CN103294948B - Software malicious behavior modeling and judging method and device, and mobile terminal - Google Patents
Software malicious behavior modeling and judging method and device, and mobile terminal Download PDFInfo
- Publication number
- CN103294948B CN103294948B CN201210047944.5A CN201210047944A CN103294948B CN 103294948 B CN103294948 B CN 103294948B CN 201210047944 A CN201210047944 A CN 201210047944A CN 103294948 B CN103294948 B CN 103294948B
- Authority
- CN
- China
- Prior art keywords
- malicious act
- software
- sensitive
- mobile terminal
- context
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a software malicious behavior modeling method. The method comprises the steps as follows: generating at least one sensitive action according to the access to a sensitive resource in a mobile terminal; generating at least one context according to a persistent state of a system in the mobile terminal; and generating a malicious behavior model according to one or more sensitive action in the at least one sensitive action and/or one context in the at least one context. According to the method, the malicious behavior model is generated according to the sensitive action acquired by detecting the sensitive resource and the context expressing the state of the system, and whether any behavior executed by software is malicious behavior can be effectively found, so that malicious software can be accurately judged, and the security of the mobile terminal is improved. The invention further discloses a software malicious behavior molding device, a software malicious behavior and malicious software judgment method, and a mobile terminal.
Description
Technical field
The present invention relates to mobile communication technology field, particularly to a kind of software malicious act modeling method and modeling dress
Put, adopt mobile terminal and the determination methods of software malicious act and the determination methods of software malice of above-mentioned model building device.
Background technology
With the development of software and mobile communication technology, in mobile terminal (such as mobile phone), implantation software has become intelligence
The principal character of mobile phone.It is implanted in mobile phone along with increasing software, part Malware is also implanted.Wherein, dislike
Meaning software refers to execute the software of malicious act.These malicious acts include privacy information, the eavesdropping user's communication stealing user
Content etc..For this reason, it may be necessary to model be set up to the Malware in mobile phone so that line pipe is entered to the malicious act of above-mentioned Malware
Reason.
The malicious act modeling method of traditional Malware includes two categories below:
1) the malicious act modeling method based on executable file:The executable file of the method Main Analysis software, right
The feature of Malware executable file carries out method analysis with abstract to set up malicious act model.Wherein, Malware can be held
The feature of style of writing part includes:File characteristic and API Calls sequence etc..Generally, each Malware corresponds to a malicious act spy
Levy.
The defect of the malicious act modeling method based on executable file is:The method is set up for each Malware
One malicious act feature, gets more and more with Malware, and the malicious act model quantity set up using the method is excessive, from
And when using above-mentioned modeling method execution malicious act detection to system or fail-safe software, bring ample resources expense, thus pole
Earth effect systematic function.And, lead to a Malware and can pass through the technology such as shell adding change executable file feature, thus
Existing malicious act model is made to lose efficacy.
2) the malicious act modeling method based on single sensitive permission.The single authority of application program is accessed by the method to be made
Main body for malicious act model.When software employs this single authority then it is assumed that this malicious act model of this Software-Coincidence.
The defect of the malicious act modeling method based on single sensitive permission is:The method excessively general it is impossible to effectively
Real Malware and the normal software employing identical authority are distinguished in ground, thus losing the meaning of malicious act modeling.
Additionally, traditional malicious act modeling method do not account for authority access between internal relation and it is residing
System mode, thus also just cannot embody essence and the purpose of malicious act.Traditional malicious act modeling method does not have can
Customization, thus user cannot according to the demand of oneself self-defined malicious act model, and then lead to not meet determining of user
Demand processed, the Experience Degree of user is low.
Content of the invention
The purpose of the present invention is intended at least solve one of above-mentioned technological deficiency.
For this reason, the first object of the present invention is to propose a kind of software malicious act modeling method, the method can be in order to
User is defined according to self-demand, improves the Experience Degree of user.Second object of the present invention is that a kind of software is disliked
Meaning behavior modeling device.Third object of the present invention is to provide a kind of mobile terminal with above-mentioned model building device.This
The 4th bright purpose is to provide a kind of determination methods of software malicious act, and the method can be to the malice row of software execution
For being judged.5th purpose of the present invention is to provide a kind of mobile terminal with above-mentioned model building device, and this is mobile eventually
End can judge to the malicious act of software.6th purpose of the present invention is to provide a kind of judgement side of software malice
Method, according to the malicious act model that above-mentioned modeling method is set up, the method can judge whether software is Malware.The present invention
The 7th purpose be to provide a kind of mobile terminal with above-mentioned model building device, this mobile terminal can be used for judging software
Whether it is Malware.
For achieving the above object, the embodiment of a first aspect of the present invention provides a kind of software malicious act modeling side
Method, comprises the steps:
Generate at least one sensitive action according to the access of sensitive resource in mobile terminal;
Persistent state according to residing for system in described mobile terminal generates at least one context;And
According to one or more of at least one sensitive action described sensitive action and/or at least one context described
One of context generate malicious act model.
Software malicious act modeling method according to embodiments of the present invention, by detect sensitive resource obtain sensitive action with
And the context of expression system status generates malicious act model, such that it is able to effective arbitrary behavior finding software execution
Whether being malicious act to be accurately judged to Malware, improving the safety of mobile terminal.
The embodiment of second aspect present invention provides a kind of software malicious act model building device, generates including sensitive action
Module, for generating at least one sensitive action to the access of sensitive resource in mobile terminal;Context generation module, for root
Generate at least one context according to the persistent state that system in described mobile terminal is presently in;And MBM, for root
According in one of one or more of at least one sensitive action described sensitive action and/or at least one context described
Hereafter generate malicious act model.
Software malicious act model building device according to embodiments of the present invention, by detect sensitive resource obtain sensitive action with
And the context of expression system status generates malicious act model, such that it is able to effective arbitrary behavior finding software execution
Whether being malicious act to be accurately judged to Malware, improving the safety of mobile terminal.
The embodiment of third aspect present invention provides a kind of mobile terminal, soft including second embodiment of the invention offer
Part malicious act model building device and malice model editing module, for by the evil of described software malicious act model building device foundation
Meaning behavior model is shown to the user of described mobile terminal, enters edlin for described user, browses or delete.
Mobile terminal according to embodiments of the present invention, obtains sensitive action and represents system institute by detecting sensitive resource
The context of place's state generates malicious act model, and user can be according to number one and security consideration to malicious act mould
Type is modified, thus identifying and process the software that user is not intended to run, and then at utmost meets the customization need of user
Seek and improve the use viscosity of user.
The embodiment of fourth aspect present invention provides a kind of determination methods of software malicious act, comprises the steps:
Malicious act model is set up using the software malicious act modeling method that first aspect present invention embodiment provides;Record is mobile eventually
The persistent state that in end, system is presently in, and generate current context;Record Current software is to sensitive in described mobile terminal
The accessing and generate one or more sensitive action accordingly of resource;And it is corresponding according to described current context and Current software
One or more sensitive action, and described malicious act model judges the access to described sensitive resource for the described Current software
Whether it is malicious act.
The determination methods of software malicious act according to embodiments of the present invention, obtain sensitive action by detecting sensitive resource
And the context of expression system status generates malicious act model, such that it is able to effective any row finding software execution
Whether for being malicious act, and user can modify to malicious act model according to number one and security consideration, from
And identify and process the software that user is not intended to run, and then at utmost meet the customized demand of user and improve user
Use viscosity.
Fifth aspect present invention embodiment provides a kind of mobile terminal, including:Second aspect present invention embodiment provides
Software malicious act model building device;Logging modle is for recording the persistent state that system in mobile terminal is presently in and raw
Become current context, and record Current software in described mobile terminal sensitive resource access and generate corresponding one or
Multiple sensitive action;And judge module, for one or more accordingly quick according to described current context and Current software
Move and make, and the malicious act model that described software malicious act model building device is set up judges described Current software to described quick
Whether the access of sense resource is malicious act.
Mobile terminal according to embodiments of the present invention, obtains sensitive action and represents system institute by detecting sensitive resource
Whether the context of place's state generates malicious act model, be malice row such that it is able to effective arbitrary behavior finding software execution
For, and user can modify to malicious act model according to number one and security consideration, thus identifying and processing use
Family is not intended to the software running, and then at utmost meets the customized demand of user and improve the use viscosity of user.
Sixth aspect present invention embodiment provides a kind of determination methods of software malice, comprises the steps:Using this
The software malicious act modeling method that invention first aspect embodiment provides sets up malicious act model;In record mobile terminal it is
The persistent state that system is presently in, and generate current context;Record Current software is to sensitive resource in described mobile terminal
Access and generate one or more sensitive action accordingly;Corresponding one or many according to described current context and Current software
Individual sensitive action, and described malicious act model judges whether described Current software is malice to the access of described sensitive resource
Behavior;And if it is determined that malicious act, then the described malicious act of described Current software is prompted to described mobile terminal
User, judge whether described Current software is Malware by described user.
The determination methods of software malice according to embodiments of the present invention, by detect sensitive resource obtain sensitive action and
The context of expression system status generates malicious act model, such that it is able to effective arbitrary behavior finding software execution is
No for malicious act, and may determine that whether Current software is malicious act further.Additionally, user can be according to itself profit
Benefit and security consideration are modified to malicious act model, thus identifying and process the software that user is not intended to run, and then
The customized demand at utmost meeting user and the use viscosity improving user.
Seventh aspect present invention embodiment provides a kind of mobile terminal, including:The embodiment of second aspect present invention provides
Software malicious act model building device;Logging modle is for recording the persistent state that system in mobile terminal is presently in and raw
Become current context, and record Current software in described mobile terminal sensitive resource access and generate corresponding one or
Multiple sensitive action;Judge module, for one or more accordingly sensitive dynamic according to described current context and Current software
Make, and judge whether described Current software is malicious act to the access of described sensitive resource;And reminding module, for
When being judged as malicious act, the described malicious act of described Current software is prompted to the user of described mobile terminal, by described
User judges whether described Current software is Malware.
Mobile terminal according to embodiments of the present invention, obtains sensitive action and represents system institute by detecting sensitive resource
Whether the context of place's state generates malicious act model, be malice row such that it is able to effective arbitrary behavior finding software execution
For, and may determine that whether Current software is malicious act further.Additionally, user can examine according to number one and safety
Consider and malicious act model is modified, thus identifying and process the software that user is not intended to run and then at utmost full
The customized demand of sufficient user and improve the use viscosity of user.
The aspect that the present invention adds and advantage will be set forth in part in the description, and partly will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Brief description
The above-mentioned and/or additional aspect of the present invention and advantage will become from the following description of the accompanying drawings of embodiments
Substantially and easy to understand, wherein:
Fig. 1 is the schematic diagram of the software malicious act modeling method according to one embodiment of the invention;
Fig. 2 is the schematic diagram of the modeling of the software malicious act according to the embodiment of the present invention;
Fig. 3 is the flow chart of the software malicious act modeling method according to another embodiment of the present invention;
Fig. 4 is the structural representation of the software malicious act model building device according to the embodiment of the present invention;
Fig. 5 is the schematic diagram of the mobile terminal according to one embodiment of the invention;
Fig. 6 is the flow chart of the determination methods of the software malicious act according to the embodiment of the present invention;
Fig. 7 is the schematic diagram of the mobile terminal according to another embodiment of the present invention;
Fig. 8 is the flow chart of the determination methods of the software malice according to the embodiment of the present invention;And
Fig. 9 is the schematic diagram of the mobile terminal according to another embodiment of the present invention.
Specific embodiment
Embodiments of the invention are described below in detail, the example of described embodiment is shown in the drawings, wherein from start to finish
The element that same or similar label represents same or similar element or has same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
With reference to explained below and accompanying drawing it will be clear that these and other aspects of embodiments of the invention.In these descriptions
In accompanying drawing, specifically disclose some particular implementation in embodiments of the invention, to represent the enforcement implementing the present invention
Some modes of the principle of example are but it is to be understood that the scope of embodiments of the invention is not limited.On the contrary, the present invention
Embodiment includes falling into all changes in the range of the spirit of attached claims and intension, modification and equivalent.
The present invention is by Malware, to the sensitive resource of mobile terminal, the action accessing and mobile terminal are current
Persistent state takes out the behavior sequence that Malware executes malicious act, and behavior sequence is Malware behavior model.
This Malware behavior model can reflect that Malware executes purpose and the essence of malicious act, thus user can be to not
Wish that the software action occurring in oneself system is identified and processes.
Below with reference to Fig. 1 to Fig. 3, software malicious act modeling method according to embodiments of the present invention is described.
As shown in figure 1, software malicious act modeling method provided in an embodiment of the present invention, comprise the steps:
Step S101, generates at least one sensitive action according to the access of sensitive resource in mobile terminal.
Be stored with ample resources in the terminal, wherein, according to the difference of the sensitivity to system for the resource, above-mentioned resource
Sensitive resource and non-sensitive resource can be divided into.Specifically, for the resource being related to system safety and privacy of user
Sensitive resource can be defined as, for example:Recording, device number, GPS (Global Positioning System, global positioning system
System) information, paying note, switching on and shutting down password, telephone directory, secret note, certificate and private key for user etc., the visit to this part resource
Ask setting sensitive permission.
It should be noted that software will not produce shadow to external world to the access of own resource and the non-sensitive authority of system
Ring, thus the above-mentioned action definition of software execution is non-sensitive action.Wherein, the own resource of software includes belonging to this software certainly
File of body etc..
When the software installed in mobile terminal accesses to the sensitive resource of system every time, then generate a sensitive action, from
And generate multiple sensitive action according to the access times of software.Wherein, between multiple sensitive action, there is execution sequence.Each is quick
Emotion all includes multiple attributes, the software of execution action itself and system during the generation of this sensitive action of these attribute records
The present situation.
In one embodiment of the invention, one or more of malicious act model sensitive action and system is quick
Sense authority all can be chosen by user to determine.
With reference to specific example, sensitive permission and sensitive action are described.
1)
Malicious intent:Malice is eavesdropped
Sensitive permission:Access sound-recording function resource and call function resource simultaneously.
Sensitive action:Recording, phone.
2)
Malicious intent:Using short message malicious positioning position information
Sensitive permission:Access GPS information resource and note resource simultaneously.
Sensitive action:GPS, transmitting-receiving note.
3)
Malicious intent:Using short message malicious location equipment information
Sensitive permission:Access device resource and the note resource of mobile terminal simultaneously.
Sensitive action:Obtain the device number in system information, receive and dispatch note.
Wherein, the device number of mobile terminal can be IMEI (International Mobile Equipment
Identity)
4)
Malicious intent:Using network malice positioning position information
Sensitive permission:Access GPS information resource and Internet resources simultaneously.
Sensitive action:GPS, network-in-dialing.
5)
Malicious intent:Using short message malicious location equipment information
Sensitive permission:Access device resource and the Internet resources of mobile terminal simultaneously.
Sensitive action:Device number in acquisition system information, network-in-dialing.
6)
Malicious intent:Malice steals user's Financial Information
Sensitive permission:Access the charge note resource of user.
Sensitive action:Transmitting-receiving charge note.
It is understood that above-mentioned sensitive permission and sensitive action are only in the purpose of example, rather than in order to limit
The present invention.User can according to the consideration of itself safety to mobile terminal and number one, voluntarily setting sensitive permission and
Sensitive action.
Step S102, the persistent state according to residing for system in mobile terminal generates at least one context.
Context is used for reflecting the persistent state that system is presently in, for example:In call, in recording, in navigation, charge
In, take pictures medium.It is understood that a context can correspond to multiple sensitive action.For example:What file described up and down holds
Continuous state is in call and recording, then corresponding sensitive action is call and records.
The same action that different contexts can correspond in same sensitive action, and different context can root
Can have different implications according to sensitivity.
For example:When context is in call and recording, then converses and record as sensitive action;When context is in call,
Then converse as sensitive action.
In one embodiment of the invention, context can be selected by the user of mobile terminal to determine.
Step S103, according to one or more of at least one sensitive action sensitive action and/or at least one is upper and lower
One of literary composition context generates malicious act model.
According at least one generating in the one or more sensitive action generating in step S101 and/or step S102
One of hereafter context generates malicious act model, and it is capable to judge whether software executes malice according to this malicious act model
For.Wherein, in malicious act model, define the execution sequence of multiple sensitive action, above-mentioned execution sequence can represent evil
The purpose of meaning behavior and essence.In other words, if Malware will realize a malicious intent it is necessary to pass through according to execution sequence
Above-mentioned multiple sensitive action.
During the use of mobile terminal, if the behavior of software includes multiple sensitive action and has identical simultaneously
Execution sequence, then the malicious act model of above-mentioned generation may determine that the behavior is malicious act, then execute this malicious act
Software is Malware.Wherein, because one or more of malicious act model sensitive action and context all can be by moving
The user of dynamic terminal is selected to determine, thus user can enter to the safety of mobile terminal and number one according to itself
Row setting, sets up and the motility of use and the Experience Degree of user such that it is able to improve model.
In one embodiment of the invention, malicious act model can be generated according only to one or more sensitive action.For
It is easy to describe, below in an example, will so that sensitive action and context generate malicious act model jointly as a example carry out
Description.In one embodiment of the invention, the behavior judging the execution of behavior Malware in malicious act model is that malice is gone
For afterwards, the attribute information of record malicious act, and attribute information is showed the user of mobile terminal.
In an example of the present invention, attribute information can include one or more of herein below:In malicious act
The time of origin of each sensitive action, the type of action of each sensitive action, the identity of each sensitive action executor and
Time interval between current state, two sensitive action and the context residing for each sensitive action.
Below with reference to Fig. 2, the malicious act model of the embodiment of the present invention is described in detail.
Step S201, defines the attribute of malicious act model.
In one embodiment of the invention, the attribute of malicious act model include the title of malicious act model, description,
The attributes such as processing mode.
Step S202, adds sensitive action.
Sensitive action can generate according to the access to sensitive resource in mobile terminal.
Step S203, judges whether to need the details of the sensitive action of interpolation.Execution step S204 if necessary,
Otherwise execution step S205.
Step S204, defines and adds action details.
In one embodiment of the invention, the details of sensitive action can be the attribute of action, for example:Sensitive dynamic
The time of origin of work, type of action, identity of action executing person etc..
Step S205, judges whether sensitive action is in specific context.If it is, execution step S206, otherwise
Execution step S207.
Specifically, judge whether the sensitive action added is in corresponding in the context of sensitive permission.For example:Step
The sensitive action added in S202 is recording, if this sensitive action is in the context of " in recording and call ", can sentence
This sensitive action of breaking is in specific context.This is to execute due to recording and conversing simultaneously, then dialog context may be maliciously soft
Part is ravesdropping.
Step S206, adds contextual information.
Contextual information can the persistent state according to residing for system in mobile terminal generate.
Step S207, determines whether further action, if there are then execution step S202, otherwise terminates malicious act mould
Process set up by type.
From the foregoing, it will be observed that one or more contextual informations can be included in malicious act model and to include at least one quick
Move and make.
As needed malicious act model is adjusted for the ease of user, can be by the evil of foundation in step S103
Meaning behavior model is shown to the user of mobile terminal, such that it is able to entering edlin for user, browses or deletes, and then according to use
Family is according to the self-demand adjustment malicious act that system detected and controlled.Because the number one of different user is different,
The behavior that each user is regarded to damage number one would also vary from.By above-mentioned User Defined mechanism, favorably
In the demand meeting different user.Additionally, user can also be to the malice row being unsatisfactory for user's request existing in current system
Modify for model, thus the demand that enables a system to more be close to the users.
For example, if the user of mobile terminal actively execution recording and two sensitive action of call, then access record simultaneously
Sound resource and call resource are set to non-sensitive authority, because action is actively to be initiated by user, has obtained awarding of user
Power.
If recording action is not user actively executed, possibly Malware is in malicious intent execution, to realize
The malicious intent of the dialog context of eavesdropping user, then need to be accessed recording resource simultaneously and call resource be set to sensitive power
Limit.Because action is not actively to be initiated by user, does not obtain the mandate of user.
When the executive agent of action changes to Malware by user, then user can be accessed simultaneously recording resource and
The authority of call resource is adjusted to sensitive permission by non-sensitive authority.
From the foregoing, it will be observed that as shown in figure 3, in malicious act model, to should have multiple contexts and many sensitive action.Its
In, include n sensitive action, respectively action 1, action 2, action 3......, action n in malicious act model, wherein,
One or more actions correspond to a context.For example:Context 1 respective action 2 and action 3.
Software malicious act modeling method according to embodiments of the present invention, by detect sensitive resource obtain sensitive action with
And the context of expression system status generates malicious act model, such that it is able to effective arbitrary behavior finding software execution
Whether being malicious act to be accurately judged to Malware, improving the safety of mobile terminal.
In addition although the species of Malware much and has a lot of mutation, but the species being to increase is simultaneously few, and phase
The way of act of congener Malware is basically identical, thus by the software malicious act modeling method of the embodiment of the present invention
The malicious act model taking out is consistent, goes for multiple types and large batch of Malware.
Below with reference to Fig. 4, software malicious act model building device according to embodiments of the present invention is described.
As shown in figure 4, software malicious act model building device 400 provided in an embodiment of the present invention includes:Sensitive action generates
Module 410, context generation module 420 and MBM 430.Wherein, sensitive action generation module 410 is used for mobile terminal
The access of middle sensitive resource generates at least one sensitive action.Context generation module 420 is used for according to system in mobile terminal
The persistent state being presently in generates at least one context.MBM 430 is used for according at least one sensitive action
One of one or more sensitive action and/or at least one context context generates malicious act model.
According to the difference of the sensitivity to system for the resource, resource can be divided into sensitive resource and non-sensitive resource.Specifically
For, sensitive resource can be defined as the resource being related to system safety and privacy of user, for example:Recording, device number,
GPS (Global Positioning System, global positioning system) information, paying note, switching on and shutting down password, telephone directory, machine
Close note, certificate and private key for user etc., the access to this part resource arranges sensitive permission.
It should be noted that software will not produce shadow to external world to the access of own resource and the non-sensitive authority of system
Ring, thus the above-mentioned action definition of software execution is non-sensitive action.Wherein, the own resource of software includes belonging to this software certainly
File of body etc..
Sensitive action generation module 410 when the software that mobile terminal is installed accesses to the sensitive resource of system every time, then
Generate a sensitive action.Thus, sensitive action generation module 410 can generate multiple sensitive dynamic according to the access times of software
Make.Wherein, between multiple sensitive action, there is execution sequence.Each sensitive action all includes multiple attributes, these attribute records
The software of execution action itself and the present situation of system when this sensitive action occurs.
In one embodiment of the invention, sensitive action generation module 410 generate one or more sensitive action with
And the sensitive permission of system all can by user be chosen with determine.For example:Sensitive permission can be for accessing recording work(simultaneously
Energy resource and call function resource, then corresponding sensitive action is recording and phone.Sensitive permission is to access mobile terminal simultaneously
Device resource and note resource, then corresponding sensitive action be obtain system information in device number, transmitting-receiving note.
It is understood that above-mentioned sensitive permission and sensitive action are only in the purpose of example, rather than in order to limit
The present invention.User can according to the consideration of itself safety to mobile terminal and number one, voluntarily setting sensitive permission and
Sensitive action.
Persistent state according to residing for system in mobile terminal for the context generation module 420 generates at least one context.
Wherein, context is used for reflecting the persistent state that system is presently in, for example:In call, in recording, in navigation, in charging, clap
According to medium.It is understood that a context can correspond to multiple sensitive action.For example:The lasting shape of file description up and down
State is in call and recording, then corresponding sensitive action is call and records.Wherein, different contexts can correspond to same
Same action in sensitive action, and different context can have different implications according to sensitivity.
One of at least one sensitive action that MBM 430 generates according to sensitive action generation module 410 or many
One of at least one context that individual sensitive action and based on context generation module 420 generate context generates malice
Behavior model.Wherein, in malicious act model, define the execution sequence of multiple sensitive action, above-mentioned execution sequence is permissible
Represent purpose and the essence of malicious act.In other words, if Malware to realize a malicious intent it is necessary to according to execute suitable
Sequence is through above-mentioned multiple sensitive action.If behavior includes multiple sensitive action and has identical execution sequence simultaneously, dislike
Meaning behavior model may determine that the behavior is malicious act.
In one embodiment of the invention, one or more of malicious act model that MBM 430 is set up is quick
Move and make to be selected to determine by the user of mobile terminal with context.
In yet another embodiment of the present invention, software malicious act model building device 400 also includes attribute information record mould
Block.Wherein, attribute information logging modle 400 can record malice after malicious act model judges behavior for malicious act
The attribute information of behavior, and above-mentioned attribute information is showed the user of mobile terminal, consequently facilitating user is as needed to evil
Meaning behavior model is adjusted.User can enter edlin, browse or delete to malicious act model, and then according to making user's root
According to the self-demand adjustment malicious act that system detected and controlled.Because the number one of different user is different, each
The behavior that user is regarded to damage number one would also vary from.Specifically, user may browse through and edits existing
Malicious act model, and existing malicious act model can be deleted according to number one and security consideration.
By above-mentioned User Defined mechanism, be conducive to meeting the demand of different user.Additionally, user can also be to current
In system, the existing malicious act model being unsatisfactory for user's request is modified, thus enable a system to more be close to the users needing
Ask.
In an example of the present invention, attribute information can include one or more of herein below:In malicious act
The time of origin of each sensitive action, the type of action of each sensitive action, the identity of each sensitive action executor and
Time interval between current state, two sensitive action and the context residing for each sensitive action.
Software malicious act model building device according to embodiments of the present invention, by detect sensitive resource obtain sensitive action with
And the context of expression system status generates malicious act model, such that it is able to effective arbitrary behavior finding software execution
Whether being malicious act to be accurately judged to Malware, improving the safety of mobile terminal.
In addition although the species of Malware much and has a lot of mutation, but the species being to increase is simultaneously few, and phase
The way of act of congener Malware is basically identical, thus by the software malicious act modeling method of the embodiment of the present invention
The malicious act model taking out is consistent, goes for multiple types and large batch of Malware.
Below with reference to Fig. 5, mobile terminal according to embodiments of the present invention is described.
As shown in figure 5, mobile terminal provided in an embodiment of the present invention includes:Software malicious act model building device and malice mould
Type editor module 510.Wherein, the software malice row that software malicious act model building device can provide for the above embodiment of the present invention
For model building device 400.Malice model editing module is used for the malicious act mould of software malicious act model building device 400 foundation
Type is shown to user, thus entering edlin for user, browsing or delete.
User can by malice model editing module 510 according to make user according to self-demand adjust system detected with
The malicious act controlling.Because the number one of different user is different, each user is regarded to damage number one
Behavior would also vary from.By above-mentioned User Defined mechanism, be conducive to meeting the demand of different user.Additionally, user
The malicious act model being unsatisfactory for user's request existing in current system can also be modified, thus enabling a system to more
Stick on nearly user's request.
Mobile terminal according to embodiments of the present invention, obtains sensitive action and represents system institute by detecting sensitive resource
The context of place's state generates malicious act model, and user can be according to number one and security consideration to malicious act mould
Type is modified, thus identifying and process the software that user is not intended to run, and then at utmost meets the customization need of user
Seek and improve the use viscosity of user.
The determination methods of software malicious act according to embodiments of the present invention are described below with reference to Fig. 6.
As shown in fig. 6, the determination methods of software malicious act provided in an embodiment of the present invention comprise the steps:
Step S601, sets up malicious act model.
In one embodiment of the invention, using the software malicious act modeling method of first aspect present invention embodiment
Set up malicious act model.
Step S602, the persistent state that in record mobile terminal, system is presently in, and generate current context.
Context is used for reflecting the persistent state that system is presently in, for example:In call, in recording, in navigation, charge
In, take pictures medium.It is understood that a context can correspond to multiple sensitive action.For example:What file described up and down holds
Continuous state is in call and recording, then corresponding sensitive action is call and records.
The same action that different contexts can correspond in same sensitive action, and different context can root
Can have different implications according to sensitivity.
In one embodiment of the invention, context can be selected by the user of mobile terminal to determine.
Step S603, record Current software is to the accessing and generate one or more accordingly of sensitive resource in mobile terminal
Sensitive action.
When Current software in mobile terminal accesses to the sensitive resource of system, then generate a sensitive action, thus root
Access times according to Current software generate multiple sensitive action.Wherein, between multiple sensitive action, there is execution sequence.Each is quick
Emotion all includes multiple attributes, the software of execution action itself and system during the generation of this sensitive action of these attribute records
The present situation.
In one embodiment of the invention, one or more of malicious act model sensitive action and system is quick
Sense authority all can be chosen by user to determine.
Step S604, according to current context and Current software one or more sensitive action accordingly, and malice row
Judge whether Current software is malicious act to the access of sensitive resource for model.
In the malicious act model set up in step S60 1, define the execution sequence of multiple sensitive action, above-mentioned hold
Row order can represent purpose and the essence of malicious act.In other words, if Malware to realize a malicious intent it is necessary to
According to execution sequence through above-mentioned multiple sensitive action.
During the use of mobile terminal, if multiple sensitive action of the Current software of step S603 generation are step
Multiple sensitive action and having in the malicious act model set up in S601 are held with the identical defined in malicious act model
Row order, then may determine that Current software is malicious act to the access of sensitive wording.
In one embodiment of the invention, after judging the access to sensitive resource for the Current software for malicious act,
The attribute information of record malicious act, and attribute information is showed the user of mobile terminal, thus enter edlin, clear for user
Look at or delete.User can be according to the self-demand adjustment malicious act that system detected and controlled.Due to different user from
Body interests are different, and the behavior that each user is regarded to damage number one would also vary from.By above-mentioned user
Self-defined mechanism, is conducive to meeting the demand of different user.Additionally, user can also be unsatisfactory for using to existing in current system
The malicious act model of family demand is modified, thus the demand that enables a system to more be close to the users.
In one embodiment of the invention, attribute information can include one or more of herein below:Malicious act
In the time of origin of each sensitive action, the type of action of each sensitive action, the identity of each sensitive action executor
Time interval and current state, two sensitive action between and the context residing for each sensitive action.
The determination methods of software malicious act according to embodiments of the present invention, obtain sensitive action by detecting sensitive resource
And the context of expression system status generates malicious act model, such that it is able to effective any row finding software execution
Whether for being malicious act, and user can modify to malicious act model according to number one and security consideration, from
And identify and process the software that user is not intended to run, and then at utmost meet the customized demand of user and improve user
Use viscosity.
Below with reference to Fig. 7, mobile terminal according to embodiments of the present invention is described.
As shown in fig. 7, mobile terminal provided in an embodiment of the present invention includes software malicious act model building device, logging modle
710 and judge module 720.
In one embodiment of the invention, software malicious act model building device can provide for the above embodiment of the present invention
Software malicious act model building device 400, be used for setting up malicious act model.In malicious act model, define multiple sensitivities
The execution sequence of action, above-mentioned execution sequence can represent purpose and the essence of malicious act.In other words, if Malware will
Realize a malicious intent it is necessary to according to execution sequence through above-mentioned multiple sensitive action.
Logging modle 710 records the persistent state that in mobile terminal, system is presently in, and generates current context, record
Current software is to the accessing and generate one or more sensitive action accordingly of sensitive resource in mobile terminal.Wherein, sensitive dynamic
Work can be recording, shooting or positioning etc..
Judge module 720 is according to current context and Current software one or more sensitive action accordingly and above-mentioned
The malicious act model that software malicious act model building device 400 is set up judges whether Current software is evil to the access of sensitive resource
Meaning behavior.
Specifically, if multiple sensitive action of the Current software of logging modle 710 generation are in malicious act model
Multiple sensitive action and having and the identical execution sequence defined in malicious act model, then judge module 720 may determine that
Current software is malicious act to the access of sensitive wording.
Mobile terminal according to embodiments of the present invention, obtains sensitive action and represents system institute by detecting sensitive resource
Whether the context of place's state generates malicious act model, be malice row such that it is able to effective arbitrary behavior finding software execution
For, and user can modify to malicious act model according to number one and security consideration, thus identifying and processing use
Family is not intended to the software running, and then at utmost meets the customized demand of user and improve the use viscosity of user.
The determination methods of software malice according to embodiments of the present invention are described below with reference to Fig. 8.
As shown in figure 8, the determination methods of software malice provided in an embodiment of the present invention comprise the steps:
Step S801, sets up malicious act model.
In one embodiment of the invention, using the software malicious act modeling method of first aspect present invention embodiment
Set up malicious act model.
Step S802, the persistent state that in record mobile terminal, system is presently in, and generate current context.
Context is used for reflecting the persistent state that system is presently in, for example:In call, in recording, in navigation, charge
In, take pictures medium.It is understood that a context can correspond to multiple sensitive action.For example:What file described up and down holds
Continuous state is in call and recording, then corresponding sensitive action is call and records.
The same action that different contexts can correspond in same sensitive action, and different context can root
Can have different implications according to sensitivity.
In one embodiment of the invention, context can be selected by the user of mobile terminal to determine.
Step S803, record Current software is to the accessing and generate one or more accordingly of sensitive resource in mobile terminal
Sensitive action.
When Current software in mobile terminal accesses to the sensitive resource of system, then generate a sensitive action, thus root
Access times according to Current software generate multiple sensitive action.Wherein, between multiple sensitive action, there is execution sequence.Each is quick
Emotion all includes multiple attributes, the software of execution action itself and system during the generation of this sensitive action of these attribute records
The present situation.
In one embodiment of the invention, one or more of malicious act model sensitive action and system is quick
Sense authority all can be chosen by user to determine.
Step S804, according to current context and Current software one or more sensitive action accordingly, and according to evil
Meaning behavior model judges whether Current software is malicious act to the access of sensitive resource.
In the malicious act model set up in step S801, define the execution sequence of multiple sensitive action, above-mentioned hold
Row order can represent purpose and the essence of malicious act.In other words, if Malware to realize a malicious intent it is necessary to
According to execution sequence through above-mentioned multiple sensitive action.
During the use of mobile terminal, if multiple sensitive action of the Current software of step S803 generation are step
Multiple sensitive action and having in the malicious act model set up in S801 are held with the identical defined in malicious act model
Row order, then may determine that Current software is malicious act to the access of sensitive wording.
The malicious act of Current software if it is determined that malicious act, is then prompted to the user of mobile terminal by step S805,
Judge whether Current software is Malware by user.
After judging the access to sensitive resource for the Current software for malicious act, the malicious act of record Current software
Attribute information, and attribute information is showed the user of mobile terminal, thus entering edlin for user, browsing or delete.User
Can be according to the self-demand adjustment malicious act that system detected and controlled.Due to different user number one not
With the behavior that each user is regarded to damage number one would also vary from.By above-mentioned User Defined mechanism, have
Beneficial to the demand meeting different user.Additionally, user can also be to the malice being unsatisfactory for user's request existing in current system
Behavior model is modified, thus the demand that enables a system to more be close to the users.
In one embodiment of the invention, attribute information can include one or more of herein below:Malicious act
In the time of origin of each sensitive action, the type of action of each sensitive action, the identity of each sensitive action executor
Time interval and current state, two sensitive action between and the context residing for each sensitive action.
The determination methods of software malice according to embodiments of the present invention, by detect sensitive resource obtain sensitive action and
The context of expression system status generates malicious act model, such that it is able to effective arbitrary behavior finding software execution is
No for malicious act, and may determine that whether Current software is malicious act further.Additionally, user can be according to itself profit
Benefit and security consideration are modified to malicious act model, thus identifying and process the software that user is not intended to run, and then
The customized demand at utmost meeting user and the use viscosity improving user.
Below with reference to Fig. 9, mobile terminal according to embodiments of the present invention is described.
As shown in figure 9, mobile terminal provided in an embodiment of the present invention includes:Software malicious act model building device, record mould
Block 910, judge module 920 and reminding module 930.
In one embodiment of the invention, software malicious act model building device can provide for the above embodiment of the present invention
Software malicious act model building device 400.
Logging modle 910 is used for recording the persistent state that system in mobile terminal is presently in, and generates current context.
Wherein context is used for reflecting the persistent state that system is presently in, for example:In call, in recording, in navigation, in charging, clap
According to medium.It is understood that a context can correspond to multiple sensitive action.For example:The lasting shape of file description up and down
State is in call and recording, then corresponding sensitive action is call and records.
The same action that different contexts can correspond in same sensitive action, and different context can root
Can have different implications according to sensitivity.
In one embodiment of the invention, context can be selected by the user of mobile terminal to determine.
Logging modle 910 is additionally operable to record Current software to the accessing and generate corresponding of sensitive resource in mobile terminal
Individual or multiple sensitive action.Wherein, between multiple sensitive action, there is execution sequence.Each sensitive action all includes multiple genus
Property, the software of execution action itself and the present situation of system when this sensitive action of these attribute records occurs.
In one embodiment of the invention, in the malicious act model that software malicious act model building device 400 is set up
The sensitive permission of one or more sensitive action and system all can be chosen by user to determine.
Judge module 920 is used for according to current context and Current software one or more sensitive action accordingly, and
Judge whether Current software is malicious act to the access of sensitive resource.
Specifically, if multiple sensitive action of the Current software of logging modle 910 generation are in malicious act model
Multiple sensitive action and having and the identical execution sequence defined in malicious act model, then judge module 920 may determine that
Current software is malicious act to the access of sensitive wording.
Reminding module 930, ought when judge module 920 judges the access to sensitive resource for the Current software for malicious act
The malicious act of front software is prompted to the user of mobile terminal, judges whether Current software is Malware by user, thus supplying
User enters edlin, browses or delete.User can be according to the self-demand adjustment malicious act that system detected and controlled.By
Different in the number one of different user, the behavior that each user is regarded to damage number one can not yet
With.By above-mentioned User Defined mechanism, be conducive to meeting the demand of different user.Additionally, user can also be to current system
In the existing malicious act model being unsatisfactory for user's request modify, thus the demand that enables a system to more be close to the users.
Mobile terminal according to embodiments of the present invention, obtains sensitive action and represents system institute by detecting sensitive resource
Whether the context of place's state generates malicious act model, be malice row such that it is able to effective arbitrary behavior finding software execution
For, and may determine that whether Current software is malicious act further.Additionally, user can examine according to number one and safety
Consider and malicious act model is modified, thus identifying and process the software that user is not intended to run and then at utmost full
The customized demand of sufficient user and improve the use viscosity of user.
In flow chart or here any process described otherwise above or method description are construed as, represent and include
The module of the code of executable instruction of one or more steps for realizing specific logical function or process, fragment or portion
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable
Sequence, including according to involved function by substantially simultaneously in the way of or in the opposite order, carry out perform function, this should be by the present invention
Embodiment person of ordinary skill in the field understood.
Represent in flow charts or here logic described otherwise above and/or step, for example, it is possible to be considered as to use
In the order list of the executable instruction realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (system as computer based system, including processor or other can hold from instruction
Row system, device or equipment instruction fetch the system of execute instruction) use, or with reference to these instruction execution systems, device or set
Standby and use.For the purpose of this specification, " computer-readable medium " can any can be comprised, store, communicate, propagate or pass
Defeated program is for instruction execution system, device or equipment or the dress using with reference to these instruction execution systems, device or equipment
Put.The more specifically example (non-exhaustive list) of computer-readable medium includes following:There is the electricity of one or more wirings
Connecting portion (electronic installation), portable computer diskette box (magnetic device), random access memory (RAM), read only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device, and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program thereon or other are suitable
Medium, because edlin, interpretation or if necessary with it can then be entered for example by carrying out optical scanning to paper or other media
His suitable method is processed to electronically obtain described program, is then stored in computer storage.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned
In embodiment, the software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realizing.For example, if realized with hardware, and the same in another embodiment, can use well known in the art under
Any one of row technology or their combination are realizing:There is the logic gates for data signal is realized with logic function
Discrete logic, there is the special IC of suitable combinational logic gate circuit, programmable gate array 0 (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that to realize all or part step that above-described embodiment method carries
Suddenly the program that can be by completes come the hardware to instruct correlation, and described program can be stored in a kind of computer-readable storage medium
In matter, this program upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, can be integrated in a processing module in each functional unit in each embodiment of the present invention it is also possible to
It is that unit is individually physically present it is also possible to two or more units are integrated in a module.Above-mentioned integrated mould
Block both can be to be realized in the form of hardware, it would however also be possible to employ the form of software function module is realized.Described integrated module is such as
Fruit using in the form of software function module realize and as independent production marketing or use when it is also possible to be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read only memory, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or the spy describing with reference to this embodiment or example
Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any
One or more embodiments or example in combine in an appropriate manner.
Although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, permissible
Understand and can carry out multiple changes, modification, replacement to these embodiments without departing from the principles and spirit of the present invention
And modification, the scope of the present invention by claims and its equivalent limits.
Claims (17)
1. a kind of software malicious act modeling method is it is characterised in that comprise the following steps:
Generate at least one sensitive action according to the access of sensitive resource in mobile terminal;
Persistent state according to residing for system in described mobile terminal generates at least one context, wherein, a context pair
Answer multiple sensitive action, different contexts corresponds to same sensitive dynamic in same sensitive action, and different context
Make that different implications are had according to sensitivity;And
According in one or more of at least one sensitive action described sensitive action and/or at least one context described
One context generates malicious act model.
2. software malicious act modeling method as claimed in claim 1 is it is characterised in that described malicious act model includes
Multiple sensitive action, have execution sequence between the plurality of sensitive action, if behavior includes the plurality of sensitivity and moves simultaneously
Make and there is identical execution sequence, then described malicious act model is judged as malicious act.
3. software malicious act modeling method as claimed in claim 1 or 2 is it is characterised in that in described malicious act model
One or more of sensitive action and/or described context by described mobile terminal user select determine.
4. software malicious act modeling method as claimed in claim 2 is it is characterised in that judge in described malicious act model
After described behavior is malicious act, also include:
Record the attribute information of described malicious act, and described attribute information is showed the user of described mobile terminal.
5. software malicious act modeling method as claimed in claim 4 is it is characterised in that described attribute information includes malice row
For in the time of origin of each sensitive action, the type of action of each sensitive action, each sensitive action executor identity mark
Know one of time interval and context residing for each sensitive action and current state, two sensitive action between or
Multiple.
6. software malicious act modeling method as claimed in claim 5 it is characterised in that described sensitive resource include recording,
Device number, GPS information, paying note.
7. software malicious act modeling method as claimed in claim 1 is it is characterised in that also include:
The malicious act model of foundation is shown to the user of described mobile terminal, so that described user enters edlin, browses
Or delete.
8. a kind of software malicious act model building device is it is characterised in that include:
Sensitive action generation module, for generating at least one sensitive action to the access of sensitive resource in mobile terminal;
Context generation module, for generating at least one according to the persistent state that system in described mobile terminal is presently in
Hereafter, wherein, a context corresponds to multiple sensitive action, and different contexts corresponds to same sensitive action, and different
Same sensitive action in context has different implications according to sensitivity;And
MBM, for according to one or more of at least one sensitive action described sensitive action and/or described at least
One of one context context generates malicious act model.
9. software malicious act model building device as claimed in claim 8 is it is characterised in that described malicious act model includes
Multiple sensitive action, have execution sequence between the plurality of sensitive action, if behavior includes the plurality of sensitivity and moves simultaneously
Make and there is identical execution sequence, then described malicious act model is judged as malicious act.
10. software malicious act model building device as claimed in claim 8 is it is characterised in that in described malicious act model
One or more of sensitive action and/or described context are selected to determine by the user of described mobile terminal.
11. software malicious act model building devices as claimed in claim 8 are it is characterised in that also include:
Attribute information logging modle, for, after judging described behavior for malicious act, recording the attribute of described malicious act
Information, and described attribute information is showed the user of described mobile terminal.
12. software malicious act model building devices as claimed in claim 11 are it is characterised in that described attribute information includes malice
The time of origin of each sensitive action, the type of action of each sensitive action, the identity of each sensitive action executor in behavior
One of time interval between mark and current state, two sensitive action and the context residing for each sensitive action
Or it is multiple.
A kind of 13. mobile terminals are it is characterised in that include:
Software malicious act model building device as described in any one of claim 8-12;
Malice model editing module, for being shown to the malicious act model of described software malicious act model building device foundation
The user of described mobile terminal, enters edlin for described user, browses or delete.
A kind of 14. determination methods of software malicious act are it is characterised in that comprise the following steps:
Malicious act model is set up using the software malicious act modeling method as described in any one of claim 1-7;
The persistent state that in record mobile terminal, system is presently in, and generate current context;
Record Current software is to the accessing and generate one or more sensitive action accordingly of sensitive resource in described mobile terminal;
And
According to described current context and Current software one or more sensitive action accordingly, and described malicious act model
Judge whether described Current software is malicious act to the access of described sensitive resource.
A kind of 15. mobile terminals are it is characterised in that include:
Software malicious act model building device as described in any one of claim 8-12;
Logging modle, for recording the persistent state that system in mobile terminal is presently in, and generates current context, Yi Jiji
Record Current software is to the accessing and generate one or more sensitive action accordingly of sensitive resource in described mobile terminal;And
Judge module, for according to described current context and Current software one or more sensitive action accordingly, Yi Jisuo
The malicious act model stating the foundation of software malicious act model building device judges the access to described sensitive resource for the described Current software
Whether it is malicious act.
A kind of 16. determination methods of software malice are it is characterised in that comprise the following steps:
Malicious act model is set up using the software malicious act modeling method as described in any one of claim 1-7;
The persistent state that in record mobile terminal, system is presently in, and generate current context;
Record Current software is to the accessing and generate one or more sensitive action accordingly of sensitive resource in described mobile terminal;
According to described current context and Current software one or more sensitive action accordingly, and described malicious act model
Judge whether described Current software is malicious act to the access of described sensitive resource;And
If it is determined that malicious act, then the described malicious act of described Current software is prompted to the use of described mobile terminal
By described user, family, judges whether described Current software is Malware.
A kind of 17. mobile terminals are it is characterised in that include:
Software malicious act model building device as described in any one of claim 8-12;
Logging modle, for recording the persistent state that system in mobile terminal is presently in, and generates current context, Yi Jiji
Record Current software is to the accessing and generate one or more sensitive action accordingly of sensitive resource in described mobile terminal;
Judge module, for according to described current context and Current software one or more sensitive action accordingly, and sentences
Whether the described Current software that breaks is malicious act to the access of described sensitive resource;And
Reminding module, for when being judged as malicious act, the described malicious act of described Current software being prompted to described shifting
By described user, the user of dynamic terminal, judges whether described Current software is Malware.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210047944.5A CN103294948B (en) | 2012-02-27 | 2012-02-27 | Software malicious behavior modeling and judging method and device, and mobile terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210047944.5A CN103294948B (en) | 2012-02-27 | 2012-02-27 | Software malicious behavior modeling and judging method and device, and mobile terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103294948A CN103294948A (en) | 2013-09-11 |
CN103294948B true CN103294948B (en) | 2017-02-08 |
Family
ID=49095790
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210047944.5A Active CN103294948B (en) | 2012-02-27 | 2012-02-27 | Software malicious behavior modeling and judging method and device, and mobile terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103294948B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103778372B (en) * | 2014-01-13 | 2016-10-19 | 福建师范大学 | A kind of spectral method identifying computer software behavior |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101132438A (en) * | 2007-03-20 | 2008-02-27 | 中国移动通信集团江苏有限公司 | Method for screen selecting and catching vicious disturbing calls |
CN101180598A (en) * | 2005-04-15 | 2008-05-14 | 微软公司 | Method and apparatus for providing process guidance |
CN101228517A (en) * | 2005-07-26 | 2008-07-23 | 微软公司 | Augmenting a call with context |
US7962918B2 (en) * | 2004-08-03 | 2011-06-14 | Microsoft Corporation | System and method for controlling inter-application association through contextual policy control |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101266550B (en) * | 2007-12-21 | 2011-02-16 | 北京大学 | Malicious code detection method |
US8042186B1 (en) * | 2011-04-28 | 2011-10-18 | Kaspersky Lab Zao | System and method for detection of complex malware |
-
2012
- 2012-02-27 CN CN201210047944.5A patent/CN103294948B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7962918B2 (en) * | 2004-08-03 | 2011-06-14 | Microsoft Corporation | System and method for controlling inter-application association through contextual policy control |
CN101180598A (en) * | 2005-04-15 | 2008-05-14 | 微软公司 | Method and apparatus for providing process guidance |
CN101228517A (en) * | 2005-07-26 | 2008-07-23 | 微软公司 | Augmenting a call with context |
CN101132438A (en) * | 2007-03-20 | 2008-02-27 | 中国移动通信集团江苏有限公司 | Method for screen selecting and catching vicious disturbing calls |
Also Published As
Publication number | Publication date |
---|---|
CN103294948A (en) | 2013-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10735432B2 (en) | Personalized inferred authentication for virtual assistance | |
CN102779255B (en) | Method and device for judging malicious program | |
US9665340B2 (en) | Systems and methods for temporarily sharing audio over a network | |
CN109818942A (en) | A kind of user account number method for detecting abnormality and device based on temporal aspect | |
US8095629B2 (en) | Managing user accounts and groups in multiple forests | |
US20210377275A1 (en) | Privacy-preserving composite views of computer resources in communication groups | |
CN103281375B (en) | A kind of contact management method of third-party application and device, system | |
CN104737101A (en) | Computing device with force-triggered non-visual responses | |
CN104967758B (en) | A kind of method and user terminal for controlling data transfer | |
CN109241302B (en) | Online course comment authorization method and device and terminal equipment | |
CN105874464A (en) | Systems and methods for introducing variation in sub-system output signals to prevent device fingerprinting | |
CN107181745A (en) | Malicious messages recognition methods, device, equipment and computer-readable storage medium | |
CN102360360A (en) | Method, equipment and system for searching friends | |
CN111968625A (en) | Sensitive audio recognition model training method and recognition method fusing text information | |
CN110119614A (en) | The system and method for detecting the hidden behaviour of browser extension | |
US10885132B2 (en) | System and method for web search obfuscation using emulated user profiles | |
CN109246467A (en) | Label is to the method, apparatus of sharing video frequency, video camera and smart phone | |
Zhu et al. | How dangerous are your smartphones? App usage recommendation with privacy preserving | |
CN103294948B (en) | Software malicious behavior modeling and judging method and device, and mobile terminal | |
CN106484779A (en) | File operation method and device | |
KR102181943B1 (en) | System of monitoring based on gateway | |
CN109657148A (en) | For abnormal operation recognition methods, device, server and the medium for reporting POI | |
CN113849852A (en) | Privacy authority detection method and device, electronic equipment and storage medium | |
US20180121553A1 (en) | System and Method for Monitoring User Searches to Obfuscate Web Searches By Using Emulated User Profiles | |
CN110096867A (en) | A kind of permission recommended method and system towards Android application function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |