-07-23 | 2016-01-28 | 华为技术有限公司 | Method and device for blocking harassment number |
| CN112528285A (en) * | 2020-12-18 | 2021-03-19 | 南方电网电力科技股份有限公司 | Security protection method and device for cloud computing platform, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012097553A1 (en) | 2012-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11012927B2 (en) | Rogue base station router detection with configurable threshold algorithms | |
| US11399288B2 (en) | Method for HTTP-based access point fingerprint and classification using machine learning | |
| US10028319B2 (en) | Wi-fi connection method and wi-fi connection system for mobile terminal | |
| CN1771709B (en) | Network attack signature generation method and apparatus | |
| Babun et al. | Z-iot: Passive device-class fingerprinting of zigbee and z-wave iot devices | |
| EP2742711B1 (en) | Detection of suspect wireless access points | |
| CN102045368A (en) | Virus preventing method of intelligent mobile terminal and system | |
| JP2020530638A (en) | Malware Host NetFlow Analysis System and Method | |
| US20220263823A1 (en) | Packet Processing Method and Apparatus, Device, and Computer-Readable Storage Medium | |
| US20180007067A1 (en) | Detecting poisoning attacks of internet of things (iot) location beacons in wireless local area networks (wlans) with silence periods | |
| CN113518042B (en) | Data processing method, device, equipment and storage medium | |
| CN102333313A (en) | Feature code generation method and detection method of mobile botnet | |
| CN111800412A (en) | Advanced sustainable threat tracing method, system, computer equipment and storage medium | |
| CN106231572A (en) | Pseudo-base station refuse messages discrimination method and system | |
| US20180034776A1 (en) | Filtering data using malicious reference information | |
| US8516592B1 (en) | Wireless hotspot with lightweight anti-malware | |
| CN111641951A (en) | 5G network APT attack tracing method and system based on SA architecture | |
| Asaduzzaman et al. | Wi-fi frame classification and feature selection analysis in detecting evil twin attack | |
| CN101228767A (en) | System and method for using quarantine networks to protect cellular networks from viruses and worms | |
| CN104967589B (en) | A kind of safety detecting method, device and system | |
| KR20140126633A (en) | Method and appratus for detecting malicious message | |
| CN105813083A (en) | Fishing WIFI processing method, device, platform and system | |
| CN114189865B (en) | Network attack protection method in communication network, computer device and storage medium | |
| CN107743114B (en) | Network access method, device and system | |
| US20190230103A1 (en) | Method To Detect A Summoning Attack By A Rogue WiFi Access Point |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110504 |