CN103324887B - Prevention-Security device, method and the mobile terminal of mobile terminal - Google Patents
Prevention-Security device, method and the mobile terminal of mobile terminal Download PDFInfo
- Publication number
- CN103324887B CN103324887B CN201310280701.0A CN201310280701A CN103324887B CN 103324887 B CN103324887 B CN 103324887B CN 201310280701 A CN201310280701 A CN 201310280701A CN 103324887 B CN103324887 B CN 103324887B
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- defence
- deviant behavior
- module
- defense
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention proposes Prevention-Security device, method and the mobile terminal of a kind of mobile terminal, wherein this device includes: memory module, power-on management module and defense module, wherein, memory module is arranged among the root file system of mobile terminal, for storing the executable file of defense module;Power-on management module, obtains for the configuration file according to mobile terminal when mobile terminal-opening starts and runs executable file;Defense module, for generating the defence process on resident backstage according to the executable file run, defence process is for monitoring the Deviant Behavior of mobile terminal and carrying out Initiative Defense according to Deviant Behavior.Device according to embodiments of the present invention, achieve security protection program can not uninstall feature, security protection process memory-resident run and automatically start management, ensure that security protection process carries out comprehensive monitoring protection and self-regeneration to application layer and the service layer of mobile terminal operating system, bring to the security protection of operating system and effectively ensure.
Description
Technical field
The present invention relates to mobile device manufacturing technology field, particularly relate to the Prevention-Security device of a kind of mobile terminal, side
Method and mobile terminal.
Background technology
Extensive along with mobile terminal (such as mobile phone, panel computer etc.) is popularized, a lot of viruses, wooden horses and malicious attack
Programs etc. start to invade the operating system of mobile terminal, particularly can be by third-party application as the operating system of Android Android
Obtain unique power user in root(operating system) authority, almost can revise any data of operating system.Once move
The operating system person of being hacked of dynamic terminal cracks, and assailant can get a large amount of private sensitive information of user, endangers user
Evil is huge, brings acid test to the safety of the private sensitive information of user.
Summary of the invention
It is contemplated that at least solve one of above-mentioned technical problem.
To this end, the first of the present invention purpose is to propose the Prevention-Security device of a kind of mobile terminal.This device makes whole
The operating system of individual mobile terminal can be brought effectively to the security protection of operating system with the aggressive behavior of Initiative Defense assailant
Ground ensures.
Second object of the present invention is to propose the safety defense method of a kind of mobile terminal.
Third object of the present invention is to propose a kind of mobile terminal.
To achieve these goals, the Prevention-Security device of the mobile terminal of first aspect present invention embodiment includes: deposit
Storage module, power-on management module and defense module, wherein, described memory module, described memory module is arranged on mobile terminal
Among root file system, for storing the executable file of described defense module;Described power-on management module, in described shifting
Dynamic starting up of terminal obtains and runs described executable file according to the configuration file of described mobile terminal when starting;Described defence mould
Block, for generating the defence process on resident backstage according to the described executable file run, described defence process is used for monitoring institute
State the Deviant Behavior of mobile terminal and carry out Initiative Defense according to described Deviant Behavior.
The Prevention-Security device of mobile terminal according to embodiments of the present invention, by defense module according to performing of running
File generated resides the defence process on backstage, and by the Deviant Behavior of defence monitoring the process mobile terminal and according to Deviant Behavior
Carry out Initiative Defense, by utilizing implantation security protection program in the root file system of operating system to achieve security protection journey
Sequence can not uninstall feature, and operating system aspect achieve this security protection program security protection process resident in
Deposit operation and automatically start management, so that it is guaranteed that security protection process can be utilized the application layer of mobile terminal operating system and
Service layer carries out comprehensive monitoring protection and self-regeneration, and the operating system making whole mobile terminal can be with Initiative Defense assailant's
Aggressive behavior, brings to the security protection of operating system and effectively ensures.
To achieve these goals, the safety defense method of the mobile terminal of second aspect present invention embodiment, including with
Lower step: when described mobile terminal starts, described mobile terminal obtains according to configuration file and runs and is stored in described movement
The executable file for defence among the root file system of terminal;Described mobile terminal can perform literary composition according to running
Part generates the defence process on resident backstage;And different by mobile terminal described in described defence monitoring the process of described mobile terminal
Chang Hangwei also carries out Initiative Defense according to described Deviant Behavior.
The safety defense method of mobile terminal according to embodiments of the present invention, mobile terminal is by being stored in mobile terminal
The executable file for defence among root file system generates the defence process on resident backstage, and by defence monitoring the process
The Deviant Behavior of mobile terminal also carries out Initiative Defense according to Deviant Behavior, by utilizing in the root file system of operating system
Implant security protection program achieve security protection program can not uninstall feature, and achieve this peace in operating system aspect
The memory-resident of the security protection process of full protection program runs and automatically starts management, so that it is guaranteed that security protection can be utilized
Process carries out comprehensive monitoring protection and self-regeneration to application layer and the service layer of mobile terminal operating system, makes whole mobile whole
The operating system of end can be brought to the security protection of operating system effectively ensure with the aggressive behavior of Initiative Defense assailant.
To achieve these goals, the mobile terminal of third aspect present invention embodiment, real including first aspect present invention
Execute the Prevention-Security device of the mobile terminal of example.
Mobile terminal according to embodiments of the present invention, after residing according to the executable file generation run by defense module
The defence process of platform, and by defending the Deviant Behavior of monitoring the process mobile terminal and carrying out Initiative Defense according to Deviant Behavior,
By utilizing implantation security protection program in the root file system of operating system to achieve the most off-loadable of security protection program
Characteristic, and the memory-resident achieving the security protection process of this security protection program in operating system aspect runs and automatically
Start management, so that it is guaranteed that can utilize security protection process that application layer and the service layer of mobile terminal operating system are carried out entirely
Face monitoring protection and self-regeneration, make the operating system of whole mobile terminal can give with the aggressive behavior of Initiative Defense assailant
The security protection of operating system brings and effectively ensures.
Aspect and advantage that the present invention adds will part be given in the following description, and part will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Accompanying drawing explanation
The present invention above-mentioned and/or that add aspect and advantage will become from the following description of the accompanying drawings of embodiments
Substantially with easy to understand, wherein,
Fig. 1 is the structural representation of the Prevention-Security device of mobile terminal according to an embodiment of the invention;
Fig. 2 (a) and (b) are the schematic diagrams of the Prevention-Security device of mobile terminal according to an embodiment of the invention;And
Fig. 3 is the flow chart of the safety defense method of mobile terminal according to an embodiment of the invention.
Detailed description of the invention
Embodiments of the invention are described below in detail, and the example of described embodiment is shown in the drawings, the most from start to finish
Same or similar label represents same or similar element or has the element of same or like function.Below with reference to attached
The embodiment that figure describes is exemplary, is only used for explaining the present invention, and is not considered as limiting the invention.On the contrary, originally
Inventive embodiment includes all changes in the range of the spirit falling into attached claims and intension, revises and be equal to
Thing.
In describing the invention, it is to be understood that term " first ", " second " etc. are not only used for describing purpose, and not
It is understood that as instruction or hint relative importance.In describing the invention, it should be noted that unless otherwise clear and definite regulation
And restriction, term " is connected ", " connection " should be interpreted broadly, and connects for example, it may be fixing, it is also possible to be to removably connect,
Or be integrally connected;Can be to be mechanically connected, it is also possible to be electrical connection;Can be to be joined directly together, it is also possible to pass through intermediary
It is indirectly connected to.For the ordinary skill in the art, above-mentioned term tool in the present invention can be understood with concrete condition
Body implication.Additionally, in describing the invention, except as otherwise noted, " multiple " are meant that two or more.
In flow chart or at this, any process described otherwise above or method description are construed as, and expression includes
One or more is for realizing the module of code, fragment or the portion of the executable instruction of the step of specific logical function or process
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not by shown or discuss suitable
Sequence, including according to involved function by basic mode simultaneously or in the opposite order, performs function, and this should be by the present invention
Embodiment person of ordinary skill in the field understood.
Below with reference to the accompanying drawings describe the Prevention-Security device of mobile terminal according to embodiments of the present invention, method and move eventually
End.
A kind of Prevention-Security device of mobile terminal, including: memory module, power-on management module and defense module, wherein,
Memory module, memory module is arranged among the root file system of mobile terminal, for storing the executable file of defense module;
Power-on management module, obtains for the configuration file according to mobile terminal when mobile terminal-opening starts and runs and can perform literary composition
Part;Defense module, for generating the defence process on resident backstage according to the executable file run, defence process is used for monitoring shifting
Move the Deviant Behavior of terminal and carry out Initiative Defense according to Deviant Behavior.
Fig. 1 is the structural representation of the Prevention-Security device of mobile terminal according to an embodiment of the invention.
As it is shown in figure 1, the Prevention-Security device of mobile terminal includes: memory module 100, power-on management module 200 and anti-
Imperial module 300.
Specifically, memory module 100 is arranged among the root file system of mobile terminal, is used for storing defense module 300
Executable file.
In one embodiment of the invention, executable file can be read-only.
Such as, as shown in Fig. 2 (a), the mobile terminal of Android operation system can be at the root file system of mobile terminal
In memory module 100 is set, the executable file of defense module 300 is stored in memory module 100, then by root file system
Unite with the gzip(GNUzip of ram disk ramdisk, a kind of compressing file form) form is bundled in image file boot.img,
Wherein, boot.img also includes the kernel mirror image file of operating system.After the kernel of operating system starts, mobile terminal is permissible
Root file system is placed on the adjacent in kernel memory storage region, and using this region as read-only zones, i.e. operating system
Any process all can not revise root file system, thus, it is possible to ensure the defence of memory module 100 storage in root file system
The safety of the executable file of module 300.
Should be understood that the guiding of any operating system is required for kernel mirror image file and similar root file system, therefore originally
Device in inventive embodiments can be used on several operation systems platform (such as Android, Linux etc.).
Power-on management module 200 obtains for the configuration file according to mobile terminal when mobile terminal-opening starts and transports
Row executable file.
Defense module 300 for generating the defence process on resident backstage according to the executable file run, and defence process is used
In monitoring the Deviant Behavior of mobile terminal and carrying out Initiative Defense according to Deviant Behavior.Attack more specifically, assailant can use
Program of hitting has specific aim and concealed attack to the operating system of mobile terminal, and such as, background process is mourned in silence and freezed
The module of some application program makes it not run.The defence process on the resident backstage that defense module 300 generates can be monitored
Assailant malice Deviant Behavior and carry out Initiative Defense.
The Prevention-Security device of mobile terminal according to embodiments of the present invention, by defense module according to performing of running
File generated resides the defence process on backstage, and by the Deviant Behavior of defence monitoring the process mobile terminal and according to Deviant Behavior
Carry out Initiative Defense, by utilizing implantation security protection program in the root file system of operating system to achieve security protection journey
Sequence can not uninstall feature, and operating system aspect achieve this security protection program security protection process resident in
Deposit operation and automatically start management, so that it is guaranteed that security protection process can be utilized the application layer of mobile terminal operating system and
Service layer carries out comprehensive monitoring protection and self-regeneration, and the operating system making whole mobile terminal can be with Initiative Defense assailant's
Aggressive behavior, brings to the security protection of operating system and effectively ensures.
In one embodiment of the invention, power-on management module 200 is additionally operable to monitor whether defence process is closed, and
Executable file is reruned to generate defence process according to configuration file after monitoring defence process is closed.Such as, exist
In the mobile terminal of Android operation system, the init process in power-on management module 200 can monitor exiting of defence process
Event, and a new defence process can be restarted after defence process exits, hereby it is achieved that the prison to defence process
Survey and restart, making defence process have the most closable characteristic.
In one embodiment of the invention, the defence process that defense module 300 generates is additionally operable to perform root authority
Operation.Thus, root authority can be operated or revise by defence process, it is ensured that root authority can not the person's of being hacked malice
Amendment.
In one embodiment of the invention, the attendant application of mobile terminal calls the anti-of defense module 300 generation
Imperial process completes the operation of root authority.Such as, the defence process that defense module 300 generates can be with the evil in deletion action system
Meaning attacker etc..
In one embodiment of the invention, the defence process that defense module 300 generates is additionally operable to scan in mobile terminal
Whether there is su(switch user, switch user) application program that performs, and when there is the application program that su performs, delete
The application program performed except su.Specifically, after the mobile terminal operating system person of being hacked cracks, assailant can be in the terminal
Placing a su program, the application program installed afterwards can obtain root authority by su program, therefore, and defence process prison
Can directly delete su program when measuring su program, so that mobile terminal operating system is repaired by defence process, install afterwards
Application program cannot obtain root authority.
In one embodiment of the invention, the defence process that defense module 300 generates is additionally operable to scan in mobile terminal
Whether there is the Deviant Behavior of procotol table iptables, and when there is Deviant Behavior in iptables table, freeze exception
The application program that behavior is corresponding.Specifically, assailant cracks after mobile terminal operating system obtains root authority, can revise
The iptables of the network configuration information of operating system, such as operating system so that mobile terminal can not connect some network clothes
Business device, keeps mobile terminal to be connected normally with other the webserver simultaneously, and therefore, defence monitoring the process is to iptables table
The application program that Deviant Behavior is corresponding can be freezed when there is Deviant Behavior.
In one embodiment of the invention, the Deviant Behavior that defense module 300 is additionally operable to obtain defence process sends
To attendant application so that user is reminded.Such as, the defence process that defense module 300 generates is monitoring Deviant Behavior
After (aggressive behavior etc. of such as rogue program), Deviant Behavior can be reported to attendant application, then be served by journey
Sequence is by carrying out early warning to user by the way of display in interface of mobile terminal, such as, as shown in Fig. 2 (b), defence process is permissible
Ejecting a dialog box in interface of mobile terminal, prompting user is the configuration which rogue program have modified which operating system
Information, then guides user to complete repair operation or guide user to delete malicious attack program.
In one embodiment of the invention, the Deviant Behavior that defense module 300 is additionally operable to obtain defence process sends
To cloud server, and receive cloud server and perform instruction according to what Deviant Behavior sent.Specifically, defence monitoring the process arrives
After Deviant Behavior (aggressive behavior etc. of such as rogue program), Deviant Behavior can be uploaded to cloud service by defense module 300
Device, cloud server can go out potential aggressive behavior according to the information analysis of uploading from other mobile terminals, and be formed certainly
Dynamic early warning mechanism, can automatically analyze data more specifically, cloud server can generate one and produce data sheet
Analysis application program and management platform, defence monitoring the process is to after Deviant Behavior, and cloud server can be by such as pushing
Information wap push or based on TCP(Transmission Control Protocol, transmission control protocol) long connect push away
Enter information wap push passage etc. and send specific instruction to defense module 300, the defence process that then defense module 300 generates
Operation is performed after receiving the instruction that cloud server sends.Wherein, cloud server sends the data instructed and can encrypt biography
Defeated simultaneously need to the integrity of checking data, thus it can be prevented that data are modified in transmitting procedure, it is ensured that transmission data
Safety.
In order to realize above-described embodiment, the present invention also proposes the safety defense method of a kind of mobile terminal.
If mobile terminal can implant the executable file for defence in mobile terminal operating system, and in operation
Application layer and the service layer of operating system are carried out comprehensively by the defence process that system level is generated by the executable file of defence
Monitoring and self-regeneration, and utilize defence process can not uninstall feature, it is achieved even if rogue program obtains mobile terminal behaviour
Make the root authority of system, defence process can not be walked around, it is impossible to the operating system of amendment defence Process Protection.Thus, this
The bright safety defense method proposing a kind of mobile terminal, comprises the following steps: when mobile terminal starts, mobile terminal according to
Configuration file obtains and runs the executable file for defence being stored among the root file system of mobile terminal;Mobile whole
Hold the defence process generating resident backstage according to the executable file run;And mobile terminal is moved by defence monitoring the process
The Deviant Behavior of terminal also carries out Initiative Defense according to Deviant Behavior.
Fig. 3 is the flow chart of the safety defense method of mobile terminal according to an embodiment of the invention.
As it is shown on figure 3, the safety defense method of mobile terminal includes:
S301, when mobile terminal starts, mobile terminal obtains according to configuration file and runs and is stored in mobile terminal
The executable file for defence among root file system.
In one embodiment of the invention, executable file can be read-only.
Such as, as shown in Fig. 2 (a), the mobile terminal of Android operation system can be at the root file system of mobile terminal
Middle storage for the executable file of defence, then mobile terminal by root file system with the gzip of ram disk ramdisk
(GNUzip, a kind of compressing file form) form is bundled in image file boot.img, wherein, also includes behaviour in boot.img
Make the kernel mirror image file of system.After the kernel of operating system starts, root file system can be placed on kernel by mobile terminal
The adjacent in memory storage region, and root all can not be revised as any process of read-only zones, i.e. operating system in this region
File system, thus, it is possible to ensure the safety of the executable file for defence of storage in root file system.
S302, mobile terminal generates the defence process on resident backstage according to the executable file run.
In one embodiment of the invention, mobile terminal monitoring defence process whether be closed, and monitoring defend into
Journey reruns executable file to generate defence process according to configuration file after being closed.Such as, in Android operation it is
In the mobile terminal of system, init process can monitor the event that exits of defence process, and can be again after defence process exits
Start a new defence process, hereby it is achieved that to the defence monitoring of process with restart, making defence process have can not close
Characteristic.
S303, mobile terminal by the Deviant Behavior of defence monitoring the process mobile terminal and is carried out actively according to Deviant Behavior
Defence.
Specifically, assailant can use attacker to have specific aim and hidden to the operating system of mobile terminal
Property attack, such as, background process is mourned in silence and is freezed the module of some application program and make it not run, and mobile terminal generates
The defence process on resident backstage can be monitored the Deviant Behavior of assailant's malice and carry out Initiative Defense.
In one embodiment of the invention, the Deviant Behavior that defence process is obtained by mobile terminal sends to being served by
Program is to remind user.Such as, the defence process that mobile terminal generates is monitoring Deviant Behavior (such as rogue program
Aggressive behavior etc.) after, Deviant Behavior can be reported to attendant application, then attendant application by mobile eventually
In end interface, the mode of display carries out early warning to user, such as, as shown in Fig. 2 (b), defence process can be at interface of mobile terminal
One dialog box of middle ejection, prompting user is the configuration information which rogue program have modified which operating system, then guides
User completes repair operation or guide user to delete malicious attack program.
In one embodiment of the invention, the Deviant Behavior that defence process obtains is sent to cloud service by mobile terminal
Device, and receive cloud server and perform instruction according to what Deviant Behavior sent.Specifically, defence monitoring the process is to Deviant Behavior
After (aggressive behavior etc. of such as rogue program), Deviant Behavior can be uploaded to cloud server, cloud service by mobile terminal
Device can go out potential aggressive behavior according to the information analysis of uploading from other a large amount of mobile terminals, and forms automatic early warning
Mechanism, automatically analyzes data more specifically, cloud server can generate one and produces the analysis application journey of data sheet
Sequence and management platform, after defence monitoring the process to Deviant Behavior, cloud server can be by such as pushing information wap push
Note or based on TCP(Transmission Control Protocol, transmission control protocol) long connect push information
Wap push passages etc. send specific instruction and are receiving high in the clouds clothes to mobile terminal, the defence process that then mobile terminal generates
Operation is performed after the instruction that business device sends.Wherein, the data of cloud server transmission instruction can be with encrypted transmission simultaneously need to test
The integrity of card data, thus it can be prevented that data are modified in transmitting procedure, it is ensured that the safety of transmission data.
The safety defense method of mobile terminal according to embodiments of the present invention, mobile terminal is by being stored in mobile terminal
The executable file for defence among root file system generates the defence process on resident backstage, and by defence monitoring the process
The Deviant Behavior of mobile terminal also carries out Initiative Defense according to Deviant Behavior, by utilizing in the root file system of operating system
Implant security protection program achieve security protection program can not uninstall feature, and achieve this peace in operating system aspect
The memory-resident of the security protection process of full protection program runs and automatically starts management, so that it is guaranteed that security protection can be utilized
Process carries out comprehensive monitoring protection and self-regeneration to application layer and the service layer of mobile terminal operating system, makes whole mobile whole
The operating system of end can be brought to the security protection of operating system effectively ensure with the aggressive behavior of Initiative Defense assailant.
In one embodiment of the invention, the defence process that mobile terminal generates performs the operation of root authority.Thus,
Root authority can be operated or revise by defence process, it is ensured that root authority can not the person's of being hacked malicious modification.
In one embodiment of the invention, the attendant application of mobile terminal call mobile terminal generate defence enter
Journey completes the operation of root authority.Such as, the defence process that mobile terminal generates can perform in deletion action system partitioning territory
Malicious attack program etc..
In one embodiment of the invention, defence process is additionally operable to scan in mobile terminal whether there is su(switch
User, switches user) application program that performs, and when there is the application program that su performs, delete the application program that su performs.
Specifically, after the mobile terminal operating system person of being hacked cracks, assailant can place a su program in the terminal, afterwards
The application program installed can obtain root authority by su program, and therefore, defence monitoring the process is to can be straight during su program
Connecing deletion su program, so that mobile terminal operating system is repaired by defence process, the rear application program installed cannot obtain
Root authority.
In one embodiment of the invention, whether the defence process scanning mobile terminal that mobile terminal generates exists net
The Deviant Behavior of network agreement table iptables table, and when there is Deviant Behavior in iptables, freeze Deviant Behavior corresponding
Application program.Specifically, assailant cracks after mobile terminal operating system obtains root authority, can revise operating system
The iptables of network configuration information, such as operating system so that mobile terminal can not connect some webserver, protects simultaneously
Holding mobile terminal and be connected normally with other the webserver, therefore, there is Deviant Behavior to iptables in defence monitoring the process
Time can freeze the application program that Deviant Behavior is corresponding.
In order to realize above-described embodiment, the present invention also proposes a kind of mobile terminal.
A kind of mobile terminal includes the Prevention-Security device of the mobile terminal described in any one embodiment of the present invention.
Mobile terminal according to embodiments of the present invention, after residing according to the executable file generation run by defense module
The defence process of platform, and by defending the Deviant Behavior of monitoring the process mobile terminal and carrying out Initiative Defense according to Deviant Behavior,
By utilizing implantation security protection program in the root file system of operating system to achieve the most off-loadable of security protection program
Characteristic, and the memory-resident achieving the security protection process of this security protection program in operating system aspect runs and automatically
Start management, so that it is guaranteed that can utilize security protection process that application layer and the service layer of mobile terminal operating system are carried out entirely
Face monitoring protection and self-regeneration, make the operating system of whole mobile terminal can give with the aggressive behavior of Initiative Defense assailant
The security protection of operating system brings and effectively ensures.
Should be appreciated that in an embodiment of the present invention, mobile terminal can be mobile phone, panel computer, personal digital assistant,
E-book etc. have the hardware device of various operating system.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.Above-mentioned
In embodiment, the software that multiple steps or method in memory and can be performed by suitable instruction execution system with storage
Or firmware realizes.Such as, if realized with hardware, with the most the same, available well known in the art under
Any one or their combination in row technology realize: have the logic gates for data signal realizes logic function
Discrete logic, there is the special IC of suitable combination logic gate circuit, programmable gate array (PGA), on-the-spot
Programmable gate array (FPGA) etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show
Example " or the description of " some examples " etc. means to combine this embodiment or example describes specific features, structure, material or spy
Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any
One or more embodiments or example in combine in an appropriate manner.
Although an embodiment of the present invention has been shown and described, it will be understood by those skilled in the art that: not
These embodiments can be carried out multiple change in the case of departing from the principle of the present invention and objective, revise, replace and modification, this
The scope of invention is limited by claim and equivalent thereof.
Claims (17)
1. the Prevention-Security device of a mobile terminal, it is characterised in that including: memory module, power-on management module and defence
Module, wherein,
Described memory module, described memory module is arranged among the root file system of mobile terminal, is used for storing described defence
The executable file of module;
Described power-on management module, for obtaining according to the configuration file of described mobile terminal when described mobile terminal-opening starts
Take and run described executable file;
Described defense module, for generating the defence process on resident backstage, described defence according to the described executable file run
Process is for monitoring the Deviant Behavior of described mobile terminal and carrying out Initiative Defense according to described Deviant Behavior.
Device the most according to claim 1, it is characterised in that described executable file is read-only.
Device the most according to claim 1, it is characterised in that described power-on management module be additionally operable to monitor described defend into
Whether journey is closed, and reruns according to described configuration file after monitoring described defence process and being closed and described can perform
File is to generate described defence process.
Device the most according to claim 1, it is characterised in that described defence process is additionally operable to scan in described mobile terminal
Whether there is application program and/or the Deviant Behavior of procotol table iptables that su performs, wherein, if there is described su
The application program performed, the application program that su described in the most described defence process-kill performs, and if in described iptablies
There is described Deviant Behavior, the most described defence process freezes the application program that described Deviant Behavior is corresponding.
Device the most according to claim 1, it is characterised in that described defence process is additionally operable to perform the behaviour of root authority
Make.
Device the most according to claim 5, it is characterised in that the attendant application of described mobile terminal calls described anti-
Imperial process completes the operation of described root authority.
Device the most according to claim 6, it is characterised in that described defense module is additionally operable to obtain described defence process
Described Deviant Behavior send to described attendant application so that user is reminded.
Device the most according to claim 1, it is characterised in that described defense module is additionally operable to obtain described defence process
Described Deviant Behavior send to cloud server, and receive the execution that described cloud server sends according to described Deviant Behavior
Instruction.
9. the safety defense method of a mobile terminal, it is characterised in that comprise the following steps:
When described mobile terminal starts, described mobile terminal obtains according to configuration file and runs and is stored in described mobile terminal
Root file system among for defence executable file;
Described mobile terminal generates the defence process on resident backstage according to the described executable file run;And
Described mobile terminal is by the Deviant Behavior of mobile terminal described in described defence monitoring the process and according to described Deviant Behavior
Carry out Initiative Defense.
Method the most according to claim 9, it is characterised in that described executable file is read-only.
11. methods according to claim 9, it is characterised in that also include:
Described mobile terminal monitors whether described defence process is closed, and is monitoring basis after described defence process is closed
Described configuration file reruns described executable file to generate described defence process.
12. methods according to claim 9, it is characterised in that whether described defence process scans in described mobile terminal
There is application program and/or the Deviant Behavior of iptables that su performs, wherein, the application journey performed if there is described su
Sequence, and if there is described exception in the application program that su described in the most described defence process-kill performs in described iptablies
Behavior, the most described defence process freezes the application program that described Deviant Behavior is corresponding.
13. methods according to claim 9, it is characterised in that also include:
Described defence process performs the operation of root authority.
14. methods according to claim 13, it is characterised in that also include:
The attendant application of described mobile terminal calls described defence process and completes the operation of described root authority.
15. methods according to claim 14, it is characterised in that also include:
Described Deviant Behavior that described defence process is obtained by described mobile terminal send to described attendant application with to
Family is reminded.
16. methods according to claim 9, it is characterised in that also include:
The described Deviant Behavior that described defence process is obtained by described mobile terminal sends to cloud server, and receives described cloud
End server performs instruction according to what described Deviant Behavior sent.
17. 1 kinds of mobile terminals, it is characterised in that include the Prevention-Security of mobile terminal described in any one of claim 1-8
Device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310280701.0A CN103324887B (en) | 2013-07-05 | 2013-07-05 | Prevention-Security device, method and the mobile terminal of mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310280701.0A CN103324887B (en) | 2013-07-05 | 2013-07-05 | Prevention-Security device, method and the mobile terminal of mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103324887A CN103324887A (en) | 2013-09-25 |
| CN103324887B true CN103324887B (en) | 2016-12-28 |
Family
ID=49193622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310280701.0A Active CN103324887B (en) | 2013-07-05 | 2013-07-05 | Prevention-Security device, method and the mobile terminal of mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103324887B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572158B (en) * | 2013-10-29 | 2019-01-04 | 腾讯科技(深圳)有限公司 | One kind running application program method and device with power user's identity |
| CN104809403A (en) * | 2014-01-24 | 2015-07-29 | 红板凳科技股份有限公司 | Root-preventing white screen method |
| CN104023122B (en) * | 2014-05-06 | 2016-04-06 | 可牛网络技术(北京)有限公司 | Safety defense method and device |
| CN105095742A (en) * | 2014-05-15 | 2015-11-25 | 宇龙计算机通信科技(深圳)有限公司 | Root detection and recovery method for mobile terminal and mobile terminal |
| CN104318166A (en) * | 2014-11-14 | 2015-01-28 | 深圳市中兴移动通信有限公司 | Method and device for safety protection |
| CN105592161A (en) * | 2016-01-18 | 2016-05-18 | 深圳维爱特科技有限公司 | Method for acquiring data of terminal equipment, and terminal equipment |
| CN105721478A (en) * | 2016-02-26 | 2016-06-29 | 浪潮通信信息系统有限公司 | Mobile application active safety protection method based on function injection |
| CN105827413A (en) * | 2016-03-15 | 2016-08-03 | 乐视移动智能信息技术(北京)有限公司 | Electronic terminal, and system safety verification device and method thereof |
| CN105912933A (en) * | 2016-04-27 | 2016-08-31 | 北京金山安全软件有限公司 | Method and device for processing network disconnection instruction and electronic equipment |
| CN107425994B (en) * | 2016-05-24 | 2021-08-17 | 中兴通讯股份有限公司 | Method, terminal and server for realizing remote parameter management |
| CN107493256B (en) * | 2016-06-13 | 2020-11-20 | 深信服科技股份有限公司 | Security event defense method and device |
| CN106709339B (en) * | 2016-06-23 | 2018-11-09 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus of display scanning result |
| CN106446682A (en) * | 2016-06-24 | 2017-02-22 | 北京壹人壹本信息科技有限公司 | Security protection method and apparatus |
| CN106325993A (en) * | 2016-08-22 | 2017-01-11 | 宇龙计算机通信科技(深圳)有限公司 | Freezing method of application program and terminal |
| CN106529332B (en) * | 2016-10-25 | 2019-08-13 | Oppo广东移动通信有限公司 | A kind of authority control method of mobile terminal, device and mobile terminal |
| CN106529312B (en) * | 2016-10-25 | 2019-08-06 | Oppo广东移动通信有限公司 | A kind of authority control method of mobile terminal, device and mobile terminal |
| CN106446693B (en) * | 2016-12-06 | 2019-03-22 | Oppo广东移动通信有限公司 | Restorative procedure, device, computer readable storage medium and the equipment of mobile terminal |
| CN107517308A (en) * | 2017-08-07 | 2017-12-26 | 惠州Tcl移动通信有限公司 | Application program for mobile terminal abnormal detection method, storage device and mobile terminal |
| CN109271787A (en) * | 2018-07-03 | 2019-01-25 | 中国银联股份有限公司 | A kind of operating system security active defense method and operating system |
| CN113867828A (en) * | 2020-06-30 | 2021-12-31 | 华为技术有限公司 | Method and device for running process |
| CN113507384A (en) * | 2021-06-22 | 2021-10-15 | 深圳市亿联无限科技有限公司 | System and method for switching working modes of equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101477600A (en) * | 2009-01-20 | 2009-07-08 | 中国人民解放军保密委员会技术安全研究所 | Software automatic protection system and security card based on firmware |
| CN101616495A (en) * | 2008-06-23 | 2009-12-30 | 网秦无限(北京)科技有限公司 | The method and system of individual privacy in the protection mobile phone |
| CN103118357A (en) * | 2013-02-20 | 2013-05-22 | 上海斐讯数据通信技术有限公司 | Antitheft system and antitheft method for mobile terminals |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005500608A (en) * | 2001-08-13 | 2005-01-06 | クゥアルコム・インコーポレイテッド | Application-level access privileges to storage on computer devices |
-
2013
- 2013-07-05 CN CN201310280701.0A patent/CN103324887B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101616495A (en) * | 2008-06-23 | 2009-12-30 | 网秦无限(北京)科技有限公司 | The method and system of individual privacy in the protection mobile phone |
| CN101477600A (en) * | 2009-01-20 | 2009-07-08 | 中国人民解放军保密委员会技术安全研究所 | Software automatic protection system and security card based on firmware |
| CN103118357A (en) * | 2013-02-20 | 2013-05-22 | 上海斐讯数据通信技术有限公司 | Antitheft system and antitheft method for mobile terminals |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103324887A (en) | 2013-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103324887B (en) | Prevention-Security device, method and the mobile terminal of mobile terminal | |
| CN106156619B (en) | Application security protection method and device | |
| US10642715B1 (en) | Dynamic authorization of requested actions using adaptive context-based matching | |
| US10616280B2 (en) | Network security system with cognitive engine for dynamic automation | |
| CN105989283B (en) | A kind of method and device identifying virus mutation | |
| US11991203B2 (en) | Method and system for generating stateful attacks | |
| CN105468978A (en) | Trusted computing cryptogram platform suitable for general computation platform of electric system | |
| CN109861985A (en) | IP air control method, apparatus, equipment and the storage medium divided based on risk class | |
| CN110334522B (en) | Method and device for starting measurement | |
| US20200279044A1 (en) | Verifying Updates Based on Update Behavior-Based Profiles | |
| CN107766731A (en) | A kind of anti-virus attack realization method and system based on application program management and control | |
| CN103020529A (en) | Software vulnerability analytical method based on scene model | |
| CN106462429A (en) | Dynamic patching of multiple, functionally equivalent variations of various software modules for security reasons | |
| CN104361285B (en) | The safety detection method and device of mobile device application program | |
| CN112511512A (en) | Vulnerability scanning engine and risk management system of threat detection engine | |
| CN109409096A (en) | Kernel loophole restorative procedure, device, server and system | |
| CN109815698A (en) | Malware is determined using firmware | |
| US11019497B2 (en) | Apparatus and method for managing risk of malware behavior in mobile operating system and recording medium for perform the method | |
| CN109460361B (en) | Performance test method and device, storage medium and electronic device | |
| CN103825780A (en) | Tag-on program identification method, service and system | |
| CN105872762A (en) | Method and device for installing smart cloud TV application | |
| Ashok et al. | Testbed-based performance evaluation of attack resilient control for AGC | |
| CN109933989B (en) | Method and device for detecting vulnerability | |
| Sabev et al. | Analysis of practical cyberattack scenarios for wind farm SCADA systems | |
| CN104023122B (en) | Safety defense method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |