CN102510563A - Method and system for detecting malicious software of mobile Internet - Google Patents
Method and system for detecting malicious software of mobile Internet Download PDFInfo
- Publication number
- CN102510563A CN102510563A CN2011103224250A CN201110322425A CN102510563A CN 102510563 A CN102510563 A CN 102510563A CN 2011103224250 A CN2011103224250 A CN 2011103224250A CN 201110322425 A CN201110322425 A CN 201110322425A CN 102510563 A CN102510563 A CN 102510563A
- Authority
- CN
- China
- Prior art keywords
- malware
- scanning
- mobile phone
- data flow
- abnormal behaviour
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method for detecting malicious software of a mobile Internet. The method can be used for detecting the abnormal behaviors of mobile phone file virus, malicious URL (Universal Resource Locator) and malicious software on the side of a core network of the mobile Internet. A system for detecting the malicious software of the mobile Internet is invented according to the method. The spreading situation of the malicious software of the mobile Internet can be tracked, and a data support is supplied to an operator for cutting off the spreading of the malicious software from the network side.
Description
Technical field:
The present invention relates to a kind of method and system of mobile Internet malware detection, the technical field that is specifically related to is that the Malware that uses in the mobile data services and propagate is detected and scans.
Background technology:
In recent years, along with the continuous development with mobile data services of popularizing of mobile phone, WAP, multimedia message, mobile broadband online become more and more popular; Along with cell-phone function is intelligent gradually, the Malware of propagating without restraint in traditional the Internet has been diffused in the mobile Internet; Because the mobile Internet user group is very big; And mobile phone and personally identifiable information are bound tightr, so the mobile Internet Malware is done detection, seem particularly necessary.
Present traditional the Internet to the detection of Malware, is mainly realized at user terminal; Because the performance of mobile phone terminal so directly the method for traditional the Internet malware detection is transplanted in the mobile Internet, is not good solution not as conventional P C terminal.
Summary of the invention:
Main purpose of the present invention provides a kind of method of mobile Internet malware detection; Can be implemented in the core-network side of mobile Internet; Malware is detected; Follow the trail of the propagation condition of mobile Internet Malware, and provide data to support for operator cuts off the Malware propagation from network side.
Another object of the present invention provides a kind of system of mobile Internet malware detection; Can be implemented in the core-network side of mobile Internet; Malware is detected; Follow the trail of the propagation condition of mobile Internet Malware, and provide data to support for operator cuts off the Malware propagation from network side.
To achieve these goals, the present invention provides a kind of method of mobile Internet malware detection, it is characterized in that, this method comprises mobile phone file virus method for scanning, mobile phone malice URL method for scanning, mobile phone Malware abnormal behaviour method for scanning.
To achieve these goals; The present invention also provides a kind of system of mobile Internet malware detection, it is characterized in that, this system comprises the program of mobile phone file virus scanning; The program of mobile phone malice URL scanning, the program of mobile phone Malware abnormal behaviour scanning.
Description of drawings:
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, does not constitute qualification of the present invention.In the accompanying drawings:
Fig. 1 mobile Internet Malware monitoring system realizes schematic diagram
Fig. 2 mobile phone file virus method for scanning
Fig. 3 mobile phone malice URL method for scanning
Fig. 4 mobile phone Malware abnormal behaviour method for scanning
Embodiment:
For making the object of the invention, technical scheme and advantage clearer, specific embodiment of the present invention is elaborated below in conjunction with accompanying drawing.At this, illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as to qualification of the present invention.
Should be understood that above-mentioned description to specific embodiment is comparatively detailed, can not therefore think the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with accompanying claims.
The mobile Internet malware detection system is by shown in Figure 1; Native system is from mobile network Gn mouth (communication interface between SGSN and the GGSN) image data, and divides into HTTP/WAP data, MMS/Email/FTP data, TCP/UDP data, PDP data according to agreement.
Mobile phone file virus scan module realize HTTP/WAP agreement file in download, and the MMS/Email/FTP transfer files is done the file virus virus scan.
Mobile phone malice URL scan module is realized the URL in the HTTP/WAP agreement is done scanning.
Mobile phone Malware abnormal behaviour scan module is realized the abnormal behaviour pattern in HTTP/WAP data, MMS/Email/FTP data, TCP/UDP data, the PDP data is done scanning.
The result that will analyze at last outputs in the database, and shows the client with UI.
Mobile phone file virus scanning imaging system is as shown in Figure 2, and program is at first done extraction to the file attachment in WAP, HTTP, FTP, the Email agreement, wherein a kind of as wap protocol of MMS.Program is done scanning according to the virus characteristic storehouse to file attachment then, if find that characteristic meets, and then should virus and relevant characteristic output.
Mobile phone malice URL scanning imaging system is as shown in Figure 3, and program is at first done extraction to the URL in WAP, the http protocol.Program is done scanning according to malice URL rule base to URL then, if find that characteristic meets, then with this URL and relevant characteristic output.
Mobile phone Malware abnormal behaviour scanning imaging system is as shown in Figure 4; Program is at first done analysis to HTTP/WAP data, MMS/Email/FTP data, TCP/UDP data, PDP data; Comprise user capture IP address, port numbers, URL, PDP activationary time, multimedia message sender, Email sender; Email sends information such as annex, according to mobile phone Malware abnormal behaviour threshold value (for example the multimedia message of identical content is sent and is no more than 100 times), differentiates mobile phone and whether has Malware; If exist, then with malicious act and characteristic output.
Should be understood that above-mentioned description to specific embodiment is comparatively detailed, can not therefore think the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with accompanying claims.
Claims (8)
1. the method for a mobile Internet malware detection is characterized in that, this method comprises mobile phone file virus method for scanning, mobile phone malice URL method for scanning, mobile phone Malware abnormal behaviour method for scanning.
2. method according to claim 1 is characterized in that, said mobile phone file virus method for scanning; Be through gathering mobile operator Gn mouth data; Obtain the data flow of cellphone subscriber online, and extract from data flow that the user uploads, downloaded files, and file is scanned; If find it is virus document, then the phone number with virus characteristic, file name, user records in the database.
3. method according to claim 1 is characterized in that, said mobile phone malice URL method for scanning; Be through gathering mobile operator Gn mouth data, obtaining the data flow of cellphone subscriber's online, and from data flow, extract GET or POST message; These two message all comprise url field; If this URL meets malice URL characteristic, then with malice URL, characteristic, user's phone number records in the database.
4. method according to claim 1 is characterized in that, the scan method of said mobile phone Malware abnormal behaviour; Be through collection mobile operator Gn mouth data, obtain the data flow of cellphone subscriber's online, and from data flow, extract Malware abnormal behaviour characteristic; If coupling Malware abnormal behaviour rule; Then with user's abnormal behaviour feature description, can employable Malware, subscriber phone number records in the database.
5. the system of a mobile Internet malware detection is characterized in that, this system comprises the program of mobile phone file virus scanning, the program of mobile phone malice URL scanning, the program of mobile phone Malware abnormal behaviour scanning.
6. method according to claim 5 is characterized in that, the program of said mobile phone file virus scanning; Be through gathering mobile operator Gn mouth data; Obtain the data flow of cellphone subscriber online, and extract from data flow that the user uploads, downloaded files, and file is scanned; If find it is virus document, then the phone number with virus characteristic, file name, user records in the database.
7. method according to claim 5 is characterized in that, the program of said mobile phone malice URL scanning; Be through gathering mobile operator Gn mouth data, obtaining the data flow of cellphone subscriber's online, and from data flow, extract GET or POST message; These two message all comprise url field; If this URL meets malice URL characteristic, then with malice URL, characteristic, user's phone number records in the database.
8. method according to claim 5 is characterized in that, the scanning imaging system of said mobile phone Malware abnormal behaviour; Be through collection mobile operator Gn mouth data, obtain the data flow of cellphone subscriber's online, and from data flow, extract Malware abnormal behaviour characteristic; If coupling Malware abnormal behaviour rule; Then with user's abnormal behaviour feature description, can employable Malware, subscriber phone number records in the database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103224250A CN102510563A (en) | 2011-10-21 | 2011-10-21 | Method and system for detecting malicious software of mobile Internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103224250A CN102510563A (en) | 2011-10-21 | 2011-10-21 | Method and system for detecting malicious software of mobile Internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102510563A true CN102510563A (en) | 2012-06-20 |
Family
ID=46222609
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103224250A Pending CN102510563A (en) | 2011-10-21 | 2011-10-21 | Method and system for detecting malicious software of mobile Internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102510563A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532944A (en) * | 2013-10-08 | 2014-01-22 | 百度在线网络技术(北京)有限公司 | Method and device for capturing unknown attack |
| CN103581909A (en) * | 2012-07-31 | 2014-02-12 | 华为技术有限公司 | Suspected mobile phone malicious software positioning method and device |
| CN103731818A (en) * | 2012-10-10 | 2014-04-16 | 中国移动通信集团江苏有限公司 | Method and device for monitoring and intercepting viruses of mobile terminal |
| CN106899977A (en) * | 2015-12-18 | 2017-06-27 | 中国电信股份有限公司 | The abnormal flow method of inspection and device |
| CN106911675A (en) * | 2017-02-09 | 2017-06-30 | 中国移动通信集团设计院有限公司 | A kind of mobile phone Malware method for early warning and device |
| CN109254827A (en) * | 2018-08-27 | 2019-01-22 | 电子科技大学成都学院 | A kind of secure virtual machine means of defence and system based on big data and machine learning |
| CN105825129B (en) * | 2015-01-04 | 2019-03-12 | 中国移动通信集团设计院有限公司 | Malware discrimination method and system in a kind of converged communication |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040158741A1 (en) * | 2003-02-07 | 2004-08-12 | Peter Schneider | System and method for remote virus scanning in wireless networks |
| CN101854335A (en) * | 2009-03-30 | 2010-10-06 | 华为技术有限公司 | Method, system and network device for filtration |
| CN102123396A (en) * | 2011-02-14 | 2011-07-13 | 恒安嘉新(北京)科技有限公司 | Cloud detection method of virus and malware of mobile phone based on communication network |
-
2011
- 2011-10-21 CN CN2011103224250A patent/CN102510563A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040158741A1 (en) * | 2003-02-07 | 2004-08-12 | Peter Schneider | System and method for remote virus scanning in wireless networks |
| CN101854335A (en) * | 2009-03-30 | 2010-10-06 | 华为技术有限公司 | Method, system and network device for filtration |
| CN102123396A (en) * | 2011-02-14 | 2011-07-13 | 恒安嘉新(北京)科技有限公司 | Cloud detection method of virus and malware of mobile phone based on communication network |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581909A (en) * | 2012-07-31 | 2014-02-12 | 华为技术有限公司 | Suspected mobile phone malicious software positioning method and device |
| CN103581909B (en) * | 2012-07-31 | 2016-12-21 | 华为技术有限公司 | The localization method of a kind of doubtful mobile phone Malware and device thereof |
| CN103731818A (en) * | 2012-10-10 | 2014-04-16 | 中国移动通信集团江苏有限公司 | Method and device for monitoring and intercepting viruses of mobile terminal |
| CN103532944A (en) * | 2013-10-08 | 2014-01-22 | 百度在线网络技术(北京)有限公司 | Method and device for capturing unknown attack |
| CN103532944B (en) * | 2013-10-08 | 2016-09-07 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus capturing unknown attack |
| CN105825129B (en) * | 2015-01-04 | 2019-03-12 | 中国移动通信集团设计院有限公司 | Malware discrimination method and system in a kind of converged communication |
| CN106899977A (en) * | 2015-12-18 | 2017-06-27 | 中国电信股份有限公司 | The abnormal flow method of inspection and device |
| CN106899977B (en) * | 2015-12-18 | 2020-02-18 | 中国电信股份有限公司 | Abnormal flow detection method and device |
| CN106911675A (en) * | 2017-02-09 | 2017-06-30 | 中国移动通信集团设计院有限公司 | A kind of mobile phone Malware method for early warning and device |
| CN106911675B (en) * | 2017-02-09 | 2019-02-26 | 中国移动通信集团设计院有限公司 | A kind of mobile phone Malware method for early warning and device |
| CN109254827A (en) * | 2018-08-27 | 2019-01-22 | 电子科技大学成都学院 | A kind of secure virtual machine means of defence and system based on big data and machine learning |
| CN109254827B (en) * | 2018-08-27 | 2022-04-22 | 电子科技大学成都学院 | Virtual machine safety protection method and system based on big data and machine learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102510563A (en) | Method and system for detecting malicious software of mobile Internet | |
| JP6385896B2 (en) | Apparatus and method for managing content conversion in a wireless device | |
| CN103428183B (en) | Method and device for identifying malicious website | |
| US10419478B2 (en) | Identifying malicious messages based on received message data of the sender | |
| JP4917776B2 (en) | Method for filtering spam mail for mobile communication devices | |
| CN101068253A (en) | Communication structure, intermediate routing node and its execution method | |
| CN109274522B (en) | OAM information processing method, device, equipment and storage medium | |
| CN101888312A (en) | Attack detection and response method and device of WEB page | |
| CN103618606A (en) | App login method verified through short message | |
| CN102571915A (en) | System for collecting and releasing 'harassing numbers' | |
| US20190356636A1 (en) | Secure Message Inoculation | |
| CN103581909A (en) | Suspected mobile phone malicious software positioning method and device | |
| CN107368334B (en) | Business plug-in interaction system and method | |
| CN102547710B (en) | The method and apparatus of detecting virus in mobile communication system | |
| KR20170083494A (en) | Technique for Detecting Malicious Electronic Messages | |
| CN102594780A (en) | Method and device for detecting and clearing mobile terminal viruses | |
| JP2003249964A (en) | Method and program for automatically processing annoying mail in mail server of mobile phone | |
| CN105704100A (en) | File identification method and file identification device | |
| US20190281106A1 (en) | System and method of transmitting data by using widget window | |
| CN109218375B (en) | Application interaction method and device | |
| WO2016037489A1 (en) | Method, device and system for monitoring rcs spam messages | |
| CN103023891B (en) | The detection method of Botnet and device, the countercheck of Botnet and device | |
| CN101180629A (en) | Apparatus and methods for managing content exchange on a wireless device | |
| JP2007018113A (en) | Junk mail reception refusing system, junk mail deciding device, terminal equipment, and its junk mail reception refusing method | |
| JP2014209674A (en) | Identification device, identification method, and identification program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120620 |